={@mcast2}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300), 0x1c)

21:46:58 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x7c200000, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:46:58 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x00\x00\x02\xc6\x00'}, &(0x7f0000000300)=0x54)

21:46:58 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0xec0}}, 0x0)

21:46:58 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x9effffff, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:46:58 executing program 3:
r0 = syz_open_dev$loop(&(0x7f0000000180)='/dev/loop#\x00', 0x0, 0x4d02)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt(r1, 0x8, 0x1, &(0x7f0000000200)="436d878259d7deeeacbe61edcb81d8f7ae29a7bcf6780690d1ea74199858b89151e72c2ee6a6152c724b1688037d9d79de3cfd9e6247dbe73a0d361bb134f58a3046d9886a0813e5bb3f60c71cfda24b7d845df410e539030b5264f38fe915da748356c1006942861f08485376f62828f6b638e8654a0441f10456327b9803071172a9fde72dd024d18fdc47dd99600d2ea585eebcbe5d44b1c8bc2cd910992033fa0f3957b01b71afb71c4a9dc9c1b29188f724970946a13ff75da349c6de7df8de821ac6775c6db4f8e7b0a0d1db967cb136d8deef342dfddead193a132f30b5661724329711873760efc7964e0a953a3896760d5270ff03fde74ce800ea319282d7ba1cd531861264e58a1e0ab07bbb4c8d0009d288bab374ba5aa8076606d5c32c4db96fb5a4f1338d6b48bb14c2ebb477cd424bf3e3c08d4636e5c4c728538e25d2094e47c8cafc741ae1f725ba8e93189a8ec77a48c3c72e445f8b208c08f2fe51f64cf35781e6a638a8654e78a8575ca01056013ca426c3e0f4e4e6596240a2adbd5235b38acf56092e836b9f4fa766f69e901e9b7490ea25457152b03bf383000f4f7bfe444519513f07eb8cdcc82bbb09d5b97a57fbd735838ae86936481837ffa33c9738644fbfcd67705e3c963628274c9d6056e9963d182148cfa0689d8aa37117a6daf9e7393d627683b5d812b7781b00620d5c49e9babfaa9c280d8cf7fcef2470e1cc90e7de6914a24bd463d3490fd67611adabb0871839c64a5323c57c992b04950300a9f1f023f374fe095384ce5752c8e10f5532a7f6a37ecdde191ad16685bf9af2bbb5ff0ec741ce87828467cea6a732e4618b1f3d6928151671726cb6270724b5f9c53783cfb6afaef4c9fdddc541f6ff3e9160f69f5fd585434625827388bbafc75d915ec49560df04f5983a70c0c0eb073d240d9ce62830d0ffb175d9dbd4580622e7bdcf3499e893e548528751a839a93b55e2600f338a2c254c5bd9839f4f4e2cabb3df1f6e307e8103e42d9c8f96cb58d16f82d1e5941d55f7706ff0333174d6782f77752556594901b6c86f9725c049d782aa7dc5116a67948db01a2aa7e6b27c723c2520322401429063673e6fdaaebce60c81cdef294aa57c8b6ef95e4c8162aeb678802b01b4b1c629e2431d3abd2120d8598b233cea95558eb2b7a8a5a43c3d30db1443ec6c8ad16982a7e6dbbca031a1491989a457b6eee10a8cbd036c3b9bf8b6b6162044fb27699bc17e5d012b3d5992e2fd68647fa1cff8ce6147faa522e154d7a3c78e39084201cef1948b25bab153bb33e8533c61046c34dbccff62df9b2fffc3be987afa38a10919b7924374c6c133eadee0d9a0d46df8e1e10e89cd8bb76cd39b82268900ff467f43321305151fc11beed0b7b66ffdf298c54ec471be2a37dc32ae7492e500da5877e528296a6bf82566a9c500fa0e89e865c835635f73a8811b3f210ee4acf25f2b709be5a8843e5731c73dd9c9c7b7fe3d411f1b22a3b7f61676e806d3750536766dca324e1e150bcf72cc58a122c97c5a9d33a4d6b06c429b58ebf862ebfba163644fd9663e680c3fdb90fbb236138ec544d0437c76acecd2b32e2cff8eb63c441ca501e54cd97b93ba6fffbc6d9c6b704d241fb2589c368136bbd169b0082494eff048a1ae32f0bd99f4bfc8ddf38aa7949aedfc80db3db75021e20937519566eb3ccb07b14571352b4fa2015d5603deee15122b757027b4dbbe9fe1cb6d36734104292c603caf1ac0059a11bbaf0dddd491d89b76fec610870a28762fe8fad5ea5c6057e65a08dbe4234d6eba58e17b5fa3f85d03538c0baffb4c51a3473224baaa957392fdd4a6689afb9283fb408cd7247a0416b5bcd934ac6b76585e82570eb1a1ec0737d54b0ee658f606a6790cef9c41a773756e54d12995c838488ac6311fde219cc2d6aa2fe59c138c93e254dfd68bff86708d0d816cf362f1a6ed3d812bddc44965d637782fb99bf9ed03bea7ca5c796678da2f448199e1008ad728916efd783e7bd820178c4a842159adc8d12d2124b5f21f5c486a5e426fc4cf4747c53b37150a7f956d3e02ed95f45501a1873581bdc866b53052b83dc3dcb4040a2c6fa50d73d88c347d8d98b02db5311864e67e0303043e53c9479be0ad4399038f432b57aae7194de80f95aa0bb4f938c9f88f57a919a056de5cef77d30f73bfd369b990ee326de44fcfba4a852840ad87354ce0669857cdf19afbd9033e739fdd399ac632a48c91ea1b6968f124d01b7f6fcc24e46983bfa1cc58d05f1d5f351807aca099dc1719d123a35120ad52fc957e51ca1dde15cc3ec94806ecbe53f0c57f103ddea1544b5b35bb1aefe42f5c9c4e817c407c4d1f7e022ea02f637188da197a8f71474dfb9d22bcab7de4745c3545ade48116300c10ef357fc2bd1217ab935f8cc131faec431d9555fe8913188b41b1e402dd32c39a3e91a4d23971a7a36c815b385b20252f0f25da2f4c022929dfc74143f50f4806e63da0d4c1a421610595b1f4c09e321392258f6b55d733f08bc4069462373b30f146e74072a03504d1a9d5c8df44eff8e0ba457ab2fe89d2fedf2ab8a20e2b84319b2780f86a45d7b495899080595c670356aae7e013057878b0998c432b97b9614b5162c70e2d7bd756262cbf4da70d0f86b1b1da7d032d760a002da48b136623c6eb844568fc9109114f9fc446afc7d04d43477996776aca95c6f9b7d601b7d18e1a9c47f2e0fe8955b8518b8a33777409d51a3c530eca818cf0fec6187690655a04354416943a57e170bb2c4616a8247bc962179de9a3aa19d019cfb367e0a60f3b423b0a3ff64f8b17bb3955627c35387ea790e13c031dd2f93668a0a1be1110afb158de7126a21d421a640d9b928a08974e9d92d14286bb87d0500809915501e95eb39d9d6f28a1ce852ad0763e1e873a3c4214276a868e723b7d0f96a836a397fa7fbc2bf8770c530344d78bb81ce1c8dcb111cf2b55b8998eced423a403e404ee80e4a348a3cf5b80a59014a74e0c57055bffd8250b2fff3fcc162c04fc8759c1259a506ce707f8339a89dbe3206d4b14c4f2f032dee977e7f791384ac2aa5082ba1973b10590c86a8649c11c203a7f3e6d62724fcaad3a22d54b2bffd04468f37a716c15762225cc16e0ea9a34b77bb28740ac138c22ff4fd0f884dff12a6888b5076268b3e7f7726e1a0f9c9bc0fe207298a78d77cbcb930859d464abd667e21819bb557eac444183643dc37abc8d9426b413b6d4879e584b711d8ac809cb5460b53d65a2127db9cb3d4c2726aaff7272cb28df200ca4abb8ed6ab5d0c25a74aeeab793ece1c7cd5ca23fa6ce10d3e3fca8e60abfb95048128ddd72f6bcb58981d372d5c006ac5a2d01e7b5c9934f59c5b3d42e0caa64bdb8e1c106ed354dc9a69104a9cfe0f7de84bc0e0cbf42020bbfae6c4f4c11bf9b41c60d0c7e48ee447e0acaa4c7687af84153f93ba16c913195c091ec629e1c0b961e022268719c464c9ade4aa5f1d9f9707d583b8681f643707d9ee21f774fca5829460d61203bc01a84d2b524dbc2c39580bf552d3471e21e2d722cfe79e1af486fd2e12ab65c4613529731e32f1d571e3cd1486e80f1a33626e33de26faa0b5afaf5a31d7ff1d2abbaef6b984542cb9f611a4206916be2f14a58e87e722c4c6c321df23662ed3b7db1c2786a38c7de011a69a0ed4e69ea55eaeed566e6172f6dfd6150b67dc22bc26dcf882801d4b556ad1f677b8e0a531c5316f99047d6fd6336923db6b3f202f76323fcd0db308e8d2f1fdf8d28728fddcdfc8b38411c75ee1a6444b0563c81c8eba7e45c9f140472cd7f2aee4624a0554e35205c61f648cd64f8fc1fa55a1115390835bbbd1fc29caac5512fbf77f84624bfe979a531a60f9c8255c2df431cdec1ea85e918aaea53340c667bad3400b30ab6b09f9cc2b954cecb82ff7db72cfb92de77bdc6e368f80a8cf21baaf4caa885a262df1d52f3a24a3ca18dd6746b15a23b5a5f073bc0eb4595295b9932791257cd7b8d989413c323410b6c6f1a21ea54b30bcf76e49b677cceb9b235825fd3253e394336cccf37d57f157755318204103f6c81ab289b94abc0dc0d4412e8dfd524a310c65a1f277437e87146e26b085ab8b80c0d01a13aaf5db9e8b62564ce1f4244097486e87bf8e4efa1e79c207a9561e96cff0e78182dc13255833a382aaff5669eade826924f4075e6a4d0a673c823f62608bb2349b519c1906fff20c5ea6715e0207ad7a35db0b3877c891e8a4ace8fca7184b5621ea84197c4eb02ca4a113697a9b3ecb060418bae69f1b30a7daf7e181995040c4e0a6cee91af4cec8d7e4016d9d27987fb2df564b8f0416486d04753b816c271fb85c223841ae5e8b3845bd1afd294ea3152f64996594dfde40df2564f5b2a9382796e40de51384e5c81b284b1252d0b395df96f0f7b96b16b562169618dea0c091eed9568f967a8e74d21db2cb68396894fde5bfe16bda3cf40bce85392f98141b63e7add28d4b66042372b38596dd358a1931cd5f1a3169097ac7cd0528803e599d23e0bd2f10b686bc8cf842f7c76797e77b017aefca5f9371d6872623ed4b1b7bb04f1f7ecf98ac1b33efd061e5adbf2d0748272f783e8e738f010af0806c23c3ddbf90c67ec87d506d0e6e673d0c7635998d446b4ee722f6dd5abae26b92f8a2fd2d3094601409d0bdf0f626268044b291249a2c485f4c33afe359b6e244d4c5cb5dcb1366624704aed845f265ef35148a266a0f8a6d2396e747b9a25c8f698cea37e970c58b495ad8f1908b0f85e0579ecf70a4ccb2dd43e79681a1e37972b79a364d9231c53cd353fbb55303548abacc40ad30e09e441ad2917eca2c82bb3aa778e782915714bce557c66551dc24c23ad94fe12286a6c11ae10d3c0eaa21154c89f35c5c855cadbe348a08a5e82fa10276f8dd6014ad5ec74f820c32837558bbbc3008ed2ca9d48e4c29189b20c9a2801e75dff46b242cdc13f9f40cdb795da869ae64116c52cf0ac77f92b01ebb2de25771a86fd4d704206df5fffa091fab8dcd20c7163e3d8cd1abdd24075f9a571d3a2797d0e2436c4149a33ab1782c6db99126968aeed0aa35b790c3eccd400d4d83efa3c8134b43abb7239c1450735e90d8e696b43b708d11827674b860a8246379431a18a0732adc7241e15fe02cbf30a9b44f7da496dea174be2a119658d903193a53eaaec9b20ee567ec62cbb0ace30deefbbc28e40135dfbacd6d31b22fd41d1db760e2263a21eb0a7fad896318c01fecd4d6fa91cf0c3d43ddef9479b81644335e6301f77343d7133ac937d6f907820d736be4f6cb0182a7bb74c7715b18ad180a35d1386869b76bb13ca684a14052abb146088ea6e051aad73986f4bb1af783dfdd1ae72a9c0fffffc109abdf0e9f86825ee681640c7355cd5781f08aad08acfb26b9b00403f7dfca7f22db5aa63cb8e7307cfd774c21ab98d870a523b5d0b09ed519525fab30a8113010812dbcee5a6e6c3573b8421a2e50989a861cdbd534257dd7225de7dc64e217b1139541a41db32e2271311bd2986861a492cdd3dad5fcaec9d846c1fb3ba06ee66c1426ce3ca0c631b3689a54d7cdcba7e03ad35d1d7958efcfcb48ff72175cd6be9c57bd8dd332aa3d0f2bb27619f58dd101d840c4b987a43e89559ddf2757625c03fe53e67513afe55b6ef92a168f53e29339a4b2ee01afffd96c805cd43e2ff218d3f02fb9614a8e1db0301cbd8d5178bf8a8043ce47ecc9a987ed9", 0x1000)
io_setup(0x35, &(0x7f0000000000)=<r2=>0x0)
clock_gettime(0x0, &(0x7f0000000080)={<r3=>0x0, <r4=>0x0})
io_pgetevents(r2, 0x477a, 0x2, &(0x7f0000000040)=[{}, {}], &(0x7f00000000c0)={r3, r4+30000000}, &(0x7f0000000140)={&(0x7f0000000100)={0x6}, 0x8})
r5 = dup(r0)
ioctl$TIOCGSOFTCAR(r5, 0x5419, &(0x7f0000001200))
ioctl$sock_inet_SIOCGIFPFLAGS(r5, 0x8935, &(0x7f0000001240)={'syzkaller0\x00', 0x1ff})
ioctl$BLKDISCARD(r0, 0x1277, &(0x7f00000001c0)=0x8000)

21:46:58 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00'})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300), 0x1c)

[ 1946.297824][T10640] IPVS: ftp: loaded support on port[0] = 21
21:46:58 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x33fe0}}, 0x0)

21:46:58 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000300), 0x1c)

21:46:58 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0xf0ffffff, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:46:58 executing program 3:
r0 = syz_open_dev$loop(&(0x7f0000000180)='/dev/loop#\x00', 0x0, 0x4d02)
ioctl$BLKDISCARD(r0, 0x1277, &(0x7f00000001c0)=0x8000)
r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2)
r2 = syz_open_dev$swradio(&(0x7f0000000040)='/dev/swradio#\x00', 0x0, 0x2)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000080)={0x7, r2, 0x1})
getresuid(&(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)=<r3=>0x0)
stat(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0})
write$P9_RGETATTR(r2, &(0x7f00000002c0)={0xa0, 0x19, 0x1, {0x1061, {0x1, 0x3, 0x3}, 0x4, r3, r4, 0x84, 0x40, 0xfffffffffffffd9c, 0x6, 0x5, 0x95d, 0x100000000, 0x22da, 0x161, 0x81, 0x5, 0x20, 0x2, 0x8, 0x1f}}, 0xa0)

21:46:59 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd8800fe804000000000000000000000000000ff02000000000000000000000000000100004e2000d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fd4214d1fcafff87429e50b32881721afab69cc3712c37ed00000000000000000005b4bb74635bf86ba7de2db8230ba8253e057234b6ed48e8d96272275327b103e2d199bf740aec7d73ab896fb11c03cd47d86f22bc4f8f1a526ebc7085dbd38926994489059d99db6173c9cef36c873c3405daebbaab19955d0b4d1f85f79aa8863081c901b08f2da289951f200684481091cb8a9de09a20c05e07539ccbf9da8b0d827df8eeb56b598557a0b0166891b9aae21ae09f144d0c63442fe3dd2d7054e91628094cdc170315df1960b3edbdc5f3895be3433aab92942c3b5333a49f30bd8a17d795b92cd24a0"], 0x0)

21:46:59 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x20000254}}, 0x0)

21:46:59 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0xfffff000, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

[ 1947.192148][T10640] IPVS: ftp: loaded support on port[0] = 21
21:46:59 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x00\x00\x01\xc8\x00'}, &(0x7f0000000300)=0x54)

21:46:59 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000300), 0x1c)

21:46:59 executing program 3:
r0 = syz_open_dev$loop(&(0x7f0000000180)='/dev/loop#\x00', 0x0, 0x4d02)
ioctl$BLKDISCARD(r0, 0x1277, &(0x7f00000001c0)=0x8000)
r1 = socket$inet6(0xa, 0x805, 0x9)
getsockopt$SO_COOKIE(r1, 0x1, 0x39, &(0x7f0000000740), &(0x7f0000000780)=0x8)

21:46:59 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x7ffff000}}, 0x0)

21:46:59 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0xffffff7f, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:46:59 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0xfffffdef}}, 0x0)

21:46:59 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0xffffff9e, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

[ 1947.578609][T10691] IPVS: ftp: loaded support on port[0] = 21
21:46:59 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(0xffffffffffffffff, &(0x7f0000000300), 0x1c)

21:46:59 executing program 3:
r0 = syz_open_dev$loop(&(0x7f0000000180)='/dev/loop#\x00', 0x0, 0x4d02)
ioctl$BLKDISCARD(r0, 0x1277, &(0x7f0000000040)=0x2)

21:47:00 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd601bfc97004d8800fe800000000000000000000000000000ff02000000000000000000000000000100004e20004d9078e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecfb96cc7c32881721afab69cc3712c37ed0000000000000000000000000000000000000000000"], 0x0)

21:47:00 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x2}, 0x0)

21:47:00 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0xfffffff0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

[ 1948.343961][T10691] IPVS: ftp: loaded support on port[0] = 21
21:47:00 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x00\x00\x03\xf2\x00'}, &(0x7f0000000300)=0x54)

21:47:00 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, 0x0, 0x0)

21:47:00 executing program 3:
r0 = syz_open_dev$loop(&(0x7f0000000180)='/dev/loop#\x00', 0x0, 0x4d02)
openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2)
ioctl$BLKDISCARD(r0, 0x1277, &(0x7f0000000040)=0x10008000)

21:47:00 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x3}, 0x0)

21:47:00 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x3000000000000, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:47:00 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x40030000000000, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:47:00 executing program 3:
r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x800, 0x100)
ioctl$BLKDISCARD(r0, 0x1277, &(0x7f00000001c0)=0x8000)

21:47:00 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x8}, 0x0)

21:47:00 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, 0x0, 0x0)

[ 1948.730307][T10735] IPVS: ftp: loaded support on port[0] = 21
21:47:01 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000003c0)={@mcast2, 0xa, 0x2, 0xf5a010e2064f514d, 0x8, 0xb, 0x100}, &(0x7f0000000080)=0xfffffffffffffe2b)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f00000064c0)=[{{0x0, 0x0, &(0x7f0000000400), 0x0, &(0x7f0000000440)=""/169}, 0x9}, {{&(0x7f0000000500)=@x25, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000000580)=""/103}, {&(0x7f0000000600)=""/115}, {&(0x7f0000000680)=""/222}, {&(0x7f0000000780)=""/198}, {&(0x7f0000000880)=""/187}, {&(0x7f0000000940)=""/216}, {&(0x7f0000000a40)=""/80}], 0x0, &(0x7f0000000b40)=""/68}, 0x100000001}, {{&(0x7f0000000bc0)=@tipc=@id, 0x0, &(0x7f0000002200)=[{&(0x7f0000000c40)=""/146}, {&(0x7f0000000d00)=""/37}, {&(0x7f0000000d40)=""/4096}, {&(0x7f0000001d40)=""/60}, {&(0x7f0000001d80)=""/189}, {&(0x7f0000001e40)=""/68}, {&(0x7f0000001ec0)=""/219}, {&(0x7f0000001fc0)=""/177}, {&(0x7f0000002080)=""/84}, {&(0x7f0000002100)=""/226}], 0x0, &(0x7f00000022c0)=""/34}}, {{&(0x7f0000002300)=@sco, 0x0, &(0x7f0000003780)=[{&(0x7f0000002380)=""/75}, {&(0x7f0000002400)=""/4096}, {&(0x7f0000003400)=""/162}, {&(0x7f00000034c0)=""/200}, {&(0x7f00000035c0)=""/133}, {&(0x7f0000003680)=""/40}, {&(0x7f00000036c0)=""/159}], 0x0, &(0x7f0000003800)=""/37}}, {{&(0x7f0000003840)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x0, {0xa, 0x0, 0x0, @ipv4={[], [], @empty}}}, 0x0, &(0x7f0000003d00)=[{&(0x7f00000044c0)=""/4096}, {&(0x7f00000038c0)=""/196}, {&(0x7f00000039c0)=""/21}, {&(0x7f0000003a00)=""/177}, {&(0x7f0000003ac0)=""/174}, {&(0x7f0000003b80)=""/194}, {&(0x7f0000003c80)=""/105}], 0x0, &(0x7f00000054c0)=""/4096}, 0x3}, {{&(0x7f0000003d80)=@pppoe={0x18, 0x0, {0x0, @dev}}, 0x0, &(0x7f0000004280)=[{&(0x7f0000003e00)=""/159}, {&(0x7f0000003ec0)=""/107}, {&(0x7f0000003f40)=""/72}, {&(0x7f0000003fc0)=""/228}, {&(0x7f00000040c0)=""/213}, {&(0x7f00000041c0)=""/135}], 0x0, &(0x7f0000004300)=""/102}, 0xfffffffffffff169}], 0x7b, 0x40000000, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='memory.current\x00', 0x0, 0x0)
epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0)
setsockopt$packet_int(r1, 0x107, 0x0, &(0x7f0000000300)=0x6, 0x4)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000040)={0x1, 0x27f8})
pipe(&(0x7f0000000240)={<r2=>0xffffffffffffffff})
setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000280), 0x4)
getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffff9c, 0x84, 0x70, &(0x7f00000000c0)={<r3=>0x0, @in6={{0xa, 0x4e22, 0x4, @loopback, 0x7978}}, [0x9, 0x78600000000000, 0x2, 0x1f, 0x1000, 0x1, 0x2, 0xb8, 0x6, 0x1, 0x6, 0x9, 0xfffffffffffffffa, 0x5, 0xffffffffffffffff]}, &(0x7f00000001c0)=0x100)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={r3, 0x7}, 0x8)
syz_emit_ethernet(0x83, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaae2e9aaaaaaaaaa86dd601bfc97004d8800fe800000000000000000000000000000ff020000455c8dabc94722cd4740b46c500900000000000000000000000100004e20004d90789cd7d4809636e29607149378d33e1db1c73944877aa3f7fac33b042bd3682368cc7c6fe4e24d1f"], 0x0)

21:47:01 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0xf0ffffffffffff, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:47:01 executing program 3:
r0 = syz_open_dev$loop(&(0x7f0000000180)='/dev/loop#\x00', 0x0, 0x4d02)
dup2(r0, r0)
ioctl$BLKDISCARD(r0, 0x1277, &(0x7f00000001c0)=0x8000)
write$binfmt_elf64(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="7f454c4665089ad77a2d00000000000002003f003f6ea846a60100000000000040000000000000000b02000000000000010000001f02380002000800ed05000007000000000100003e030000000000000008000000000000c2000000000000001f000000000000000400000000000000000000000000000000000060ffffffff120000000000000004000000000000000000000001000000050000000000000009000000000000000000000000000000a10548ff277d1d61d5ab4a704564e950679c02e110f9382521fa50c446aa8746875ca7a2592e0f56c741119eecc4788c35f3c61d1948e429b061a11fea3fa876261ef1ebcc82163ebd00f83667841ccb835eee2a2432d0ccb31299e3ee33df3cc59b61201f35757c761a00963c6a38cf93f1b5dd264ae603463a7aa5211e5dae36c889f4ead8f783675ba3a14b2f02b339e8e268046d2cba80ec99945b69fabf692424b6a48afffe2182e0634fec78529adcf09d67f0b51d761153ba6b0b33b091c49ce3d214dd8b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x778)

[ 1949.372171][T10735] IPVS: ftp: loaded support on port[0] = 21
21:47:01 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x00\x00\x01\xfe\x00'}, &(0x7f0000000300)=0x54)

21:47:01 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x300}, 0x0)

21:47:01 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, 0x0, 0x0)

21:47:01 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x100000000000000, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:47:01 executing program 3:
r0 = accept4$x25(0xffffffffffffff9c, &(0x7f0000000000), &(0x7f0000000040)=0x12, 0x80000)
getpeername(r0, &(0x7f0000000080)=@l2, &(0x7f0000000100)=0x80)
r1 = syz_open_dev$loop(&(0x7f0000000180)='/dev/loop#\x00', 0x40000000, 0x14000)
ioctl$BLKDISCARD(r1, 0x1277, &(0x7f00000001c0)=0x8000)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000140)=0x410, 0x4)

21:47:01 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x200000000000000, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:47:01 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0xffffff1f}, 0x0)

[ 1949.683990][T10775] IPVS: ftp: loaded support on port[0] = 21
21:47:01 executing program 3:
r0 = syz_open_dev$loop(&(0x7f0000000180)='/dev/loop#\x00', 0x0, 0x4d02)
ioctl$BLKDISCARD(r0, 0x1277, &(0x7f0000000080)=0x8003)

21:47:01 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='coredump_filter\x00')
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @multicast2}, 0x10)
socket$packet(0x11, 0x3, 0x300)
getresuid(&(0x7f0000000340), &(0x7f0000000380), &(0x7f00000003c0))
getresgid(&(0x7f0000000400), &(0x7f0000000440), &(0x7f0000000480))
mount$fuseblk(&(0x7f0000000280)='/dev/loop0\x00', &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='fuseblk\x00', 0x80000, &(0x7f00000004c0)=ANY=[@ANYBLOB=',default_permissions,allow_other,blksize=0x0000000000001c00,dont_hash,context=root,smackfstransmute=coredump_filter\x00,\x00'])
getsockopt$packet_buf(0xffffffffffffffff, 0x107, 0x0, &(0x7f0000000040)=""/8, &(0x7f0000000080)=0x8)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x7e0}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$packet(0x11, 0x0, 0x300)
socket$inet_tcp(0x2, 0x1, 0x0)
clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000240)={&(0x7f0000000200)='./file1\x00', r0}, 0x10)
bind$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4}, 0x1c)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000f59ffc)=0x5, 0x4)
fsync(r2)
r3 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f00000000c0)=0x6, 0x4)
bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @ipv4={[], [], @dev}}, 0x1c)
getpid()
mknod$loop(&(0x7f0000000040)='./file0\x00', 0x6001, 0xffffffffffffffff)
creat(&(0x7f00000007c0)='./file0\x00', 0x0)
unlink(&(0x7f0000000000)='./file0\x00')
sendto$inet(r1, 0x0, 0x0, 0x20000802, &(0x7f0000000100)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000000)='ip6_vti0\x00', 0x10)
write$FUSE_CREATE_OPEN(r1, &(0x7f0000000140)={0xa0, 0x0, 0x0, {{0x0, 0x0, 0x0, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc18f}}, {0x0, 0x7}}}, 0xa0)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='ip6tnl0\x00', 0x10)
sendto$inet(r1, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x0, 0x0, 0x0)
shutdown(r1, 0x1)

21:47:01 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vsock\x00', 0x40840, 0x0)
setsockopt$RDS_GET_MR_FOR_DEST(r1, 0x114, 0x7, &(0x7f0000000280)={@ipx={0x4, 0xff, 0x1, "c9db80386468", 0x8}, {&(0x7f0000000180)=""/150, 0x96}, &(0x7f0000000240), 0x10}, 0xa0)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd601bfc97004d8800fe800000000000000000000000000000ff02000000000000000000000000000100004e20004d9078e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff874ab1af86c48cd416a29e50b32881721afab69cc3712c37ed038d00086ef7216476798011d16a605703b497fa8e97635353077cc14d01ea028edb39f6ff3171ac118b2e8b0a7178a41a259f2a36daec3d7"], 0x0)

21:47:01 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x2}, 0x0)

21:47:01 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x300000000000000, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

[ 1950.392081][T10775] IPVS: ftp: loaded support on port[0] = 21
[ 1950.686418][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 1950.692319][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 1950.698222][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 1950.704030][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 1950.710132][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 1950.715900][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 1951.326350][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1951.332179][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 1951.338145][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1951.343969][    C0] protocol 88fb is buggy, dev hsr_slave_1
21:47:05 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\x00'}, &(0x7f0000000300)=0x54)

21:47:05 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
r1 = syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x5, 0x2000)
getpeername$packet(0xffffffffffffff9c, &(0x7f00000000c0)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route_sched(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4e00}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)=@deltfilter={0x78, 0x2d, 0x900, 0x70bd2a, 0x25dfdbfe, {0x0, r2, {0x2, 0xc}, {0xfff1, 0xffff}, {0x1, 0x5}}, [@TCA_CHAIN={0x8, 0xb, 0x8}, @TCA_RATE={0x8, 0x5, {0x6}}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0x1c, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0xdd}, @TCA_U32_LINK={0x8, 0x3, 0x5}, @TCA_U32_DIVISOR={0x8, 0x4, 0xf}]}}, @TCA_CHAIN={0x8}, @TCA_RATE={0x8, 0x5, {0x4, 0x1}}, @TCA_CHAIN={0x8, 0xb, 0x2}]}, 0x78}, 0x1, 0x0, 0x0, 0x4000815}, 0x11)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)

21:47:05 executing program 3:
r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000040)=0x1)
r1 = syz_open_dev$loop(&(0x7f0000000180)='/dev/loop#\x00', 0x0, 0x4d02)
ioctl$BLKDISCARD(r1, 0x1277, &(0x7f00000001c0)=0x8000)
r2 = request_key(&(0x7f0000000100)='pkcs7_test\x00', &(0x7f0000000140)={'syz', 0x1}, &(0x7f0000000200)='\x00', 0xfffffffffffffffa)
add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, r2)

21:47:05 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x400000000000000, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:47:05 executing program 0:
r0 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x2)
write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYBLOB="9136fb02f88aaf70c91cdadb8796b3e028f4ac49804f96e95afd4a1e9d2855acc099d93b2329876814ef336eee7a"], 0x2e)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
read(r0, 0x0, 0x0)

21:47:05 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x3}, 0x0)

21:47:05 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x4}, 0x0)

21:47:05 executing program 0:
r0 = syz_open_dev$video(&(0x7f00000000c0)='/dev/video#\x00', 0x8447, 0x0)
ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000280)={0x3, @win={{}, 0x0, 0x0, 0x0, 0x0, 0x0}})

21:47:05 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x800000000000000, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:47:05 executing program 3:
r0 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0)
ioctl$sock_SIOCGIFCONF(r0, 0x8912, &(0x7f0000000040)=@buf)
r1 = syz_open_dev$loop(&(0x7f0000000180)='/dev/loop#\x00', 0x0, 0x4d02)
ioctl$BLKDISCARD(r1, 0x1277, &(0x7f00000001c0)=0x8000)

21:47:05 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x8}, 0x0)

[ 1953.931853][T10826] IPVS: ftp: loaded support on port[0] = 21
21:47:05 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0xa00000000000000, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

[ 1954.515136][T10826] IPVS: ftp: loaded support on port[0] = 21
21:47:06 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\x00'}, &(0x7f0000000300)=0x54)

21:47:06 executing program 0:
ioctl(0xffffffffffffffff, 0x0, 0x0)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x1)
ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000100)={0xa1, 0x8})
add_key$user(0x0, 0x0, &(0x7f0000000140)="62a40c263b54c4c38d848dbfaa14c6e5e8f47857330ada088aad82af8002c5bc53b05f477d1ccfa4db2ffe09155bbdf3398b21df14ad0c5722a8382c9a26611b9062e0d51ef098c902019013b26753eb747ee9ca6605006c783e95", 0x5b, 0xfffffffffffffff9)
keyctl$describe(0x6, 0x0, 0x0, 0x0)
ioctl$FICLONE(0xffffffffffffffff, 0x40049409, 0xffffffffffffffff)

21:47:06 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0xa}, 0x0)

21:47:06 executing program 3:
r0 = syz_open_dev$loop(&(0x7f0000000180)='/dev/loop#\x00', 0x0, 0x4d02)
ioctl$BLKDISCARD(r0, 0x1277, &(0x7f00000001c0)=0x8000)
r1 = syz_open_dev$dmmidi(&(0x7f0000000080)='/dev/dmmidi#\x00', 0x1000000000000000, 0x210000)
ioctl$EVIOCGABS2F(r1, 0x8018456f, &(0x7f0000000200)=""/249)
r2 = socket$pptp(0x18, 0x1, 0x2)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x40)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0xc)

21:47:06 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0xe00000000000000, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:47:06 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @loopback, 0xfffffffffffffffd}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)

21:47:06 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0xe}, 0x0)

21:47:06 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0xf00000000000000, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

[ 1954.902874][T10867] IPVS: ftp: loaded support on port[0] = 21
21:47:06 executing program 0:
r0 = epoll_create1(0x0)
r1 = epoll_create1(0x0)
close(r0)
openat$vcs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcs\x00', 0x220902, 0x0)
unshare(0x8000400)
ioctl$FICLONERANGE(r1, 0x4020940d, &(0x7f0000000000)={r0})

21:47:06 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0xf}, 0x0)

21:47:06 executing program 3:
r0 = syz_open_dev$loop(&(0x7f0000000180)='/dev/loop#\x00', 0x0, 0x4d02)
ioctl$BLKDISCARD(r0, 0x1277, &(0x7f0000000000)=0x57)

21:47:07 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x1000000000000000, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

[ 1955.475877][T10867] IPVS: ftp: loaded support on port[0] = 21
21:47:07 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x02\x00'}, &(0x7f0000000300)=0x54)

21:47:07 executing program 3:
r0 = syz_open_dev$loop(&(0x7f0000000180)='/dev/loop#\x00', 0x9, 0x40)
ioctl$BLKDISCARD(r0, 0x1277, &(0x7f00000001c0)=0x8000)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f00000005c0)={<r1=>0xffffffffffffff9c})
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000600)={0x40, 0x8000, 0x9, 0xe5, <r2=>0x0}, &(0x7f0000000640)=0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000740)={r2, 0x90, &(0x7f0000000680)=[@in6={0xa, 0x4e23, 0x80000000, @remote}, @in6={0xa, 0x4e22, 0xffffffff, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0xa00}, @in={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}, @in6={0xa, 0x4e20, 0x7fffffff, @mcast1, 0x7}, @in={0x2, 0x4e24, @empty}, @in6={0xa, 0x4e20, 0xb58, @ipv4={[], [], @empty}, 0x4}]}, &(0x7f0000000780)=0x10)

21:47:07 executing program 0:
r0 = socket$inet6(0xa, 0x40000000002, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vhost-vsock\x00', 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000040)=ANY=[])
dup3(r0, r1, 0x0)

21:47:07 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x10}, 0x0)

21:47:07 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x6000000000000000, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:47:07 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000000), &(0x7f00000001c0)=0x4)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x10000000004e24}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd601bfc97004d8800fe800000000000000000000000000000ff02000000000000000000000000000100004e20004d9078e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0a11d53e583a16a4ae0fc0aed79843da0c0172e6f97d6b4a3039b45e6828572dba42cd5ea0a3f41e239b5e7ae574719e9bcda41f2005b9bb9b8a6edd2311ce8be6b5feec95763c9c2a5fdc6390893cedc43462dfca4a8bdcb4fd9a7277f99b85bbfb75872e0545b6f132ff85c945a9c162f5f0602af493f3e782ec4abf2d0e26004fa96170017aabd01c4369bd0597c2825b7cef5a18c34452a37e265abcfcda24d"], 0x0)

21:47:07 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x7c20000000000000, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

[ 1955.825614][T10906] IPVS: ftp: loaded support on port[0] = 21
21:47:07 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x60}, 0x0)

21:47:07 executing program 3:
r0 = syz_open_dev$loop(&(0x7f0000000180)='/dev/loop#\x00', 0x0, 0x4d02)
r1 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0xab0, 0x40000)
setsockopt$inet_tcp_buf(r1, 0x6, 0x3d, &(0x7f0000000040)="0777df71f0b45446e9f15120aa72499f21c2a76796bf34d5ad2f1e4be12f98100954772e918d29f578687a2ce480bd40106de6ce02dde0b8aad1829331acf540dd48046e284f04e2f04896a16f58b00e308b33b44f9cbe7904fff0ab6e7471f982fb07df1261f881612e63cf574d8ba7bb458e84e1e2d7f5092d95d55c473ba3e28c727786a3615a2f0c7bd1cb4fe38dc9f3b0470d31d7bc29a6e823ea4f9ab292815021bdec0134645a0ce4b694f58d6e8a20a8e79526776c47554284b038a27e45ed3122f07a1caa035f2f1de6eadc73855a57d0529b8cdc09078d6c4072491cb2576184e6f54b24cfe59f677ec1", 0xef)
ioctl$BLKDISCARD(r0, 0x1277, &(0x7f00000001c0)=0x8000)
fcntl$getownex(r1, 0x10, &(0x7f0000000140)={0x0, <r2=>0x0})
syz_open_procfs(r2, &(0x7f0000000200)='auxv\x00')

21:47:07 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x9effffff00000000, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:47:07 executing program 0:
openat$vhci(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhci\x00', 0x40000)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
clone(0x4000002102001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
request_key(&(0x7f000000aff5)='asymmetric\x00', &(0x7f0000001ffb)={'\x00\x00\b', 0xffffffffffffffff, 0x4c00000000000000}, &(0x7f0000001fee)='R\trist\xe3cusgrVid:De', 0x0)

21:47:08 executing program 0:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\x00'}, &(0x7f0000000300)=0x54)

[ 1956.241093][T10936] IPVS: ftp: loaded support on port[0] = 21
[ 1956.564037][T10906] IPVS: ftp: loaded support on port[0] = 21
21:47:08 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x04\x00'}, &(0x7f0000000300)=0x54)

21:47:08 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0xf0ffffff00000000, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:47:08 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0xf0}, 0x0)

21:47:08 executing program 3:
r0 = syz_open_dev$loop(&(0x7f0000000180)='/dev/loop#\x00', 0x0, 0x4d02)
ioctl$BLKDISCARD(r0, 0x1277, &(0x7f0000000040)=0x1000000)
ioctl$IOC_PR_REGISTER(r0, 0x401870c8, &(0x7f0000000000)={0x100000000, 0x101})
ioctl$BLKDISCARD(r0, 0x1277, &(0x7f00000001c0)=0x8000)

21:47:08 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
socket$unix(0x1, 0x7, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd601bfc97004d8800f6800000000000000000000000000000ff02000000000000000000000000000100004e20004d9078e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"], 0x0)
socketpair(0x2, 0x80000, 0x9, &(0x7f0000000100)={<r1=>0xffffffffffffffff})
bind$isdn_base(r1, &(0x7f0000000140)={0x22, 0x7, 0x10001, 0x400, 0x7}, 0x6)
r2 = syz_open_dev$vivid(&(0x7f0000000040)='/dev/video#\x00', 0x3, 0x2)
ioctl$VIDIOC_ENUMINPUT(r2, 0xc050561a, &(0x7f0000000080)={0x3, "5283a0cf6a21da730b7eeb92266b626736cbbf323c36b6c56a30f936aeb0516a", 0x3, 0x7, 0x3, 0xd0007, 0x0, 0x2})

21:47:08 executing program 0:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\xff\xff\xff\x9d\x00'}, &(0x7f0000000300)=0x54)

[ 1956.908134][T10953] IPVS: ftp: loaded support on port[0] = 21
[ 1956.926341][    C1] net_ratelimit: 26 callbacks suppressed
[ 1956.926351][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 1956.938385][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 1956.944236][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 1956.950155][    C1] protocol 88fb is buggy, dev hsr_slave_1
21:47:08 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x300}, 0x0)

21:47:08 executing program 3:
r0 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x7fffffff, 0xb0a69ec7cc2a21c6)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r0, 0x400c6615, &(0x7f0000000040))
r1 = syz_open_dev$loop(&(0x7f0000000180)='/dev/loop#\x00', 0x0, 0x4d02)
ioctl$BLKDISCARD(r1, 0x1277, &(0x7f00000001c0)=0x7ffe)

[ 1956.953013][T10957] IPVS: ftp: loaded support on port[0] = 21
[ 1956.955978][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 1956.967740][    C1] protocol 88fb is buggy, dev hsr_slave_1
21:47:08 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0xffffff7f00000000, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:47:09 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0xa00}, 0x0)

21:47:09 executing program 3:
r0 = syz_open_dev$loop(&(0x7f0000000180)='/dev/loop#\x00', 0x0, 0x4d02)
ioctl$BLKDISCARD(r0, 0x1277, &(0x7f0000000080)=0x9)

21:47:09 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0xfffffffffffff000, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

[ 1957.566378][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1957.572285][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 1957.578302][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1957.584085][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 1957.755273][T10957] IPVS: ftp: loaded support on port[0] = 21
21:47:10 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x11\x00'}, &(0x7f0000000300)=0x54)

21:47:10 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0xe00}, 0x0)

21:47:10 executing program 3:
r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x1, 0x0)
ioctl$CAPI_GET_MANUFACTURER(r0, 0xc0044306, &(0x7f0000000040)=0x400)
syz_open_dev$loop(&(0x7f0000000180)='/dev/loop#\x00', 0x0, 0x4d02)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080)={<r1=>0xffffffffffffffff}, 0x106, 0x3}}, 0x20)
write$RDMA_USER_CM_CMD_BIND(r0, &(0x7f00000001c0)={0x14, 0x88, 0xfa00, {r1, 0x1c, 0x0, @in6={0xa, 0x4e23, 0x3, @dev={0xfe, 0x80, [], 0x18}, 0x6}}}, 0x90)

21:47:10 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2803, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:47:10 executing program 5:
clock_gettime(0x7, &(0x7f0000000040))
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)

21:47:10 executing program 0:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x02\x00'}, &(0x7f0000000300)=0x54)

21:47:10 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x280c, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:47:10 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0xf00}, 0x0)

[ 1958.296920][T11000] IPVS: ftp: loaded support on port[0] = 21
[ 1958.309616][T11004] IPVS: ftp: loaded support on port[0] = 21
21:47:10 executing program 3:
r0 = syz_open_dev$loop(&(0x7f0000000180)='/dev/loop#\x00', 0x0, 0x4d02)
r1 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x4, 0x3)
mmap$binder(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2, 0x100010, r1, 0x0)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00')
sendmsg$TIPC_NL_BEARER_GET(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="680100002490bd8faa6fd80acd7638a7f1bd815c860f985610d9a81e58e71955161bbbc2660df9ecdc25bcb75dbc3dfa290bb65baabe7bbe3a9234ae34fe676ccde37f961c5000cfb3eaf2339b2a6869dd04081f7bc635b5d0fbb4917936c05b", @ANYRES16=r2, @ANYBLOB="00df1cfa95f2d6020029bd7000fbdbdf25040000000c000900080002007e6700001c0006000a0001000900000008000100080000000400020004000200240009000800010022fcffff080002009d00000008000100040000000800020001040000dc000500140002000800010003000000080001000800000008000100756470001c00020008000400470c0000080003000300000008000100020000000800010065746800080001007564700054000200080004000700000008000200070000000800040009000000080001000700000008000200000080000800020004000000080001000500000008000200001600000800030078050000080002008000000034000200080003003f0000000800040005000000080002000400000008000300010000000800040001000000080001000a00000008000100657468002c000600040002000400020004000200040002000400020004000200040002000800010007"], 0x168}}, 0x4000)
ioctl$BLKDISCARD(r0, 0x1277, &(0x7f0000000040)=0x8000)

21:47:10 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x40000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:47:10 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x1b8c}, 0x0)

21:47:10 executing program 3:
ioctl$BLKDISCARD(0xffffffffffffffff, 0x1277, &(0x7f00000001c0)=0x8000)

[ 1959.072339][T11004] IPVS: ftp: loaded support on port[0] = 21
21:47:11 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x1d\x00'}, &(0x7f0000000300)=0x54)

21:47:11 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x6000}, 0x0)

21:47:11 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000002, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:47:11 executing program 3:
r0 = syz_open_dev$loop(&(0x7f0000000180)='/dev/loop#\x00', 0x0, 0x4000004d02)
r1 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x9, 0x4000)
ioctl$KVM_SET_SREGS(r1, 0x4138ae84, &(0x7f0000000040)={{0x15000, 0x10000, 0x3, 0x4, 0x200, 0x5, 0x8, 0x6, 0x3, 0x9, 0x79485876, 0x6}, {0x6002, 0x0, 0xe, 0x22ad, 0x446a, 0x1000, 0xa7, 0x22, 0x2, 0x3, 0x6, 0x10000}, {0x1, 0x100000, 0xf, 0x9, 0x10001, 0x72, 0x8000, 0x7, 0x4, 0x1, 0x1ff, 0x1}, {0x0, 0x4000, 0x0, 0x9, 0x1, 0x6, 0x5, 0x1000, 0x7, 0x2, 0xbf, 0x4}, {0x1000, 0x4, 0x3, 0x5, 0x5, 0x9, 0xe44, 0x5, 0x40, 0x7ff, 0x800, 0xef}, {0x4000, 0x5000, 0xb, 0xda0e, 0xd0, 0x7fff, 0x2, 0x6, 0x5, 0x6fa, 0x6, 0x9}, {0x100000, 0x106004, 0x0, 0xfffffffffffffff9, 0x8, 0x10001, 0x9, 0x1, 0x5, 0x8000, 0x1, 0x2}, {0x3000, 0x0, 0x3, 0x3, 0x4, 0x800, 0xa15, 0x1ff, 0x6, 0x7ff, 0x9d88, 0x6}, {0x4, 0x7003}, {0x100000}, 0x10020, 0x0, 0x5004, 0x100, 0x5, 0x1000, 0x2, [0x6, 0x101, 0x200, 0xfffffffffffffff8]})
openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000200)='/dev/qat_adf_ctl\x00', 0x80000, 0x0)
ioctl$BLKDISCARD(r0, 0x1277, &(0x7f00000001c0)=0x8000)

21:47:11 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
r1 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x2400)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000001600)={0x9, 0x0, [{0x10000, 0x54, &(0x7f0000000080)=""/84}, {0x7000, 0xff, &(0x7f0000000100)=""/255}, {0x2000, 0x6e, &(0x7f0000000200)=""/110}, {0x1, 0x1000, &(0x7f0000000400)=""/4096}, {0x100000, 0x8b, &(0x7f0000000280)=""/139}, {0xd000, 0x62, &(0x7f0000001400)=""/98}, {0x4000, 0xf6, &(0x7f0000001480)=""/246}, {0xf000, 0x13, &(0x7f0000001580)=""/19}, {0x4, 0x21, &(0x7f00000015c0)=""/33}]})
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)

[ 1959.468857][T11045] IPVS: ftp: loaded support on port[0] = 21
21:47:11 executing program 0 (fault-call:3 fault-nth:0):
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300), 0x1c)

21:47:11 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x8c1b}, 0x0)

21:47:11 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000003, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:47:11 executing program 3:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}, 0x0}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)

21:47:11 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300), 0x1c)

21:47:11 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000004, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:47:11 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0xf000}, 0x0)

[ 1960.074079][T11045] IPVS: ftp: loaded support on port[0] = 21
21:47:12 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00b\x00'}, &(0x7f0000000300)=0x54)

21:47:12 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0x2}, 0x1c)

21:47:12 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000008, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:47:12 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x30000}, 0x0)

21:47:12 executing program 5:
r0 = socket$inet6(0xa, 0x200000000000000, 0x88)
r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x10000, 0x0)
setsockopt$RDS_GET_MR_FOR_DEST(r1, 0x114, 0x7, &(0x7f00000000c0)={@nfc={0x27, 0x1, 0x1, 0x274241d8a46826f6}, {&(0x7f0000000380)=""/4096, 0x1000}, &(0x7f0000000080), 0x2}, 0xa0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x4000000000000bd, 0x103, 0x0)
syz_emit_ethernet(0x1, &(0x7f0000000340)=ANY=[@ANYRES32], 0x0)

21:47:12 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x34000}, 0x0)

21:47:12 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x100000a, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:47:12 executing program 3:
r0 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x1, 0x2)
r1 = syz_open_dev$dri(&(0x7f0000000040)='/dev/dri/card#\x00', 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4)
ioctl$DRM_IOCTL_SG_ALLOC(r1, 0xc0106438, &(0x7f0000000080))
r4 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vsock\x00', 0x2000, 0x0)
dup2(r4, r3)
ioctl$int_in(0xffffffffffffffff, 0x0, 0x0)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f00000000c0)={0xffffffffffffffd3, 0x5, 0x100000000000d00}, 0xfffffefd)
r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$VIDIOC_DECODER_CMD(r0, 0xc0485660, &(0x7f0000000040)={0x5, 0x2, @start={0x6}})
ioctl$RTC_PIE_ON(r0, 0x7005)
ioctl$sock_bt_hidp_HIDPCONNDEL(r5, 0x400448c9, &(0x7f0000000100)={{0x5, 0x4, 0xffffffffffffffe1, 0x1ff, 0x5, 0x2565}, 0xfffffffffffffffc})
open$dir(&(0x7f0000000000)='./file0\x00', 0x8000, 0x0)

[ 1960.464650][T11078] IPVS: ftp: loaded support on port[0] = 21
21:47:12 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0x3}, 0x1c)

21:47:12 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x100000e, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:47:12 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x400300}, 0x0)

21:47:12 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaa00aa86dd601bfc97004d8800fe800000000000000000000000000000ff02000000000000000000000000000100004e20004d9078e29607149378d33e1db1c73936c77aa3f7fac33b042bd36823686253193295d60831b7cda8b48e3e34ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b3288"], 0x0)

[ 1961.265881][T11078] IPVS: ftp: loaded support on port[0] = 21
21:47:13 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00c\x00'}, &(0x7f0000000300)=0x54)

21:47:13 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0x4}, 0x1c)

21:47:13 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0xf0ffff}, 0x0)

21:47:13 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x100000f, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:47:13 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x1000000}, 0x0)

21:47:13 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0x5}, 0x1c)

21:47:13 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000010, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

[ 1961.613985][T11119] IPVS: ftp: loaded support on port[0] = 21
[ 1962.042732][T11119] IPVS: ftp: loaded support on port[0] = 21
[ 1963.166309][    C1] net_ratelimit: 26 callbacks suppressed
[ 1963.166319][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 1963.177846][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 1963.183646][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 1963.189479][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 1963.195301][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 1963.201131][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 1963.816464][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1963.822306][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 1963.828283][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1963.834089][    C0] protocol 88fb is buggy, dev hsr_slave_1
21:47:16 executing program 3:
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x2})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000340)={{&(0x7f00004b4000/0x4000)=nil, 0x4000}, 0x1})
setrlimit(0x7, &(0x7f0000000100))
clone(0x0, 0x0, 0x0, 0x0, 0x0)
sigaltstack(&(0x7f00004b5000/0x2000)=nil, 0x0)
read(r0, &(0x7f0000000380)=""/100, 0xffe4)
r1 = accept4$inet(r0, &(0x7f0000000040), &(0x7f0000000080)=0x10, 0x80800)
ioctl$sock_SIOCSIFBR(r1, 0x8941, &(0x7f00000000c0)=@generic={0x304903564729372f, 0x5, 0x7})

21:47:16 executing program 5:
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x0, 0x0)
ioctl$SCSI_IOCTL_SYNC(r0, 0x4)
recvmmsg(0xffffffffffffffff, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaa2aaaaaaaaaaa084b871bdd601bfc97004d8800fe800000000000000000000000000000ff02000000000000000000000000000100004e20004d9078e29607149378d33e1db1c7682368625319348bc3c373d6ea51369e92dd96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed055000000000000000000000000"], 0x0)
ioctl$TCSETA(r0, 0x5406, &(0x7f0000000000)={0x6, 0x8, 0x20, 0x7fff, 0x3, 0x10001, 0x3, 0x5, 0x8, 0x7})
ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000100)={0x4, 0x6, 0x8, 0x1f, 0x3f})
syz_init_net_socket$llc(0x1a, 0x1, 0x0)

21:47:16 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x2000000}, 0x0)

21:47:16 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0x6}, 0x1c)

21:47:16 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000060, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:47:16 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00q\x00'}, &(0x7f0000000300)=0x54)

21:47:16 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x10000f0, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:47:16 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x3000000}, 0x0)

21:47:16 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
r1 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x0, 0x2)
getdents(r1, &(0x7f0000000080), 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd601bfc976b09000000000000000000000000000000000000ff02000000000000000000000000000100004e20004d9078e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"], 0x0)
socket$can_raw(0x1d, 0x3, 0x1)

[ 1964.889456][T11138] IPVS: ftp: loaded support on port[0] = 21
21:47:16 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0x7}, 0x1c)

21:47:17 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000300, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:47:17 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x4000000}, 0x0)

21:47:17 executing program 3:
msgget(0x0, 0x30)
socket$alg(0x26, 0x5, 0x0)
r0 = timerfd_create(0x2, 0x0)
r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = syz_open_dev$swradio(&(0x7f00000002c0)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2)
ioctl$DRM_IOCTL_ADD_BUFS(r2, 0xc0206416, &(0x7f0000000040)={0xf01, 0x61, 0x3, 0x2, 0x2, 0xb5})
r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r4 = openat$null(0xffffffffffffff9c, &(0x7f0000000580)='/dev/null\x00', 0x10000, 0x0)
ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f00000005c0)='syz0\x00')
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$GIO_SCRNMAP(0xffffffffffffffff, 0x4b40, &(0x7f0000000600)=""/226)
r5 = semget$private(0x0, 0x4, 0x4)
semctl$GETPID(r5, 0x0, 0xb, &(0x7f0000000080)=""/20)
semtimedop(0x0, &(0x7f0000000140)=[{0x0, 0x9, 0x1800}], 0x1, &(0x7f0000000200)={0x0, 0x989680})
setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f00000000c0)=0xfff, 0x4)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000240)={[0x0, 0xc6, 0x7, 0x81, 0x3, 0x99, 0x7, 0x4, 0x81, 0x8, 0x7fff, 0x2, 0xff, 0xfffffffffffffff8, 0x101], 0xf000, 0x1000})
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22}}, 0xfff, 0x82b5}, &(0x7f0000000100)=0x90)
getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f00000004c0)=ANY=[@ANYBLOB="6d00000087c75029a9ef02d4406c425ff3e7f7ef736455a31ad67edafb746cb37d231e742edb000083a8cedbab41218271d73c056a944811b17ec682f81000bb51082c3082567f5c03304a830dbc87270738c16dd3770d39d29fbebb3fb20b46e8431d2afb54729335e700000000000000"], 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000001740)={0x0, r0, 0x7a8, 0x9, 0x1, 0xfffffffffffffffc})
semctl$IPC_RMID(0x0, 0x0, 0x0)
getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r3, 0x12, 0x2, &(0x7f0000000100)=""/94, &(0x7f00000001c0)=0x5e)
openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/attr/exec\x00', 0x2, 0x0)
r6 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net\x00\x00\x00\x00\x00\x00\x00\a/expire_nodest_conn\x00', 0x2, 0x0)
ioctl$KVM_SET_DEBUGREGS(r6, 0x4080aea2, &(0x7f0000000380)={[0xf000, 0x4, 0x2001, 0x3000], 0x0, 0xd8, 0x7})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4)
ioctl$SNDRV_SEQ_IOCTL_DELETE_PORT(r6, 0x40a85321, &(0x7f00000002c0)={{0x1, 0x5}, 'port1\x00', 0x51, 0x16043c, 0x1, 0x3, 0x4, 0x543, 0x1ff, 0x0, 0x7, 0x4b})
openat$ptmx(0xffffffffffffff9c, &(0x7f0000001780)='/dev/ptmx\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1, 0x8031, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r6, 0x84, 0x74, &(0x7f0000000700)=""/4096, &(0x7f0000001700)=0x1000)
rt_sigprocmask(0x0, &(0x7f0000000240)={0x4f123a47}, &(0x7f0000000280), 0x8)

21:47:17 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x88\x00'}, &(0x7f0000000300)=0x54)

21:47:17 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0x8}, 0x1c)

21:47:17 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000a00, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:47:17 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x8000000}, 0x0)

21:47:17 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0xa000000}, 0x0)

21:47:17 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000e00, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:47:18 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0x9}, 0x1c)

[ 1967.007813][T11190] syz-executor3 invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[ 1967.019660][T11190] CPU: 0 PID: 11190 Comm: syz-executor3 Not tainted 5.0.0-rc1-next-20190109 #8
[ 1967.028637][T11190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1967.038728][T11190] Call Trace:
[ 1967.042061][T11190]  dump_stack+0x1db/0x2d0
[ 1967.046445][T11190]  ? dump_stack_print_info.cold+0x20/0x20
[ 1967.052275][T11190]  dump_header+0x1e6/0x116c
[ 1967.056819][T11190]  ? add_lock_to_list.isra.0+0x450/0x450
[ 1967.062480][T11190]  ? perf_trace_lock+0x750/0x750
[ 1967.067461][T11190]  ? print_usage_bug+0xd0/0xd0
[ 1967.072264][T11190]  ? pagefault_out_of_memory+0x1a1/0x1a1
[ 1967.077929][T11190]  ? ___ratelimit+0x37c/0x686
[ 1967.082657][T11190]  ? mark_held_locks+0xb1/0x100
[ 1967.087560][T11190]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 1967.093401][T11190]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 1967.099240][T11190]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 1967.104579][T11190]  ? trace_hardirqs_on+0xbd/0x310
[ 1967.109632][T11190]  ? kasan_check_read+0x11/0x20
[ 1967.114540][T11190]  ? ___ratelimit+0x37c/0x686
[ 1967.119269][T11190]  ? trace_hardirqs_off_caller+0x300/0x300
[ 1967.125145][T11190]  ? do_raw_spin_trylock+0x270/0x270
[ 1967.130464][T11190]  ? trace_hardirqs_on_caller+0x310/0x310
[ 1967.136214][T11190]  ? lock_acquire+0x1db/0x570
[ 1967.141026][T11190]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 1967.146883][T11190]  ? ___ratelimit+0xac/0x686
[ 1967.151514][T11190]  ? idr_get_free+0xee0/0xee0
[ 1967.156236][T11190]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 1967.161597][T11190]  oom_kill_process.cold+0x10/0x9ca
[ 1967.166836][T11190]  ? cgroup_procs_next+0x70/0x70
[ 1967.171812][T11190]  ? _raw_spin_unlock_irq+0x5e/0x90
[ 1967.177069][T11190]  ? oom_badness+0xa50/0xa50
[ 1967.181705][T11190]  ? oom_evaluate_task+0x540/0x540
[ 1967.186854][T11190]  ? mem_cgroup_iter_break+0x30/0x30
[ 1967.192186][T11190]  ? mutex_trylock+0x2d0/0x2d0
[ 1967.197030][T11190]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 1967.202548][T11190]  out_of_memory+0x885/0x1420
[ 1967.207266][T11190]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[ 1967.213611][T11190]  ? oom_killer_disable+0x340/0x340
[ 1967.218844][T11190]  ? lock_release+0x546/0xc40
[ 1967.223575][T11190]  ? lock_acquire+0x1db/0x570
[ 1967.228314][T11190]  mem_cgroup_out_of_memory+0x160/0x210
[ 1967.233884][T11190]  ? do_raw_spin_unlock+0xa0/0x330
[ 1967.239025][T11190]  ? memory_oom_group_write+0x160/0x160
[ 1967.244615][T11190]  ? do_raw_spin_trylock+0x270/0x270
[ 1967.249967][T11190]  ? _raw_spin_unlock+0x2d/0x50
[ 1967.254870][T11190]  try_charge+0x1457/0x1d00
[ 1967.259421][T11190]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[ 1967.265119][T11190]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 1967.270700][T11190]  ? lock_downgrade+0xbe0/0xbe0
[ 1967.275595][T11190]  ? kasan_check_read+0x11/0x20
[ 1967.280495][T11190]  ? rcu_read_unlock_special+0x380/0x380
[ 1967.286232][T11190]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[ 1967.291844][T11190]  ? get_mem_cgroup_from_page+0x190/0x190
[ 1967.297641][T11190]  ? print_usage_bug+0xd0/0xd0
[ 1967.302462][T11190]  mem_cgroup_try_charge+0x43a/0xdb0
[ 1967.307805][T11190]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1967.314093][T11190]  ? mem_cgroup_protected+0xa10/0xa10
[ 1967.319543][T11190]  ? shmem_getattr+0x2c0/0x2c0
[ 1967.324367][T11190]  ? perf_trace_run_bpf_submit+0x241/0x310
[ 1967.330245][T11190]  ? perf_trace_run_bpf_submit+0x248/0x310
[ 1967.336092][T11190]  ? print_usage_bug+0xd0/0xd0
[ 1967.340945][T11190]  mem_cgroup_try_charge_delay+0x1f/0xa0
[ 1967.346634][T11190]  shmem_getpage_gfp+0xa85/0x4b70
[ 1967.351770][T11190]  ? shmem_add_to_page_cache+0x19a0/0x19a0
[ 1967.357637][T11190]  ? check_preemption_disabled+0x48/0x290
[ 1967.363417][T11190]  ? memset+0x32/0x40
[ 1967.367460][T11190]  ? perf_trace_lock+0x47b/0x750
[ 1967.372437][T11190]  ? rwlock_bug.part.0+0x90/0x90
[ 1967.377430][T11190]  ? add_lock_to_list.isra.0+0x450/0x450
[ 1967.383116][T11190]  ? reacquire_held_locks+0xfb/0x520
[ 1967.388434][T11190]  ? alloc_set_pte+0x134a/0x1df0
[ 1967.393444][T11190]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1967.399737][T11190]  ? lock_downgrade+0xbe0/0xbe0
[ 1967.404622][T11190]  ? kasan_check_read+0x11/0x20
[ 1967.409506][T11190]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 1967.415575][T11190]  ? perf_trace_run_bpf_submit+0x241/0x310
[ 1967.421416][T11190]  ? perf_trace_run_bpf_submit+0x241/0x310
[ 1967.427281][T11190]  ? perf_trace_run_bpf_submit+0x248/0x310
[ 1967.433162][T11190]  ? perf_tp_event+0xc20/0xc20
[ 1967.437957][T11190]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1967.444225][T11190]  ? check_preemption_disabled+0x48/0x290
[ 1967.450002][T11190]  ? memset+0x32/0x40
[ 1967.454044][T11190]  ? perf_trace_lock+0x47b/0x750
[ 1967.459041][T11190]  shmem_fault+0x25a/0x950
[ 1967.463539][T11190]  ? shmem_read_mapping_page_gfp+0x200/0x200
[ 1967.469617][T11190]  ? __handle_mm_fault+0x42e1/0x55a0
[ 1967.474947][T11190]  ? find_held_lock+0x35/0x120
[ 1967.479757][T11190]  ? __handle_mm_fault+0x42e1/0x55a0
[ 1967.485100][T11190]  __do_fault+0x176/0x7b0
[ 1967.489478][T11190]  ? do_page_mkwrite+0x740/0x740
[ 1967.494453][T11190]  ? do_raw_spin_unlock+0xa0/0x330
[ 1967.499612][T11190]  ? do_raw_spin_trylock+0x270/0x270
[ 1967.504941][T11190]  ? add_mm_counter_fast.part.0+0x40/0x40
[ 1967.510737][T11190]  __handle_mm_fault+0x370a/0x55a0
[ 1967.515925][T11190]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1967.521509][T11190]  ? check_preemption_disabled+0x48/0x290
[ 1967.527313][T11190]  ? handle_mm_fault+0x3cc/0xc80
[ 1967.532340][T11190]  ? lock_downgrade+0xbe0/0xbe0
[ 1967.537229][T11190]  ? kasan_check_read+0x11/0x20
[ 1967.542151][T11190]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 1967.548178][T11190]  ? rcu_read_unlock_special+0x380/0x380
[ 1967.553879][T11190]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1967.560160][T11190]  ? check_preemption_disabled+0x48/0x290
[ 1967.565933][T11190]  handle_mm_fault+0x4ec/0xc80
[ 1967.570742][T11190]  ? __handle_mm_fault+0x55a0/0x55a0
[ 1967.576078][T11190]  ? __get_user_pages+0x4f8/0x1e10
[ 1967.581253][T11190]  __get_user_pages+0x8f7/0x1e10
[ 1967.586266][T11190]  ? follow_page_mask+0x1f40/0x1f40
[ 1967.591558][T11190]  ? retint_kernel+0x2d/0x2d
[ 1967.596245][T11190]  populate_vma_page_range+0x2bc/0x3b0
[ 1967.601892][T11190]  ? follow_page+0x430/0x430
[ 1967.606513][T11190]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1967.612802][T11190]  ? vmacache_update+0x114/0x140
[ 1967.617794][T11190]  __mm_populate+0x27e/0x4c0
[ 1967.622436][T11190]  ? populate_vma_page_range+0x3b0/0x3b0
[ 1967.628099][T11190]  ? down_read_killable+0x150/0x150
[ 1967.633326][T11190]  ? security_mmap_file+0x1a7/0x1e0
[ 1967.638593][T11190]  vm_mmap_pgoff+0x277/0x2b0
[ 1967.643238][T11190]  ? vma_is_stack_for_current+0xd0/0xd0
[ 1967.648818][T11190]  ? kasan_check_read+0x11/0x20
[ 1967.653705][T11190]  ? _copy_to_user+0xc9/0x120
[ 1967.658455][T11190]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1967.664754][T11190]  ksys_mmap_pgoff+0x102/0x650
[ 1967.669588][T11190]  ? find_mergeable_anon_vma+0xd0/0xd0
[ 1967.675093][T11190]  ? trace_hardirqs_on+0xbd/0x310
[ 1967.680188][T11190]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1967.686488][T11190]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1967.692621][T11190]  ? trace_hardirqs_off_caller+0x300/0x300
[ 1967.698492][T11190]  __x64_sys_mmap+0xe9/0x1b0
[ 1967.703145][T11190]  do_syscall_64+0x1a3/0x800
[ 1967.707773][T11190]  ? syscall_return_slowpath+0x5f0/0x5f0
[ 1967.713445][T11190]  ? prepare_exit_to_usermode+0x232/0x3b0
[ 1967.719213][T11190]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1967.724813][T11190]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1967.730735][T11190] RIP: 0033:0x457ec9
[ 1967.734671][T11190] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1967.754309][T11190] RSP: 002b:00007f58d40bfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 1967.762754][T11190] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9
[ 1967.770841][T11190] RDX: 0000000000000001 RSI: 0000000000b36000 RDI: 0000000020000000
[ 1967.778843][T11190] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000
[ 1967.786840][T11190] R10: 0000000000008031 R11: 0000000000000246 R12: 00007f58d40c06d4
[ 1967.794840][T11190] R13: 00000000004c3b56 R14: 00000000004d6910 R15: 00000000ffffffff
[ 1967.826394][T11190] memory: usage 307120kB, limit 307200kB, failcnt 3432
[ 1967.833384][T11190] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1967.841608][T11190] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1967.849219][T11190] Memory cgroup stats for /syz3: cache:5072KB rss:242772KB rss_huge:212992KB shmem:5076KB mapped_file:5016KB dirty:0KB writeback:0KB swap:0KB inactive_anon:5132KB active_anon:242808KB inactive_file:0KB active_file:0KB unevictable:0KB
[ 1967.873630][T11190] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor3,pid=11188,uid=0
[ 1967.890184][T11190] Memory cgroup out of memory: Kill process 11188 (syz-executor3) score 1113 or sacrifice child
[ 1967.916896][T11190] Killed process 11188 (syz-executor3) total-vm:70532kB, anon-rss:104kB, file-rss:32832kB, shmem-rss:5008kB
[ 1967.938988][ T1042] oom_reaper: reaped process 11188 (syz-executor3), now anon-rss:0kB, file-rss:32804kB, shmem-rss:5012kB
[ 1969.406312][    C1] net_ratelimit: 26 callbacks suppressed
[ 1969.406323][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 1969.417819][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 1969.423631][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 1969.429428][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 1969.435232][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 1969.441042][    C1] protocol 88fb is buggy, dev hsr_slave_1
21:47:21 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @empty, 0x6}, 0x312)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x14, &(0x7f0000000340)={@local, @local, [], {@generic={0x6807, "0d9da9cb7864"}}}, 0x0)

21:47:21 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0xe000000}, 0x0)

21:47:21 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000f00, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:47:21 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xb}, 0x1c)

21:47:21 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x98\x00'}, &(0x7f0000000300)=0x54)

21:47:21 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text16={0x10, &(0x7f00000003c0)="0f20d86635080000000f22d866b80500000066b9060d20500f01c1ba6100b01aeed9a6390b0f0174170f009a0050670f01caba610066b80010000066ef260f22276766c74424004edeac976766c74424022c0000006766c744240600000000670f011424", 0x64}], 0x1, 0x0, 0x0, 0x0)
statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)={0x5})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_mount_image$gfs2(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='quota,nosuiddir,spectator,lockproto=lock_nolock,loccookie,lockproto=dlm,acl,lockproto=dlm,pcr=0000000000\a\x0000000021,\x00'])
r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x14000, 0x0)
ioctl$SIOCRSGL2CALL(r3, 0x89e5, &(0x7f0000000080))

[ 1969.675251][T11211] IPVS: ftp: loaded support on port[0] = 21
21:47:21 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0xf000000}, 0x0)

21:47:21 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x2}, 0x1c)

21:47:21 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x100207c, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:47:21 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x3}, 0x1c)

21:47:21 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1006000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:47:21 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x10000000}, 0x0)

[ 1970.048187][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1970.054787][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 1970.062892][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1970.070263][    C0] protocol 88fb is buggy, dev hsr_slave_1
21:47:22 executing program 5:
r0 = socket$netlink(0x10, 0x3, 0x0)
writev(r0, &(0x7f0000000180)=[{&(0x7f0000000100)="390000001300090417feb1ae7aa77cf40000ff3f09000000000000000000001419000400430100000a00005d14a4e91ee438d2fd0000000000", 0x39}], 0x1)
r1 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r1, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaeaa86dd601bfc97004d8800feeb403b664a1b465fac3817800000000000000000000000000000ff02000000000000000000000000000100004e20004d9078e29607149378d33e1db1c73936c77aa3f7fac33b042bd36823686253aa34ecb1c373d6ea51369e92fb96cc7c6fe4874d1fcafff87429050000001721afab69cc3712c37ed0"], 0x0)

21:47:22 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4}, 0x1c)

21:47:22 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x60000000}, 0x0)

21:47:22 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1007c20, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

[ 1970.544298][T11211] IPVS: ftp: loaded support on port[0] = 21
[ 1970.741737][T11260] netlink: 'syz-executor5': attribute type 4 has an invalid length.
21:47:22 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\xc1\x00'}, &(0x7f0000000300)=0x54)

21:47:22 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x5}, 0x1c)

21:47:22 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x8c1b0000}, 0x0)

21:47:22 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x100f000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:47:22 executing program 3:
r0 = socket$inet6(0xa, 0x2000000802, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000f68000)={@mcast1, 0x800, 0x0, 0xff, 0x1}, 0x20)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcs\x00', 0x80000, 0x0)
r2 = syz_open_dev$swradio(&(0x7f00000002c0)='/dev/swradio#\x00', 0x1, 0x2)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000100)={<r3=>0xffffffffffffffff}, 0x113, 0x8}}, 0x20)
write$RDMA_USER_CM_CMD_REJECT(r1, &(0x7f0000000180)={0x9, 0x108, 0xfa00, {r3, 0xf3, "1e9768", "0ec04b639b59c6c01b4fb95d071b7552344f58a865723f8c390522100fae874be65f0df6c4a165996a6371d775aaaac46447f587ba35ed18ac27928a33d0533d9147b315b35495f469f034693574861bdbf042f6fc0c6503a7ceb354f51c9beaf5b3fc1b2bbe582232d479684d6a558ea20a216876383475c907381246e305f371c9282f94e1237e00df3fbcf69693884db1cfb5843889cdc1f3e28d3c7aa6b44f902ed363f2fce7b271925b6e3987b2cfb024d3ab3996fdc275bec8a4946bb2fd87df93ca33a586a74381ed4df0caa39e6abad2e0bdacd6481b1d4eb1173ae97ce478d45a95045be100d5ea5ccc413b9f8267c4d993eb1aba91f18e144838ec"}}, 0x110)
connect$inet6(r0, &(0x7f0000000380)={0xa, 0x0, 0x807}, 0x1c)
setsockopt$inet6_MCAST_LEAVE_GROUP(r0, 0x29, 0x2d, &(0x7f0000000000)={0x2, {{0xa, 0x4e24, 0x800, @local, 0x4}}}, 0x88)
sendmmsg(r0, &(0x7f0000001740)=[{{0x0, 0x0, &(0x7f0000000040), 0x0, &(0x7f0000000000), 0x4}}], 0x3ffffffffffff2d, 0x0)

21:47:23 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x2000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:47:23 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x9effffff}, 0x0)

21:47:23 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x6}, 0x1c)

[ 1971.127736][T11277] IPVS: ftp: loaded support on port[0] = 21
[ 1971.515819][T11262] netlink: 'syz-executor5': attribute type 4 has an invalid length.
21:47:23 executing program 5:
r0 = syz_open_pts(0xffffffffffffff9c, 0x2000)
ioctl$FS_IOC_ENABLE_VERITY(r0, 0x6685)
r1 = socket$inet6(0xa, 0x80002, 0x88)
r2 = open(&(0x7f0000000080)='./file0\x00', 0x80000, 0x80)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f00000000c0)=0x1, 0x4)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r1, &(0x7f0000000040)=[{{0x0, 0xffffffffffffff0f, 0x0, 0x1f9}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)

21:47:23 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0xf0ffffff}, 0x0)

21:47:23 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x3000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:47:23 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x7}, 0x1c)

[ 1971.752948][T11277] IPVS: ftp: loaded support on port[0] = 21
21:47:24 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x1e\x01\x00'}, &(0x7f0000000300)=0x54)

21:47:24 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0xfffff000}, 0x0)

21:47:24 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x8}, 0x1c)

21:47:24 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x8000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:47:24 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
r1 = syz_open_dev$audion(&(0x7f0000000100)='/dev/audio#\x00', 0x7f, 0x44000)
getsockopt$ARPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x63, &(0x7f0000000080)={'TPROXY\x00'}, &(0x7f00000000c0)=0x1e)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000140)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86000000000000000000ff02000000000000000000000000000100004e20004d9078e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0000000000000000000000000000000002c699074454b03dabd8d3cb08f17bc67b92f8c5cd2afec9664917d1a412d2d845b6e6f8ad28127ca1101a021540e2b51161b388dd33f3f0c727e350ed080650c1cce1948546edaaa95e57862c6201f1ff6117d3478103d6de8262e6cd77d1cbb6e991c378b58efc16e8b94830c4fed1808edff38c582d3a5f3f053d561becc63ef540f89b8a2b27a3003f2fb4e8e527ae5c394f7bca72a1c4030496886de70b10dc9ee659e05c59c7737a8a4faef71dd439671e31085ff4e54f56cce"], 0x0)

21:47:24 executing program 3:
r0 = timerfd_create(0x0, 0x0)
readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000140)=""/14, 0xe}], 0x1)
timerfd_settime(r0, 0x0, &(0x7f0000000040)={{0x77359400}, {0x0, 0x1c9c380}}, 0x0)
r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x0, 0x0)
ioctl$TUNSETVNETLE(r1, 0x400454dc, &(0x7f0000000080))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x80000003, 0x8031, 0xffffffffffffffff, 0x0)
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
pkey_free(0xffffffffffffffff)
pkey_mprotect(&(0x7f00003f7000/0x3000)=nil, 0x3000, 0x0, 0xffffffffffffffff)

21:47:24 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0xffffff7f}, 0x0)

21:47:24 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1fffffff, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

[ 1972.242152][T11317] IPVS: ftp: loaded support on port[0] = 21
21:47:24 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x9}, 0x1c)

21:47:24 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x3f000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:47:24 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0xffffff9e}, 0x0)

21:47:24 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0xa}, 0x1c)

[ 1972.765857][T11319] syz-executor3 invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[ 1972.794218][T11319] CPU: 1 PID: 11319 Comm: syz-executor3 Not tainted 5.0.0-rc1-next-20190109 #8
[ 1972.803249][T11319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1972.813333][T11319] Call Trace:
[ 1972.816665][T11319]  dump_stack+0x1db/0x2d0
[ 1972.821014][T11319]  ? dump_stack_print_info.cold+0x20/0x20
[ 1972.826781][T11319]  ? check_preemption_disabled+0x48/0x290
[ 1972.832546][T11319]  dump_header+0x1e6/0x116c
[ 1972.837075][T11319]  ? add_lock_to_list.isra.0+0x450/0x450
[ 1972.842718][T11319]  ? perf_trace_lock+0x750/0x750
[ 1972.847866][T11319]  ? print_usage_bug+0xd0/0xd0
[ 1972.852645][T11319]  ? pagefault_out_of_memory+0x1a1/0x1a1
[ 1972.858290][T11319]  ? ___ratelimit+0x37c/0x686
[ 1972.862986][T11319]  ? mark_held_locks+0xb1/0x100
[ 1972.867849][T11319]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 1972.873665][T11319]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 1972.879506][T11319]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 1972.884813][T11319]  ? trace_hardirqs_on+0xbd/0x310
[ 1972.889858][T11319]  ? kasan_check_read+0x11/0x20
[ 1972.894722][T11319]  ? ___ratelimit+0x37c/0x686
[ 1972.899417][T11319]  ? trace_hardirqs_off_caller+0x300/0x300
[ 1972.905235][T11319]  ? do_raw_spin_trylock+0x270/0x270
[ 1972.910549][T11319]  ? trace_hardirqs_on_caller+0x310/0x310
[ 1972.916292][T11319]  ? lock_acquire+0x1db/0x570
[ 1972.920997][T11319]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 1972.926817][T11319]  ? ___ratelimit+0xac/0x686
[ 1972.931423][T11319]  ? idr_get_free+0xee0/0xee0
[ 1972.936135][T11319]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 1972.941467][T11319]  oom_kill_process.cold+0x10/0x9ca
[ 1972.946686][T11319]  ? cgroup_procs_next+0x70/0x70
[ 1972.951643][T11319]  ? _raw_spin_unlock_irq+0x5e/0x90
[ 1972.956855][T11319]  ? oom_badness+0xa50/0xa50
[ 1972.961467][T11319]  ? oom_evaluate_task+0x540/0x540
[ 1972.966592][T11319]  ? mem_cgroup_iter_break+0x30/0x30
[ 1972.971892][T11319]  ? mutex_trylock+0x2d0/0x2d0
[ 1972.976670][T11319]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1972.982941][T11319]  ? rcu_read_unlock_special+0x380/0x380
[ 1972.988604][T11319]  out_of_memory+0x885/0x1420
[ 1972.993300][T11319]  ? mem_cgroup_iter+0x4f4/0xf50
[ 1972.998265][T11319]  ? oom_killer_disable+0x340/0x340
[ 1973.003579][T11319]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[ 1973.009404][T11319]  ? lock_acquire+0x1db/0x570
[ 1973.014123][T11319]  mem_cgroup_out_of_memory+0x160/0x210
[ 1973.019681][T11319]  ? do_raw_spin_unlock+0xa0/0x330
[ 1973.024804][T11319]  ? memory_oom_group_write+0x160/0x160
[ 1973.030356][T11319]  ? do_raw_spin_trylock+0x270/0x270
[ 1973.035669][T11319]  ? _raw_spin_unlock+0x2d/0x50
[ 1973.040544][T11319]  try_charge+0x1457/0x1d00
[ 1973.045068][T11319]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[ 1973.050640][T11319]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 1973.056220][T11319]  ? lock_downgrade+0xbe0/0xbe0
[ 1973.061090][T11319]  ? kasan_check_read+0x11/0x20
[ 1973.065967][T11319]  ? rcu_read_unlock_special+0x380/0x380
[ 1973.071636][T11319]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[ 1973.077205][T11319]  ? get_mem_cgroup_from_page+0x190/0x190
[ 1973.082957][T11319]  ? add_lock_to_list.isra.0+0x450/0x450
[ 1973.088616][T11319]  ? print_usage_bug+0xd0/0xd0
[ 1973.093409][T11319]  mem_cgroup_try_charge+0x43a/0xdb0
[ 1973.098723][T11319]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1973.104992][T11319]  ? mem_cgroup_protected+0xa10/0xa10
[ 1973.110394][T11319]  ? shmem_getattr+0x2c0/0x2c0
[ 1973.115173][T11319]  ? __lock_acquire+0x572/0x4a10
[ 1973.120126][T11319]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 1973.125432][T11319]  ? print_usage_bug+0xd0/0xd0
[ 1973.130226][T11319]  mem_cgroup_try_charge_delay+0x1f/0xa0
[ 1973.135880][T11319]  shmem_getpage_gfp+0xa85/0x4b70
[ 1973.140962][T11319]  ? shmem_add_to_page_cache+0x19a0/0x19a0
[ 1973.146803][T11319]  ? lock_acquire+0x1db/0x570
[ 1973.151504][T11319]  ? alloc_set_pte+0x134a/0x1df0
[ 1973.156480][T11319]  ? kasan_check_write+0x14/0x20
[ 1973.161439][T11319]  ? do_raw_spin_lock+0x156/0x360
[ 1973.166487][T11319]  ? lock_release+0xc40/0xc40
[ 1973.171190][T11319]  ? rwlock_bug.part.0+0x90/0x90
[ 1973.176147][T11319]  ? pmd_devmap_trans_unstable+0x1d0/0x1d0
[ 1973.181965][T11319]  ? add_lock_to_list.isra.0+0x450/0x450
[ 1973.187645][T11319]  ? reacquire_held_locks+0xfb/0x520
[ 1973.192962][T11319]  ? alloc_set_pte+0x134a/0x1df0
[ 1973.197913][T11319]  ? find_held_lock+0x60/0x120
[ 1973.202688][T11319]  ? filemap_map_pages+0xe29/0x1cc0
[ 1973.207905][T11319]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1973.214264][T11319]  ? lock_downgrade+0xbe0/0xbe0
[ 1973.219126][T11319]  ? kasan_check_read+0x11/0x20
[ 1973.223985][T11319]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 1973.229975][T11319]  ? rcu_read_unlock_special+0x380/0x380
[ 1973.235628][T11319]  ? filemap_map_pages+0xe50/0x1cc0
[ 1973.240855][T11319]  ? find_get_entries_tag+0x13d0/0x13d0
[ 1973.246405][T11319]  ? follow_page_pte+0x3f4/0x1a50
[ 1973.251468][T11319]  shmem_fault+0x25a/0x950
[ 1973.255912][T11319]  ? shmem_read_mapping_page_gfp+0x200/0x200
[ 1973.261909][T11319]  ? __handle_mm_fault+0x42e1/0x55a0
[ 1973.267227][T11319]  ? find_held_lock+0x35/0x120
[ 1973.272002][T11319]  ? __handle_mm_fault+0x42e1/0x55a0
[ 1973.277831][T11319]  __do_fault+0x176/0x7b0
[ 1973.282178][T11319]  ? do_page_mkwrite+0x740/0x740
[ 1973.287128][T11319]  ? do_raw_spin_unlock+0xa0/0x330
[ 1973.292251][T11319]  ? do_raw_spin_trylock+0x270/0x270
[ 1973.297559][T11319]  ? add_mm_counter_fast.part.0+0x40/0x40
[ 1973.303299][T11319]  __handle_mm_fault+0x370a/0x55a0
[ 1973.308442][T11319]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1973.313999][T11319]  ? check_preemption_disabled+0x48/0x290
[ 1973.319727][T11319]  ? handle_mm_fault+0x3cc/0xc80
[ 1973.324690][T11319]  ? lock_downgrade+0xbe0/0xbe0
[ 1973.329558][T11319]  ? kasan_check_read+0x11/0x20
[ 1973.334448][T11319]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 1973.340440][T11319]  ? rcu_read_unlock_special+0x380/0x380
[ 1973.346084][T11319]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1973.352345][T11319]  ? check_preemption_disabled+0x48/0x290
[ 1973.358089][T11319]  handle_mm_fault+0x4ec/0xc80
[ 1973.362864][T11319]  ? __handle_mm_fault+0x55a0/0x55a0
[ 1973.368163][T11319]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 1973.373897][T11319]  __get_user_pages+0x8f7/0x1e10
[ 1973.378854][T11319]  ? follow_page_mask+0x1f40/0x1f40
[ 1973.384071][T11319]  ? lock_acquire+0x1db/0x570
[ 1973.388759][T11319]  ? ___might_sleep+0x1e7/0x310
[ 1973.393618][T11319]  ? lock_release+0xc40/0xc40
[ 1973.398297][T11319]  ? find_held_lock+0x35/0x120
[ 1973.403073][T11319]  ? vm_mmap_pgoff+0x21a/0x2b0
[ 1973.407849][T11319]  populate_vma_page_range+0x2bc/0x3b0
[ 1973.413317][T11319]  ? memset+0x32/0x40
[ 1973.414771][T11320] IPVS: ftp: loaded support on port[0] = 21
[ 1973.417306][T11319]  ? follow_page+0x430/0x430
[ 1973.417324][T11319]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1973.417338][T11319]  ? vmacache_update+0x114/0x140
[ 1973.417361][T11319]  __mm_populate+0x27e/0x4c0
[ 1973.417383][T11319]  ? populate_vma_page_range+0x3b0/0x3b0
[ 1973.417400][T11319]  ? down_read_killable+0x150/0x150
[ 1973.417416][T11319]  ? security_mmap_file+0x1a7/0x1e0
[ 1973.417444][T11319]  vm_mmap_pgoff+0x277/0x2b0
[ 1973.454459][T11319]  ? vma_is_stack_for_current+0xd0/0xd0
[ 1973.454480][T11319]  ? kasan_check_read+0x11/0x20
[ 1973.454498][T11319]  ? _copy_to_user+0xc9/0x120
[ 1973.454521][T11319]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1973.479329][T11319]  ksys_mmap_pgoff+0x102/0x650
[ 1973.479356][T11319]  ? find_mergeable_anon_vma+0xd0/0xd0
[ 1973.479374][T11319]  ? trace_hardirqs_on+0xbd/0x310
[ 1973.479390][T11319]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1973.479414][T11319]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1973.513119][T11319]  ? trace_hardirqs_off_caller+0x300/0x300
[ 1973.518938][T11319]  __x64_sys_mmap+0xe9/0x1b0
[ 1973.523551][T11319]  do_syscall_64+0x1a3/0x800
[ 1973.523573][T11319]  ? syscall_return_slowpath+0x5f0/0x5f0
[ 1973.523592][T11319]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 1973.523610][T11319]  ? __switch_to_asm+0x34/0x70
[ 1973.523631][T11319]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1973.549856][T11319]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1973.555751][T11319] RIP: 0033:0x457ec9
[ 1973.559651][T11319] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1973.579255][T11319] RSP: 002b:00007f58d409ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 1973.587673][T11319] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9
[ 1973.595647][T11319] RDX: 0000000080000003 RSI: 0000000000b36000 RDI: 0000000020000000
[ 1973.595664][T11319] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000
[ 1973.611603][T11319] R10: 0000000000008031 R11: 0000000000000246 R12: 00007f58d409f6d4
[ 1973.619716][T11319] R13: 00000000004c3b56 R14: 00000000004d6910 R15: 00000000ffffffff
[ 1973.686298][T11319] memory: usage 307196kB, limit 307200kB, failcnt 3445
[ 1973.693251][T11319] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1973.717997][T11319] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1973.725001][T11319] Memory cgroup stats for /syz3: cache:5052KB rss:242784KB rss_huge:212992KB shmem:5100KB mapped_file:5016KB dirty:0KB writeback:0KB swap:0KB inactive_anon:5148KB active_anon:242808KB inactive_file:0KB active_file:0KB unevictable:0KB
[ 1973.768081][T11319] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor3,pid=11308,uid=0
[ 1973.786883][T11319] Memory cgroup out of memory: Kill process 11308 (syz-executor3) score 1113 or sacrifice child
[ 1973.801754][T11319] Killed process 11308 (syz-executor3) total-vm:70532kB, anon-rss:104kB, file-rss:32768kB, shmem-rss:5012kB
21:47:25 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00*\x01\x00'}, &(0x7f0000000300)=0x54)

21:47:25 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x3}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:47:25 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0xfffffff0}, 0x0)

21:47:25 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x10}, 0x1c)

21:47:25 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
r1 = dup2(r0, r0)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080)='TIPC\x00')
fcntl$getown(r1, 0x9)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000020}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x30, r2, 0x200, 0x70bd27, 0x25dfdbfb, {{}, 0x0, 0xb, 0x0, {0x14, 0x14, 'broadcast-link\x00'}}, ["", "", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x4040}, 0x4040054)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r1, 0xc0505405, &(0x7f0000000180)={{0x0, 0x0, 0xffffffff, 0x3, 0x9210}, 0xc0, 0x0, 0x800})

21:47:25 executing program 3:
r0 = accept$inet(0xffffffffffffff9c, &(0x7f0000000140)={0x2, 0x0, @empty}, &(0x7f0000000180)=0x10)
ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f00000001c0)={{0x2, 0x4e22, @remote}, {0x7, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x4, {0x2, 0x4e24, @rand_addr=0x5}, 'bcsf0\x00'})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
get_mempolicy(&(0x7f0000000000), &(0x7f0000000040), 0x1, &(0x7f0000ffc000/0x4000)=nil, 0x0)
r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x488000, 0x0)
ioctl$PPPIOCSDEBUG(r2, 0x40047440, &(0x7f0000000100)=0x28)
getsockopt$sock_int(r1, 0x1, 0x6, 0x0, &(0x7f00000000c0))
get_mempolicy(&(0x7f0000000240), &(0x7f0000000280), 0x4, &(0x7f0000ffc000/0x3000)=nil, 0x3)

21:47:25 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0xc}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

[ 1973.953560][T11356] IPVS: ftp: loaded support on port[0] = 21
21:47:25 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x78}, 0x1c)

21:47:25 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x3000000000000}, 0x0)

21:47:26 executing program 3:
futex(&(0x7f000000cffc)=0x100000000000004, 0x0, 0x4, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc)=0x4, 0x0, 0x4, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x10000000004, 0x2, &(0x7f0000cc3ff0)={0x77359400}, &(0x7f000044b000), 0x0)
r0 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x5, 0x4000)
ioctl$UI_SET_SWBIT(r0, 0x4004556d, 0xc)
ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000080)=<r1=>0x0)
fcntl$lock(r0, 0x7, &(0x7f00000000c0)={0x1, 0x3, 0x4, 0x7, r1})
ioctl$SG_SET_COMMAND_Q(r0, 0x2271, &(0x7f0000000040)=0x1)

21:47:26 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x3, 0x2, [@generic='P']}]}, 0x1c}}, 0x0)

21:47:26 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0xfc}, 0x1c)

[ 1974.309771][T11377] netlink: 8 bytes leftover after parsing attributes in process `syz-executor4'.
[ 1974.702854][T11356] IPVS: ftp: loaded support on port[0] = 21
21:47:26 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x000\x01\x00'}, &(0x7f0000000300)=0x54)

21:47:26 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x40030000000000}, 0x0)

21:47:26 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x3, [@generic='P']}]}, 0x1c}}, 0x0)

21:47:26 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x300}, 0x1c)

21:47:26 executing program 3:
timer_delete(0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
shmget$private(0x0, 0x3000, 0x20, &(0x7f0000002000/0x3000)=nil)
shmget$private(0x0, 0x12000, 0x210, &(0x7f0000002000/0x12000)=nil)
r0 = shmget$private(0x0, 0x2000, 0x400, &(0x7f000000b000/0x2000)=nil)
shmctl$SHM_LOCK(r0, 0xb)
setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x32, 0x0, 0x0)
connect$l2tp(0xffffffffffffffff, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}}}, 0x26)
semctl$GETPID(0x0, 0x0, 0xb, 0x0)
fstat(0xffffffffffffffff, 0x0)
ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000700)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff}, 0x13f}}, 0x12d)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000200)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21}, {0xa, 0x4e24, 0x0, @mcast1}, r2}}, 0x48)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, 0x0, 0x0)
write$RDMA_USER_CM_CMD_DESTROY_ID(0xffffffffffffffff, 0x0, 0x0)
r3 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x3, 0x2)
ioctl$KDDISABIO(r3, 0x4b37)

21:47:26 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
fanotify_init(0x6, 0x0)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)

[ 1974.945738][T11394] netlink: 'syz-executor4': attribute type 3 has an invalid length.
21:47:26 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0xf0ffffffffffff}, 0x0)

21:47:26 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0xc, [@generic='P']}]}, 0x1c}}, 0x0)

[ 1975.006129][T11401] IPVS: ftp: loaded support on port[0] = 21
21:47:27 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x500}, 0x1c)

21:47:27 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x100000000000000}, 0x0)

21:47:27 executing program 3:
r0 = accept$ax25(0xffffffffffffff9c, &(0x7f0000001a80)={{0x3, @bcast}, [@null, @default, @netrom, @netrom, @rose, @netrom, @null, @default]}, &(0x7f0000001b00)=0x48)
ioctl$SIOCAX25OPTRT(r0, 0x89e7, &(0x7f0000001b40)={@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, 0x2, 0x44})
bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x15, 0x4, &(0x7f0000346fc8)=ANY=[@ANYBLOB="180000000fe1000071100aefa1f20000"], &(0x7f0000f6bffb)='GPL\x00'}, 0x48)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
recvfrom$inet6(r1, &(0x7f0000000000)=""/56, 0xfffffffffffffdbd, 0x20, 0x0, 0x0)
ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, &(0x7f00000000c0)=<r2=>0x0)
r3 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x400000, 0x0)
getsockopt$inet_IP_IPSEC_POLICY(r3, 0x0, 0x10, &(0x7f0000000140)={{{@in6=@ipv4={[], [], @local}, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in6=@initdev}, 0x0, @in6=@loopback}}, &(0x7f0000000240)=0xe8)
r5 = geteuid()
getresuid(&(0x7f0000000280), &(0x7f00000002c0)=<r6=>0x0, &(0x7f0000000300))
setresuid(r4, r5, r6)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x4, 0x6fb2e29a, 0x100000001, 0x9, 0x0, 0x400, 0x199, 0x0, 0x400, 0x1f, 0x3, 0x3, 0x7, 0x1, 0x8, 0x8, 0x7, 0x28, 0x6, 0xfffffffffffffffa, 0x2000000000000, 0x4, 0x3, 0x1, 0x4, 0x2, 0xfff, 0x0, 0x4, 0x1, 0xffff, 0x4, 0xfffffffffffffff9, 0x3f, 0xfffffffffffffff7, 0xfffffffffffff800, 0x0, 0x3, 0x0, @perf_config_ext={0x5, 0x7ff}, 0x2, 0x4, 0x2, 0x3, 0x2, 0x3, 0xf0}, r2, 0x5, r3, 0x1)

21:47:27 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0xf}}, 0x0)

[ 1975.529586][T11401] IPVS: ftp: loaded support on port[0] = 21
[ 1975.646467][    C1] net_ratelimit: 26 callbacks suppressed
[ 1975.646475][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 1975.658043][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 1975.663983][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 1975.669859][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 1975.675767][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 1975.681649][    C1] protocol 88fb is buggy, dev hsr_slave_1
21:47:27 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x9c\x01\x00'}, &(0x7f0000000300)=0x54)

21:47:27 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x600}, 0x1c)

21:47:27 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x14}}, 0x0)

21:47:27 executing program 3:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x1, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @ipv4}}}, 0xffaf)
getsockopt$inet6_buf(r0, 0x29, 0x20, &(0x7f0000000280)=""/132, &(0x7f0000000340)=0x84)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x1, {{0xa, 0x0, 0x0, @mcast1, 0x4}}, {{0xa, 0x0, 0x92, @ipv4={[], [], @remote}}}}, 0x108)
getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000000)=""/40, &(0x7f0000001000)=0xfffffffffffffff9)
r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000380)='/proc/capi/capi20\x00', 0x80, 0x0)
setsockopt$IP_VS_SO_SET_EDIT(r1, 0x0, 0x483, &(0x7f00000003c0)={0x2, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x1, 'lblc\x00', 0x2, 0x40, 0x7}, 0x2c)

21:47:27 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x200000000000000}, 0x0)

21:47:27 executing program 5:
r0 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x6, 0x0)
write$P9_RCLUNK(r0, &(0x7f0000000080)={0x7, 0x79, 0x1}, 0x7)
r1 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r1, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)

21:47:27 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x32, 0x800)
recvfrom$unix(r1, &(0x7f00000001c0)=""/183, 0xb7, 0x10000, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0xffffffffffffffc7)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f0000000300)={0x80, 0x2, {0xffffffffffffffff, 0xa97aa6f92e32c380, 0x4000000000000000, 0x3, 0x6}})
ioctl(r0, 0x1000008912, &(0x7f0000000100)="0adc1f023c123f3188a070")
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="800000000100000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x3a, 0x400}], 0x8, 0x0)

21:47:27 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x30}}, 0x0)

21:47:27 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x700}, 0x1c)

21:47:27 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x300000000000000}, 0x0)

[ 1975.976476][T11443] IPVS: ftp: loaded support on port[0] = 21
[ 1976.133185][T11448] EXT4-fs (loop3): can't read group descriptor 0
21:47:28 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x400000000000000}, 0x0)

21:47:28 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0xc0}}, 0x0)

[ 1976.286375][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1976.292277][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 1976.298195][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1976.303994][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 1976.607750][T11443] IPVS: ftp: loaded support on port[0] = 21
21:47:28 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\xc8\x01\x00'}, &(0x7f0000000300)=0x54)

21:47:28 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x900}, 0x1c)

21:47:28 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x800000000000000}, 0x0)

21:47:28 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0xec0}}, 0x0)

21:47:28 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
unshare(0x20020000)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/vs/pmtu_disc\x00', 0x2, 0x0)
r2 = syz_open_dev$vbi(&(0x7f0000000100)='/dev/vbi#\x00', 0x2, 0x2)
ioctl$TUNSETSTEERINGEBPF(r1, 0x800454e0, &(0x7f0000000140)=r2)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000380)='sysfs\x00*\x86OK\xc0\v\xce\x1b\xdb cr\x13\xb1\xe8\x94\xd1 q_\x9d\xc1\x12[\x04,r&\xeb\x016\xd9bN\xa1\xd23t\xa6`\xfeZ\xc1sr/\xd3g\xad\"\xe8U0%\xa2\xe8\xbe\v\xc5QCy\xafr\x13\xd3+\x8d]\x06\xdc\x8f\xbf,\x84\x9e\xd9\xcd\xef\xc7K\x03\xdf\xa9\xcbZ\x90\xb2\x8bK$\xd7\x86,=f\xfc\xa51g\xd5BB5CZ=\xbbv\xbc}<B\xfc.\x9cia\x14\xa6\xf8\x88\xf0\xda\x85\'v\x83\xcf\xc1\xc4\xd2\xbfq\xc2U\xa3\x13Md\xcc?\xed\x8e\x97y\x8d\xeb\x861\xcb\xf7h,\x9f\xa2\xed\x03\x14e\xaa\x19\x1d\xf9\"\xf7d)|\xba\"\xa8I\x9d\x17\x7fI\xfb\xa9@\xf5[\xbc\x8br?\xd3t\xf1\xfe\xd7\x8c\x8a\xee\xc6\x81\x1d\x9bXyHs\x87\xd5e\x94\xa1L%\x88\'M\xe8O\xa2v\x100+?\xb5Ar\xa8\xc9\x10\xa0~|v\xeaFZ\xa6\x84\x02', 0x0, 0x0)
mkdir(&(0x7f00000002c0)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000700)='./file0/../file0\x00', &(0x7f0000000240)='tracefs\x00', 0x0, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000004c0)='ramfs\x00\'\x0eX\xbeG#\x02u\xd0\x9d\r\xa6D\xaeg\x91s\xac\x1b\xc6]O\x83\xcf\xe9B\x0er\xcf\x7f\xder\x1c!\xa8\xcc\xb2\xdb\x96L$;\v?\x8a\xf1\x97\xbc\xa8\xe2\x1e\x8b-\x86:\x121\x1c\xb7\xb9\x05\xf4\xe2e{L\x98J\xb0\x97%\xaaa\xa2\xb5\x1c\xb0\xb6\xefd\xb9r&\xa0^\x14\x9b3\x87\xff\x9b\xb3B\x1b\xcf\xca\xe0}\xd4ek\xae3\xbeM\x02_\xc8:\"\xcaG\xc2\x87\xaa\xf0\xfe\x12\xcfP?\x9e\xd5\">+\\/\xfd\x85_\f\x16,\xcf_&\xea\xcb,\x91D$\xfb\xe0tt(\xe2\x7f\x1d\xab\x1e\a\xad\x98\x01IG\xa4\xae\xe0\x0f\xb0f\x8a\xc4\xa4\xcb2\xca\r\xd4\xe7\x1awG\b\xde\xfaM\xd1\bA\xee\x7f\x87y\x9e\n~6\xa2j-\xb1\x7f\xdf\xa1y<\x9e\x03\xaf\xffO\x02\xb7\xc4e8\"xw\xee\x9f*Shb \x97\xb0\xd7\x8f3\xd9\xe0\xfdS\xca\x10[2(\x02\xd2\x18\xc7\xcb*h8b*76 $\x15\x9b;0\xd7\x00\x00\x00\x00\xfa\xfb\xfd\x02\xaf0', 0x0, 0x0)
poll(0x0, 0x0, 0x400007f)
ioctl$KVM_GET_EMULATED_CPUID(r2, 0xc008ae09, &(0x7f0000000180)=""/182)
keyctl$session_to_parent(0x12)
rename(&(0x7f0000000300)='./file0\x00', &(0x7f0000000280)='./file1\x00')

21:47:28 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
connect$inet6(r0, &(0x7f0000000280)={0xa, 0x4e25, 0xffffffffffffffff, @remote, 0x6}, 0xfffffffffffffd36)
setxattr$security_smack_entry(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='security.SMACK64IPOUT\x00', &(0x7f00000000c0)='GPLwlan0vmnet0?keyring\x89\x00', 0x18, 0x2)
r1 = geteuid()
r2 = getgid()
chown(&(0x7f0000000240)='./file0\x00', r1, r2)
mount$9p_unix(&(0x7f0000000100)='./file0\x00', &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x40020, &(0x7f0000000400)={'trans=unix,', {[{@afid={'afid', 0x3d, 0x3}}, {@debug={'debug'}}]}})
listxattr(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=""/147, 0x93)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)

21:47:28 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0xa00000000000000}, 0x0)

21:47:28 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x33fe0}}, 0x0)

[ 1976.913792][T11481] IPVS: ftp: loaded support on port[0] = 21
21:47:28 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0xa00}, 0x1c)

21:47:28 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0xe00000000000000}, 0x0)

21:47:29 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x2000025c}}, 0x0)

21:47:29 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0xf00000000000000}, 0x0)

[ 1977.467251][T11481] IPVS: ftp: loaded support on port[0] = 21
21:47:29 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\xfe\x01\x00'}, &(0x7f0000000300)=0x54)

21:47:29 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x3f00}, 0x1c)

21:47:29 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000040)={'team0\x00', <r1=>0x0})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'veth1_to_bridge\x00', r1})
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)

21:47:29 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x1000000000000000}, 0x0)

21:47:29 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x7ffff000}}, 0x0)

21:47:29 executing program 3:
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000000440)='./file0\x00', 0x0)
unshare(0x2000400)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x100)
r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0)
getpid()
write$cgroup_pid(r1, &(0x7f00000002c0), 0x12)
read(r1, &(0x7f0000000600)=""/207, 0xfed1)

21:47:29 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0xfffffdef}}, 0x0)

[ 1977.916343][T11519] IPVS: ftp: loaded support on port[0] = 21
21:47:29 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x6000000000000000}, 0x0)

21:47:29 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4000}, 0x1c)

21:47:30 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x2}, 0x0)

21:47:30 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x8c1b000000000000}, 0x0)

21:47:30 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x7800}, 0x1c)

[ 1978.743267][T11519] IPVS: ftp: loaded support on port[0] = 21
21:47:31 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x9effffff00000000}, 0x0)

21:47:31 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x3}, 0x0)

21:47:31 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x80fe}, 0x1c)

21:47:31 executing program 3:
r0 = socket$inet(0x10, 0x3, 0x90be)
sendmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)="2f0000001800030007fffd946fa283bc8020000000040005031d85680800a3a2d188737e0b000f0003000000598e2c96035876b5fa18c87677db533f4715d93fd01d0e0c638678c883cfd8c081382dca487ce9c09cff11f856711aa7ec8cc8c72d6769d97d7b5f6bc13bb19a127b9bd865a0672f5e1d5f641147f0ec4c72aab72467f6c92354096c35d271bc83d34e30e89ec388948663bb056bf06e", 0x9c}], 0x1}, 0x0)

21:47:31 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00L\x02\x00'}, &(0x7f0000000300)=0x54)

21:47:31 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
r1 = open(&(0x7f0000000040)='./file0\x00', 0x48a00, 0x180)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)={0x5})
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f00000000c0)=0x5, 0x4)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)

21:47:31 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0xf0ffffff00000000}, 0x0)

21:47:31 executing program 3:
r0 = socket$inet(0x2, 0x0, 0xfffffffffffffffe)
setsockopt$inet_int(r0, 0x0, 0x32, &(0x7f0000445ffc), 0x1)
r1 = open(&(0x7f0000000000)='./file0\x00', 0x44000, 0x40)
ioctl$RTC_IRQP_SET(r1, 0x4008700c, 0x1d65)

[ 1979.166010][T11564] IPVS: ftp: loaded support on port[0] = 21
21:47:31 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0xc0fe}, 0x1c)

21:47:31 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x8}, 0x0)

21:47:31 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0xffffff7f00000000}, 0x0)

21:47:31 executing program 3:
clone(0x200, 0x0, 0x0, 0x0, 0x0)
mknod(&(0x7f0000000100)='./file0\x00', 0x1040, 0x0)
execve(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000140)='io\x00[\xfcW\x16\x9b\xab\xeeT\xed\x16\xe3\x9ez\x8f\xe4\xb9\x00\x16\xf2f\xe3\xf6<D;?\xc5\x04\x00\x06\xbb\\\xd4\xbd|ss\xb3\xd4\xd4p\xa0\xcbV\x17\xaa\xdb\xfbd\xc5\xe4\x98<%\xd0$\xa9\xf3\xc4\x89\xccC\x8f\x9em\xe1cdg+\xf7\n\xd3\xbc\'\xc9$8OU\x86\xd4\xa5\x1cd \xa4\xe3V\xe4\xe5\xff~(N\xe6\x9a\x86\xf6rdf}$\xb6\xf6P.\xb3\x80\x10M&/\x88\x9f9\x01\x01\xcc\xaf\xf8\x05\x81f\x03\xf6[\xa3\t\x00\x00\x00\x00\x00\x00\x00J\x80\x00N\x16\xb7\f\x96I\xa2\xf9\xf6\x90\x0f\xc7rg\xa046\xba\x91\xa7\xf5\ft\x7fX#n_\xa3\\\xe7K\xb8\xdaW\xaeJ\xca\xd3\xae\xc3f\x0e\xa6g\x1d\xa9\xf5^\x82\x11\xdf\xc5\xa1{\x8d;\x18e\xe9}\xa6\x94\xc8\x8fI \xf7r\xf1\x96\xbd\xf2\x99\xfc\v\xdafK&a\r\x86k\x9e\x8c\x9f^>\x1b#=`eBq\xce\x98\x10\x15\x9fq\xf5\xd0\xeeUG\xb0e\xe0M]\xd6\xbb\xe8\xadx%\x7f\x05a\xeb\xd2\xce\xaa\xaf\xddtD\x7f\xb5\xa5\xe2\x06\xc3\xfb\x94\x10\xf4x\xf4<\xba$x\xcb\xf5\xcd\xa3\x9e_\x06\v\xe3%?\xd0\x942\x90Ixv\xf2\x82\x82p\x17#q\x93\x9a\xc8\x19\x011\x9d\x17\x1e\xb7')
clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
lseek(r0, 0x2, 0x0)
sendfile(r0, r0, 0x0, 0x3)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f0000000000)={0x1, 'ifb0\x00', 0x3}, 0x18)
open$dir(&(0x7f00000000c0)='./file0\x00', 0x27e, 0x0)
openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0)

21:47:31 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0xfc00}, 0x1c)

21:47:31 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x300}, 0x0)

21:47:31 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0xfffffffffffff000}, 0x0)

21:47:31 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0xfe80}, 0x1c)

[ 1980.093426][T11564] IPVS: ftp: loaded support on port[0] = 21
21:47:32 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\xc6\x02\x00'}, &(0x7f0000000300)=0x54)

21:47:32 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0xffffff1f}, 0x0)

21:47:32 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0xfec0}, 0x1c)

21:47:32 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x2}, 0x0)

21:47:32 executing program 3:
fcntl$getownex(0xffffffffffffff9c, 0x10, &(0x7f0000000000)={0x0, <r0=>0x0})
wait4(r0, &(0x7f0000000200), 0x40000000, &(0x7f00000003c0))
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f00000000c0)="0f0f1ba00873850f01d1ba4000b8a989ef660f2ac3ba4000b85700eff3cfbad00466b8b200000066ef3e0f38003abaf80c66b8a206ef8766efbafc0cec", 0x3d}], 0x1, 0x0, &(0x7f0000000200), 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0x111000, 0x0)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffff9c, 0x84, 0xa, &(0x7f0000000280)={0x6, 0x6, 0x8000, 0x7, 0x9, 0x3, 0x9, 0x0, <r2=>0x0}, &(0x7f00000002c0)=0x20)
setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r1, 0x84, 0x5, &(0x7f0000000300)={r2, @in6={{0xa, 0x4e22, 0x3c6c, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x84)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0)
dup(0xffffffffffffffff)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0x40a85323, &(0x7f0000000140)={{0x3}, 'port0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x8})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0)

21:47:32 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x2080, 0x0)
setsockopt$bt_BT_POWER(r1, 0x112, 0x9, &(0x7f00000000c0)=0x6, 0x1)
setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x12, &(0x7f0000000080)=0x5, 0x4)

21:47:32 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x3}, 0x0)

21:47:32 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x2}, 0x0)

[ 1980.430640][T11620] IPVS: ftp: loaded support on port[0] = 21
21:47:32 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0xff00}, 0x1c)

21:47:32 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x4}, 0x0)

21:47:32 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x3}, 0x0)

21:47:32 executing program 3:
fcntl$getownex(0xffffffffffffff9c, 0x10, &(0x7f0000000000)={0x0, <r0=>0x0})
wait4(r0, &(0x7f0000000200), 0x40000000, &(0x7f00000003c0))
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, &(0x7f00000000c0)="0f0f1ba00873850f01d1ba4000b8a989ef660f2ac3ba4000b85700eff3cfbad00466b8b200000066ef3e0f38003abaf80c66b8a206ef8766efbafc0cec", 0x3d}], 0x1, 0x0, &(0x7f0000000200), 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/pfkey\x00', 0x111000, 0x0)
getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffff9c, 0x84, 0xa, &(0x7f0000000280)={0x6, 0x6, 0x8000, 0x7, 0x9, 0x3, 0x9, 0x0, <r2=>0x0}, &(0x7f00000002c0)=0x20)
setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r1, 0x84, 0x5, &(0x7f0000000300)={r2, @in6={{0xa, 0x4e22, 0x3c6c, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, 0x84)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0)
dup(0xffffffffffffffff)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0x40a85323, &(0x7f0000000140)={{0x3}, 'port0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x8})
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0)

[ 1981.088794][T11620] IPVS: ftp: loaded support on port[0] = 21
21:47:33 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\xf2\x03\x00'}, &(0x7f0000000300)=0x54)

21:47:33 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x8}, 0x0)

21:47:33 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x100000}, 0x1c)

21:47:33 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x4}, 0x0)

21:47:33 executing program 3:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
preadv(r0, &(0x7f0000001380)=[{&(0x7f0000000000)=""/148, 0xfffffffffffffe19}], 0x5e, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000000c0)={<r1=>0x0}, &(0x7f0000000100)=0xc)
r2 = syz_open_procfs(r1, &(0x7f0000000140)='net/ip_mr_vif\x00')
preadv(r2, &(0x7f0000000700), 0x31f, 0x0)

21:47:33 executing program 5:
r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000280)='/proc/capi/capi20ncci\x00', 0x48000, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000380)={<r1=>0xffffffffffffffff}, 0x13f, 0xb}}, 0x20)
write$RDMA_USER_CM_CMD_INIT_QP_ATTR(r0, &(0x7f0000000400)={0xb, 0x10, 0xfa00, {&(0x7f00000002c0), r1, 0x90f}}, 0x18)
r2 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @local}, 0xfffffffffffffe96)
recvmmsg(r2, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x8, &(0x7f0000001840)=ANY=[@ANYRES32, @ANYRES64=r2, @ANYBLOB="84fd1d1772", @ANYPTR=&(0x7f0000001780)=ANY=[@ANYRESDEC=r2, @ANYBLOB="94049b696b22dc0abcdbb7b450cb754e0166bcd9e8d48e49ac5dc2262f292dabbea46fc82dee5103c756b55ad641990ac00c75dc0c928ad234588a39c1f4e971906d8ed5a40d01563524b52f58b4c024f595e5658c6ee8f84cef284c3ba9a250caa9866e57d9cf7faea78a53219ef63fdec272", @ANYRESHEX, @ANYRES32, @ANYPTR=&(0x7f0000001680)=ANY=[@ANYRESDEC=r2, @ANYBLOB="79ea23bb433d95693908908054264d02ea8ced2e5a440f1525510509860a0abb8b1ee82f642e89402894ec869a63dc7fbb7cf7786c7efdaff564e911e40308bd911558121aa038ec4a273d66e09f0325275e954def760e5ee82ff9b28abbf3e10be14b8eb0e58a2058d18694cadb5627b28a872f4eb9e3671559146ad4a90befee53", @ANYRESOCT=r2, @ANYRESOCT=0x0, @ANYRES64=r2]], @ANYPTR64=&(0x7f00000005c0)=ANY=[@ANYBLOB="47e5dbf5e0e1769fbead438d2a5a510f1b05529d0bbc4b7e6aab00000b6b210e0f091429a198c597fb8e612a4ceef0a5379193b3e44ee10a5109ecc7c92e3f4f443fdd815c431ffc371c7a2df6fd66e3cd1380ccae395539e775e27b219a4138bcaba9541cc91aa79ec9faf5ba0d41066cb2aa841f422cd1e167507a5620c318433ec541b63fe1e802f1873ea3b7d54d65675496611fc18efa5ec49d3f03dce5d20342912a5a6d06ee20d81153a612cc7363dd1a48653d4038a362ae58ce216a063b2a8b3f3eb05cb5014a4e32d4eefcca74d56e285a1317279eaa766fc6a47fe40cff50d96f269bed0d6ce6c32c5ef56571aba9dafb54f32e9262ed76cbb450815d9bc028034ec782938424b2e298fe317d60ea6921f4cb6759ea67de4149dcfd86d89076a48eeb2578b653c1426f954a759f67294cad674c0e42dae7d6d093847d0e31af3922858fd719585648f3094d327f35ab3bb08ad474a6354eec6fc56221fab0c4896fb27462fbd940b0ac6f2a72ffff28eb49592189a6476ead83b16a93cdf644ccd83655b9d300c431cad0c9ecd2b62d680db4e81b65907a16018204465726a7a8e020555a87322ae9d1545771479deb8c876af1d7d0961064c32747f4432459cef991d1298e63f743751c2b7247889860edb0ae5d25a8cb9dba254bb37f88e17aadeb20b264e2ccdd47f2b996baf456ed303de01b91252d7ea4c0fdf2414681efe1131a2e77c1bcc45ed38dddbfc2e21621b0b3a2ae68472d288a12c1df1d40a1df17b4c178cee9a487022c3177cbc05c2c93a8ef24d86d5fd34d97e288a308f9cb05b1a4b54210aedb5591a29481a2f71ba0dea8d989e051573bef2927601622db6e371701d08fa0fb8bcbb5be056c1007d95e7562074562bfbc793f9ba098ee8345e783b3f3355f52bb42fd47b24425d72a3f42819d2e03800e10a66d2ff94c6545d163485c8de0f9cf958513065ffce2c79537d5a9cd6c228e0001c5636706332533eccc8ba4516b30daf179626785a0daf921a3e583ba5cb95af0b4fdc87a49efa2359bc85fa0ea1f8d9f4ae1a8a309a74ae450a3e5a8c21af6fc28e44fc4f41e5eb92ce5cb404a1723db0d8aabbe2f1ab67cdcd08fde2e640eb769fe019272d6b1fef1e13c3529f3ffe730077753b906b55e37e7958e246b0e2c81513ae7f719a015d5e704cb5538be438c639e5cedf99814912c0dc5ff5db22d62bc85f0bf9d3462cc8c6c784f89b8501491810aee42c7227ee012d97df911a44635a9fbfc2c5214c9244ab5f8093218a6c4ed4555cf53295d9ac906f2d638512ff7eb67ab6602599ad8e5210dce408fdc196aaad739b977989748fda55bf08f35d78fcfaf562a9110165a7adb4c000001ee4eb05f55aed9333b382803d5c4a8e8bd2f40bcf594cd2168174e8b26a52da7e166d52e320a08c615de6023ef65e4c6f18a89c45e02d1177a8cb7fd1a8b3d9a1470d62ee5f52f4f3d498e68910b66ff6659a54f004345e0d41405fa5ad75540025fef432033d6a6bc7ef75b75a77e6f1282243fd9b9194003c5dd81de02c820d83e6b24d835323a0365a98c522b00890d52806f072810d54ef06c988d3b71f044d3a7a07240e3cb14ba9403614a986d54326122a2043ff0688599dba92a886f0691d68ea51c76ed36831d028fecbbbbaebdb84b0674086c6d49a55b8479cdd3d1ef07078a0edce37a293c5cfdf768eff23b46180e50bb47283844887110ae95a2e896a80dcb8d9956791937558b9ba099dcd1f546d861cc699a8ae346d20b5b2de3066afc37156a4f6c975d9bcd125ca12ecb1bff95536553f5d830b97478eb26ee6c515996d77be4e6ae45fd1b51a0011aa3fb61d2c1baf38fb4bf438384c866ecfa804922e62b648f71be554b8b53087ca8dfe656cf9f055d6817e815f15f18b58ccc89be09bd26ab88f777da2aac709c328a839162170543b0c0af2d388b34cc829a268404e1652d1ed0a645a470f2d7457d527132c4084ae48802497a9fe5a8eb68d8003b2785f6a904e9d6acd9a9ed89f02fbaf25df201d856c1d2791e590babb2e31a0534793248030eb2db8a58c1aea53becdb684ff279c5154d0bf971fd2a88e030cf9b5901b53e9a1556e43f9de4c2fa2294b1e30b7123696d315f8ede31a1497035fc96708d611c97010347948f6c6c55d1ee4f7179659e2ba92cc74b0504d4762deaae509b332049aa507af59ec27beba7eed55fc2fa45fd1c3fefb27af9aa3b05fcf31b928a83eb6b41f8a7a8ef1416434e42b21b976383f26db9deaadae9ee1ce47d6681577ccddbe3e9a179eace5bd58449dea9a282b5753f1d46ca1880b2e19f6194ab41cb162c9fe4da1b82dd6c64d9f56a2878a8fb85a6d0e11a66b12917ee42ffa5592f81b88c220ae8c521f2413fec62788706b2f684171412622561f4f5c39b8d2a81c15c8770da7bb2daf4f05425e5cad53e80a2205d006221e61eb8f022e4f6db10adbb602cd21fcc8d20213720f2dd5e6922845d75152b89df710fca34010e00102429e01d4629381552dca3453bcc11dbe96bd3f24e9c197b49384c178cce775d061b9b680d6414558fbe5622f3d90d44cfde4c38109dab8e0985fd68ee961786e19eb61cc0a8c0d10b076f977effd85d8f479924fe11a4272a8093bad90fb76476df949c85f9aa703d5370da56973accf5b801d256f2d380a6d6ba6bf823a6bed456765ac1422cea426cd42e1654eec550df938bde5a65a4c497c96866297dc3344f8e2278c000bd81c81d4cab168d6e20e0d142aed671832baf68eb7459f062315f67214a9f95f38779fa39735b3d58ba4c9153f274a136ded5558244b6701ae3f094f8a37db49218e2c03a066cf8248b4da008173af7cdc947a62ec9f7c73516fc2e4aff055b44d1ce02cc0d57d0d3894383ebc8f80d531b8756d58e3fdbc3b774c495a0f4d80657b1873e9152e4c569008c9892964544242a1858d83173239bb31de91dd398ce22ba6809d9110085b8412c944e62f23106089de024e01b705f928e2eb36b7ef9f918d005343fade20da3a7e0a18ace219e2802c17689b783774632f670186ebf2795ab192df369a4db144529d4baec67f03e60f0c1a0d7da3091d73b34ce6e7be813da7b83fd8d01b6a1096dcd53aaefda654684cd03935a4a03ca73bc99a5cd59aff9469417dca5d7717cadeb621f47d427da8ee4b527538459316b6f75520e9bb8cbc0aabd5e6ca089c076120a2fdda90725c0e05f9b79dd1870aaf0dd5cea0e083309a751fd792c9b14435d612bbd38c6929d5a38d9912f11b35d677bd2024370ac3ba0647d5b66d7d2c4f7c1daf6be47d36b346c639280c92c5fb85f2365655c4b0a35379b96a7f8293315a6b209deedef6a18da2124ae985e73be8678440ea94ed9ac36bb05db3285ddcacce7c83245305cd3ac9cb4fea90bb444b5df5ddff44bf59a84ce8761c37f42941ca7774525fd9ab045794a43913006d2958bf86f5fd6deef9afd6721cab6d54dd8f599fc7cceb48b3a6204e04b3d8e6778c4e8434a409c1b07cf89124bd6216590194ca3131af16a3bd5b0fc4ecb3def184d61b4a956f1e2d37a773218e510c5d41916a6642031e9288092bc2fac393713c8b0a6c753d0d66dcebc5aae5b1e816260889977f4a86397b32fd993bc5ee2f255b33732ff05f9979093dec064a6d108b2b1d798f2f0f2107e604cfbcf7541ac54f2d97e81dad72d91eee021d2439ab02cecad0c8b1402fd6cb193d643283971ea83d8e0b9fdc1e8aeab683284276bccda93cb647fdc1988f9727a9fc726d1a2d23e79b984c2afb87106b48a419e4b89fa0388f74c23260ea7693a7fad9c152deac932ae2ed7abb0cb318b70267f69c4c692000c40fabe0b0a5cfaaff86941cbd2efb2cd8102f4381d70a7882bdf1835996210450bb726d38b47d04542463ad45041e14f2d48e5d3e0b1c442779ff7dc7f3da0149a1791baaeab08095319de3350022980e0a42f77293734c59c7a8de102a216ec4c21d36ac818c0252117b7262fb93893bd89bf403d8aa05540a8c1013a29da11c1e4ba21eb15ed102bd41c24164e69a3599cad517d1fea0d71e280718afef9ff3e613a73a76e0650cbc320f69a3bf5e1163265ff77984ca719a08a642e234a6b7e14359b7adebc1c8feba33ece1d0378a01f4097e360494c63bfe7ab9991854d25b92e124af1cfe0eafafd6fef6060d302825ac2a54e6264b3c243c837c9b6221847b1cdd57acaeae3e506e108d53c4fe6ed307911e68e7f8cc23628940434e32a55ae90ec1b19b33c6f95f89378565b3aa63bf45aed0a4f87d762e14c9567dfe9dd8e5e1e2442f548493483d4ee9d76f28ab18f22cf75bfdfa0f2d4cd4d7ef8356bdf927b0a82715403f251ca45ec57886829a3f4db64964687a8d172d3cd538528c495f039d96c9330c00f62eed33002a4b835981e2dd220f1a8363abdb38ad543c42ee3394e9747a8f5482230c54dd015cf082f011d616f4d26817e33b2ea897ac9192f502b0906fc93df1765564a7078abc52e589f21c261f456f0a6b6f6699330bff82f5b19c1a56b3c9e730f0727fce6c0002a12a22484aa295c9c6debe8047fc6733825a58ded342e4b10a9701fd92f60783dac4f124fb2e074d439bb2b00752aeb8b8656a55d6509660dbeb8a5d90e2096a1a65b5188f98ffb1c70a37e61b4e25e956db8eb9d044dab7e4396b6958d5990aa946974b20efb15d5fbdd70b195bceb1c7f6d29206cc5c37f1a00fa29a4fc022392ad506c398bb4da8af80eae3bb4ebc420a6dc805cf9135422fa9b6afba546b57b510b8b0c404c02036d47945f66e0a12881ebfe25f938643d932f05baed6618ffeb11d48af7ea381d126fa4809820ef273e792674553bb7c76f7349ba06a4d0a66cb1c8fecd09f277182f2b9997da1c69cbf5df850ba45a4a0f9216e4addfe23dccfc4217f63a97724e69616f8e2e077ade65457b4464517d841d4e04f75fc0df3f4617526251967b28845474a93e35593c3ab68e81fd784ddadb6c97588a35d7ea158d09fe9aec5ae371d4ec5811668190554ef7e9f05cef7225d9235931c0fa207b2e653b1662a15bdd686262d35b95784e7a9316d05124e2caa12aa6a27a9b0c305f4900caf8634456a9ba91181bd6ce1de564cd040a36c49e49a396a1f513a87d3f62a88e7a330bd729c91ac989aac49b400ee12eea79f6f7f923813656600722ded2f246b75c73ff0f9736f7e98953ef0426543dd790a67a9847747385856ec622f8e629080a4c9738deab407d3c399c71d760bcdc227abce76031b508ee89bc9e15c0c857e51f525745c8e72d7a8475f18a392700e5426438699f8f4b69e92c8bc6f978163c07fee66734478ac9e63bd9f66ac8a8e0eba0301aa302dd561c9d2f0c7e27b36eb66d0b2c8f88e54f998f81c9a771aaf382e05894ed832408a615ff7853865e47d877a5a096925666870daf5cb14bc0d2c0350dc8dba07faaa8c7005a08eb0a0d50e240cb163228d1416a9569af0e88b0081d64c95032bf762756177560e975aeb525532c012c0eaefe45828d0d27d110e9a1648359c55df31f77a93c23b72ac7e9a78db50f9db5c489288fa3967260b7579ca30c99598997dabf2890da2fc7cf9e55b54d3339932b62ee221b0c3b4b02a5b693dd2560bcce47c4a9b12463c04a6a0f1b4e41d3de8ada87e1974d2506eb14240d45ace0e6188c59ffe97572441254e6e5d08a8fb78ae310a0e102b13f86af50b9ed0c04eef77aaf39a6ff5c40c00f173ac8f4c06b", @ANYPTR64, @ANYPTR=&(0x7f0000000500)=ANY=[@ANYRES16=r2, @ANYRESOCT=r2, @ANYPTR, @ANYRES64=0x0, @ANYPTR], @ANYRES32, @ANYPTR=&(0x7f0000000540)=ANY=[@ANYRESOCT, @ANYRESHEX=r2, @ANYRES32=r2, @ANYPTR64, @ANYPTR64, @ANYRESOCT=0x0], @ANYRES64=r2, @ANYRESOCT=r2], @ANYRESOCT=r2, @ANYPTR64=&(0x7f0000001600)=ANY=[@ANYPTR64, @ANYRESDEC], @ANYRES32=r2], 0x0)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x100, 0x0)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000080)={<r4=>0x0}, &(0x7f00000000c0)=0xc)
ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r3, 0xc1105511, &(0x7f0000000140)={{0x4, 0x0, 0x3, 0xbf, 'syz1\x00', 0x6}, 0x0, 0x4, 0xffffffffffff63a7, r4, 0x1, 0x8, 'syz1\x00', &(0x7f0000000100)=['\x00'], 0x1, [], [0xfffffffffffffbff, 0x5, 0x867]})

21:47:33 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0xa}, 0x0)

21:47:33 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x8}, 0x0)

21:47:33 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x1000000}, 0x1c)

21:47:33 executing program 3:
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000001000)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000184000)=ANY=[@ANYBLOB="021800001000000000000019000000000800120000000000000009000000000000000039498b80bc0000000000000000e000000100000000000000265bac760700000000000000000000000000000000030006001600000002002000ac14ffbb000000000000000003000500000000000200003db28dbebb0000000000000000"], 0x80}}, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000040)={<r1=>r0})
ioctl$SIOCAX25DELFWD(r1, 0x89eb, &(0x7f0000000080)={@null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}})

[ 1981.488747][T11661] IPVS: ftp: loaded support on port[0] = 21
21:47:33 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0xe}, 0x0)

21:47:33 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0xa}, 0x0)

[ 1981.886339][    C1] net_ratelimit: 26 callbacks suppressed
[ 1981.886348][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 1981.897898][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 1981.903800][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 1981.909665][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 1981.915565][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 1981.921422][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 1982.112550][T11661] IPVS: ftp: loaded support on port[0] = 21
21:47:34 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x11\x00'}, &(0x7f0000000300)=0x54)

21:47:34 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x2000000}, 0x1c)

21:47:34 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0xf}, 0x0)

21:47:34 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x540, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000003c0))
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000000)={0x0, 0x8000})

21:47:34 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0xe}, 0x0)

21:47:34 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl\x00', 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_DV_TIMINGS(r1, 0xc0945662, &(0x7f0000000080)={0x401, 0x0, [], {0x0, @reserved}})
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)

21:47:34 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x10}, 0x0)

[ 1982.484678][T11703] IPVS: ftp: loaded support on port[0] = 21
21:47:34 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0xf}, 0x0)

21:47:34 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x3000000}, 0x1c)

[ 1982.526357][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1982.532201][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 1982.538152][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1982.543955][    C0] protocol 88fb is buggy, dev hsr_slave_1
21:47:34 executing program 3:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast2}}}, 0x108)
setsockopt$inet6_group_source_req(r0, 0x29, 0x1000000002e, &(0x7f0000000300)={0x0, {{0xa, 0x0, 0x0, @mcast2}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108)
ioctl$LOOP_SET_BLOCK_SIZE(0xffffffffffffffff, 0x4c09, 0x20)
syz_emit_ethernet(0x3e, &(0x7f0000000500)={@link_local={0x1, 0x80, 0xc2, 0x3a000000}, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "093a06", 0x8, 0x3a, 0x0, @remote, @mcast2, {[], @udp={0x0, 0x0, 0x8}}}}}}, 0x0)

21:47:34 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x60}, 0x0)

21:47:34 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4000000}, 0x1c)

[ 1983.091739][T11703] IPVS: ftp: loaded support on port[0] = 21
21:47:35 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x1d\x00'}, &(0x7f0000000300)=0x54)

21:47:35 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x10}, 0x0)

21:47:35 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0xf0}, 0x0)

21:47:35 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x5000000}, 0x1c)

21:47:35 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f0000000080)={0x7b, 0x0, [0x4d0]})
r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000300)={<r4=>0x0, @in={{0x2, 0x4e23, @multicast1}}, 0x800100000001, 0x400, 0x8000000000000, 0x8, 0x4}, &(0x7f0000000200)=0x98)
ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa04, &(0x7f0000000100)={{&(0x7f0000ffc000/0x2000)=nil, 0x2000}, 0x1})
ioctl$sock_inet_sctp_SIOCINQ(r2, 0x541b, &(0x7f0000000280))
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r3, 0x84, 0x73, &(0x7f00000002c0)={r4, 0x270f, 0x2000000000000030, 0x6, 0x100}, &(0x7f0000000240)=0x18)

21:47:35 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)
clock_gettime(0x0, &(0x7f0000003400)={<r1=>0x0, <r2=>0x0})
recvmmsg(r0, &(0x7f0000003300)=[{{&(0x7f0000000040)=@rc, 0x80, &(0x7f0000000680)=[{&(0x7f00000000c0)=""/91, 0x5b}, {&(0x7f0000000140)=""/60, 0x3c}, {&(0x7f0000000180)=""/70, 0x46}, {&(0x7f0000000200)=""/218, 0xda}, {&(0x7f0000000300)=""/47, 0x2f}, {&(0x7f0000000400)=""/198, 0xc6}, {&(0x7f0000000500)=""/249, 0xf9}, {&(0x7f0000000600)=""/90, 0x5a}], 0x8, &(0x7f0000000700)=""/4096, 0x1000}, 0x3f0b}, {{&(0x7f0000001700)=@sco, 0x80, &(0x7f0000001bc0)=[{&(0x7f0000001780)=""/97, 0x61}, {&(0x7f0000001800)=""/197, 0xc5}, {&(0x7f0000001900)=""/234, 0xea}, {&(0x7f0000001a00)=""/236, 0xec}, {&(0x7f0000001b00)=""/170, 0xaa}], 0x5, &(0x7f0000001c40)=""/233, 0xe9}, 0x8000}, {{&(0x7f0000001d40)=@un=@abs, 0x80, &(0x7f0000001dc0)}, 0xb1}, {{&(0x7f0000001e00)=@ipx, 0x80, &(0x7f0000003180)=[{&(0x7f0000001e80)=""/4096, 0x1000}, {&(0x7f0000002e80)=""/14, 0xe}, {&(0x7f0000002ec0)=""/216, 0xd8}, {&(0x7f0000002fc0)=""/153, 0x99}, {&(0x7f0000003080)=""/207, 0xcf}], 0x5, &(0x7f0000003200)=""/251, 0xfb}, 0x1}], 0x4, 0x2000, &(0x7f0000003440)={r1, r2+10000000})

21:47:35 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x6000000}, 0x1c)

21:47:35 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x300}, 0x0)

21:47:35 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x60}, 0x0)

[ 1983.450477][T11735] syz-executor3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000
[ 1983.468913][T11745] IPVS: ftp: loaded support on port[0] = 21
[ 1983.512766][T11735] CPU: 1 PID: 11735 Comm: syz-executor3 Not tainted 5.0.0-rc1-next-20190109 #8
[ 1983.521760][T11735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1983.531846][T11735] Call Trace:
[ 1983.535156][T11735]  dump_stack+0x1db/0x2d0
[ 1983.539502][T11735]  ? dump_stack_print_info.cold+0x20/0x20
[ 1983.545241][T11735]  ? check_preemption_disabled+0x48/0x290
[ 1983.550987][T11735]  dump_header+0x1e6/0x116c
[ 1983.555499][T11735]  ? add_lock_to_list.isra.0+0x450/0x450
[ 1983.561144][T11735]  ? perf_trace_lock+0x750/0x750
[ 1983.566099][T11735]  ? print_usage_bug+0xd0/0xd0
[ 1983.570879][T11735]  ? pagefault_out_of_memory+0x1a1/0x1a1
[ 1983.576522][T11735]  ? ___ratelimit+0x37c/0x686
[ 1983.581227][T11735]  ? mark_held_locks+0xb1/0x100
[ 1983.586099][T11735]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 1983.591942][T11735]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 1983.597760][T11735]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 1983.603052][T11735]  ? trace_hardirqs_on+0xbd/0x310
[ 1983.608098][T11735]  ? kasan_check_read+0x11/0x20
[ 1983.612952][T11735]  ? ___ratelimit+0x37c/0x686
[ 1983.617642][T11735]  ? trace_hardirqs_off_caller+0x300/0x300
[ 1983.623458][T11735]  ? do_raw_spin_trylock+0x270/0x270
[ 1983.628752][T11735]  ? trace_hardirqs_on_caller+0x310/0x310
[ 1983.628768][T11735]  ? lock_acquire+0x1db/0x570
[ 1983.628794][T11735]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 1983.628814][T11735]  ? ___ratelimit+0xac/0x686
[ 1983.649593][T11735]  ? idr_get_free+0xee0/0xee0
[ 1983.654288][T11735]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 1983.659599][T11735]  oom_kill_process.cold+0x10/0x9ca
[ 1983.664812][T11735]  ? cgroup_procs_next+0x70/0x70
[ 1983.669761][T11735]  ? _raw_spin_unlock_irq+0x5e/0x90
[ 1983.669780][T11735]  ? oom_badness+0xa50/0xa50
[ 1983.669802][T11735]  ? oom_evaluate_task+0x540/0x540
[ 1983.684701][T11735]  ? mem_cgroup_iter_break+0x30/0x30
[ 1983.690001][T11735]  ? mutex_trylock+0x2d0/0x2d0
[ 1983.694775][T11735]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1983.694810][T11735]  ? rcu_read_unlock_special+0x380/0x380
[ 1983.694840][T11735]  out_of_memory+0x885/0x1420
[ 1983.694859][T11735]  ? mem_cgroup_iter+0x4f4/0xf50
[ 1983.694880][T11735]  ? oom_killer_disable+0x340/0x340
[ 1983.721526][T11735]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[ 1983.727366][T11735]  ? lock_acquire+0x1db/0x570
[ 1983.732105][T11735]  mem_cgroup_out_of_memory+0x160/0x210
[ 1983.737680][T11735]  ? do_raw_spin_unlock+0xa0/0x330
[ 1983.742802][T11735]  ? memory_oom_group_write+0x160/0x160
[ 1983.748355][T11735]  ? do_raw_spin_trylock+0x270/0x270
[ 1983.753664][T11735]  ? _raw_spin_unlock+0x2d/0x50
[ 1983.753688][T11735]  try_charge+0x1457/0x1d00
[ 1983.753716][T11735]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 1983.753739][T11735]  ? find_held_lock+0x35/0x120
[ 1983.773426][T11735]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[ 1983.779008][T11735]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1983.785266][T11735]  ? lock_downgrade+0xbe0/0xbe0
[ 1983.790129][T11735]  ? kasan_check_read+0x11/0x20
[ 1983.795011][T11735]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 1983.801023][T11735]  ? rcu_read_unlock_special+0x380/0x380
[ 1983.806694][T11735]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[ 1983.812252][T11735]  __memcg_kmem_charge_memcg+0x7c/0x130
[ 1983.812271][T11735]  ? memcg_kmem_put_cache+0xb0/0xb0
[ 1983.812287][T11735]  ? lock_release+0xc40/0xc40
[ 1983.812314][T11735]  __memcg_kmem_charge+0x136/0x300
[ 1983.812344][T11735]  __alloc_pages_nodemask+0x7b8/0xdc0
[ 1983.838251][T11735]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[ 1983.843980][T11735]  ? rcu_pm_notify+0xd0/0xd0
[ 1983.848593][T11735]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1983.854365][T11735]  ? kmem_cache_alloc_node+0x347/0x710
[ 1983.854382][T11735]  ? print_usage_bug+0xd0/0xd0
[ 1983.854413][T11735]  copy_process+0x847/0x8700
[ 1983.854438][T11735]  ? print_usage_bug+0xd0/0xd0
[ 1983.874083][T11735]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1983.880336][T11735]  ? check_preemption_disabled+0x48/0x290
[ 1983.886071][T11735]  ? __lock_acquire+0x572/0x4a10
[ 1983.886086][T11735]  ? mark_held_locks+0x100/0x100
[ 1983.886117][T11735]  ? __cleanup_sighand+0x70/0x70
[ 1983.886135][T11735]  ? mark_held_locks+0x100/0x100
[ 1983.886149][T11735]  ? find_held_lock+0x35/0x120
[ 1983.886167][T11735]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1983.886180][T11735]  ? check_preemption_disabled+0x48/0x290
[ 1983.886198][T11735]  ? debug_smp_processor_id+0x1c/0x20
[ 1983.886211][T11735]  ? perf_trace_lock_acquire+0x138/0x7d0
[ 1983.886228][T11735]  ? delayacct_end+0xc9/0x100
[ 1983.886241][T11735]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1983.886258][T11735]  ? add_lock_to_list.isra.0+0x450/0x450
[ 1983.886281][T11735]  ? perf_trace_lock+0x750/0x750
[ 1983.906138][T11735]  ? perf_trace_lock_acquire+0x138/0x7d0
[ 1983.906163][T11735]  ? add_lock_to_list.isra.0+0x450/0x450
[ 1983.906179][T11735]  ? find_held_lock+0x35/0x120
[ 1983.906197][T11735]  ? print_usage_bug+0xd0/0xd0
[ 1983.906219][T11735]  ? psi_memstall_leave+0x1f8/0x280
[ 1983.906234][T11735]  ? find_held_lock+0x35/0x120
[ 1983.906253][T11735]  ? __lock_acquire+0x572/0x4a10
[ 1983.906272][T11735]  ? _raw_spin_unlock_irq+0x28/0x90
[ 1983.906288][T11735]  ? _raw_spin_unlock_irq+0x28/0x90
[ 1983.906303][T11735]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 1983.906324][T11735]  ? trace_hardirqs_on+0xbd/0x310
[ 1983.923055][T11735]  ? mark_held_locks+0x100/0x100
[ 1983.923079][T11735]  ? check_preemption_disabled+0x48/0x290
[ 1983.923102][T11735]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1983.923116][T11735]  ? check_preemption_disabled+0x48/0x290
[ 1983.923136][T11735]  ? debug_smp_processor_id+0x1c/0x20
[ 1983.955590][T11735]  ? perf_trace_lock_acquire+0x138/0x7d0
[ 1983.955614][T11735]  ? add_lock_to_list.isra.0+0x450/0x450
[ 1983.955629][T11735]  ? perf_trace_lock+0x750/0x750
[ 1983.955644][T11735]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 1983.955666][T11735]  ? try_to_free_pages+0xb70/0xb70
[ 1983.955686][T11735]  ? percpu_ref_put_many+0x129/0x270
[ 1983.996496][T11735]  ? blkcg_maybe_throttle_current+0x75e/0x13c0
[ 1983.996517][T11735]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1983.996554][T11735]  _do_fork+0x1a9/0x1170
[ 1983.996577][T11735]  ? fork_idle+0x1d0/0x1d0
[ 1983.996606][T11735]  ? trace_hardirqs_off+0xb8/0x310
[ 1983.996622][T11735]  ? get_mctgt_type_thp.isra.0+0x4c0/0x4c0
[ 1983.996640][T11735]  ? prepare_exit_to_usermode+0x32e/0x3b0
[ 1983.996662][T11735]  ? do_syscall_64+0x8c/0x800
21:47:36 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0xa00}, 0x0)

21:47:36 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0xf0}, 0x0)

[ 1984.022791][T11735]  ? do_syscall_64+0x8c/0x800
[ 1984.022811][T11735]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 1984.022829][T11735]  ? trace_hardirqs_on+0xbd/0x310
[ 1984.022850][T11735]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1984.022873][T11735]  ? trace_hardirqs_off_caller+0x300/0x300
[ 1984.056337][T11735]  __x64_sys_clone+0xbf/0x150
[ 1984.056363][T11735]  do_syscall_64+0x1a3/0x800
[ 1984.056383][T11735]  ? syscall_return_slowpath+0x5f0/0x5f0
[ 1984.056400][T11735]  ? prepare_exit_to_usermode+0x232/0x3b0
[ 1984.056421][T11735]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1984.056448][T11735]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1984.056462][T11735] RIP: 0033:0x45a899
[ 1984.056478][T11735] Code: ff 48 85 f6 0f 84 97 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 6e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75
[ 1984.056485][T11735] RSP: 002b:00007ffd98177ae8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038
[ 1984.056498][T11735] RAX: ffffffffffffffda RBX: 00007f58d409f700 RCX: 000000000045a899
21:47:36 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0xe00}, 0x0)

[ 1984.056505][T11735] RDX: 00007f58d409f9d0 RSI: 00007f58d409edb0 RDI: 00000000003d0f00
[ 1984.056515][T11735] RBP: 00007ffd98177cf0 R08: 00007f58d409f700 R09: 00007f58d409f700
[ 1984.056531][T11735] R10: 00007f58d409f9d0 R11: 0000000000000202 R12: 0000000000000000
[ 1984.078324][T11735] R13: 00007ffd98177b9f R14: 00007f58d409f9c0 R15: 000000000073bfac
[ 1984.196301][T11735] memory: usage 307200kB, limit 307200kB, failcnt 3488
[ 1984.291121][T11735] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1984.316628][T11735] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1984.351611][T11735] Memory cgroup stats for /syz3: cache:56KB rss:247100KB rss_huge:217088KB shmem:100KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:247140KB inactive_file:0KB active_file:0KB unevictable:0KB
[ 1984.385577][T11735] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor3,pid=11603,uid=0
[ 1984.409142][T11735] Memory cgroup out of memory: Kill process 11603 (syz-executor3) score 1107 or sacrifice child
[ 1984.420498][T11735] Killed process 11603 (syz-executor3) total-vm:70796kB, anon-rss:2220kB, file-rss:33752kB, shmem-rss:0kB
[ 1984.434639][ T1042] oom_reaper: reaped process 11603 (syz-executor3), now anon-rss:0kB, file-rss:32792kB, shmem-rss:0kB
[ 1984.448971][T11742] syz-executor3 invoked oom-killer: gfp_mask=0x6040d0(GFP_KERNEL|__GFP_COMP|__GFP_RECLAIMABLE), order=0, oom_score_adj=1000
[ 1984.471008][T11742] CPU: 0 PID: 11742 Comm: syz-executor3 Not tainted 5.0.0-rc1-next-20190109 #8
[ 1984.480007][T11742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1984.490064][T11742] Call Trace:
[ 1984.493387][T11742]  dump_stack+0x1db/0x2d0
[ 1984.497737][T11742]  ? dump_stack_print_info.cold+0x20/0x20
[ 1984.503460][T11742]  ? check_preemption_disabled+0x48/0x290
[ 1984.509289][T11742]  dump_header+0x1e6/0x116c
[ 1984.513808][T11742]  ? add_lock_to_list.isra.0+0x450/0x450
[ 1984.519441][T11742]  ? perf_trace_lock+0x750/0x750
[ 1984.524571][T11742]  ? print_usage_bug+0xd0/0xd0
[ 1984.529350][T11742]  ? pagefault_out_of_memory+0x1a1/0x1a1
[ 1984.534985][T11742]  ? ___ratelimit+0x37c/0x686
[ 1984.539774][T11742]  ? mark_held_locks+0xb1/0x100
[ 1984.544638][T11742]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 1984.550465][T11742]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 1984.556288][T11742]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 1984.561591][T11742]  ? trace_hardirqs_on+0xbd/0x310
[ 1984.566622][T11742]  ? kasan_check_read+0x11/0x20
[ 1984.571491][T11742]  ? ___ratelimit+0x37c/0x686
[ 1984.576179][T11742]  ? trace_hardirqs_off_caller+0x300/0x300
[ 1984.582001][T11742]  ? do_raw_spin_trylock+0x270/0x270
[ 1984.587377][T11742]  ? trace_hardirqs_on_caller+0x310/0x310
[ 1984.593165][T11742]  ? lock_acquire+0x1db/0x570
[ 1984.597961][T11742]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 1984.603799][T11742]  ? ___ratelimit+0xac/0x686
[ 1984.608930][T11742]  ? idr_get_free+0xee0/0xee0
[ 1984.613630][T11742]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 1984.618937][T11742]  oom_kill_process.cold+0x10/0x9ca
[ 1984.624165][T11742]  ? cgroup_procs_next+0x70/0x70
[ 1984.629117][T11742]  ? _raw_spin_unlock_irq+0x5e/0x90
[ 1984.634348][T11742]  ? oom_badness+0xa50/0xa50
[ 1984.638953][T11742]  ? oom_evaluate_task+0x540/0x540
[ 1984.644159][T11742]  ? mem_cgroup_iter_break+0x30/0x30
[ 1984.649450][T11742]  ? mutex_trylock+0x2d0/0x2d0
[ 1984.654229][T11742]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1984.660490][T11742]  ? rcu_read_unlock_special+0x380/0x380
[ 1984.666145][T11742]  out_of_memory+0x885/0x1420
[ 1984.670843][T11742]  ? mem_cgroup_iter+0x4f4/0xf50
[ 1984.675791][T11742]  ? oom_killer_disable+0x340/0x340
[ 1984.680999][T11742]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[ 1984.686815][T11742]  ? lock_acquire+0x1db/0x570
[ 1984.691515][T11742]  mem_cgroup_out_of_memory+0x160/0x210
[ 1984.697076][T11742]  ? do_raw_spin_unlock+0xa0/0x330
[ 1984.702206][T11742]  ? memory_oom_group_write+0x160/0x160
[ 1984.707777][T11742]  ? do_raw_spin_trylock+0x270/0x270
[ 1984.713088][T11742]  ? _raw_spin_unlock+0x2d/0x50
[ 1984.717949][T11742]  try_charge+0xd42/0x1d00
[ 1984.722376][T11742]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1984.728643][T11742]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1984.735006][T11742]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 1984.740604][T11742]  ? rcu_read_lock_sched_held+0x110/0x130
[ 1984.746504][T11742]  ? __alloc_pages_nodemask+0xaca/0xdc0
[ 1984.752082][T11742]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[ 1984.757805][T11742]  ? mark_held_locks+0xb1/0x100
[ 1984.762676][T11742]  ? cache_grow_begin+0x58b/0x8c0
[ 1984.767726][T11742]  ? cache_grow_begin+0x58b/0x8c0
[ 1984.773112][T11742]  __memcg_kmem_charge_memcg+0x7c/0x130
[ 1984.778672][T11742]  ? memcg_kmem_put_cache+0xb0/0xb0
[ 1984.783968][T11742]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 1984.790214][T11742]  ? __cpuset_node_allowed+0x19f/0x640
[ 1984.795689][T11742]  cache_grow_begin+0x5b7/0x8c0
[ 1984.800574][T11742]  ? kasan_check_read+0x11/0x20
[ 1984.805441][T11742]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1984.811695][T11742]  ? mempolicy_slab_node+0x139/0x390
[ 1984.817011][T11742]  fallback_alloc+0x1fd/0x2d0
[ 1984.821712][T11742]  ____cache_alloc_node+0x1be/0x1e0
[ 1984.826923][T11742]  kmem_cache_alloc+0x1f5/0x710
[ 1984.831813][T11742]  alloc_inode+0xb8/0x190
[ 1984.836149][T11742]  new_inode_pseudo+0x71/0x1b0
[ 1984.840919][T11742]  ? prune_icache_sb+0x1c0/0x1c0
[ 1984.845860][T11742]  ? down_read+0x120/0x120
[ 1984.850290][T11742]  ? mntput+0x74/0xa0
[ 1984.854298][T11742]  new_inode+0x1f/0x40
[ 1984.858372][T11742]  debugfs_get_inode+0x1a/0x130
[ 1984.863231][T11742]  __debugfs_create_file+0xb9/0x400
[ 1984.868449][T11742]  debugfs_create_file+0x5a/0x70
[ 1984.873403][T11742]  kvm_dev_ioctl+0xb67/0x1a60
[ 1984.878089][T11742]  ? __fget+0x473/0x710
[ 1984.882267][T11742]  ? kvm_debugfs_release+0x90/0x90
[ 1984.887384][T11742]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1984.893639][T11742]  ? lock_downgrade+0xbe0/0xbe0
[ 1984.898504][T11742]  ? kasan_check_read+0x11/0x20
[ 1984.903375][T11742]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 1984.909376][T11742]  ? __fget+0x49a/0x710
[ 1984.913553][T11742]  ? ksys_dup3+0x660/0x660
[ 1984.918067][T11742]  ? lock_release+0xc40/0xc40
[ 1984.922847][T11742]  ? kvm_debugfs_release+0x90/0x90
[ 1984.927962][T11742]  do_vfs_ioctl+0x107b/0x17d0
[ 1984.932682][T11742]  ? ioctl_preallocate+0x2f0/0x2f0
[ 1984.937798][T11742]  ? __fget_light+0x2db/0x420
[ 1984.942478][T11742]  ? fget_raw+0x20/0x20
[ 1984.946636][T11742]  ? put_timespec64+0x115/0x1b0
[ 1984.951503][T11742]  ? nsecs_to_jiffies+0x30/0x30
[ 1984.956367][T11742]  ? do_syscall_64+0x8c/0x800
[ 1984.961046][T11742]  ? do_syscall_64+0x8c/0x800
[ 1984.965751][T11742]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 1984.971042][T11742]  ? security_file_ioctl+0x93/0xc0
[ 1984.976165][T11742]  ksys_ioctl+0xab/0xd0
[ 1984.980343][T11742]  __x64_sys_ioctl+0x73/0xb0
[ 1984.984937][T11742]  do_syscall_64+0x1a3/0x800
[ 1984.989531][T11742]  ? syscall_return_slowpath+0x5f0/0x5f0
[ 1984.995182][T11742]  ? prepare_exit_to_usermode+0x232/0x3b0
[ 1985.000913][T11742]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1985.006488][T11742]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1985.012385][T11742] RIP: 0033:0x457ec9
[ 1985.016289][T11742] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1985.035908][T11742] RSP: 002b:00007f58d40bfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1985.044337][T11742] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457ec9
[ 1985.052324][T11742] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000007
[ 1985.060300][T11742] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000
[ 1985.068274][T11742] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f58d40c06d4
[ 1985.076244][T11742] R13: 00000000004c0a0f R14: 00000000004d2470 R15: 00000000ffffffff
[ 1985.093003][T11742] memory: usage 305256kB, limit 307200kB, failcnt 3488
[ 1985.116576][T11742] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1985.124265][T11747] IPVS: ftp: loaded support on port[0] = 21
[ 1985.137084][T11742] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1985.159360][T11742] Memory cgroup stats for /syz3: cache:56KB rss:245040KB rss_huge:215040KB shmem:100KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:245052KB inactive_file:0KB active_file:0KB unevictable:0KB
[ 1985.194888][T11742] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor3,pid=25604,uid=0
[ 1985.221367][T11742] Memory cgroup out of memory: Kill process 25604 (syz-executor3) score 1107 or sacrifice child
[ 1985.239472][T11742] Killed process 25604 (syz-executor3) total-vm:70532kB, anon-rss:2204kB, file-rss:33748kB, shmem-rss:0kB
21:47:37 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x300}, 0x0)

21:47:37 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd601bfc97004d00000000000000ff02000000000000000000000000000100004e20004d9078e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed00000000000000000000000"], 0x0)

21:47:37 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x01\x1e\x00'}, &(0x7f0000000300)=0x54)

21:47:37 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x7000000}, 0x1c)

21:47:37 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0xf00}, 0x0)

21:47:37 executing program 3:
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0xcf)
r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x10000)
ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r1, 0xc008551c, &(0x7f0000000180)=ANY=[@ANYBLOB="ef4a00001400010003000000ec007b766ba0cb0e6b04eb6225f06f810000040064ce31740c6f788550f8eb0f1e918b26d4445e41c0b40daa43ff4dace798f91d39520ed788af653af3eb4b871212a7e789b8a4645bebdb1509034268f7185a8940fb097414bf05f7ea2f77fb109288316e9859abf865fa35ddac68217d052af97cf47eb64e1568f882ccf950c1007f81a6bd9c1d1d35d00e19833f5d06dbf355a5f57abebdc7ef4fdc4d4a4e1a8306cdd3bf414e3dcf0de5b70f912a26fd0cecfba4b92a79fbdfde01f0b8398f4736f7c1f8cf69bc5f1cd0dbfba044f2bf867d268b157d9d0f5ce6c4b7f3230b60da600a0c4e881e8b8b53438721b9df54335dff5dc3a0e89b4c9d8a27cf478e14ba5ecba7e9b543f7f03cdf71f43ef1bb8186e1348623cddfc929"])
getpeername(r0, 0x0, 0x0)

21:47:37 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x1b8c}, 0x0)

21:47:37 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x8000000}, 0x1c)

21:47:37 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0xa00}, 0x0)

21:47:37 executing program 3:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x1d\x00'}, &(0x7f0000000300)=0x54)

[ 1985.801527][T11785] IPVS: ftp: loaded support on port[0] = 21
21:47:37 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x6000}, 0x0)

21:47:37 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0xe00}, 0x0)

21:47:38 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x9000000}, 0x1c)

[ 1986.065415][T11801] IPVS: ftp: loaded support on port[0] = 21
[ 1986.399931][T11804] syz-executor3 invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[ 1986.426279][T11804] CPU: 1 PID: 11804 Comm: syz-executor3 Not tainted 5.0.0-rc1-next-20190109 #8
[ 1986.435236][T11804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1986.435244][T11804] Call Trace:
[ 1986.435268][T11804]  dump_stack+0x1db/0x2d0
[ 1986.435291][T11804]  ? dump_stack_print_info.cold+0x20/0x20
[ 1986.435307][T11804]  ? check_preemption_disabled+0x48/0x290
[ 1986.435339][T11804]  dump_header+0x1e6/0x116c
[ 1986.435361][T11804]  ? add_lock_to_list.isra.0+0x450/0x450
[ 1986.474535][T11804]  ? perf_trace_lock+0x750/0x750
[ 1986.479499][T11804]  ? print_usage_bug+0xd0/0xd0
[ 1986.484362][T11804]  ? pagefault_out_of_memory+0x1a1/0x1a1
[ 1986.490013][T11804]  ? ___ratelimit+0x37c/0x686
[ 1986.494706][T11804]  ? mark_held_locks+0xb1/0x100
[ 1986.494730][T11804]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 1986.494748][T11804]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 1986.494765][T11804]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 1986.494788][T11804]  ? trace_hardirqs_on+0xbd/0x310
[ 1986.521585][T11804]  ? kasan_check_read+0x11/0x20
[ 1986.521605][T11804]  ? ___ratelimit+0x37c/0x686
[ 1986.521625][T11804]  ? trace_hardirqs_off_caller+0x300/0x300
[ 1986.521648][T11804]  ? do_raw_spin_trylock+0x270/0x270
[ 1986.542251][T11804]  ? trace_hardirqs_on_caller+0x310/0x310
[ 1986.542269][T11804]  ? lock_acquire+0x1db/0x570
[ 1986.542298][T11804]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 1986.542317][T11804]  ? ___ratelimit+0xac/0x686
[ 1986.563090][T11804]  ? idr_get_free+0xee0/0xee0
[ 1986.567795][T11804]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 1986.573118][T11804]  oom_kill_process.cold+0x10/0x9ca
[ 1986.573142][T11804]  ? cgroup_procs_next+0x70/0x70
[ 1986.573165][T11804]  ? _raw_spin_unlock_irq+0x5e/0x90
[ 1986.588494][T11804]  ? oom_badness+0xa50/0xa50
[ 1986.593109][T11804]  ? oom_evaluate_task+0x540/0x540
[ 1986.598228][T11804]  ? mem_cgroup_iter_break+0x30/0x30
[ 1986.598247][T11804]  ? mutex_trylock+0x2d0/0x2d0
[ 1986.598265][T11804]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1986.598298][T11804]  ? rcu_read_unlock_special+0x380/0x380
[ 1986.598325][T11804]  out_of_memory+0x885/0x1420
[ 1986.598344][T11804]  ? mem_cgroup_iter+0x4f4/0xf50
[ 1986.598367][T11804]  ? oom_killer_disable+0x340/0x340
[ 1986.598392][T11804]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[ 1986.614741][T11804]  ? lock_acquire+0x1db/0x570
[ 1986.614773][T11804]  mem_cgroup_out_of_memory+0x160/0x210
[ 1986.614795][T11804]  ? do_raw_spin_unlock+0xa0/0x330
[ 1986.625189][T11804]  ? memory_oom_group_write+0x160/0x160
[ 1986.635328][T11804]  ? do_raw_spin_trylock+0x270/0x270
[ 1986.635361][T11804]  ? _raw_spin_unlock+0x2d/0x50
[ 1986.635383][T11804]  try_charge+0x1457/0x1d00
[ 1986.645954][T11804]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[ 1986.645981][T11804]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 1986.646001][T11804]  ? lock_downgrade+0xbe0/0xbe0
[ 1986.667472][T11804]  ? kasan_check_read+0x11/0x20
[ 1986.667499][T11804]  ? rcu_read_unlock_special+0x380/0x380
[ 1986.667529][T11804]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[ 1986.667560][T11804]  ? get_mem_cgroup_from_page+0x190/0x190
[ 1986.667581][T11804]  ? add_lock_to_list.isra.0+0x450/0x450
[ 1986.667598][T11804]  ? print_usage_bug+0xd0/0xd0
[ 1986.667619][T11804]  mem_cgroup_try_charge+0x43a/0xdb0
[ 1986.667640][T11804]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1986.667660][T11804]  ? mem_cgroup_protected+0xa10/0xa10
[ 1986.677009][T11804]  ? shmem_getattr+0x2c0/0x2c0
[ 1986.677028][T11804]  ? __lock_acquire+0x572/0x4a10
[ 1986.677043][T11804]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 1986.677060][T11804]  ? print_usage_bug+0xd0/0xd0
[ 1986.677101][T11804]  mem_cgroup_try_charge_delay+0x1f/0xa0
[ 1986.677123][T11804]  shmem_getpage_gfp+0xa85/0x4b70
[ 1986.677165][T11804]  ? shmem_add_to_page_cache+0x19a0/0x19a0
[ 1986.677190][T11804]  ? lock_acquire+0x1db/0x570
[ 1986.693146][T11804]  ? alloc_set_pte+0x134a/0x1df0
[ 1986.693171][T11804]  ? kasan_check_write+0x14/0x20
[ 1986.693189][T11804]  ? do_raw_spin_lock+0x156/0x360
[ 1986.693208][T11804]  ? lock_release+0xc40/0xc40
[ 1986.715128][T11804]  ? rwlock_bug.part.0+0x90/0x90
[ 1986.715152][T11804]  ? pmd_devmap_trans_unstable+0x1d0/0x1d0
[ 1986.715170][T11804]  ? add_lock_to_list.isra.0+0x450/0x450
[ 1986.715192][T11804]  ? reacquire_held_locks+0xfb/0x520
[ 1986.730956][T11804]  ? alloc_set_pte+0x134a/0x1df0
[ 1986.730979][T11804]  ? find_held_lock+0x60/0x120
[ 1986.731000][T11804]  ? filemap_map_pages+0xe29/0x1cc0
[ 1986.731021][T11804]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1986.731043][T11804]  ? lock_downgrade+0xbe0/0xbe0
[ 1986.747412][T11804]  ? kasan_check_read+0x11/0x20
[ 1986.747435][T11804]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 1986.747455][T11804]  ? rcu_read_unlock_special+0x380/0x380
[ 1986.747487][T11804]  ? filemap_map_pages+0xe50/0x1cc0
[ 1986.747521][T11804]  ? find_get_entries_tag+0x13d0/0x13d0
[ 1986.747536][T11804]  ? follow_page_pte+0x3f4/0x1a50
[ 1986.747575][T11804]  shmem_fault+0x25a/0x950
[ 1986.747603][T11804]  ? shmem_read_mapping_page_gfp+0x200/0x200
[ 1986.747624][T11804]  ? __handle_mm_fault+0x42e1/0x55a0
[ 1986.762614][T11804]  ? find_held_lock+0x35/0x120
[ 1986.762637][T11804]  ? __handle_mm_fault+0x42e1/0x55a0
[ 1986.762661][T11804]  __do_fault+0x176/0x7b0
[ 1986.762681][T11804]  ? do_page_mkwrite+0x740/0x740
[ 1986.762703][T11804]  ? do_raw_spin_unlock+0xa0/0x330
[ 1986.773432][T11804]  ? do_raw_spin_trylock+0x270/0x270
[ 1986.773452][T11804]  ? add_mm_counter_fast.part.0+0x40/0x40
[ 1986.773480][T11804]  __handle_mm_fault+0x370a/0x55a0
[ 1986.773510][T11804]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1986.773526][T11804]  ? check_preemption_disabled+0x48/0x290
[ 1986.773557][T11804]  ? handle_mm_fault+0x3cc/0xc80
[ 1986.788991][T11804]  ? lock_downgrade+0xbe0/0xbe0
[ 1986.789010][T11804]  ? kasan_check_read+0x11/0x20
[ 1986.789028][T11804]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 1986.789047][T11804]  ? rcu_read_unlock_special+0x380/0x380
[ 1986.789074][T11804]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1986.789090][T11804]  ? check_preemption_disabled+0x48/0x290
[ 1986.789115][T11804]  handle_mm_fault+0x4ec/0xc80
[ 1986.789137][T11804]  ? __handle_mm_fault+0x55a0/0x55a0
[ 1986.789156][T11804]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 1986.803792][T11804]  __get_user_pages+0x8f7/0x1e10
[ 1986.803828][T11804]  ? follow_page_mask+0x1f40/0x1f40
[ 1986.803856][T11804]  ? lock_acquire+0x1db/0x570
[ 1986.814608][T11804]  ? ___might_sleep+0x1e7/0x310
[ 1986.814630][T11804]  ? lock_release+0xc40/0xc40
[ 1986.814643][T11804]  ? find_held_lock+0x35/0x120
[ 1986.814664][T11804]  ? vm_mmap_pgoff+0x21a/0x2b0
[ 1986.814687][T11804]  populate_vma_page_range+0x2bc/0x3b0
[ 1986.814707][T11804]  ? memset+0x32/0x40
[ 1986.814725][T11804]  ? follow_page+0x430/0x430
[ 1986.814746][T11804]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1986.840563][T11804]  ? vmacache_update+0x114/0x140
[ 1986.840592][T11804]  __mm_populate+0x27e/0x4c0
[ 1986.840620][T11804]  ? populate_vma_page_range+0x3b0/0x3b0
[ 1986.859193][T11789] IPVS: ftp: loaded support on port[0] = 21
[ 1986.862861][T11804]  ? down_read_killable+0x150/0x150
[ 1986.862887][T11804]  ? security_mmap_file+0x1a7/0x1e0
[ 1986.862920][T11804]  vm_mmap_pgoff+0x277/0x2b0
[ 1986.879283][T11804]  ? vma_is_stack_for_current+0xd0/0xd0
21:47:39 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
r1 = creat(&(0x7f0000000100)='./file0\x00', 0x40)
getsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000140), 0x46b137063b18654)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd601b1bad1bcef1bba5aef47be7eee67ffc97004d8800fe800000000000000000000000000000ff02000000000000000000000000000100004e20004d9078e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"], 0x0)

[ 1986.879304][T11804]  ? kasan_check_read+0x11/0x20
[ 1986.879321][T11804]  ? _copy_to_user+0xc9/0x120
[ 1986.879343][T11804]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1986.879368][T11804]  ksys_mmap_pgoff+0x102/0x650
[ 1986.879393][T11804]  ? find_mergeable_anon_vma+0xd0/0xd0
[ 1986.879415][T11804]  ? trace_hardirqs_on+0xbd/0x310
[ 1986.894865][T11804]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1986.894887][T11804]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1986.894908][T11804]  ? trace_hardirqs_off_caller+0x300/0x300
[ 1986.904951][T11804]  __x64_sys_mmap+0xe9/0x1b0
[ 1986.904978][T11804]  do_syscall_64+0x1a3/0x800
[ 1986.905002][T11804]  ? syscall_return_slowpath+0x5f0/0x5f0
[ 1986.924717][T11804]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 1986.924738][T11804]  ? __switch_to_asm+0x34/0x70
[ 1986.924762][T11804]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1986.924787][T11804]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1986.941142][T11804] RIP: 0033:0x457ec9
[ 1986.941160][T11804] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1986.941170][T11804] RSP: 002b:00007f58d409ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 1986.941186][T11804] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9
[ 1986.941196][T11804] RDX: 0000000000000003 RSI: 0000000000b36000 RDI: 0000000020000000
[ 1986.941206][T11804] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000
[ 1986.941221][T11804] R10: 0000000000008031 R11: 0000000000000246 R12: 00007f58d409f6d4
[ 1986.978759][T11804] R13: 00000000004c3b56 R14: 00000000004d6910 R15: 00000000ffffffff
[ 1987.103497][    C0] net_ratelimit: 20 callbacks suppressed
[ 1987.103506][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1987.129215][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 1987.129360][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1987.285324][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 1987.291286][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1987.297182][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 1987.428130][T11804] memory: usage 307200kB, limit 307200kB, failcnt 3535
[ 1987.435048][T11804] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1987.462436][T11804] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1987.477375][T11804] Memory cgroup stats for /syz3: cache:4412KB rss:242844KB rss_huge:212992KB shmem:4456KB mapped_file:4488KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4440KB active_anon:242840KB inactive_file:0KB active_file:0KB unevictable:0KB
[ 1987.508816][T11804] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor3,pid=11799,uid=0
[ 1987.531820][T11804] Memory cgroup out of memory: Kill process 11799 (syz-executor3) score 1110 or sacrifice child
[ 1987.543935][T11804] Killed process 11799 (syz-executor3) total-vm:70532kB, anon-rss:104kB, file-rss:32768kB, shmem-rss:4220kB
[ 1987.566445][ T1042] oom_reaper: reaped process 11799 (syz-executor3), now anon-rss:0kB, file-rss:32708kB, shmem-rss:4444kB
21:47:39 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x01*\x00'}, &(0x7f0000000300)=0x54)

21:47:39 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x8c1b}, 0x0)

21:47:39 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0xf00}, 0x0)

21:47:39 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0xa000000}, 0x1c)

21:47:39 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
setsockopt(r0, 0x2, 0x3, &(0x7f0000002700)="e4820a59ee680c9a2c10e42983868a8116e31e047e6f2c1531f28ea9574beb4e7a10246e28d49566db3787a6a3d48ef39488f07f8d714725c9073b55e3ab621299e19bc163f8dd8434f641be8851ab1e1962db828d9e948e6b89dce313a487a0ebf8dde2eec5a8722d3a644cad4dfa08acc3d7b03dbf12800b8fd6c0a8ccb46322f19bb3c5fce6438699afea2d5b1996fde96dcfad22de7842ab871f5fbd762e90c89315ef68e30757aad6a21445ecfafe7bc1cadfc9b058ad2f50b13b955138183581b98a97cbb7b9", 0xc9)
r1 = dup3(r0, r0, 0x80000)
connect$ax25(r1, &(0x7f0000002680)={{0x3, @null, 0x6}, [@null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @bcast, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}]}, 0x48)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd601bfc97004d8800fe800000000000000000000000000000ff02000000000000000000000000000100004e20004d9078e2f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"], 0x0)
writev(r0, &(0x7f00000025c0)=[{&(0x7f0000000400)="1c34f7ccfdcd9c42b8f267a9fb6e72bc9f2d00792cebd4cdbaa985a9fc06aa8ecedbe4c403d3d16c1f176951300472cd73fc50a67fcdca7f1ce3cadb6cc4540acc1fe1041d27b640e87b8b89388e2a8ae013e51a653ecb9c30ade631c2616c04d16cc210bfc97eb9dad9694dfe34ca5172423443d7195f648b83def67166da5464c05a08237b4d2956cea2673c9eaae89353ea470256e5bff68799788cff6824f5fb15878ea69070a5d7922e4230ce21bd1af19c226153236bade34acec04e2d67321523e52a7f9f801108801d8bd8434a263227f980cabd279788b5668cfcb957091c5ce167c68eca84d820ce5b6b045677ec59ccc96e5784d25061d4718de7ce1337abe1bb24074cf3aedd2cc46fa71e7799c2ba9f5561466952e1d8dbac26e54d6ad90288f5390e430c80c3db6e81eed17927b8167ee8f04c063ca7186bf429ee28dbf9a16bc0bffaa63ca7132c383522cfad3ba306c0d3032d4d9e320728612b95124ac330473388a524849cd572a7fc65d5d5b60c898fa1383967416f05ad2f50709fc9609d2065996c26c602a180a8ba8b297eff3b46f70ee4a29e3182240b675e6917183bcb57c94b3ee1c5537c7de8532539a4b3968fa32a74fc702aa84797371d816a5d173e6306e88dbad67fdfd63c4ac17e63b5fa204ce7f60a06dd8c1e0201adbbc538b8f323ee0040cf3bf211278a758de2a4024e9d71f36a9090098969a9e7778a25758ef60fc9ec75d6b593818b7d160fb137c34a3f61b0adaa4bbe8fd084e5e008af412ef907125d70bb9908c43a2cc788a7e21a32e4cbcf1333326eec04aa62e55d376ea8534cdb886b38c7fa515e742220b6736b4e72496c2defcd7bd7e5beb33bac29bb10eea65562a4c1fd1f90ebf0b932a22b2e2aa34d8cc168a8a6232ba0f8f2683eda0ee301fed5d03d6a487d81eb4106317ad0cec161add8b2e0bee8b7d1804673cc2911960926cd9c34b449e8b2898badabe697bf3f8da81ca4f27f8d00dca15f3f4de26ddd8a6f517de5f6e1f534d46cc3e11e96d9e8fab897ead43258625cea91de9e5ac7d42158e76db24cd1317f22562535ca517a9fce1ae533ba373190cd3f1427ab81a6abcafc0be23708c05db65ef754a7ebd878ab0b1d9621b9b8e1d617a5fbd3dd72b70f9b420d779064a8baf5c16a678c187b6f8ac9f74b60c8b1759ee82247008cff375a5b2f3536be0be0363b1befbf1619821e58aa68d0fee337daf590c006efa96cd0392b28051d84056836d3f3c03ba74af3599e2ffd3af67d99af1974c7b3797f268e1377a6359981a9ce37d229d9cf71a92a07782728e81a5db306f1910fe87bb8a192ebe41e1f787af48b3d2b1b7190cd7ce8d28ed70d27821d8d932414635f282e8220c53a44e2ce44fb12bd4e2a38b11b065c7b625a9a6f6562c751651278b7d330cb413d04fb1c1403aac2253e397122380a161d7061e8a9a1b3b3a5a0d872ce7cc25d61a68d3e6abd6e42b8c42d355a23209a0fa8ea703476347d28223a2a6fd39041059fd7e11e8287f2df7465cb617bc66bb453a8fbc4fc5c78b4a2f0fd6d6df99afd39a4e02f792bd06936e7aee580a4c32cced5ccab11d08240a297992e09e12b1b3d44e7879fdc7e95c02e52b141db6a33168c17c5a78f8dc8ffe276bae14612176dda4869c34ca7359f7d2a897471af15ddedce8556a30af1d320cf1e4d282e9a93368ca61f33e15e8ac0607754ce970eda2f67214aede2ed199020b96da20430023c52256b1a548dbc098254cf7a122e781ff1b246f9e78d8c94812e9cf29e8193d56b3e26c3742917f2379f8a024c88b1d0252eaa0dd08fc273edba0beb93a2ca1b477f69e0415bc244cbf15b7c9fffc1e5da20d79af9b20941132c3b18556f7b6bcc8fcb501c77e0b925fea12bf29eef31b67f79495c13385cd27dad4cf7ebd7aace308f4ed71782bcd63027a42a2bcb79b907dafbd27c3433f3911d896521e22ccc2153fda9fbecadb52f4fc39a0df155e9e25b7d4f36a55b716028d23f12ee0b4d822c34a7083889ab6d06420fc38d0bc36bb0c3d9a66dfad959beaa2fbbf51428ea7416ba2474f27979861e2711d16e2b1d6725228acb5bf98c9f5aec1c1342653b150b288a380ceabfe86adcfbad9bec6c9a32cdce0ce39896cc76b0acaf22ed288470d3b7ff36be88a6c31a869bf088722fb8d35da4cf93ca8b6f216b012cc5b06cd629421f90efd68c99c2a1c94c39d5138ef5a4baea734d1221b7e3e1902ad63295e923eabb5c1a88b67baf0aead02f561cb52ff0978d56cae369f7990b45b92a3b6f9a4ca97e0b87c469684cbf5470e443f377f0f58b52f28506d0b809e376761db496a9698d16b2b7990d0b53604355d125cb35161c88c090c839e4d2746b6a4d5cc49b70bcec27948693bbe9d04adea5e849f935f71966a04049676d3a3c97802d108e1cdf5afe82d6fd90c2bf3abaf6575cbb0d20835bb2396456b9f6cbfae6bbe2b91e0c3b670a8d02a82b080dcaa3d4276daec6cc06fa8249d5f604b0b841676d4c366c0d077b8b8e997ea744cc8e61a7d7ce540cb1d55daebd2897a7a511165d1d0547e899227dfb9a684d109d4ec442d240495c7891cac4dd1c72a4f0681bb1ad3d3f42c7244f2f03d34271d01a2375b76beaf80c27380e857528f7f2cb45cd2228371758166b1ac8be39f0c6facb310d3a6389f61b663484943fbd51259eb5bcbbe7e7cf9184c7b6932abb116fcfbdd7bd96c92e08271478d8e22b94714805855a15beb4b32eb76a9a52edb5c76094206dee6a381e7f5d3d891a6098b6bc6b06cf651ebd91cc0bc32075153769fc614381adfce463a3b92a5ce3133764f1430a713d6f46f5bf2aba3f9b51484a1c613e2a7f350da71c7c0ef5ad354171ab0cb1191bcd0e15bd10549861b57492e8d567258f2bb7373681a2c1681b5b86b2d6995148da2ad8e62f1ce945fecdc89ce2b91791e742853f913d00a3621bc5d9fc4ebdff31c7548c7760ca880cd6bd36279545d30bb878d1ff52f0fcc6e1a3d122ab76f491bb26add4ff0de758afc629ea9db5f2c2877a826c468d6ea5c7ef3ceac2fd10ef23b8bc3080bd6a524b46c959a02f08f90886756657e1695d50fa92b97934d71f80aab831ff490739484aa1399d13b1dfa11daac8c3af537c282462ad3e9f78762ea287cb1d91f9fea38b2dac61912157a4c3628415a697ec32ebffa6cbd09760b47d70af0c8a9f38e45c30275a26f9fd000e2fa3fd2eab069fa50eb7d2fa16a6c9943ad765df3f8cda29bba541a832826e4e5f257e8fd5f836a1a276f146808ead8e34c64362fb2312b2e36ee4bad4a38c633d3ce813b440e489ab5501c652f8f1d088e8bc460d6e05efed47ab1589052c4a9e616e657a414e3e2a825d0252db8744066a7df935c855434ba9f1ff82a66619d46afc97b58d69c62446efe49e8be504761cd4949e0cf48b310f2b0b598881ed7d994df2625aba67f87696df71d01e58b678399a523978736f4a25642ce346b8b83da72840fa058d17c361d42a09f60c387386fda01977f35670e8a1296e9194d60b605c4f4a234241e9674878f1e9298b18174062a95b02a9d763629ac668db92e988eeb634aa2c61b58270e5aeb02ec69a3d501b61cd00392f24c0644fc548f177617f40d8429695c174a7c7f0133a5a2246f3a40c623203e5f79f4265f151475e232775338704f6eddf212a1b994c8ef77c8464fc8a01eae98080fb5f9f0d4c97dd697b4edfb1fb9e60c7e2971bea5af3fad01aeed4361391a8ed2d0a12bdc5a82ce514904f071ae4fa39daad7f4d48f1544295835505a8dd5e80cbe0112495b41d78f7b9d1ce8880cc2b3d21dd0d65dd64d5ff3918f18e8dbc6aeb2a48ef570868356134dd4a951bc019f5e80af38cb84a8e80f0c02e77b4795497b18478797f00f5a36709b4de186df9914c274ec557c9caaf9a90ec9be1186f4181775e8fe3fa809db2a3eebc230b3b811a70200c91328f28ff7e4b66ffc8334f86cc5bf78a4991cc44862fad78ce9d3793f14c140f085a7ee3646f43f65396fe6bb375be70c8dee0d7f761d9cfb68ffff6e2620054e9c360598fb72b5014d91e2a29c8ef8c26288a03a299b8bce49626c5f3d9e5b1761df555789b573d47934950e67a0fd882cfc9508f76ad05d7297bdb994784090b280827433276fe9fcfdd6610bc8a300408827a0c015ba9a3b079bcb0990c52fa2ae6fda8bf1533955630696b7b6fd443de174d774273ec900f45726e4e5ad5029efeb67828f3861a43bf5c01de5e894fff1ceab6e475669817e07cb6fa954e139f0298f33ac40a24c782133aa4e8124a2b256901896332c18a3f60d92ed6c97d4dba15251339e187371fc7d3285db4b9738a2d8c950fc7d4f33d459304ce7e87eaab4438dc9f961af80bc928c857756c57a5a126a558aa3ecb87e7953f8ed5b02b873cd9a1393d31505568d1754b8843a0f70a86f16daec0f987cf59f0622ddc42895803dcc8dd7d49e6eb0ee5504631b7f637ec0e5ccbe40e835d8a409c56cc27dc2b83935ca5a41a8e6d2ce0a6a730805b902b3920561fc9ea76b29fb407b569050c7bf7ebdb2a9f1019cafc30eabb7579c6aea45d76fa78ed4c53c56e69a45ecceb848bd41cdabd1a582f33f786bb172f4dbe920deec0f4f03ea94ad0b3cbe58272f05fc2d3e764f7f1a14caeb2c60a58d3667bba913561e85f209f824ce849643d5a90171f9dacb4884f31373fffde81975fbb2ff9fa7c2029bb60e1a8433a644b5c0449881c6ba5c1be0c83cf742b51b4f917f50d8fac443217ed1f21401bf2358ec187711a804cff45242288564ddd2b2a95c44478b26bc589de077e186b9f7556ecf035e11080532a507aacbfa9860f87b154977ab4ddd73822f559a0b09b5aa72f04af62e37a37d349b06534adfed48d5d621234a31071cf2d35906a90daea47578a342f3ef3133fa22bda2f3f6da7a534b3cf72506403f2afaea708b1cbf26106e2a40944c8d3c6639ef1396eaf5c623290ac455599b39fb43c03aec33e72803490acbd9d5b01fb347bd4bb4e608f734b0965836021a88aae9fa8ddad0701927caf50e766cb53db8f73c52aff97dc80ce7ca72fe31e22d7a90639ddfd95fac05342493dbad822081ae930a85f241a30d16be29ffce85cbc535a976e76c344eebd211ad411bf7ed7ff00694c6585f4bff1f449fb5ae0262e1ceea0d61163033e64764b7c977a3eeee692c0f2a2992c0a65b4c4291e561458f8ce02976aedbeec27486e8f857e059f909861b14551c1ffffda437beacb0f76611e6090bbe9d875c69a93638a0ce2e61ab57830629b61dcb4054a2eb70d4d04a2d0081cb99771836e113119583c72e943f5e05efee9b700bed1c6b38da1531463b96b18159933efbed834c6d3c2c694465c6d840a5469aba18ab075a7140ea0b03b303dc15bdc865e2733049379eba5bb985b1e5773b6a5f0f3aac8d5b21e1949f91723f7eb1b6854eb5765493b4e56cf30c2500c4b538ccd41023e2df9826cd8cdb5162bd11579f2a4524797ed89a96a0621a1c6492ac0a94f567bbc71df1e594ce8b3b1a3e084d61191f6afe23057655bed7f57a8c2be6d5d71c89cc1359ecf8fd6fb56eef53054eed030cfe01421dbc8432de81ee7d6e234d71ad4b895f3bfb1d87ca37bdf838770f5c4c8e9113499ea75ae6ee6146d390b1345ce4f95c1ed99cde3d0d7f24ecceae65baf0a379e7e4f8fb1a3c91f23d7068be5f62f7495de9d9590f95890e7056e34aa2ec4749cc4c9ed1817e92790", 0x1000}, {&(0x7f0000000040)="d8d74592f3c9d6c7fe5ef59bc0", 0xd}, {&(0x7f0000000080)="ee69bb54b1cc8b6a70ab6801103a2e998369976c9a5463a10ce949d5bc8795fdee90a87981b83a3386d3534d4ef90030acfefcdb0392d2df868e7fcc871d79fea09a2ef5b6e8ac890376ba4560825828b3683f78374813e3cea8c7dca670f936bc46104c6f911f77e84a8d23ae017d407414d2bada5e9e38ea1451691601b79a2ca1bec9508700373520701ec69b368dcc182b9c687c7336b9f02d0da4f7fc09e9d9538f95f328fd3d02983ad177d06c4fa4ee172d2239c08611", 0xba}, {&(0x7f0000001400)="e48587abbf0d3d7c54ae8b707dfce25802911405b1c363306d81e6f99f62b5476b46961163fbcf052d404edbe2bb5890c148e91e753e3bd6bb2559a901ef5fed2be43497e5ba2bada841062999bfd150c5800471fbb7bff681d4a824071cec6f226b47f1c0db81b08f34c19ff6a149948e4e498a90e4bddd3b2353481f06430c262ec7046fc590215fff56e9daf82b6d12cdefa6b4a9cfa5f219ea4a5e5241a388b55dbc2d53e533d0a3313a425f6dcd9a1bc10b6f652a9668a9436ed365f6789958e289af6328890a21ef453667de365703f6c826232ba11d3d16620735ea116bee7e25baa1d4076e9d14fc031beeb7f44e78c65ab971e9e2dbdbaee1e21d11e208c61c32d5467d8810b9182fd43093d6564d236cf5ab0d0b2aaae15e722d3646d3c1e3e6c6e43ff8b0aecf188638987c43616ac9f9ee8eb605bdf256c23ee001b60db1088673d4c130d4c890155d98f83f2a03e67a7b19467625d7008c0d9d3aacdbb47c33553e4610854bed273fc476ad513d2135705f4d24c5bbf886884e02c2f8774e058081a6293c6a32479694dd33069e4902b85af726fdb5de75b96143ccbb5961095a9b305d8995b360637bd22139c65399ed399671b01b84181bf463970a52b4e8e7e2d09c2f16c221b3ef79ca05e1868b66bb5be9a77ec502eefbb055a491f71bda144da6418d1d4c966d6994a1e66432d91d1b516cbdc4dfc15fb02a0bbfd6a628020859c3263c04911f8e237ddbeeecafa51cc1fbcd6a98ea314b7183eee23645330d4260ca527d39c96dd3a0da0e832e60b22f699ffc252b3095852c3bbd598fe2b7b443bf8a9193b5b16d06b19f20b4950e82b7e539b58e411e80eaea1024f6d0c7d1e6a2d4e2e4102f4eb18d77df64c2bf2c0924aea36eaa0a0cbeb539f03a9ea09c00a77651174997ebe06eb68adc3ca700d23e599135c27911caec5875af619bfe4f9774b0c67ee2483eb71021ffdb6fd88191b19fcf85e71912faa2d4497c6e5811a6bccdaca943ac219a3771c6220624e54f1c052eda1d40cf75a616acc6bbb2d38176f06f01c89ffb593ac6c1cc2d38f19fdf5eef1e23c750cf394a65aac04c8caf1c31ad5c7a72367a24013c91ac4bc7978c327d2b7871ac2d3f1776b9c60b06313449ce42354139a9120ed7637024a567003d8fa5b7ebf85a7ce38a9cfec62b6cbaebdc1f7e0e4b86f42e4271bd936324a2a8a276be788a3886e69d3ca6c79ae6ba6a4964986ba457dfbc3202fb72b3451401192ae4f03197535c1e5c726efb22abe63beaed6c7788ae287ff1a35d8e566ab4321800a49ce9f5295e9d6c7bc86354b62a2d01a315b166d48ef5d7c0d55023824d002bbefcbaeb656046ecf5246eb8f16346323857332f123497a133130a2c441cae6b3b2470a0b8f36c4c438e1796b3990b0d24df19775e70a4ecb967b2f73052b3ce84f85d629462f22ab7cea4ff42dac23f5d8da3682683fc1b706710c8372610f384c5ea630ce30d2ddb6189b94022f6f57e5232b8a6d2d2a36d89cb3323447f98d9d230c5ec23250ab1b1c2b397aaf93959d15d8d5500a5ee6b83f04c7c4a8d4989cd222c1d314aca81b9a02933c731993b547925368bb9fea194057fa59b94d51b59878d25ef40455b3c05c34eca86fe84ca401b82bdd08bdb0ef847d617d1701aa734e13e0a37a5e71d19e8fe6ae38606563c09a9bf6d1f23610218e2f849aeec8e25d65da556c7be63a93207937d4fdd4b74994f272072f619d212269c6e52f1ed91246ab1d433a1db8a5c448eb49a4ca9dafa7cf49b6c1f81e8a9cb75131dd710388e26c00ca23c50dc62bdaf34fb0c3c087e6270d1cbab488043cfc8c1db52573078b2a2f1542d1624de74e069bd151ffc5c292eea31122a7e8ee71a3f37c4f3f949656c8e8476ef00bca3250d1e94320df786b9505dfb519121a3b5cec089280aa7f2ffc1f27b1a9f22f9d8c5ff8004f22369aedd95921946d2a65e3fa2466993909bef51c505d2c94e4de8d1d60ec56c9565886064eac23c4252f38271f6df4623a51fbb96b748c8e424f595dfbca09b6324afc8ca090bbfc18b74285b103fdd22a7e66534ba0a1c6c614691b452436ee1085fa0c87a0378ab4b32776d81749fd1b8ac9a8e6e18c5b94e118adaca7a9cb9a35b5432c2f8463f8e5c8e5936359f04591a61173582d59fd4f977b63288770d1d1c97cd778c745eb0bedaf2f8c6276edfa85dc7ef1a0071a716faf933868742ac4a432568384368fb234ca5e185bfb450967b2dc02ac13128f2276417de6b58ba095947ec28e6300e56f39117f194a25979e4072c9f51d4fb65f52b4e2d91302bef1b325a8be2d7490acc49c46b68fe0776dcb9f71bd286f59d54bdf479213a636e92bf4fd106ed93cd80aaa93f8a58b88a921216ac75d4ed4b2cdc43546c9c244b0d261aa894452fb13f1faddecdb8956e7a4984a935f289bc0e64b08a6513ae61e406c9c089c208f61bac0ed9d193d149a4fb0580c7c676d230fb38c190228e8838769d67609bd01f82a481fe5cdac4db013b4fdce044a972e395b0733f48c3c73a8579379bb7981da76345585fd4b274e3553021bf7cf12d0db73e6d607696ff1b53e0c22c270d1569ece7c4aaf1f4817ee401f29487f6afbd994fbc803ba8eb029aafa9d38ca73b10ff74506c9118c7ab9598c88aa4df4252ffcd2070f6132b448f50ace2219cbc4148837ea544d31d4349487e6957b8b3c7e168c1c7922df1a8eee475aabaa034d518b1eec286a7f1f209ae508da912a0eb14ddb636111209e88d64a7cd1989bb0cb6044dfc5f9be53e8841bacb8d1df4b1bf249f02366772040c63ca7cdb50c95e54cd431a01030026e9d9930ed7aad9cc29717a6f361c32ad8fbd42c319baf84427db7fe536414a1ff0be654c849066ff3e441d62808a8ca60b470e9e6bb9d2cdf4d58d96e62f29fbf48f95a4fdfd29d2f9a7b33a6734523d5e59a9cc0baf689a8f2cde3e1822308e896ba67c7b3998f03366847e4e4d48b440dc473223e48509f4cfeec1da550902381c8448a8861ef24288ec5d8aadaf9423220d273a62ba354bc6f58e4f9f70f234aa501d893797b674ce0ac1528e1642ac818ce7657b0559a96727751828a81f6918a5a7d3adc798ecf61c467d8f0039de3195819c00053203067258908af611142cb67bc97e7fe65ae3967e284fb718991424911498e93d762b8d9e09ad432bfb2835507179a48753cdef7e7e6f96bf76badf80a2a42a847669fcd328c1ae45c43c3316b165e7d4877c481b0a824f71399852aa7b36d086ac1c12d6f7ef04d62ab47c012727c7377d7e3aa14447132fc5b51858acf319d5e1d378460cb0d94d42de206f42dddf64d350bc00cda15aa72bf1cc414d9abb3c7231c35f42294f84031cbd8bdb95c81bb9670e3784a18f8f7c6fb73ce0c62d82379be7c00ffe9105c545e18a1867707173b9266b254fbac3d3f7d7782b9fa0839e3979fcb5d40cfb439f1613de14389ea865e8631e032b42ce12ec324e0fbdc70d3d63ae5e443b96d1a7bc3a61df5304002377686cbbce8661c00fd71886bfc769d988da5145920060187e7b49c75fcba638f31fcbfb56320f71d3f0f1a64fbd384190752570629f6ec648899242903f612ca00de632a93ca96c0a4ca06c729dd9d578a7b7f0c0d8b2f363e0c86fe890ab4b1f493d6af31139f5315852f1861b05c1993ca4446efd0958c4f00285c043475b42af623e5e680b85a23a2a3b2106405236f24117c04a65903d50d2b499f981909443e9cfcf5acc12ba2944ae63bcf047fdf566ae9d841e1113b43a0a982729ebd54ff5613bef5e6e12ec398102ff9d51f83f8e55dd442f797352b1c390d4ea22b7c84afe884dd88bd139f8631e2d6e9727c2b92806635f535a95b86d01004ff99aed5c0dd95fb8dfcef79c1b149fcaf5b1c607dcad0231b2de990faf3d3496749ada6868873f82edffe3f74e210832cead0b48741abf4bb518a69db93f3cb455870d0526a940d10448e48998749345d3853097dc43be695fe7d3cb1f53cd806f53a1f66f085aecd6857878b2ad5fbb38ea28f78196ef396f46a2d2f678d9e8f44017ab3a03e5b8e8d866942d0936ac432f6b70118323a43f9b53a0110fa982886e40749088f9e3b83bb987a23a461693668c32eea6fa0f4813e2500ce5e13b2be8423d7ade6239376abfa853e079fba231e1ffceaf7ece7fde54c918e6d6505a52c5e0e9fd0835fbbac1ed6c000305ae81faf199838c6a9617adcec07ed7957dcfac6449b782d3178f3b5be6f0399b36baa9eced129fa49969e65f0d8d8858f160d616c2a081fa082a0a39b033db6d0f7050ae7564cbde9801def830edca6e1a32cc0f74b7e8d137e767b55b804c791803e55241bc7be78e3ea9c3dd9c74b6bc3cf1eb6563a57e783700598ae7bda60949a5e6897068726b52ce40d87d5497ae58b5244db3a5600c5f374921b4b11b786a65870dda72ab01716ba8256c6b634c51159d1a4d2c8fae8c3bc012afe97efb30263035693bed479804296f33e59135dda4f626ffdff040a165d3d727eaa2d4678d86ac78e7bbfe286c45689727d53e5194205e37bb0370b90890eb1e2629874c93dda0346299734c8d75876681939af16bcac1f44f9e24bf5b5b317c6f1f9372365a01ced694e6ccca45f40e19247085af0b28dc710eb685a268620c2bda5131ef2cf306cffa6d5bdccdca841efe25d7bb4e37c23d57afd2f941165d5b6195ddebf516d8163c2ccda0d5b75bcf4613065ff32ca0745ab585dbc4d87c6769688344ce996894575d1247af96bf7d3141e4b20e6ec9f256724e491d61e0b02245baa1293e0cfe5b79b3fdf1885d6907a2866f8c314eab76f3e6fb031db8b23ee97ce8f2e0d8b78c7782575b14e03058d29c2796388f551172bf11b7d6ceef1e7c5ed4258c16394f36e3735c4cb110dee3ec13c7899131cf9464bc9a4f9f436b05a9c1a6a381dcfb9ec45a1aa095a1af98c7c124669a171ad42dd32fb0cd7c15fa26245970bc0498b20710684012b89b07d5b0b13864080dfea6741e256d09bc5652857ebba7abf0ec0b4fba4f385d852c1711d82afb3bcbb52f4949cecd8acc8020c955d2c32cd36e5ca0b9c0eef2d831414134ac99ab2ecb672987c5f1f60600bdf24d06cb440ec39ce5e85260d559ca3f99066e1b629d82674bf8e2722c8da2929327723aa78a575047790a2b4fca5411c915e027de3643e0695871d5d6810a88d8b148ac3639b59da9d9a0926e6f7adb684e56865730c477dbe242d1873aa17883b006a101c06441ffe9342a659e76318222d8327746af6e2c9411fecc8949487421a1fc3d3341ff0ce206ba0390bc1a46dcf4d0108b87da856dc989139ddfbef8f68da2885fb3d9564363955fb2f39e1d4b5950ad443918dbe78f2bb58d03945b5c291f2006356becddb54d43480deb72e4b676aa1ba9f59b3bd97561e4d2c0f5b20c8c94af1742a4d0af506125bdebea8b4921625192cab8d236300d864b679c4303832d92fa96ad1d95df15678cb0c81b2a77d9fb94660547f57d3a268ab96c8d0c3d15d0f95f35167c017052655de1caeab091575d50925dd7658de5a74006e0edf7630b03e3b620b3411be9876a7c0451bd07ecbf9061825608fbd7f2bfa902b7eadeb4420b2672a1c003c81e5386f179f8f7740fad5e60c9e44dab58175bc12fd68df0faad5fb5f27a056f0fb9d4a5704d7330193d032a9ab9f9ec0da50d27b4ab5d880dde35994dfae1e63a06543185e3b4fa1ec4902c1252b4", 0x1000}, {&(0x7f0000000140)="c3a961939fe428ad7528989f0a9979165ce5ed5befb46af2053b7df8b848f1cf911566927149e004103bd07b24f9ac93e55b4d24a769dceb72549d2c655b4be2455a484eba1559a232f8e5eecb155bfb18d4a80b902c386fb4d28b9f9b6cb9122f84c2d567c606e420547f5302673e9c9296884809caff42a803e307cdf0732eb2b38e1783ffb4fd0a534cca3ebe27e975b37998252f722c6a7b11aa471ca67ab882d096cccb89a479b3e22c61c6168cc5171d1a88611c8e0309e4ce4da65bb27bf92b21834fc4", 0xc7}, {&(0x7f0000000240)="8b19afa2bc222d3be90d0cd0d16305d18ac8fb10f7e86a1d52a68628cec316a3bc092874c876f363ad0cdb21ffe9c0786bd434835fbdb75bd387a4183b1eadc55778f02a0c93e99cdcd9da4f5255428626642853e1ed38fde12a8e31b476d40cf68088756337ab85e6", 0x69}, {&(0x7f0000002400)="246571dac5e41803b8a48973fed5835b42322fd5eafcde59f9682d9fabf593f42d3489c1239b7ccea9b65742f4c811c697254d6920cee7a9572cf6e5fb6df111bca21ffacae137d427334e9e231df7210da4125753442c8bdc5dbafcd5f16915c96cd040835a508926c32c7836a62a1fc5204a005b2712d4cd6f95e2f9aa9160318eec6f311d52ec808319d15533eb81c051a4800b5521b2033c7c66aabd78e09f56b4fecf19fe57e2c3021a334c1810b48784b912a6b2837b73edbbdb5a9246b92f456dabb8e01b337178aa4e8cc11d2d265b62386e9d52d7e6ae3153cbfbb4c69a7e77aaa52348426854197269c9d4fcb20a34002bd3380c", 0xf9}, {&(0x7f0000002500)="4b555ba76eb7a06fc5ef6d961a705e603043ff2ad859ffbed4a6cb520a0dd50e56b2cfa21fd25f41289ed7ef20bd128f324bd9bba1a35c21612d34f5e5069c449ee47d7bb99d61ca62d917d878e8425d786db6d115ccdef075efdbe3670c8f9cc3ca86d40c7ff9af84b99f786d21b8024a8f06c2b8fc64b62f4f6fab843f98d583c7d3638f7af3d59ff793cce6fdf358b76170984452e26cc2338490881219a21a5ffeebc3685587", 0xa8}, {&(0x7f00000002c0)="94e1b6f00b7d2dbc2cdea9aa01c80dd7254057777bb3587c8b3d1f0395645ac359fd33f5bd52a7251bea32e328990d7ef7a8f88996c5d6edddac303040308514f80452e0da", 0x45}], 0x9)

21:47:39 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0xf000}, 0x0)

21:47:39 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x207c}, 0x0)

[ 1987.764979][T11834] IPVS: ftp: loaded support on port[0] = 21
[ 1988.206457][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 1988.212391][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 1988.218289][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 1988.224094][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 1988.312493][T11834] IPVS: ftp: loaded support on port[0] = 21
21:47:42 executing program 3:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x1d\x00'}, &(0x7f0000000300)=0x54)

21:47:42 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x10000000}, 0x1c)

21:47:42 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x30000}, 0x0)

21:47:42 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x6000}, 0x0)

21:47:42 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x98, &(0x7f0000000040)={@local, @local, [], {@generic={0x7, "3f90ef22bbbc953bb07fb73f0d32af41e2173759b0f20715590997a785b822982e2991256ffb0ad8315b0110bef2bc7491b091a63f44425cdc610b4cd723cc5832e197de1a192aaf5ac28dcd77c74fd3cbd484e993fd6e47b88169eb6f859e6bd3c03e3536467b4a9fe0fda25effd63f41ea459b677d7d8283523356f32bf4aed29925d753631fb686a1"}}}, 0x0)

[ 1990.533902][T11860] IPVS: ftp: loaded support on port[0] = 21
[ 1990.819501][T11861] syz-executor3 invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[ 1990.848281][T11861] CPU: 0 PID: 11861 Comm: syz-executor3 Not tainted 5.0.0-rc1-next-20190109 #8
[ 1990.857282][T11861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1990.867358][T11861] Call Trace:
[ 1990.870684][T11861]  dump_stack+0x1db/0x2d0
[ 1990.875042][T11861]  ? dump_stack_print_info.cold+0x20/0x20
[ 1990.880792][T11861]  ? check_preemption_disabled+0x48/0x290
[ 1990.886572][T11861]  dump_header+0x1e6/0x116c
[ 1990.891106][T11861]  ? add_lock_to_list.isra.0+0x450/0x450
[ 1990.896767][T11861]  ? perf_trace_lock+0x750/0x750
[ 1990.901730][T11861]  ? print_usage_bug+0xd0/0xd0
[ 1990.906518][T11861]  ? pagefault_out_of_memory+0x1a1/0x1a1
[ 1990.912193][T11861]  ? ___ratelimit+0x37c/0x686
[ 1990.916903][T11861]  ? mark_held_locks+0xb1/0x100
[ 1990.921779][T11861]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 1990.927619][T11861]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 1990.933443][T11861]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 1990.938746][T11861]  ? trace_hardirqs_on+0xbd/0x310
[ 1990.943786][T11861]  ? kasan_check_read+0x11/0x20
[ 1990.948648][T11861]  ? ___ratelimit+0x37c/0x686
[ 1990.953335][T11861]  ? trace_hardirqs_off_caller+0x300/0x300
[ 1990.959156][T11861]  ? do_raw_spin_trylock+0x270/0x270
[ 1990.964468][T11861]  ? trace_hardirqs_on_caller+0x310/0x310
[ 1990.970223][T11861]  ? lock_acquire+0x1db/0x570
[ 1990.974943][T11861]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 1990.980776][T11861]  ? ___ratelimit+0xac/0x686
[ 1990.985388][T11861]  ? idr_get_free+0xee0/0xee0
[ 1990.990091][T11861]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 1990.995414][T11861]  oom_kill_process.cold+0x10/0x9ca
[ 1991.000642][T11861]  ? cgroup_procs_next+0x70/0x70
[ 1991.005620][T11861]  ? _raw_spin_unlock_irq+0x5e/0x90
[ 1991.010849][T11861]  ? oom_badness+0xa50/0xa50
[ 1991.015473][T11861]  ? oom_evaluate_task+0x540/0x540
[ 1991.020626][T11861]  ? mem_cgroup_iter_break+0x30/0x30
[ 1991.025937][T11861]  ? mutex_trylock+0x2d0/0x2d0
[ 1991.030729][T11861]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1991.037020][T11861]  ? rcu_read_unlock_special+0x380/0x380
[ 1991.042707][T11861]  out_of_memory+0x885/0x1420
[ 1991.047428][T11861]  ? mem_cgroup_iter+0x4f4/0xf50
[ 1991.052406][T11861]  ? oom_killer_disable+0x340/0x340
[ 1991.057635][T11861]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[ 1991.063478][T11861]  ? lock_acquire+0x1db/0x570
[ 1991.068197][T11861]  mem_cgroup_out_of_memory+0x160/0x210
[ 1991.073774][T11861]  ? do_raw_spin_unlock+0xa0/0x330
[ 1991.078925][T11861]  ? memory_oom_group_write+0x160/0x160
[ 1991.084501][T11861]  ? do_raw_spin_trylock+0x270/0x270
[ 1991.089845][T11861]  ? _raw_spin_unlock+0x2d/0x50
[ 1991.094738][T11861]  try_charge+0x1457/0x1d00
[ 1991.099278][T11861]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[ 1991.104873][T11861]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 1991.110452][T11861]  ? lock_downgrade+0xbe0/0xbe0
[ 1991.115340][T11861]  ? kasan_check_read+0x11/0x20
[ 1991.120237][T11861]  ? rcu_read_unlock_special+0x380/0x380
[ 1991.125922][T11861]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[ 1991.131510][T11861]  ? get_mem_cgroup_from_page+0x190/0x190
[ 1991.137291][T11861]  ? add_lock_to_list.isra.0+0x450/0x450
[ 1991.142964][T11861]  ? print_usage_bug+0xd0/0xd0
[ 1991.147768][T11861]  mem_cgroup_try_charge+0x43a/0xdb0
[ 1991.153094][T11861]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1991.159375][T11861]  ? mem_cgroup_protected+0xa10/0xa10
[ 1991.164787][T11861]  ? shmem_getattr+0x2c0/0x2c0
[ 1991.169601][T11861]  ? __lock_acquire+0x572/0x4a10
[ 1991.174590][T11861]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 1991.179911][T11861]  ? print_usage_bug+0xd0/0xd0
[ 1991.184727][T11861]  mem_cgroup_try_charge_delay+0x1f/0xa0
[ 1991.190403][T11861]  shmem_getpage_gfp+0xa85/0x4b70
[ 1991.195494][T11861]  ? shmem_add_to_page_cache+0x19a0/0x19a0
[ 1991.201347][T11861]  ? lock_acquire+0x1db/0x570
[ 1991.206056][T11861]  ? alloc_set_pte+0x134a/0x1df0
[ 1991.211039][T11861]  ? kasan_check_write+0x14/0x20
[ 1991.216476][T11861]  ? do_raw_spin_lock+0x156/0x360
[ 1991.221537][T11861]  ? lock_release+0xc40/0xc40
[ 1991.226269][T11861]  ? rwlock_bug.part.0+0x90/0x90
[ 1991.231243][T11861]  ? pmd_devmap_trans_unstable+0x1d0/0x1d0
[ 1991.237092][T11861]  ? add_lock_to_list.isra.0+0x450/0x450
[ 1991.242770][T11861]  ? reacquire_held_locks+0xfb/0x520
[ 1991.248088][T11861]  ? alloc_set_pte+0x134a/0x1df0
[ 1991.253058][T11861]  ? find_held_lock+0x60/0x120
[ 1991.257850][T11861]  ? filemap_map_pages+0xe29/0x1cc0
[ 1991.263073][T11861]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1991.269350][T11861]  ? lock_downgrade+0xbe0/0xbe0
[ 1991.274230][T11861]  ? kasan_check_read+0x11/0x20
[ 1991.279118][T11861]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 1991.285138][T11861]  ? rcu_read_unlock_special+0x380/0x380
[ 1991.290830][T11861]  ? filemap_map_pages+0xe50/0x1cc0
[ 1991.296093][T11861]  ? find_get_entries_tag+0x13d0/0x13d0
[ 1991.301681][T11861]  ? follow_page_pte+0x3f4/0x1a50
[ 1991.306755][T11861]  shmem_fault+0x25a/0x950
[ 1991.311222][T11861]  ? shmem_read_mapping_page_gfp+0x200/0x200
[ 1991.317247][T11861]  ? __handle_mm_fault+0x42e1/0x55a0
[ 1991.322587][T11861]  ? find_held_lock+0x35/0x120
[ 1991.327387][T11861]  ? __handle_mm_fault+0x42e1/0x55a0
[ 1991.332710][T11861]  __do_fault+0x176/0x7b0
[ 1991.337080][T11861]  ? do_page_mkwrite+0x740/0x740
[ 1991.342052][T11861]  ? do_raw_spin_unlock+0xa0/0x330
[ 1991.347201][T11861]  ? do_raw_spin_trylock+0x270/0x270
[ 1991.352524][T11861]  ? add_mm_counter_fast.part.0+0x40/0x40
[ 1991.358303][T11861]  __handle_mm_fault+0x370a/0x55a0
[ 1991.363461][T11861]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1991.369037][T11861]  ? check_preemption_disabled+0x48/0x290
[ 1991.374791][T11861]  ? handle_mm_fault+0x3cc/0xc80
[ 1991.379778][T11861]  ? lock_downgrade+0xbe0/0xbe0
[ 1991.384657][T11861]  ? kasan_check_read+0x11/0x20
[ 1991.389536][T11861]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 1991.395577][T11861]  ? rcu_read_unlock_special+0x380/0x380
[ 1991.401251][T11861]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1991.407526][T11861]  ? check_preemption_disabled+0x48/0x290
[ 1991.413316][T11861]  handle_mm_fault+0x4ec/0xc80
[ 1991.418129][T11861]  ? __handle_mm_fault+0x55a0/0x55a0
[ 1991.423453][T11861]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 1991.429253][T11861]  __get_user_pages+0x8f7/0x1e10
[ 1991.434260][T11861]  ? follow_page_mask+0x1f40/0x1f40
[ 1991.439504][T11861]  ? lock_acquire+0x1db/0x570
[ 1991.444237][T11861]  ? ___might_sleep+0x1e7/0x310
[ 1991.449124][T11861]  ? lock_release+0xc40/0xc40
[ 1991.453837][T11861]  ? find_held_lock+0x35/0x120
[ 1991.458681][T11861]  ? vm_mmap_pgoff+0x21a/0x2b0
[ 1991.463491][T11861]  populate_vma_page_range+0x2bc/0x3b0
[ 1991.469007][T11861]  ? memset+0x32/0x40
[ 1991.473025][T11861]  ? follow_page+0x430/0x430
[ 1991.477648][T11861]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1991.483922][T11861]  ? vmacache_update+0x114/0x140
[ 1991.488904][T11861]  __mm_populate+0x27e/0x4c0
[ 1991.493553][T11861]  ? populate_vma_page_range+0x3b0/0x3b0
[ 1991.499231][T11861]  ? down_read_killable+0x150/0x150
[ 1991.504457][T11861]  ? security_mmap_file+0x1a7/0x1e0
[ 1991.509693][T11861]  vm_mmap_pgoff+0x277/0x2b0
[ 1991.514322][T11861]  ? vma_is_stack_for_current+0xd0/0xd0
[ 1991.519894][T11861]  ? kasan_check_read+0x11/0x20
[ 1991.524765][T11861]  ? _copy_to_user+0xc9/0x120
[ 1991.529455][T11861]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1991.535731][T11861]  ksys_mmap_pgoff+0x102/0x650
[ 1991.540535][T11861]  ? find_mergeable_anon_vma+0xd0/0xd0
[ 1991.546062][T11861]  ? trace_hardirqs_on+0xbd/0x310
[ 1991.551120][T11861]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1991.557403][T11861]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1991.563511][T11861]  ? trace_hardirqs_off_caller+0x300/0x300
[ 1991.569379][T11861]  __x64_sys_mmap+0xe9/0x1b0
[ 1991.574015][T11861]  do_syscall_64+0x1a3/0x800
[ 1991.578644][T11861]  ? syscall_return_slowpath+0x5f0/0x5f0
[ 1991.584308][T11861]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 1991.590049][T11861]  ? __switch_to_asm+0x34/0x70
[ 1991.594847][T11861]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1991.600429][T11861]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1991.606341][T11861] RIP: 0033:0x457ec9
[ 1991.610248][T11861] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1991.629870][T11861] RSP: 002b:00007f58d409ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 1991.638303][T11861] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9
[ 1991.646295][T11861] RDX: 0000000000000003 RSI: 0000000000b36000 RDI: 0000000020000000
[ 1991.654285][T11861] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000
[ 1991.662271][T11861] R10: 0000000000008031 R11: 0000000000000246 R12: 00007f58d409f6d4
[ 1991.670258][T11861] R13: 00000000004c3b56 R14: 00000000004d6910 R15: 00000000ffffffff
[ 1991.691510][T11861] memory: usage 307200kB, limit 307200kB, failcnt 3587
[ 1991.706356][T11861] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1991.718951][T11861] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1991.732325][T11861] Memory cgroup stats for /syz3: cache:4344KB rss:242844KB rss_huge:212992KB shmem:4404KB mapped_file:4356KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4444KB active_anon:242840KB inactive_file:8KB active_file:0KB unevictable:0KB
[ 1991.763293][T11861] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor3,pid=11859,uid=0
[ 1991.793891][T11861] Memory cgroup out of memory: Kill process 11859 (syz-executor3) score 1110 or sacrifice child
[ 1991.805747][T11861] Killed process 11859 (syz-executor3) total-vm:70532kB, anon-rss:104kB, file-rss:32768kB, shmem-rss:4220kB
[ 1991.886826][ T1042] oom_reaper: reaped process 11859 (syz-executor3), now anon-rss:0kB, file-rss:32772kB, shmem-rss:4448kB
[ 1992.366283][    C1] net_ratelimit: 20 callbacks suppressed
[ 1992.366293][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 1992.378010][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 1992.383871][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 1992.389729][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 1992.395607][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 1992.401456][    C1] protocol 88fb is buggy, dev hsr_slave_1
21:47:44 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x010\x00'}, &(0x7f0000000300)=0x54)

21:47:44 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x34000}, 0x0)

21:47:44 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x7c20}, 0x0)

21:47:44 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
r1 = syz_open_dev$swradio(&(0x7f0000000040)='/dev/swradio#\x00', 0x1, 0x2)
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f00000000c0)={0x5, 0x70, 0x4, 0x9, 0x6, 0x1, 0x0, 0x800, 0x24000, 0x1, 0xa8a, 0x6, 0x8, 0x100000000, 0x5a, 0x2, 0x7fff, 0xffffffffffffff7f, 0x1, 0x400, 0x7, 0x1, 0x3, 0x3, 0x1, 0x9, 0x2, 0x4, 0x4, 0x2, 0x5, 0x4, 0x2, 0x7, 0x1, 0x100000001, 0x4, 0x3, 0x0, 0x3, 0x2, @perf_bp={&(0x7f0000000080), 0xf}, 0x0, 0xfffffffffffffff8, 0x4, 0x0, 0xdaaa, 0x4, 0x4})
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
setsockopt$inet6_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f0000000140)={0x9}, 0x4)
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x73, &(0x7f0000000180)={<r2=>0x0, 0x6, 0x0, 0x7, 0x8}, &(0x7f00000001c0)=0x18)
getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000200)={r2}, &(0x7f0000000240)=0x8)
syz_emit_ethernet(0xffffffffffffffac, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd601bfc97004d8800fe800000000000000000000000000000ff02000000000000000000000000000100004e20004d9078e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fca01f87429e50b32881721afab69cc3712c37ed0"], 0x0)

21:47:44 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x10000120}, 0x1c)

21:47:44 executing program 3:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x1d\x00'}, &(0x7f0000000300)=0x54)

21:47:44 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x20010010}, 0x1c)

21:47:44 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x400300}, 0x0)

[ 1992.895086][T11876] IPVS: ftp: loaded support on port[0] = 21
21:47:44 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0xf000}, 0x0)

[ 1992.985149][T11879] IPVS: ftp: loaded support on port[0] = 21
21:47:45 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0xf0ffff}, 0x0)

21:47:45 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x3f000000}, 0x1c)

21:47:45 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x30000}, 0x0)

[ 1993.582928][T11878] syz-executor3 invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[ 1993.607896][T11878] CPU: 0 PID: 11878 Comm: syz-executor3 Not tainted 5.0.0-rc1-next-20190109 #8
[ 1993.616858][T11878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1993.626914][T11878] Call Trace:
[ 1993.630223][T11878]  dump_stack+0x1db/0x2d0
[ 1993.634583][T11878]  ? dump_stack_print_info.cold+0x20/0x20
[ 1993.640313][T11878]  ? check_preemption_disabled+0x48/0x290
[ 1993.646055][T11878]  dump_header+0x1e6/0x116c
[ 1993.650583][T11878]  ? add_lock_to_list.isra.0+0x450/0x450
[ 1993.656231][T11878]  ? perf_trace_lock+0x750/0x750
[ 1993.661440][T11878]  ? print_usage_bug+0xd0/0xd0
[ 1993.666221][T11878]  ? pagefault_out_of_memory+0x1a1/0x1a1
[ 1993.671863][T11878]  ? ___ratelimit+0x37c/0x686
[ 1993.676571][T11878]  ? mark_held_locks+0xb1/0x100
[ 1993.681439][T11878]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 1993.687272][T11878]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 1993.693110][T11878]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 1993.698399][T11878]  ? trace_hardirqs_on+0xbd/0x310
[ 1993.703427][T11878]  ? kasan_check_read+0x11/0x20
[ 1993.708279][T11878]  ? ___ratelimit+0x37c/0x686
[ 1993.712973][T11878]  ? trace_hardirqs_off_caller+0x300/0x300
[ 1993.718786][T11878]  ? do_raw_spin_trylock+0x270/0x270
[ 1993.724076][T11878]  ? trace_hardirqs_on_caller+0x310/0x310
[ 1993.729799][T11878]  ? lock_acquire+0x1db/0x570
[ 1993.734488][T11878]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 1993.740321][T11878]  ? ___ratelimit+0xac/0x686
[ 1993.744916][T11878]  ? idr_get_free+0xee0/0xee0
[ 1993.749608][T11878]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 1993.754930][T11878]  oom_kill_process.cold+0x10/0x9ca
[ 1993.760157][T11878]  ? cgroup_procs_next+0x70/0x70
[ 1993.765122][T11878]  ? _raw_spin_unlock_irq+0x5e/0x90
[ 1993.770341][T11878]  ? oom_badness+0xa50/0xa50
[ 1993.774945][T11878]  ? oom_evaluate_task+0x540/0x540
[ 1993.780061][T11878]  ? mem_cgroup_iter_break+0x30/0x30
[ 1993.785350][T11878]  ? mutex_trylock+0x2d0/0x2d0
[ 1993.790120][T11878]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1993.796379][T11878]  ? rcu_read_unlock_special+0x380/0x380
[ 1993.802024][T11878]  out_of_memory+0x885/0x1420
[ 1993.806735][T11878]  ? mem_cgroup_iter+0x4f4/0xf50
[ 1993.811685][T11878]  ? oom_killer_disable+0x340/0x340
[ 1993.816888][T11878]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[ 1993.822700][T11878]  ? lock_acquire+0x1db/0x570
[ 1993.827395][T11878]  mem_cgroup_out_of_memory+0x160/0x210
[ 1993.832942][T11878]  ? do_raw_spin_unlock+0xa0/0x330
[ 1993.838079][T11878]  ? memory_oom_group_write+0x160/0x160
[ 1993.843641][T11878]  ? do_raw_spin_trylock+0x270/0x270
[ 1993.848944][T11878]  ? _raw_spin_unlock+0x2d/0x50
[ 1993.853805][T11878]  try_charge+0x1457/0x1d00
[ 1993.858313][T11878]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[ 1993.863872][T11878]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 1993.869419][T11878]  ? lock_downgrade+0xbe0/0xbe0
[ 1993.874280][T11878]  ? kasan_check_read+0x11/0x20
[ 1993.879143][T11878]  ? rcu_read_unlock_special+0x380/0x380
[ 1993.884790][T11878]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[ 1993.890363][T11878]  ? get_mem_cgroup_from_page+0x190/0x190
[ 1993.896093][T11878]  ? add_lock_to_list.isra.0+0x450/0x450
[ 1993.901729][T11878]  ? print_usage_bug+0xd0/0xd0
[ 1993.906503][T11878]  mem_cgroup_try_charge+0x43a/0xdb0
[ 1993.911816][T11878]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1993.918078][T11878]  ? mem_cgroup_protected+0xa10/0xa10
[ 1993.923467][T11878]  ? shmem_getattr+0x2c0/0x2c0
[ 1993.928264][T11878]  ? __lock_acquire+0x572/0x4a10
[ 1993.933219][T11878]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 1993.938555][T11878]  ? print_usage_bug+0xd0/0xd0
[ 1993.943364][T11878]  mem_cgroup_try_charge_delay+0x1f/0xa0
[ 1993.949033][T11878]  shmem_getpage_gfp+0xa85/0x4b70
[ 1993.954103][T11878]  ? shmem_add_to_page_cache+0x19a0/0x19a0
[ 1993.959950][T11878]  ? lock_acquire+0x1db/0x570
[ 1993.964658][T11878]  ? alloc_set_pte+0x134a/0x1df0
[ 1993.969634][T11878]  ? kasan_check_write+0x14/0x20
[ 1993.974612][T11878]  ? do_raw_spin_lock+0x156/0x360
[ 1993.979670][T11878]  ? lock_release+0xc40/0xc40
[ 1993.984377][T11878]  ? rwlock_bug.part.0+0x90/0x90
[ 1993.989366][T11878]  ? pmd_devmap_trans_unstable+0x1d0/0x1d0
[ 1993.995225][T11878]  ? add_lock_to_list.isra.0+0x450/0x450
[ 1994.000884][T11878]  ? reacquire_held_locks+0xfb/0x520
[ 1994.006181][T11878]  ? alloc_set_pte+0x134a/0x1df0
[ 1994.011123][T11878]  ? find_held_lock+0x60/0x120
[ 1994.015920][T11878]  ? filemap_map_pages+0xe29/0x1cc0
[ 1994.021106][T11878]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1994.027334][T11878]  ? lock_downgrade+0xbe0/0xbe0
[ 1994.032171][T11878]  ? kasan_check_read+0x11/0x20
[ 1994.037008][T11878]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 1994.042983][T11878]  ? rcu_read_unlock_special+0x380/0x380
[ 1994.048611][T11878]  ? filemap_map_pages+0xe50/0x1cc0
[ 1994.053804][T11878]  ? find_get_entries_tag+0x13d0/0x13d0
[ 1994.059369][T11878]  ? follow_page_pte+0x3f4/0x1a50
[ 1994.064414][T11878]  shmem_fault+0x25a/0x950
[ 1994.068854][T11878]  ? shmem_read_mapping_page_gfp+0x200/0x200
[ 1994.070593][T11879] IPVS: ftp: loaded support on port[0] = 21
[ 1994.074846][T11878]  ? __handle_mm_fault+0x42e1/0x55a0
[ 1994.086003][T11878]  ? find_held_lock+0x35/0x120
[ 1994.090790][T11878]  ? __handle_mm_fault+0x42e1/0x55a0
[ 1994.090814][T11878]  __do_fault+0x176/0x7b0
[ 1994.090834][T11878]  ? do_page_mkwrite+0x740/0x740
[ 1994.100433][T11878]  ? do_raw_spin_unlock+0xa0/0x330
[ 1994.110647][T11878]  ? do_raw_spin_trylock+0x270/0x270
[ 1994.110665][T11878]  ? add_mm_counter_fast.part.0+0x40/0x40
[ 1994.110690][T11878]  __handle_mm_fault+0x370a/0x55a0
[ 1994.110717][T11878]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1994.110739][T11878]  ? check_preemption_disabled+0x48/0x290
[ 1994.138081][T11878]  ? handle_mm_fault+0x3cc/0xc80
[ 1994.143070][T11878]  ? lock_downgrade+0xbe0/0xbe0
[ 1994.143097][T11878]  ? kasan_check_read+0x11/0x20
[ 1994.152798][T11878]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 1994.158799][T11878]  ? rcu_read_unlock_special+0x380/0x380
[ 1994.164453][T11878]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1994.164470][T11878]  ? check_preemption_disabled+0x48/0x290
[ 1994.164494][T11878]  handle_mm_fault+0x4ec/0xc80
[ 1994.181197][T11878]  ? __handle_mm_fault+0x55a0/0x55a0
[ 1994.186600][T11878]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 1994.186625][T11878]  __get_user_pages+0x8f7/0x1e10
[ 1994.186654][T11878]  ? follow_page_mask+0x1f40/0x1f40
[ 1994.202508][T11878]  ? trace_hardirqs_on+0xbd/0x310
[ 1994.207574][T11878]  ? lock_acquire+0x1db/0x570
[ 1994.207599][T11878]  ? ___might_sleep+0x1e7/0x310
[ 1994.217134][T11878]  ? lock_release+0xc40/0xc40
[ 1994.217150][T11878]  ? rwsem_wake+0x2fd/0x4a0
[ 1994.217168][T11878]  ? vm_mmap_pgoff+0x21a/0x2b0
[ 1994.217190][T11878]  populate_vma_page_range+0x2bc/0x3b0
[ 1994.217209][T11878]  ? memset+0x32/0x40
[ 1994.217228][T11878]  ? follow_page+0x430/0x430
[ 1994.226416][T11878]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1994.226432][T11878]  ? vmacache_update+0x114/0x140
[ 1994.226455][T11878]  __mm_populate+0x27e/0x4c0
[ 1994.226478][T11878]  ? populate_vma_page_range+0x3b0/0x3b0
[ 1994.226500][T11878]  ? down_read_killable+0x150/0x150
[ 1994.236721][T11878]  ? security_mmap_file+0x1a7/0x1e0
[ 1994.236747][T11878]  vm_mmap_pgoff+0x277/0x2b0
[ 1994.236771][T11878]  ? vma_is_stack_for_current+0xd0/0xd0
[ 1994.236789][T11878]  ? kasan_check_read+0x11/0x20
[ 1994.236805][T11878]  ? _copy_to_user+0xc9/0x120
[ 1994.236828][T11878]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1994.251654][T11878]  ksys_mmap_pgoff+0x102/0x650
[ 1994.272003][T11878]  ? find_mergeable_anon_vma+0xd0/0xd0
[ 1994.272032][T11878]  ? trace_hardirqs_on+0xbd/0x310
[ 1994.287364][T11878]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1994.287389][T11878]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1994.303124][T11878]  ? trace_hardirqs_off_caller+0x300/0x300
[ 1994.303154][T11878]  __x64_sys_mmap+0xe9/0x1b0
[ 1994.318405][T11878]  do_syscall_64+0x1a3/0x800
[ 1994.318427][T11878]  ? syscall_return_slowpath+0x5f0/0x5f0
[ 1994.336518][T11878]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 1994.345780][T11878]  ? __switch_to_asm+0x34/0x70
[ 1994.345807][T11878]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1994.345832][T11878]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1994.361964][T11878] RIP: 0033:0x457ec9
[ 1994.361983][T11878] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1994.362000][T11878] RSP: 002b:00007f58d409ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 1994.396923][T11878] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9
[ 1994.396933][T11878] RDX: 0000000000000003 RSI: 0000000000b36000 RDI: 0000000020000000
[ 1994.396942][T11878] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000
[ 1994.396950][T11878] R10: 0000000000008031 R11: 0000000000000246 R12: 00007f58d409f6d4
[ 1994.396958][T11878] R13: 00000000004c3b56 R14: 00000000004d6910 R15: 00000000ffffffff
[ 1994.397390][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1994.451370][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 1994.456284][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 1994.457305][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1994.491225][T11878] memory: usage 307200kB, limit 307200kB, failcnt 3627
[ 1994.498231][T11878] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1994.505692][T11878] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1994.505702][T11878] Memory cgroup stats for /syz3: cache:4164KB rss:242844KB rss_huge:212992KB shmem:4084KB mapped_file:4224KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4320KB active_anon:242884KB inactive_file:0KB active_file:0KB unevictable:0KB
[ 1994.547090][T11878] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor3,pid=11872,uid=0
[ 1994.581992][T11878] Memory cgroup out of memory: Kill process 11872 (syz-executor3) score 1110 or sacrifice child
[ 1994.608566][T11878] Killed process 11878 (syz-executor3) total-vm:70664kB, anon-rss:164kB, file-rss:33820kB, shmem-rss:4220kB
[ 1994.641609][ T1042] oom_reaper: reaped process 11878 (syz-executor3), now anon-rss:0kB, file-rss:32860kB, shmem-rss:4220kB
21:47:46 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00@\x00'}, &(0x7f0000000300)=0x54)

21:47:46 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x1000000}, 0x0)

21:47:46 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x40000000}, 0x1c)

21:47:46 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x34000}, 0x0)

21:47:46 executing program 5:
r0 = socket$inet6(0xa, 0x1, 0x88)
r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x40002, 0x0)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0)='TIPC\x00')
sendmsg$TIPC_CMD_GET_LINKS(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r2, 0x0, 0x70bd26, 0x25dfdbfe, {{}, 0x0, 0x4, 0x0, {0x8, 0x11, 0x1}}, [""]}, 0x24}, 0x1, 0x0, 0x0, 0x4010}, 0x20000000)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
ioctl$DRM_IOCTL_ADD_CTX(r1, 0xc0086420, &(0x7f00000001c0)={<r3=>0x0})
ioctl$DRM_IOCTL_RM_CTX(r1, 0xc0086421, &(0x7f0000000200)={r3, 0x1})
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000280)='TIPCv2\x00')
sendmsg$TIPC_NL_BEARER_GET(r1, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000002c0)={&(0x7f0000000400)={0x138, r4, 0x200, 0x70bd28, 0x25dfdbfb, {}, [@TIPC_NLA_MEDIA={0xdc, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x400}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x500000000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x49}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x86}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7fffffff}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x401}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x81}]}]}, @TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}]}, @TIPC_NLA_BEARER={0x3c, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x81, @local, 0x1}}, {0x14, 0x2, @in={0x2, 0x4e22, @empty}}}}]}]}, 0x138}, 0x1, 0x0, 0x0, 0x4}, 0x84)
ioctl$DRM_IOCTL_MARK_BUFS(r1, 0x40206417, &(0x7f0000000540)={0x8, 0xe, 0x80000001, 0x7fffffff, 0x8, 0x9})

21:47:46 executing program 3:
r0 = socket$inet6(0xa, 0x80002, 0x88)
setsockopt(r0, 0x2, 0x3, &(0x7f0000002700)="e4820a59ee680c9a2c10e42983868a8116e31e047e6f2c1531f28ea9574beb4e7a10246e28d49566db3787a6a3d48ef39488f07f8d714725c9073b55e3ab621299e19bc163f8dd8434f641be8851ab1e1962db828d9e948e6b89dce313a487a0ebf8dde2eec5a8722d3a644cad4dfa08acc3d7b03dbf12800b8fd6c0a8ccb46322f19bb3c5fce6438699afea2d5b1996fde96dcfad22de7842ab871f5fbd762e90c89315ef68e30757aad6a21445ecfafe7bc1cadfc9b058ad2f50b13b955138183581b98a97cbb7b9", 0xc9)
r1 = dup3(r0, r0, 0x80000)
connect$ax25(r1, &(0x7f0000002680)={{0x3, @null, 0x6}, [@null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @bcast, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}]}, 0x48)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd601bfc97004d8800fe800000000000000000000000000000ff02000000000000000000000000000100004e20004d9078e2f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"], 0x0)
writev(r0, &(0x7f00000025c0)=[{&(0x7f0000000400)="1c34f7ccfdcd9c42b8f267a9fb6e72bc9f2d00792cebd4cdbaa985a9fc06aa8ecedbe4c403d3d16c1f176951300472cd73fc50a67fcdca7f1ce3cadb6cc4540acc1fe1041d27b640e87b8b89388e2a8ae013e51a653ecb9c30ade631c2616c04d16cc210bfc97eb9dad9694dfe34ca5172423443d7195f648b83def67166da5464c05a08237b4d2956cea2673c9eaae89353ea470256e5bff68799788cff6824f5fb15878ea69070a5d7922e4230ce21bd1af19c226153236bade34acec04e2d67321523e52a7f9f801108801d8bd8434a263227f980cabd279788b5668cfcb957091c5ce167c68eca84d820ce5b6b045677ec59ccc96e5784d25061d4718de7ce1337abe1bb24074cf3aedd2cc46fa71e7799c2ba9f5561466952e1d8dbac26e54d6ad90288f5390e430c80c3db6e81eed17927b8167ee8f04c063ca7186bf429ee28dbf9a16bc0bffaa63ca7132c383522cfad3ba306c0d3032d4d9e320728612b95124ac330473388a524849cd572a7fc65d5d5b60c898fa1383967416f05ad2f50709fc9609d2065996c26c602a180a8ba8b297eff3b46f70ee4a29e3182240b675e6917183bcb57c94b3ee1c5537c7de8532539a4b3968fa32a74fc702aa84797371d816a5d173e6306e88dbad67fdfd63c4ac17e63b5fa204ce7f60a06dd8c1e0201adbbc538b8f323ee0040cf3bf211278a758de2a4024e9d71f36a9090098969a9e7778a25758ef60fc9ec75d6b593818b7d160fb137c34a3f61b0adaa4bbe8fd084e5e008af412ef907125d70bb9908c43a2cc788a7e21a32e4cbcf1333326eec04aa62e55d376ea8534cdb886b38c7fa515e742220b6736b4e72496c2defcd7bd7e5beb33bac29bb10eea65562a4c1fd1f90ebf0b932a22b2e2aa34d8cc168a8a6232ba0f8f2683eda0ee301fed5d03d6a487d81eb4106317ad0cec161add8b2e0bee8b7d1804673cc2911960926cd9c34b449e8b2898badabe697bf3f8da81ca4f27f8d00dca15f3f4de26ddd8a6f517de5f6e1f534d46cc3e11e96d9e8fab897ead43258625cea91de9e5ac7d42158e76db24cd1317f22562535ca517a9fce1ae533ba373190cd3f1427ab81a6abcafc0be23708c05db65ef754a7ebd878ab0b1d9621b9b8e1d617a5fbd3dd72b70f9b420d779064a8baf5c16a678c187b6f8ac9f74b60c8b1759ee82247008cff375a5b2f3536be0be0363b1befbf1619821e58aa68d0fee337daf590c006efa96cd0392b28051d84056836d3f3c03ba74af3599e2ffd3af67d99af1974c7b3797f268e1377a6359981a9ce37d229d9cf71a92a07782728e81a5db306f1910fe87bb8a192ebe41e1f787af48b3d2b1b7190cd7ce8d28ed70d27821d8d932414635f282e8220c53a44e2ce44fb12bd4e2a38b11b065c7b625a9a6f6562c751651278b7d330cb413d04fb1c1403aac2253e397122380a161d7061e8a9a1b3b3a5a0d872ce7cc25d61a68d3e6abd6e42b8c42d355a23209a0fa8ea703476347d28223a2a6fd39041059fd7e11e8287f2df7465cb617bc66bb453a8fbc4fc5c78b4a2f0fd6d6df99afd39a4e02f792bd06936e7aee580a4c32cced5ccab11d08240a297992e09e12b1b3d44e7879fdc7e95c02e52b141db6a33168c17c5a78f8dc8ffe276bae14612176dda4869c34ca7359f7d2a897471af15ddedce8556a30af1d320cf1e4d282e9a93368ca61f33e15e8ac0607754ce970eda2f67214aede2ed199020b96da20430023c52256b1a548dbc098254cf7a122e781ff1b246f9e78d8c94812e9cf29e8193d56b3e26c3742917f2379f8a024c88b1d0252eaa0dd08fc273edba0beb93a2ca1b477f69e0415bc244cbf15b7c9fffc1e5da20d79af9b20941132c3b18556f7b6bcc8fcb501c77e0b925fea12bf29eef31b67f79495c13385cd27dad4cf7ebd7aace308f4ed71782bcd63027a42a2bcb79b907dafbd27c3433f3911d896521e22ccc2153fda9fbecadb52f4fc39a0df155e9e25b7d4f36a55b716028d23f12ee0b4d822c34a7083889ab6d06420fc38d0bc36bb0c3d9a66dfad959beaa2fbbf51428ea7416ba2474f27979861e2711d16e2b1d6725228acb5bf98c9f5aec1c1342653b150b288a380ceabfe86adcfbad9bec6c9a32cdce0ce39896cc76b0acaf22ed288470d3b7ff36be88a6c31a869bf088722fb8d35da4cf93ca8b6f216b012cc5b06cd629421f90efd68c99c2a1c94c39d5138ef5a4baea734d1221b7e3e1902ad63295e923eabb5c1a88b67baf0aead02f561cb52ff0978d56cae369f7990b45b92a3b6f9a4ca97e0b87c469684cbf5470e443f377f0f58b52f28506d0b809e376761db496a9698d16b2b7990d0b53604355d125cb35161c88c090c839e4d2746b6a4d5cc49b70bcec27948693bbe9d04adea5e849f935f71966a04049676d3a3c97802d108e1cdf5afe82d6fd90c2bf3abaf6575cbb0d20835bb2396456b9f6cbfae6bbe2b91e0c3b670a8d02a82b080dcaa3d4276daec6cc06fa8249d5f604b0b841676d4c366c0d077b8b8e997ea744cc8e61a7d7ce540cb1d55daebd2897a7a511165d1d0547e899227dfb9a684d109d4ec442d240495c7891cac4dd1c72a4f0681bb1ad3d3f42c7244f2f03d34271d01a2375b76beaf80c27380e857528f7f2cb45cd2228371758166b1ac8be39f0c6facb310d3a6389f61b663484943fbd51259eb5bcbbe7e7cf9184c7b6932abb116fcfbdd7bd96c92e08271478d8e22b94714805855a15beb4b32eb76a9a52edb5c76094206dee6a381e7f5d3d891a6098b6bc6b06cf651ebd91cc0bc32075153769fc614381adfce463a3b92a5ce3133764f1430a713d6f46f5bf2aba3f9b51484a1c613e2a7f350da71c7c0ef5ad354171ab0cb1191bcd0e15bd10549861b57492e8d567258f2bb7373681a2c1681b5b86b2d6995148da2ad8e62f1ce945fecdc89ce2b91791e742853f913d00a3621bc5d9fc4ebdff31c7548c7760ca880cd6bd36279545d30bb878d1ff52f0fcc6e1a3d122ab76f491bb26add4ff0de758afc629ea9db5f2c2877a826c468d6ea5c7ef3ceac2fd10ef23b8bc3080bd6a524b46c959a02f08f90886756657e1695d50fa92b97934d71f80aab831ff490739484aa1399d13b1dfa11daac8c3af537c282462ad3e9f78762ea287cb1d91f9fea38b2dac61912157a4c3628415a697ec32ebffa6cbd09760b47d70af0c8a9f38e45c30275a26f9fd000e2fa3fd2eab069fa50eb7d2fa16a6c9943ad765df3f8cda29bba541a832826e4e5f257e8fd5f836a1a276f146808ead8e34c64362fb2312b2e36ee4bad4a38c633d3ce813b440e489ab5501c652f8f1d088e8bc460d6e05efed47ab1589052c4a9e616e657a414e3e2a825d0252db8744066a7df935c855434ba9f1ff82a66619d46afc97b58d69c62446efe49e8be504761cd4949e0cf48b310f2b0b598881ed7d994df2625aba67f87696df71d01e58b678399a523978736f4a25642ce346b8b83da72840fa058d17c361d42a09f60c387386fda01977f35670e8a1296e9194d60b605c4f4a234241e9674878f1e9298b18174062a95b02a9d763629ac668db92e988eeb634aa2c61b58270e5aeb02ec69a3d501b61cd00392f24c0644fc548f177617f40d8429695c174a7c7f0133a5a2246f3a40c623203e5f79f4265f151475e232775338704f6eddf212a1b994c8ef77c8464fc8a01eae98080fb5f9f0d4c97dd697b4edfb1fb9e60c7e2971bea5af3fad01aeed4361391a8ed2d0a12bdc5a82ce514904f071ae4fa39daad7f4d48f1544295835505a8dd5e80cbe0112495b41d78f7b9d1ce8880cc2b3d21dd0d65dd64d5ff3918f18e8dbc6aeb2a48ef570868356134dd4a951bc019f5e80af38cb84a8e80f0c02e77b4795497b18478797f00f5a36709b4de186df9914c274ec557c9caaf9a90ec9be1186f4181775e8fe3fa809db2a3eebc230b3b811a70200c91328f28ff7e4b66ffc8334f86cc5bf78a4991cc44862fad78ce9d3793f14c140f085a7ee3646f43f65396fe6bb375be70c8dee0d7f761d9cfb68ffff6e2620054e9c360598fb72b5014d91e2a29c8ef8c26288a03a299b8bce49626c5f3d9e5b1761df555789b573d47934950e67a0fd882cfc9508f76ad05d7297bdb994784090b280827433276fe9fcfdd6610bc8a300408827a0c015ba9a3b079bcb0990c52fa2ae6fda8bf1533955630696b7b6fd443de174d774273ec900f45726e4e5ad5029efeb67828f3861a43bf5c01de5e894fff1ceab6e475669817e07cb6fa954e139f0298f33ac40a24c782133aa4e8124a2b256901896332c18a3f60d92ed6c97d4dba15251339e187371fc7d3285db4b9738a2d8c950fc7d4f33d459304ce7e87eaab4438dc9f961af80bc928c857756c57a5a126a558aa3ecb87e7953f8ed5b02b873cd9a1393d31505568d1754b8843a0f70a86f16daec0f987cf59f0622ddc42895803dcc8dd7d49e6eb0ee5504631b7f637ec0e5ccbe40e835d8a409c56cc27dc2b83935ca5a41a8e6d2ce0a6a730805b902b3920561fc9ea76b29fb407b569050c7bf7ebdb2a9f1019cafc30eabb7579c6aea45d76fa78ed4c53c56e69a45ecceb848bd41cdabd1a582f33f786bb172f4dbe920deec0f4f03ea94ad0b3cbe58272f05fc2d3e764f7f1a14caeb2c60a58d3667bba913561e85f209f824ce849643d5a90171f9dacb4884f31373fffde81975fbb2ff9fa7c2029bb60e1a8433a644b5c0449881c6ba5c1be0c83cf742b51b4f917f50d8fac443217ed1f21401bf2358ec187711a804cff45242288564ddd2b2a95c44478b26bc589de077e186b9f7556ecf035e11080532a507aacbfa9860f87b154977ab4ddd73822f559a0b09b5aa72f04af62e37a37d349b06534adfed48d5d621234a31071cf2d35906a90daea47578a342f3ef3133fa22bda2f3f6da7a534b3cf72506403f2afaea708b1cbf26106e2a40944c8d3c6639ef1396eaf5c623290ac455599b39fb43c03aec33e72803490acbd9d5b01fb347bd4bb4e608f734b0965836021a88aae9fa8ddad0701927caf50e766cb53db8f73c52aff97dc80ce7ca72fe31e22d7a90639ddfd95fac05342493dbad822081ae930a85f241a30d16be29ffce85cbc535a976e76c344eebd211ad411bf7ed7ff00694c6585f4bff1f449fb5ae0262e1ceea0d61163033e64764b7c977a3eeee692c0f2a2992c0a65b4c4291e561458f8ce02976aedbeec27486e8f857e059f909861b14551c1ffffda437beacb0f76611e6090bbe9d875c69a93638a0ce2e61ab57830629b61dcb4054a2eb70d4d04a2d0081cb99771836e113119583c72e943f5e05efee9b700bed1c6b38da1531463b96b18159933efbed834c6d3c2c694465c6d840a5469aba18ab075a7140ea0b03b303dc15bdc865e2733049379eba5bb985b1e5773b6a5f0f3aac8d5b21e1949f91723f7eb1b6854eb5765493b4e56cf30c2500c4b538ccd41023e2df9826cd8cdb5162bd11579f2a4524797ed89a96a0621a1c6492ac0a94f567bbc71df1e594ce8b3b1a3e084d61191f6afe23057655bed7f57a8c2be6d5d71c89cc1359ecf8fd6fb56eef53054eed030cfe01421dbc8432de81ee7d6e234d71ad4b895f3bfb1d87ca37bdf838770f5c4c8e9113499ea75ae6ee6146d390b1345ce4f95c1ed99cde3d0d7f24ecceae65baf0a379e7e4f8fb1a3c91f23d7068be5f62f7495de9d9590f95890e7056e34aa2ec4749cc4c9ed1817e92790", 0x1000}, {&(0x7f0000000040)="d8d74592f3c9d6c7fe5ef59bc0", 0xd}, {&(0x7f0000000080)="ee69bb54b1cc8b6a70ab6801103a2e998369976c9a5463a10ce949d5bc8795fdee90a87981b83a3386d3534d4ef90030acfefcdb0392d2df868e7fcc871d79fea09a2ef5b6e8ac890376ba4560825828b3683f78374813e3cea8c7dca670f936bc46104c6f911f77e84a8d23ae017d407414d2bada5e9e38ea1451691601b79a2ca1bec9508700373520701ec69b368dcc182b9c687c7336b9f02d0da4f7fc09e9d9538f95f328fd3d02983ad177d06c4fa4ee172d2239c08611", 0xba}, {&(0x7f0000001400)="e48587abbf0d3d7c54ae8b707dfce25802911405b1c363306d81e6f99f62b5476b46961163fbcf052d404edbe2bb5890c148e91e753e3bd6bb2559a901ef5fed2be43497e5ba2bada841062999bfd150c5800471fbb7bff681d4a824071cec6f226b47f1c0db81b08f34c19ff6a149948e4e498a90e4bddd3b2353481f06430c262ec7046fc590215fff56e9daf82b6d12cdefa6b4a9cfa5f219ea4a5e5241a388b55dbc2d53e533d0a3313a425f6dcd9a1bc10b6f652a9668a9436ed365f6789958e289af6328890a21ef453667de365703f6c826232ba11d3d16620735ea116bee7e25baa1d4076e9d14fc031beeb7f44e78c65ab971e9e2dbdbaee1e21d11e208c61c32d5467d8810b9182fd43093d6564d236cf5ab0d0b2aaae15e722d3646d3c1e3e6c6e43ff8b0aecf188638987c43616ac9f9ee8eb605bdf256c23ee001b60db1088673d4c130d4c890155d98f83f2a03e67a7b19467625d7008c0d9d3aacdbb47c33553e4610854bed273fc476ad513d2135705f4d24c5bbf886884e02c2f8774e058081a6293c6a32479694dd33069e4902b85af726fdb5de75b96143ccbb5961095a9b305d8995b360637bd22139c65399ed399671b01b84181bf463970a52b4e8e7e2d09c2f16c221b3ef79ca05e1868b66bb5be9a77ec502eefbb055a491f71bda144da6418d1d4c966d6994a1e66432d91d1b516cbdc4dfc15fb02a0bbfd6a628020859c3263c04911f8e237ddbeeecafa51cc1fbcd6a98ea314b7183eee23645330d4260ca527d39c96dd3a0da0e832e60b22f699ffc252b3095852c3bbd598fe2b7b443bf8a9193b5b16d06b19f20b4950e82b7e539b58e411e80eaea1024f6d0c7d1e6a2d4e2e4102f4eb18d77df64c2bf2c0924aea36eaa0a0cbeb539f03a9ea09c00a77651174997ebe06eb68adc3ca700d23e599135c27911caec5875af619bfe4f9774b0c67ee2483eb71021ffdb6fd88191b19fcf85e71912faa2d4497c6e5811a6bccdaca943ac219a3771c6220624e54f1c052eda1d40cf75a616acc6bbb2d38176f06f01c89ffb593ac6c1cc2d38f19fdf5eef1e23c750cf394a65aac04c8caf1c31ad5c7a72367a24013c91ac4bc7978c327d2b7871ac2d3f1776b9c60b06313449ce42354139a9120ed7637024a567003d8fa5b7ebf85a7ce38a9cfec62b6cbaebdc1f7e0e4b86f42e4271bd936324a2a8a276be788a3886e69d3ca6c79ae6ba6a4964986ba457dfbc3202fb72b3451401192ae4f03197535c1e5c726efb22abe63beaed6c7788ae287ff1a35d8e566ab4321800a49ce9f5295e9d6c7bc86354b62a2d01a315b166d48ef5d7c0d55023824d002bbefcbaeb656046ecf5246eb8f16346323857332f123497a133130a2c441cae6b3b2470a0b8f36c4c438e1796b3990b0d24df19775e70a4ecb967b2f73052b3ce84f85d629462f22ab7cea4ff42dac23f5d8da3682683fc1b706710c8372610f384c5ea630ce30d2ddb6189b94022f6f57e5232b8a6d2d2a36d89cb3323447f98d9d230c5ec23250ab1b1c2b397aaf93959d15d8d5500a5ee6b83f04c7c4a8d4989cd222c1d314aca81b9a02933c731993b547925368bb9fea194057fa59b94d51b59878d25ef40455b3c05c34eca86fe84ca401b82bdd08bdb0ef847d617d1701aa734e13e0a37a5e71d19e8fe6ae38606563c09a9bf6d1f23610218e2f849aeec8e25d65da556c7be63a93207937d4fdd4b74994f272072f619d212269c6e52f1ed91246ab1d433a1db8a5c448eb49a4ca9dafa7cf49b6c1f81e8a9cb75131dd710388e26c00ca23c50dc62bdaf34fb0c3c087e6270d1cbab488043cfc8c1db52573078b2a2f1542d1624de74e069bd151ffc5c292eea31122a7e8ee71a3f37c4f3f949656c8e8476ef00bca3250d1e94320df786b9505dfb519121a3b5cec089280aa7f2ffc1f27b1a9f22f9d8c5ff8004f22369aedd95921946d2a65e3fa2466993909bef51c505d2c94e4de8d1d60ec56c9565886064eac23c4252f38271f6df4623a51fbb96b748c8e424f595dfbca09b6324afc8ca090bbfc18b74285b103fdd22a7e66534ba0a1c6c614691b452436ee1085fa0c87a0378ab4b32776d81749fd1b8ac9a8e6e18c5b94e118adaca7a9cb9a35b5432c2f8463f8e5c8e5936359f04591a61173582d59fd4f977b63288770d1d1c97cd778c745eb0bedaf2f8c6276edfa85dc7ef1a0071a716faf933868742ac4a432568384368fb234ca5e185bfb450967b2dc02ac13128f2276417de6b58ba095947ec28e6300e56f39117f194a25979e4072c9f51d4fb65f52b4e2d91302bef1b325a8be2d7490acc49c46b68fe0776dcb9f71bd286f59d54bdf479213a636e92bf4fd106ed93cd80aaa93f8a58b88a921216ac75d4ed4b2cdc43546c9c244b0d261aa894452fb13f1faddecdb8956e7a4984a935f289bc0e64b08a6513ae61e406c9c089c208f61bac0ed9d193d149a4fb0580c7c676d230fb38c190228e8838769d67609bd01f82a481fe5cdac4db013b4fdce044a972e395b0733f48c3c73a8579379bb7981da76345585fd4b274e3553021bf7cf12d0db73e6d607696ff1b53e0c22c270d1569ece7c4aaf1f4817ee401f29487f6afbd994fbc803ba8eb029aafa9d38ca73b10ff74506c9118c7ab9598c88aa4df4252ffcd2070f6132b448f50ace2219cbc4148837ea544d31d4349487e6957b8b3c7e168c1c7922df1a8eee475aabaa034d518b1eec286a7f1f209ae508da912a0eb14ddb636111209e88d64a7cd1989bb0cb6044dfc5f9be53e8841bacb8d1df4b1bf249f02366772040c63ca7cdb50c95e54cd431a01030026e9d9930ed7aad9cc29717a6f361c32ad8fbd42c319baf84427db7fe536414a1ff0be654c849066ff3e441d62808a8ca60b470e9e6bb9d2cdf4d58d96e62f29fbf48f95a4fdfd29d2f9a7b33a6734523d5e59a9cc0baf689a8f2cde3e1822308e896ba67c7b3998f03366847e4e4d48b440dc473223e48509f4cfeec1da550902381c8448a8861ef24288ec5d8aadaf9423220d273a62ba354bc6f58e4f9f70f234aa501d893797b674ce0ac1528e1642ac818ce7657b0559a96727751828a81f6918a5a7d3adc798ecf61c467d8f0039de3195819c00053203067258908af611142cb67bc97e7fe65ae3967e284fb718991424911498e93d762b8d9e09ad432bfb2835507179a48753cdef7e7e6f96bf76badf80a2a42a847669fcd328c1ae45c43c3316b165e7d4877c481b0a824f71399852aa7b36d086ac1c12d6f7ef04d62ab47c012727c7377d7e3aa14447132fc5b51858acf319d5e1d378460cb0d94d42de206f42dddf64d350bc00cda15aa72bf1cc414d9abb3c7231c35f42294f84031cbd8bdb95c81bb9670e3784a18f8f7c6fb73ce0c62d82379be7c00ffe9105c545e18a1867707173b9266b254fbac3d3f7d7782b9fa0839e3979fcb5d40cfb439f1613de14389ea865e8631e032b42ce12ec324e0fbdc70d3d63ae5e443b96d1a7bc3a61df5304002377686cbbce8661c00fd71886bfc769d988da5145920060187e7b49c75fcba638f31fcbfb56320f71d3f0f1a64fbd384190752570629f6ec648899242903f612ca00de632a93ca96c0a4ca06c729dd9d578a7b7f0c0d8b2f363e0c86fe890ab4b1f493d6af31139f5315852f1861b05c1993ca4446efd0958c4f00285c043475b42af623e5e680b85a23a2a3b2106405236f24117c04a65903d50d2b499f981909443e9cfcf5acc12ba2944ae63bcf047fdf566ae9d841e1113b43a0a982729ebd54ff5613bef5e6e12ec398102ff9d51f83f8e55dd442f797352b1c390d4ea22b7c84afe884dd88bd139f8631e2d6e9727c2b92806635f535a95b86d01004ff99aed5c0dd95fb8dfcef79c1b149fcaf5b1c607dcad0231b2de990faf3d3496749ada6868873f82edffe3f74e210832cead0b48741abf4bb518a69db93f3cb455870d0526a940d10448e48998749345d3853097dc43be695fe7d3cb1f53cd806f53a1f66f085aecd6857878b2ad5fbb38ea28f78196ef396f46a2d2f678d9e8f44017ab3a03e5b8e8d866942d0936ac432f6b70118323a43f9b53a0110fa982886e40749088f9e3b83bb987a23a461693668c32eea6fa0f4813e2500ce5e13b2be8423d7ade6239376abfa853e079fba231e1ffceaf7ece7fde54c918e6d6505a52c5e0e9fd0835fbbac1ed6c000305ae81faf199838c6a9617adcec07ed7957dcfac6449b782d3178f3b5be6f0399b36baa9eced129fa49969e65f0d8d8858f160d616c2a081fa082a0a39b033db6d0f7050ae7564cbde9801def830edca6e1a32cc0f74b7e8d137e767b55b804c791803e55241bc7be78e3ea9c3dd9c74b6bc3cf1eb6563a57e783700598ae7bda60949a5e6897068726b52ce40d87d5497ae58b5244db3a5600c5f374921b4b11b786a65870dda72ab01716ba8256c6b634c51159d1a4d2c8fae8c3bc012afe97efb30263035693bed479804296f33e59135dda4f626ffdff040a165d3d727eaa2d4678d86ac78e7bbfe286c45689727d53e5194205e37bb0370b90890eb1e2629874c93dda0346299734c8d75876681939af16bcac1f44f9e24bf5b5b317c6f1f9372365a01ced694e6ccca45f40e19247085af0b28dc710eb685a268620c2bda5131ef2cf306cffa6d5bdccdca841efe25d7bb4e37c23d57afd2f941165d5b6195ddebf516d8163c2ccda0d5b75bcf4613065ff32ca0745ab585dbc4d87c6769688344ce996894575d1247af96bf7d3141e4b20e6ec9f256724e491d61e0b02245baa1293e0cfe5b79b3fdf1885d6907a2866f8c314eab76f3e6fb031db8b23ee97ce8f2e0d8b78c7782575b14e03058d29c2796388f551172bf11b7d6ceef1e7c5ed4258c16394f36e3735c4cb110dee3ec13c7899131cf9464bc9a4f9f436b05a9c1a6a381dcfb9ec45a1aa095a1af98c7c124669a171ad42dd32fb0cd7c15fa26245970bc0498b20710684012b89b07d5b0b13864080dfea6741e256d09bc5652857ebba7abf0ec0b4fba4f385d852c1711d82afb3bcbb52f4949cecd8acc8020c955d2c32cd36e5ca0b9c0eef2d831414134ac99ab2ecb672987c5f1f60600bdf24d06cb440ec39ce5e85260d559ca3f99066e1b629d82674bf8e2722c8da2929327723aa78a575047790a2b4fca5411c915e027de3643e0695871d5d6810a88d8b148ac3639b59da9d9a0926e6f7adb684e56865730c477dbe242d1873aa17883b006a101c06441ffe9342a659e76318222d8327746af6e2c9411fecc8949487421a1fc3d3341ff0ce206ba0390bc1a46dcf4d0108b87da856dc989139ddfbef8f68da2885fb3d9564363955fb2f39e1d4b5950ad443918dbe78f2bb58d03945b5c291f2006356becddb54d43480deb72e4b676aa1ba9f59b3bd97561e4d2c0f5b20c8c94af1742a4d0af506125bdebea8b4921625192cab8d236300d864b679c4303832d92fa96ad1d95df15678cb0c81b2a77d9fb94660547f57d3a268ab96c8d0c3d15d0f95f35167c017052655de1caeab091575d50925dd7658de5a74006e0edf7630b03e3b620b3411be9876a7c0451bd07ecbf9061825608fbd7f2bfa902b7eadeb4420b2672a1c003c81e5386f179f8f7740fad5e60c9e44dab58175bc12fd68df0faad5fb5f27a056f0fb9d4a5704d7330193d032a9ab9f9ec0da50d27b4ab5d880dde35994dfae1e63a06543185e3b4fa1ec4902c1252b4", 0x1000}, {&(0x7f0000000140)="c3a961939fe428ad7528989f0a9979165ce5ed5befb46af2053b7df8b848f1cf911566927149e004103bd07b24f9ac93e55b4d24a769dceb72549d2c655b4be2455a484eba1559a232f8e5eecb155bfb18d4a80b902c386fb4d28b9f9b6cb9122f84c2d567c606e420547f5302673e9c9296884809caff42a803e307cdf0732eb2b38e1783ffb4fd0a534cca3ebe27e975b37998252f722c6a7b11aa471ca67ab882d096cccb89a479b3e22c61c6168cc5171d1a88611c8e0309e4ce4da65bb27bf92b21834fc4", 0xc7}, {&(0x7f0000000240)="8b19afa2bc222d3be90d0cd0d16305d18ac8fb10f7e86a1d52a68628cec316a3bc092874c876f363ad0cdb21ffe9c0786bd434835fbdb75bd387a4183b1eadc55778f02a0c93e99cdcd9da4f5255428626642853e1ed38fde12a8e31b476d40cf68088756337ab85e6", 0x69}, {&(0x7f0000002400)="246571dac5e41803b8a48973fed5835b42322fd5eafcde59f9682d9fabf593f42d3489c1239b7ccea9b65742f4c811c697254d6920cee7a9572cf6e5fb6df111bca21ffacae137d427334e9e231df7210da4125753442c8bdc5dbafcd5f16915c96cd040835a508926c32c7836a62a1fc5204a005b2712d4cd6f95e2f9aa9160318eec6f311d52ec808319d15533eb81c051a4800b5521b2033c7c66aabd78e09f56b4fecf19fe57e2c3021a334c1810b48784b912a6b2837b73edbbdb5a9246b92f456dabb8e01b337178aa4e8cc11d2d265b62386e9d52d7e6ae3153cbfbb4c69a7e77aaa52348426854197269c9d4fcb20a34002bd3380c", 0xf9}, {&(0x7f0000002500)="4b555ba76eb7a06fc5ef6d961a705e603043ff2ad859ffbed4a6cb520a0dd50e56b2cfa21fd25f41289ed7ef20bd128f324bd9bba1a35c21612d34f5e5069c449ee47d7bb99d61ca62d917d878e8425d786db6d115ccdef075efdbe3670c8f9cc3ca86d40c7ff9af84b99f786d21b8024a8f06c2b8fc64b62f4f6fab843f98d583c7d3638f7af3d59ff793cce6fdf358b76170984452e26cc2338490881219a21a5ffeebc3685587", 0xa8}, {&(0x7f00000002c0)="94e1b6f00b7d2dbc2cdea9aa01c80dd7254057777bb3587c8b3d1f0395645ac359fd33f5bd52a7251bea32e328990d7ef7a8f88996c5d6edddac303040308514f80452e0da", 0x45}], 0x9)

21:47:46 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x2000000}, 0x0)

21:47:46 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x78000000}, 0x1c)

21:47:46 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x400300}, 0x0)

[ 1994.921847][T11923] IPVS: ftp: loaded support on port[0] = 21
21:47:46 executing program 5:
r0 = socket$inet6(0xa, 0x80005, 0x2)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000240)=ANY=[@ANYBLOB="aa08000000aaaaaaaaaaaaaa8655dc1bfc97004d8800fe8000000000000000000000ff02000000000000000000000000000100004e20004d9078e29607149378d33e1db1c73936c77aa3f7fac33b042b79cc16d368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b3288f521afab69cc3712c37ed000000000000000000000"], 0x0)
getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000040)={<r1=>0x0}, &(0x7f0000000080)=0x8)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f00000000c0)=@assoc_value={r1, 0x3}, 0x8)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f00000001c0)={<r2=>0x0})
ioctl$DRM_IOCTL_SWITCH_CTX(r0, 0x40086424, &(0x7f0000000200)={r2, 0x2})
ioctl$sock_SIOCOUTQ(r0, 0x5411, &(0x7f0000000100))
r3 = syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x40)
setsockopt$RDS_RECVERR(r3, 0x114, 0x5, &(0x7f0000000180), 0x4)

21:47:47 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x3000000}, 0x0)

21:47:47 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0xf0ffff}, 0x0)

[ 1995.486944][T11923] IPVS: ftp: loaded support on port[0] = 21
21:47:47 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x02L\x00'}, &(0x7f0000000300)=0x54)

21:47:47 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0xfc000000}, 0x1c)

21:47:47 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x4000000}, 0x0)

21:47:47 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x1000000}, 0x0)

21:47:47 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz1\x00', 0x200002, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendto$inet6(r0, &(0x7f0000000080)="f8602d609824f8165af0d263b99d9e412e5e9fefcdffbf9a340d0777a2348dbeee2307c49e15fedde5006f2bec8a2ed614db2dcd69d198de397d6b6e9422d6467806a451dfb98718a4915eeb2ffdd86b5f37a45083cfd0385e02fa15cf40005df9f7cd299e5111c68c19e3782e534ac36f", 0x71, 0x20048000, &(0x7f00000001c0)={0xa, 0x4e23, 0x800, @empty, 0x1000}, 0x1c)
syz_emit_ethernet(0x2a, &(0x7f0000000100)={@local, @local, [{[], {0x8100, 0x7, 0x9, 0x1}}], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)

21:47:47 executing program 3:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x01\x1e\x00'}, &(0x7f0000000300)=0x54)

21:47:47 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x2000000}, 0x0)

[ 1995.831733][T11965] IPVS: ftp: loaded support on port[0] = 21
[ 1995.861319][T11969] IPVS: ftp: loaded support on port[0] = 21
21:47:47 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x8000000}, 0x0)

21:47:47 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0xfe800000}, 0x1c)

21:47:47 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x3000000}, 0x0)

21:47:48 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0xa000000}, 0x0)

21:47:48 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0xfec00000}, 0x1c)

[ 1996.278293][T11972] syz-executor3 invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[ 1996.339528][T11972] CPU: 1 PID: 11972 Comm: syz-executor3 Not tainted 5.0.0-rc1-next-20190109 #8
[ 1996.349027][T11972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 1996.349036][T11972] Call Trace:
[ 1996.349076][T11972]  dump_stack+0x1db/0x2d0
[ 1996.349096][T11972]  ? dump_stack_print_info.cold+0x20/0x20
[ 1996.349113][T11972]  ? check_preemption_disabled+0x48/0x290
[ 1996.349145][T11972]  dump_header+0x1e6/0x116c
[ 1996.349165][T11972]  ? add_lock_to_list.isra.0+0x450/0x450
[ 1996.349177][T11972]  ? perf_trace_lock+0x750/0x750
[ 1996.349191][T11972]  ? print_usage_bug+0xd0/0xd0
[ 1996.349211][T11972]  ? pagefault_out_of_memory+0x1a1/0x1a1
[ 1996.349225][T11972]  ? ___ratelimit+0x37c/0x686
[ 1996.349245][T11972]  ? mark_held_locks+0xb1/0x100
[ 1996.349264][T11972]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 1996.349279][T11972]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 1996.349293][T11972]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 1996.349312][T11972]  ? trace_hardirqs_on+0xbd/0x310
[ 1996.349329][T11972]  ? kasan_check_read+0x11/0x20
[ 1996.349350][T11972]  ? ___ratelimit+0x37c/0x686
[ 1996.372796][T11972]  ? trace_hardirqs_off_caller+0x300/0x300
[ 1996.372824][T11972]  ? do_raw_spin_trylock+0x270/0x270
[ 1996.388746][T11972]  ? trace_hardirqs_on_caller+0x310/0x310
[ 1996.388763][T11972]  ? lock_acquire+0x1db/0x570
[ 1996.388791][T11972]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 1996.388809][T11972]  ? ___ratelimit+0xac/0x686
[ 1996.388826][T11972]  ? idr_get_free+0xee0/0xee0
[ 1996.388840][T11972]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 1996.388867][T11972]  oom_kill_process.cold+0x10/0x9ca
[ 1996.388889][T11972]  ? cgroup_procs_next+0x70/0x70
[ 1996.388908][T11972]  ? _raw_spin_unlock_irq+0x5e/0x90
[ 1996.388923][T11972]  ? oom_badness+0xa50/0xa50
[ 1996.388942][T11972]  ? oom_evaluate_task+0x540/0x540
[ 1996.388960][T11972]  ? mem_cgroup_iter_break+0x30/0x30
[ 1996.388976][T11972]  ? mutex_trylock+0x2d0/0x2d0
[ 1996.388992][T11972]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1996.389021][T11972]  ? rcu_read_unlock_special+0x380/0x380
[ 1996.404405][T11972]  out_of_memory+0x885/0x1420
[ 1996.404430][T11972]  ? mem_cgroup_iter+0x4f4/0xf50
[ 1996.404454][T11972]  ? oom_killer_disable+0x340/0x340
[ 1996.404472][T11972]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[ 1996.404496][T11972]  ? lock_acquire+0x1db/0x570
[ 1996.414082][T11972]  mem_cgroup_out_of_memory+0x160/0x210
[ 1996.414104][T11972]  ? do_raw_spin_unlock+0xa0/0x330
[ 1996.414123][T11972]  ? memory_oom_group_write+0x160/0x160
[ 1996.414138][T11972]  ? do_raw_spin_trylock+0x270/0x270
[ 1996.414167][T11972]  ? _raw_spin_unlock+0x2d/0x50
[ 1996.431116][T11972]  try_charge+0x1457/0x1d00
[ 1996.431139][T11972]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[ 1996.431167][T11972]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 1996.431183][T11972]  ? lock_downgrade+0xbe0/0xbe0
[ 1996.431208][T11972]  ? kasan_check_read+0x11/0x20
[ 1996.445801][T11972]  ? rcu_read_unlock_special+0x380/0x380
[ 1996.445831][T11972]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[ 1996.445860][T11972]  ? get_mem_cgroup_from_page+0x190/0x190
[ 1996.445883][T11972]  ? add_lock_to_list.isra.0+0x450/0x450
[ 1996.445899][T11972]  ? print_usage_bug+0xd0/0xd0
[ 1996.445921][T11972]  mem_cgroup_try_charge+0x43a/0xdb0
[ 1996.445944][T11972]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1996.457095][T11972]  ? mem_cgroup_protected+0xa10/0xa10
[ 1996.457117][T11972]  ? shmem_getattr+0x2c0/0x2c0
[ 1996.457136][T11972]  ? __lock_acquire+0x572/0x4a10
[ 1996.457149][T11972]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 1996.457166][T11972]  ? print_usage_bug+0xd0/0xd0
[ 1996.457198][T11972]  mem_cgroup_try_charge_delay+0x1f/0xa0
[ 1996.457220][T11972]  shmem_getpage_gfp+0xa85/0x4b70
[ 1996.457257][T11972]  ? shmem_add_to_page_cache+0x19a0/0x19a0
[ 1996.457283][T11972]  ? lock_acquire+0x1db/0x570
[ 1996.457300][T11972]  ? alloc_set_pte+0x134a/0x1df0
[ 1996.457322][T11972]  ? kasan_check_write+0x14/0x20
[ 1996.457346][T11972]  ? do_raw_spin_lock+0x156/0x360
[ 1996.478195][T11972]  ? lock_release+0xc40/0xc40
[ 1996.478218][T11972]  ? rwlock_bug.part.0+0x90/0x90
[ 1996.478239][T11972]  ? pmd_devmap_trans_unstable+0x1d0/0x1d0
[ 1996.478258][T11972]  ? add_lock_to_list.isra.0+0x450/0x450
[ 1996.478280][T11972]  ? reacquire_held_locks+0xfb/0x520
[ 1996.478294][T11972]  ? alloc_set_pte+0x134a/0x1df0
[ 1996.478309][T11972]  ? find_held_lock+0x60/0x120
[ 1996.478327][T11972]  ? filemap_map_pages+0xe29/0x1cc0
[ 1996.478345][T11972]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1996.478363][T11972]  ? lock_downgrade+0xbe0/0xbe0
[ 1996.478380][T11972]  ? kasan_check_read+0x11/0x20
[ 1996.478397][T11972]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 1996.478420][T11972]  ? rcu_read_unlock_special+0x380/0x380
[ 1996.498584][T11972]  ? filemap_map_pages+0xe50/0x1cc0
[ 1996.498621][T11972]  ? find_get_entries_tag+0x13d0/0x13d0
[ 1996.498636][T11972]  ? follow_page_pte+0x3f4/0x1a50
[ 1996.498659][T11972]  shmem_fault+0x25a/0x950
[ 1996.498685][T11972]  ? shmem_read_mapping_page_gfp+0x200/0x200
[ 1996.498704][T11972]  ? __handle_mm_fault+0x42e1/0x55a0
[ 1996.498722][T11972]  ? find_held_lock+0x35/0x120
[ 1996.498739][T11972]  ? __handle_mm_fault+0x42e1/0x55a0
[ 1996.498758][T11972]  __do_fault+0x176/0x7b0
[ 1996.498778][T11972]  ? do_page_mkwrite+0x740/0x740
[ 1996.498794][T11972]  ? do_raw_spin_unlock+0xa0/0x330
[ 1996.498817][T11972]  ? do_raw_spin_trylock+0x270/0x270
[ 1996.513780][T11972]  ? add_mm_counter_fast.part.0+0x40/0x40
[ 1996.513812][T11972]  __handle_mm_fault+0x370a/0x55a0
[ 1996.513852][T11972]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 1996.530188][T11972]  ? check_preemption_disabled+0x48/0x290
[ 1996.530212][T11972]  ? handle_mm_fault+0x3cc/0xc80
[ 1996.530243][T11972]  ? lock_downgrade+0xbe0/0xbe0
[ 1996.530262][T11972]  ? kasan_check_read+0x11/0x20
[ 1996.530280][T11972]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 1996.530299][T11972]  ? rcu_read_unlock_special+0x380/0x380
[ 1996.530315][T11972]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1996.530328][T11972]  ? check_preemption_disabled+0x48/0x290
[ 1996.530348][T11972]  handle_mm_fault+0x4ec/0xc80
[ 1996.530369][T11972]  ? __handle_mm_fault+0x55a0/0x55a0
[ 1996.530386][T11972]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 1996.530405][T11972]  __get_user_pages+0x8f7/0x1e10
[ 1996.530432][T11972]  ? follow_page_mask+0x1f40/0x1f40
[ 1996.530458][T11972]  ? lock_acquire+0x1db/0x570
[ 1996.530478][T11972]  ? ___might_sleep+0x1e7/0x310
[ 1996.530497][T11972]  ? lock_release+0xc40/0xc40
[ 1996.530510][T11972]  ? find_held_lock+0x35/0x120
[ 1996.530530][T11972]  ? vm_mmap_pgoff+0x21a/0x2b0
[ 1996.530565][T11972]  populate_vma_page_range+0x2bc/0x3b0
[ 1996.530581][T11972]  ? memset+0x32/0x40
[ 1996.530600][T11972]  ? follow_page+0x430/0x430
[ 1996.530612][T11972]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1996.530625][T11972]  ? vmacache_update+0x114/0x140
[ 1996.530649][T11972]  __mm_populate+0x27e/0x4c0
[ 1996.530670][T11972]  ? populate_vma_page_range+0x3b0/0x3b0
[ 1996.530686][T11972]  ? down_read_killable+0x150/0x150
[ 1996.530704][T11972]  ? security_mmap_file+0x1a7/0x1e0
[ 1996.530727][T11972]  vm_mmap_pgoff+0x277/0x2b0
[ 1996.530751][T11972]  ? vma_is_stack_for_current+0xd0/0xd0
[ 1996.530765][T11972]  ? kasan_check_read+0x11/0x20
[ 1996.530781][T11972]  ? _copy_to_user+0xc9/0x120
[ 1996.530799][T11972]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 1996.530822][T11972]  ksys_mmap_pgoff+0x102/0x650
[ 1996.530845][T11972]  ? find_mergeable_anon_vma+0xd0/0xd0
[ 1996.530863][T11972]  ? trace_hardirqs_on+0xbd/0x310
[ 1996.530877][T11972]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 1996.530896][T11972]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1996.530913][T11972]  ? trace_hardirqs_off_caller+0x300/0x300
[ 1996.530934][T11972]  __x64_sys_mmap+0xe9/0x1b0
[ 1996.530957][T11972]  do_syscall_64+0x1a3/0x800
[ 1996.530978][T11972]  ? syscall_return_slowpath+0x5f0/0x5f0
[ 1996.530997][T11972]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 1996.531012][T11972]  ? __switch_to_asm+0x34/0x70
[ 1996.531035][T11972]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 1996.531062][T11972]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 1996.531084][T11972] RIP: 0033:0x457ec9
[ 1996.531102][T11972] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 1996.531111][T11972] RSP: 002b:00007f58d409ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 1996.531128][T11972] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9
[ 1996.531138][T11972] RDX: 0000000000000003 RSI: 0000000000b36000 RDI: 0000000020000000
[ 1996.531148][T11972] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000
[ 1996.531158][T11972] R10: 0000000000008031 R11: 0000000000000246 R12: 00007f58d409f6d4
[ 1996.531167][T11972] R13: 00000000004c3b56 R14: 00000000004d6910 R15: 00000000ffffffff
[ 1996.724375][T11972] memory: usage 307172kB, limit 307200kB, failcnt 3663
[ 1996.777059][T11972] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1996.816781][T11972] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 1996.822341][T11972] Memory cgroup stats for /syz3: cache:4200KB rss:242864KB rss_huge:212992KB shmem:4120KB mapped_file:4224KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4340KB active_anon:242840KB inactive_file:4KB active_file:0KB unevictable:0KB
[ 1996.837791][T11972] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor3,pid=11964,uid=0
[ 1996.848721][T11972] Memory cgroup out of memory: Kill process 11964 (syz-executor3) score 1110 or sacrifice child
[ 1996.859667][T11972] Killed process 11964 (syz-executor3) total-vm:70532kB, anon-rss:104kB, file-rss:32768kB, shmem-rss:4220kB
[ 1996.877579][ T1042] oom_reaper: reaped process 11964 (syz-executor3), now anon-rss:0kB, file-rss:32708kB, shmem-rss:4220kB
[ 1996.931849][T11973] IPVS: ftp: loaded support on port[0] = 21
[ 1998.606351][    C0] net_ratelimit: 20 callbacks suppressed
[ 1998.606362][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1998.606560][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 1998.612157][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 1998.617981][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 1998.623849][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1998.629671][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 1998.635286][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 1998.641109][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 1998.647025][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 1998.652732][    C1] protocol 88fb is buggy, dev hsr_slave_0
21:47:54 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00b\x00'}, &(0x7f0000000300)=0x54)

21:47:54 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x4000000}, 0x0)

21:47:54 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0xe000000}, 0x0)

21:47:54 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0xff000000}, 0x1c)

21:47:54 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd601bfc97004d8800fe800000000000000000000000000000ff0200000000000000e600000000000100004e2000329078e29607149378d33e1db1c73936c77aa3f7fac33b042bd36823c373d6ea51369e92fb96cc7c6fe4e24d1fcefff87429e50b32881721afab69cc3712c37ed0"], 0x0)

21:47:54 executing program 3:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x01\x1e\x00'}, &(0x7f0000000300)=0x54)

21:47:54 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x10000000000000}, 0x1c)

[ 2002.347424][T12003] IPVS: ftp: loaded support on port[0] = 21
21:47:54 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0xf000000}, 0x0)

21:47:54 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x8000000}, 0x0)

[ 2002.436637][T12011] IPVS: ftp: loaded support on port[0] = 21
21:47:54 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x10000000}, 0x0)

21:47:54 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x100000000000000}, 0x1c)

21:47:54 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0xa000000}, 0x0)

[ 2002.878193][T12008] syz-executor3 invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[ 2002.917536][T12008] CPU: 0 PID: 12008 Comm: syz-executor3 Not tainted 5.0.0-rc1-next-20190109 #8
[ 2002.926569][T12008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2002.936682][T12008] Call Trace:
[ 2002.940009][T12008]  dump_stack+0x1db/0x2d0
[ 2002.944387][T12008]  ? dump_stack_print_info.cold+0x20/0x20
[ 2002.950182][T12008]  ? check_preemption_disabled+0x48/0x290
[ 2002.955979][T12008]  dump_header+0x1e6/0x116c
[ 2002.960519][T12008]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2002.966198][T12008]  ? perf_trace_lock+0x750/0x750
[ 2002.971174][T12008]  ? print_usage_bug+0xd0/0xd0
[ 2002.975993][T12008]  ? pagefault_out_of_memory+0x1a1/0x1a1
[ 2002.981661][T12008]  ? ___ratelimit+0x37c/0x686
[ 2002.986384][T12008]  ? mark_held_locks+0xb1/0x100
[ 2002.991294][T12008]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2002.997311][T12008]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2003.003174][T12008]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2003.008488][T12008]  ? trace_hardirqs_on+0xbd/0x310
[ 2003.013540][T12008]  ? kasan_check_read+0x11/0x20
[ 2003.018427][T12008]  ? ___ratelimit+0x37c/0x686
[ 2003.023153][T12008]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2003.028980][T12008]  ? do_raw_spin_trylock+0x270/0x270
[ 2003.034314][T12008]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2003.040082][T12008]  ? lock_acquire+0x1db/0x570
[ 2003.044784][T12008]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 2003.050612][T12008]  ? ___ratelimit+0xac/0x686
[ 2003.050629][T12008]  ? idr_get_free+0xee0/0xee0
[ 2003.050649][T12008]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2003.050681][T12008]  oom_kill_process.cold+0x10/0x9ca
[ 2003.050701][T12008]  ? cgroup_procs_next+0x70/0x70
[ 2003.050721][T12008]  ? _raw_spin_unlock_irq+0x5e/0x90
[ 2003.050737][T12008]  ? oom_badness+0xa50/0xa50
[ 2003.050756][T12008]  ? oom_evaluate_task+0x540/0x540
[ 2003.050773][T12008]  ? mem_cgroup_iter_break+0x30/0x30
[ 2003.050787][T12008]  ? mutex_trylock+0x2d0/0x2d0
[ 2003.050809][T12008]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2003.060093][T12008]  ? rcu_read_unlock_special+0x380/0x380
[ 2003.060120][T12008]  out_of_memory+0x885/0x1420
[ 2003.060140][T12008]  ? mem_cgroup_iter+0x4f4/0xf50
[ 2003.060164][T12008]  ? oom_killer_disable+0x340/0x340
[ 2003.060184][T12008]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[ 2003.060202][T12008]  ? lock_acquire+0x1db/0x570
[ 2003.060230][T12008]  mem_cgroup_out_of_memory+0x160/0x210
[ 2003.070709][T12008]  ? do_raw_spin_unlock+0xa0/0x330
[ 2003.070734][T12008]  ? memory_oom_group_write+0x160/0x160
[ 2003.070750][T12008]  ? do_raw_spin_trylock+0x270/0x270
[ 2003.070789][T12008]  ? _raw_spin_unlock+0x2d/0x50
[ 2003.080925][T12008]  try_charge+0x1457/0x1d00
[ 2003.080942][T12008]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[ 2003.080969][T12008]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 2003.080985][T12008]  ? lock_downgrade+0xbe0/0xbe0
[ 2003.081002][T12008]  ? kasan_check_read+0x11/0x20
[ 2003.081025][T12008]  ? rcu_read_unlock_special+0x380/0x380
[ 2003.090720][T12008]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[ 2003.090739][T12008]  ? get_mem_cgroup_from_page+0x190/0x190
[ 2003.090761][T12008]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2003.090779][T12008]  ? print_usage_bug+0xd0/0xd0
[ 2003.090802][T12008]  mem_cgroup_try_charge+0x43a/0xdb0
[ 2003.090822][T12008]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2003.090842][T12008]  ? mem_cgroup_protected+0xa10/0xa10
[ 2003.100890][T12008]  ? shmem_getattr+0x2c0/0x2c0
[ 2003.100912][T12008]  ? __lock_acquire+0x572/0x4a10
[ 2003.100928][T12008]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2003.100944][T12008]  ? print_usage_bug+0xd0/0xd0
[ 2003.100977][T12008]  mem_cgroup_try_charge_delay+0x1f/0xa0
[ 2003.112833][T12008]  shmem_getpage_gfp+0xa85/0x4b70
[ 2003.112877][T12008]  ? shmem_add_to_page_cache+0x19a0/0x19a0
[ 2003.112904][T12008]  ? lock_acquire+0x1db/0x570
[ 2003.112926][T12008]  ? alloc_set_pte+0x134a/0x1df0
[ 2003.122530][T12008]  ? kasan_check_write+0x14/0x20
[ 2003.122560][T12008]  ? do_raw_spin_lock+0x156/0x360
[ 2003.122581][T12008]  ? lock_release+0xc40/0xc40
[ 2003.122599][T12008]  ? rwlock_bug.part.0+0x90/0x90
[ 2003.122621][T12008]  ? pmd_devmap_trans_unstable+0x1d0/0x1d0
[ 2003.305498][T12008]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2003.311183][T12008]  ? reacquire_held_locks+0xfb/0x520
[ 2003.316507][T12008]  ? alloc_set_pte+0x134a/0x1df0
[ 2003.321491][T12008]  ? find_held_lock+0x60/0x120
[ 2003.326293][T12008]  ? filemap_map_pages+0xe29/0x1cc0
[ 2003.331530][T12008]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2003.337823][T12008]  ? lock_downgrade+0xbe0/0xbe0
[ 2003.342712][T12008]  ? kasan_check_read+0x11/0x20
[ 2003.347613][T12008]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2003.353640][T12008]  ? rcu_read_unlock_special+0x380/0x380
[ 2003.359318][T12008]  ? filemap_map_pages+0xe50/0x1cc0
[ 2003.364569][T12008]  ? find_get_entries_tag+0x13d0/0x13d0
[ 2003.370137][T12008]  ? follow_page_pte+0x3f4/0x1a50
[ 2003.375186][T12008]  shmem_fault+0x25a/0x950
[ 2003.379623][T12008]  ? shmem_read_mapping_page_gfp+0x200/0x200
[ 2003.385614][T12008]  ? __handle_mm_fault+0x42e1/0x55a0
[ 2003.390911][T12008]  ? find_held_lock+0x35/0x120
[ 2003.395683][T12008]  ? __handle_mm_fault+0x42e1/0x55a0
[ 2003.400979][T12008]  __do_fault+0x176/0x7b0
[ 2003.405315][T12008]  ? do_page_mkwrite+0x740/0x740
[ 2003.410257][T12008]  ? do_raw_spin_unlock+0xa0/0x330
[ 2003.415369][T12008]  ? do_raw_spin_trylock+0x270/0x270
[ 2003.420657][T12008]  ? add_mm_counter_fast.part.0+0x40/0x40
[ 2003.426386][T12008]  __handle_mm_fault+0x370a/0x55a0
[ 2003.431510][T12008]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2003.437058][T12008]  ? check_preemption_disabled+0x48/0x290
[ 2003.442781][T12008]  ? handle_mm_fault+0x3cc/0xc80
[ 2003.447744][T12008]  ? lock_downgrade+0xbe0/0xbe0
[ 2003.452601][T12008]  ? kasan_check_read+0x11/0x20
[ 2003.457454][T12008]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2003.463438][T12008]  ? rcu_read_unlock_special+0x380/0x380
[ 2003.469072][T12008]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2003.475313][T12008]  ? check_preemption_disabled+0x48/0x290
[ 2003.481044][T12008]  handle_mm_fault+0x4ec/0xc80
[ 2003.485818][T12008]  ? __handle_mm_fault+0x55a0/0x55a0
[ 2003.491121][T12008]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 2003.496880][T12008]  __get_user_pages+0x8f7/0x1e10
[ 2003.501849][T12008]  ? follow_page_mask+0x1f40/0x1f40
[ 2003.507068][T12008]  ? lock_acquire+0x1db/0x570
[ 2003.511775][T12008]  ? ___might_sleep+0x1e7/0x310
[ 2003.516659][T12008]  ? lock_release+0xc40/0xc40
[ 2003.521369][T12008]  ? find_held_lock+0x35/0x120
[ 2003.526149][T12008]  ? vm_mmap_pgoff+0x21a/0x2b0
[ 2003.530930][T12008]  populate_vma_page_range+0x2bc/0x3b0
[ 2003.536413][T12008]  ? memset+0x32/0x40
[ 2003.540414][T12008]  ? follow_page+0x430/0x430
[ 2003.545025][T12008]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2003.551316][T12008]  ? vmacache_update+0x114/0x140
[ 2003.556292][T12008]  __mm_populate+0x27e/0x4c0
[ 2003.560914][T12008]  ? populate_vma_page_range+0x3b0/0x3b0
[ 2003.567126][T12008]  ? down_read_killable+0x150/0x150
[ 2003.572341][T12008]  ? security_mmap_file+0x1a7/0x1e0
[ 2003.577583][T12008]  vm_mmap_pgoff+0x277/0x2b0
[ 2003.582219][T12008]  ? vma_is_stack_for_current+0xd0/0xd0
[ 2003.587789][T12008]  ? kasan_check_read+0x11/0x20
[ 2003.592655][T12008]  ? _copy_to_user+0xc9/0x120
[ 2003.597398][T12008]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2003.603666][T12008]  ksys_mmap_pgoff+0x102/0x650
[ 2003.608468][T12008]  ? find_mergeable_anon_vma+0xd0/0xd0
[ 2003.613939][T12008]  ? trace_hardirqs_on+0xbd/0x310
[ 2003.618972][T12008]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2003.625225][T12008]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2003.631306][T12008]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2003.637132][T12008]  __x64_sys_mmap+0xe9/0x1b0
[ 2003.641749][T12008]  do_syscall_64+0x1a3/0x800
[ 2003.646360][T12008]  ? syscall_return_slowpath+0x5f0/0x5f0
[ 2003.652027][T12008]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2003.657761][T12008]  ? __switch_to_asm+0x34/0x70
[ 2003.662545][T12008]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2003.668125][T12008]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2003.674035][T12008] RIP: 0033:0x457ec9
[ 2003.677931][T12008] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2003.697547][T12008] RSP: 002b:00007f58d409ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 2003.705972][T12008] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9
[ 2003.713955][T12008] RDX: 0000000000000003 RSI: 0000000000b36000 RDI: 0000000020000000
[ 2003.721938][T12008] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000
[ 2003.729956][T12008] R10: 0000000000008031 R11: 0000000000000246 R12: 00007f58d409f6d4
[ 2003.737923][T12008] R13: 00000000004c3b56 R14: 00000000004d6910 R15: 00000000ffffffff
[ 2003.758821][T12008] memory: usage 307200kB, limit 307200kB, failcnt 3702
[ 2003.769848][T12011] IPVS: ftp: loaded support on port[0] = 21
[ 2003.771141][T12008] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2003.791340][T12008] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2003.805584][T12008] Memory cgroup stats for /syz3: cache:4396KB rss:242864KB rss_huge:212992KB shmem:4372KB mapped_file:4224KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4444KB active_anon:242840KB inactive_file:4KB active_file:0KB unevictable:0KB
[ 2003.836327][T12008] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor3,pid=12002,uid=0
[ 2003.884415][T12008] Memory cgroup out of memory: Kill process 12002 (syz-executor3) score 1110 or sacrifice child
[ 2003.910095][T12008] Killed process 12002 (syz-executor3) total-vm:70532kB, anon-rss:104kB, file-rss:32768kB, shmem-rss:4220kB
[ 2003.924105][ T1042] oom_reaper: reaped process 12002 (syz-executor3), now anon-rss:0kB, file-rss:32772kB, shmem-rss:4448kB
21:47:55 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x200000000000000}, 0x1c)

21:47:55 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x60000000}, 0x0)

21:47:55 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0xe000000}, 0x0)

21:47:55 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @empty, 0xfffffffffffffffe}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000100)='/dev/uinput\x00', 0x802, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaaaa73090000000000001bfc97004d8800fe80000000000000000000000000852623be27ce608243840000ff02000000000000000000000000000100004e20004d9078e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"], 0x0)
r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x80, 0x0)
ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r1, 0x81785501, &(0x7f0000000140)=""/201)
ioctl$TCGETA(r1, 0x5405, &(0x7f00000000c0))
ioctl$UI_SET_PHYS(r1, 0x4008556c, &(0x7f0000000080)='syz0\x00')

21:47:55 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00c\x00'}, &(0x7f0000000300)=0x54)

21:47:55 executing program 3:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x01\x1e\x00'}, &(0x7f0000000300)=0x54)

[ 2004.122172][T12049] Unknown ioctl -2122820351
[ 2004.130364][T12043] IPVS: ftp: loaded support on port[0] = 21
[ 2004.144993][T12049] Unknown ioctl 21509
[ 2004.158515][T12049] Unknown ioctl 1074287980
21:47:56 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x8c1b0000}, 0x0)

21:47:56 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x300000000000000}, 0x1c)

21:47:56 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0xf000000}, 0x0)

[ 2004.166996][T12048] IPVS: ftp: loaded support on port[0] = 21
21:47:56 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x9effffff}, 0x0)

21:47:56 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x10000000}, 0x0)

21:47:56 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x400000000000000}, 0x1c)

21:47:56 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0xf0ffffff}, 0x0)

21:47:56 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x500000000000000}, 0x1c)

21:47:56 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x60000000}, 0x0)

[ 2004.655583][T12050] syz-executor3 invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[ 2004.674707][T12050] CPU: 0 PID: 12050 Comm: syz-executor3 Not tainted 5.0.0-rc1-next-20190109 #8
[ 2004.683709][T12050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2004.693799][T12050] Call Trace:
[ 2004.697129][T12050]  dump_stack+0x1db/0x2d0
[ 2004.701512][T12050]  ? dump_stack_print_info.cold+0x20/0x20
[ 2004.707284][T12050]  ? check_preemption_disabled+0x48/0x290
[ 2004.713048][T12050]  dump_header+0x1e6/0x116c
[ 2004.717606][T12050]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2004.717622][T12050]  ? perf_trace_lock+0x750/0x750
[ 2004.717639][T12050]  ? print_usage_bug+0xd0/0xd0
[ 2004.717660][T12050]  ? pagefault_out_of_memory+0x1a1/0x1a1
[ 2004.717675][T12050]  ? ___ratelimit+0x37c/0x686
[ 2004.717695][T12050]  ? mark_held_locks+0xb1/0x100
[ 2004.717713][T12050]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2004.717729][T12050]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2004.717751][T12050]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2004.759929][T12050]  ? trace_hardirqs_on+0xbd/0x310
[ 2004.770282][T12050]  ? kasan_check_read+0x11/0x20
[ 2004.775178][T12050]  ? ___ratelimit+0x37c/0x686
[ 2004.779901][T12050]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2004.785740][T12050]  ? do_raw_spin_trylock+0x270/0x270
[ 2004.785767][T12050]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2004.796829][T12050]  ? lock_acquire+0x1db/0x570
[ 2004.801571][T12050]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 2004.807432][T12050]  ? ___ratelimit+0xac/0x686
[ 2004.812057][T12050]  ? idr_get_free+0xee0/0xee0
[ 2004.816777][T12050]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2004.816808][T12050]  oom_kill_process.cold+0x10/0x9ca
[ 2004.816832][T12050]  ? cgroup_procs_next+0x70/0x70
[ 2004.816854][T12050]  ? _raw_spin_unlock_irq+0x5e/0x90
[ 2004.816869][T12050]  ? oom_badness+0xa50/0xa50
[ 2004.816888][T12050]  ? oom_evaluate_task+0x540/0x540
[ 2004.816906][T12050]  ? mem_cgroup_iter_break+0x30/0x30
[ 2004.816928][T12050]  ? mutex_trylock+0x2d0/0x2d0
[ 2004.842211][T12050]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2004.842247][T12050]  ? rcu_read_unlock_special+0x380/0x380
[ 2004.842276][T12050]  out_of_memory+0x885/0x1420
[ 2004.869362][T12050]  ? mem_cgroup_iter+0x4f4/0xf50
[ 2004.869391][T12050]  ? oom_killer_disable+0x340/0x340
[ 2004.869411][T12050]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[ 2004.869436][T12050]  ? lock_acquire+0x1db/0x570
[ 2004.879084][T12050]  mem_cgroup_out_of_memory+0x160/0x210
[ 2004.879103][T12050]  ? do_raw_spin_unlock+0xa0/0x330
[ 2004.879121][T12050]  ? memory_oom_group_write+0x160/0x160
[ 2004.879136][T12050]  ? do_raw_spin_trylock+0x270/0x270
[ 2004.879165][T12050]  ? _raw_spin_unlock+0x2d/0x50
[ 2004.879184][T12050]  try_charge+0x1457/0x1d00
[ 2004.879197][T12050]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[ 2004.879220][T12050]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 2004.879241][T12050]  ? lock_downgrade+0xbe0/0xbe0
[ 2004.890275][T12050]  ? kasan_check_read+0x11/0x20
[ 2004.890298][T12050]  ? rcu_read_unlock_special+0x380/0x380
[ 2004.890328][T12050]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[ 2004.890347][T12050]  ? get_mem_cgroup_from_page+0x190/0x190
[ 2004.890367][T12050]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2004.890382][T12050]  ? print_usage_bug+0xd0/0xd0
[ 2004.890402][T12050]  mem_cgroup_try_charge+0x43a/0xdb0
[ 2004.890425][T12050]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2004.900635][T12050]  ? mem_cgroup_protected+0xa10/0xa10
[ 2004.900661][T12050]  ? shmem_getattr+0x2c0/0x2c0
[ 2004.900680][T12050]  ? __lock_acquire+0x572/0x4a10
[ 2004.900695][T12050]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2004.900714][T12050]  ? print_usage_bug+0xd0/0xd0
[ 2004.911394][T12050]  mem_cgroup_try_charge_delay+0x1f/0xa0
[ 2004.911420][T12050]  shmem_getpage_gfp+0xa85/0x4b70
[ 2004.911458][T12050]  ? shmem_add_to_page_cache+0x19a0/0x19a0
[ 2004.921627][T12050]  ? lock_acquire+0x1db/0x570
[ 2004.921646][T12050]  ? alloc_set_pte+0x134a/0x1df0
[ 2004.921671][T12050]  ? kasan_check_write+0x14/0x20
[ 2004.921687][T12050]  ? do_raw_spin_lock+0x156/0x360
[ 2004.921699][T12050]  ? lock_release+0xc40/0xc40
[ 2004.921720][T12050]  ? rwlock_bug.part.0+0x90/0x90
[ 2004.931794][T12050]  ? pmd_devmap_trans_unstable+0x1d0/0x1d0
[ 2004.931812][T12050]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2004.931835][T12050]  ? reacquire_held_locks+0xfb/0x520
[ 2004.931851][T12050]  ? alloc_set_pte+0x134a/0x1df0
[ 2004.931870][T12050]  ? find_held_lock+0x60/0x120
[ 2004.931889][T12050]  ? filemap_map_pages+0xe29/0x1cc0
[ 2004.931912][T12050]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2004.942338][T12050]  ? lock_downgrade+0xbe0/0xbe0
[ 2004.942357][T12050]  ? kasan_check_read+0x11/0x20
[ 2004.942377][T12050]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2004.942397][T12050]  ? rcu_read_unlock_special+0x380/0x380
[ 2004.942430][T12050]  ? filemap_map_pages+0xe50/0x1cc0
[ 2004.952955][T12050]  ? find_get_entries_tag+0x13d0/0x13d0
[ 2004.952973][T12050]  ? follow_page_pte+0x3f4/0x1a50
[ 2004.953000][T12050]  shmem_fault+0x25a/0x950
[ 2004.953036][T12050]  ? shmem_read_mapping_page_gfp+0x200/0x200
[ 2004.964337][T12050]  ? __handle_mm_fault+0x42e1/0x55a0
[ 2004.964354][T12050]  ? find_held_lock+0x35/0x120
[ 2004.964372][T12050]  ? __handle_mm_fault+0x42e1/0x55a0
[ 2004.964395][T12050]  __do_fault+0x176/0x7b0
[ 2004.964415][T12050]  ? do_page_mkwrite+0x740/0x740
[ 2004.964438][T12050]  ? do_raw_spin_unlock+0xa0/0x330
[ 2004.974858][T12050]  ? do_raw_spin_trylock+0x270/0x270
[ 2004.974879][T12050]  ? add_mm_counter_fast.part.0+0x40/0x40
[ 2004.974908][T12050]  __handle_mm_fault+0x370a/0x55a0
[ 2004.974935][T12050]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2004.974957][T12050]  ? check_preemption_disabled+0x48/0x290
[ 2004.986503][T12050]  ? handle_mm_fault+0x3cc/0xc80
[ 2004.986537][T12050]  ? lock_downgrade+0xbe0/0xbe0
[ 2004.986565][T12050]  ? kasan_check_read+0x11/0x20
[ 2004.986590][T12050]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2004.986608][T12050]  ? rcu_read_unlock_special+0x380/0x380
[ 2004.986625][T12050]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2004.986640][T12050]  ? check_preemption_disabled+0x48/0x290
[ 2004.986663][T12050]  handle_mm_fault+0x4ec/0xc80
[ 2004.996836][T12050]  ? __handle_mm_fault+0x55a0/0x55a0
[ 2004.996854][T12050]  ? __get_user_pages+0x13bb/0x1e10
[ 2004.996873][T12050]  __get_user_pages+0x8f7/0x1e10
[ 2004.996904][T12050]  ? follow_page_mask+0x1f40/0x1f40
[ 2004.996929][T12050]  ? lock_acquire+0x1db/0x570
[ 2004.996947][T12050]  ? ___might_sleep+0x1e7/0x310
[ 2004.996964][T12050]  ? lock_release+0xc40/0xc40
[ 2004.996985][T12050]  ? find_held_lock+0x35/0x120
[ 2005.007261][T12050]  ? vm_mmap_pgoff+0x21a/0x2b0
[ 2005.007283][T12050]  populate_vma_page_range+0x2bc/0x3b0
[ 2005.007304][T12050]  ? memset+0x32/0x40
[ 2005.007323][T12050]  ? follow_page+0x430/0x430
21:47:57 executing program 5:
r0 = socket$inet6(0xa, 0x2001, 0x88)
setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000100)={0x8, 0x5, 0x401, 0x6, 0x2}, 0x14)
r1 = syz_open_dev$midi(&(0x7f00000002c0)='/dev/midi#\x00', 0x10000, 0x101000)
setsockopt$TIPC_DEST_DROPPABLE(r1, 0x10f, 0x81, &(0x7f0000000300)=0x9, 0x4)
r2 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x80000001, 0x4000)
ioctl$DRM_IOCTL_MODE_SETCRTC(r2, 0xc06864a2, &(0x7f0000000240)={&(0x7f0000000200)=[0x8001, 0x0, 0x4, 0x8001], 0x4, 0x5, 0x4, 0x6, 0x1, 0x1, {0x5, 0xffff, 0x1, 0x0, 0x0, 0xffff, 0x1, 0x3, 0x4, 0x3, 0x0, 0xcb71, 0x9, 0x80000000, "4f7a02f45a4ea0332a5428bd75533028eae00ec38c1e1a07ff99975226857acb"}})
getsockopt$ax25_int(r2, 0x101, 0xf, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
ioctl$sock_SIOCGIFBR(r2, 0x8940, &(0x7f00000001c0)=@add_del={0x2, &(0x7f0000000180)='syzkaller0\x00'})
ioctl$RTC_PLL_GET(r2, 0x80207011, &(0x7f0000000140))
personality(0x1500000)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x10000000004e20, 0x3, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x1}, 0xffffffffffffffe9)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd601bfc97004d8800fe800000000000000000000000000000ff02000000000000000000000000000100004e20004d9078e29607149378d33e1db1c73936267aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"], 0x0)

[ 2005.007341][T12050]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2005.007354][T12050]  ? vmacache_update+0x114/0x140
[ 2005.007374][T12050]  __mm_populate+0x27e/0x4c0
[ 2005.007395][T12050]  ? populate_vma_page_range+0x3b0/0x3b0
[ 2005.007425][T12050]  ? down_read_killable+0x150/0x150
[ 2005.017850][T12050]  ? security_mmap_file+0x1a7/0x1e0
[ 2005.017877][T12050]  vm_mmap_pgoff+0x277/0x2b0
[ 2005.017905][T12050]  ? vma_is_stack_for_current+0xd0/0xd0
[ 2005.017924][T12050]  ? kasan_check_read+0x11/0x20
[ 2005.017941][T12050]  ? _copy_to_user+0xc9/0x120
[ 2005.017960][T12050]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2005.017992][T12050]  ksys_mmap_pgoff+0x102/0x650
[ 2005.028839][T12050]  ? find_mergeable_anon_vma+0xd0/0xd0
[ 2005.028859][T12050]  ? trace_hardirqs_on+0xbd/0x310
[ 2005.028875][T12050]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2005.028895][T12050]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2005.028909][T12050]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2005.028929][T12050]  __x64_sys_mmap+0xe9/0x1b0
[ 2005.028954][T12050]  do_syscall_64+0x1a3/0x800
[ 2005.038617][T12050]  ? syscall_return_slowpath+0x5f0/0x5f0
[ 2005.038635][T12050]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2005.038651][T12050]  ? __switch_to_asm+0x34/0x70
[ 2005.038673][T12050]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2005.038697][T12050]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2005.048652][T12050] RIP: 0033:0x457ec9
[ 2005.048671][T12050] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2005.048678][T12050] RSP: 002b:00007f58d409ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 2005.048692][T12050] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9
[ 2005.048702][T12050] RDX: 0000000000000003 RSI: 0000000000b36000 RDI: 0000000020000000
[ 2005.048712][T12050] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000
[ 2005.048722][T12050] R10: 0000000000008031 R11: 0000000000000246 R12: 00007f58d409f6d4
[ 2005.048731][T12050] R13: 00000000004c3b56 R14: 00000000004d6910 R15: 00000000ffffffff
[ 2005.049358][    C0] net_ratelimit: 21 callbacks suppressed
[ 2005.049367][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 2005.058626][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 2005.058770][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 2005.058812][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 2005.058848][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 2005.058911][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2005.058957][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 2005.058969][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 2005.059017][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 2005.059083][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2005.060720][T12050] memory: usage 307200kB, limit 307200kB, failcnt 3743
[ 2005.093116][T12050] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2005.104018][T12050] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2005.129849][T12050] Memory cgroup stats for /syz3: cache:4356KB rss:242864KB rss_huge:212992KB shmem:4292KB mapped_file:4356KB dirty:0KB writeback:0KB swap:0KB inactive_anon:4432KB active_anon:242840KB inactive_file:0KB active_file:0KB unevictable:0KB
[ 2005.146518][T12050] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor3,pid=12037,uid=0
[ 2005.157809][T12079] Unknown ioctl -2122820351
[ 2005.169314][T12049] Unknown ioctl 21509
[ 2005.194532][T12050] Memory cgroup out of memory: Kill process 12037 (syz-executor3) score 1110 or sacrifice child
[ 2005.201772][T12079] Unknown ioctl 1074287980
[ 2005.223080][T12050] Killed process 12037 (syz-executor3) total-vm:70532kB, anon-rss:104kB, file-rss:32768kB, shmem-rss:4220kB
[ 2005.276725][T12051] IPVS: ftp: loaded support on port[0] = 21
[ 2005.370543][ T1042] oom_reaper: reaped process 12037 (syz-executor3), now anon-rss:0kB, file-rss:32708kB, shmem-rss:4436kB
21:47:57 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00q\x00'}, &(0x7f0000000300)=0x54)

[ 2005.923324][T12090] IPVS: ftp: loaded support on port[0] = 21
[ 2006.245734][T12090] IPVS: ftp: loaded support on port[0] = 21
21:48:00 executing program 3:
mkdir(&(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
utimes(&(0x7f0000000000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
mount(&(0x7f0000000040), &(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f0000000080)='ceph\x00', 0x0, 0x0)

21:48:00 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x7c200000}, 0x0)

21:48:00 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0xfffff000}, 0x0)

21:48:00 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x600000000000000}, 0x1c)

21:48:00 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
r1 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x0, 0x200)
ioctl$EVIOCGMTSLOTS(r1, 0x8040450a, &(0x7f0000000080)=""/27)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)

21:48:00 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x88\x00'}, &(0x7f0000000300)=0x54)

21:48:00 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0xffffff7f}, 0x0)

[ 2008.529380][T12106] ceph: device name is missing path (no : separator in  žð-ùËòöè€Ó8/)
[ 2008.558785][T12103] IPVS: ftp: loaded support on port[0] = 21
21:48:00 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x700000000000000}, 0x1c)

21:48:00 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x9effffff}, 0x0)

[ 2008.602861][T12109] ceph: device name is missing path (no : separator in  žð-ùËòöè€Ó8/)
21:48:00 executing program 3:
timer_create(0x0, &(0x7f0000ec5000)={0x0, 0x12}, &(0x7f0000000080)=<r0=>0x0)
pipe(&(0x7f0000000680)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
prctl$PR_GET_CHILD_SUBREAPER(0x25)
write(r2, &(0x7f0000000180)="f693e5e91ed5c4b55c74b5deaa776133d5f3fb96fce2a73cd44c19be585511d2e610006688a3a3da01a0ce7c8a24b0bcabb1ec7a30cb2b85949c1bcbd11e4432b9bf08ba8ce21d43c8bd5a11de98abf0ec32a8c183f0958bac", 0x59)
write$binfmt_misc(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="a162ce9532e4d470de2754aa49ab64db2908cd9cdbbed8d7b78f822d1e9b59e81b230dd991ffa41151a66638ee931ad470e96619eba24bff8db375137f4908cab22a297fcceb3b0595b8dde7d662ebfdec75690af2154a4a99d39b652c25d53f1ebee0b653ec744b"], 0x68)
socketpair$unix(0x1, 0x4, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = creat(&(0x7f00000002c0)='./file0\x00', 0x400020015)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000400)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000280), 0x0}, 0x28)
clone(0x3ffd, 0x0, 0xfffffffffffffffe, &(0x7f00000000c0), 0xffffffffffffffff)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x2400, 0x1)
ioctl$KDGKBMODE(0xffffffffffffffff, 0x4b44, &(0x7f0000000440))
getsockopt$inet_sctp_SCTP_DELAYED_SACK(r4, 0x84, 0x10, &(0x7f0000000180)=@assoc_value={0x0, 0x1}, &(0x7f00000001c0)=0x8)
mount(&(0x7f0000000100)=@nbd={'/dev/nbd', 0xffffffffffffffff, 0xedc000000000}, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='cgroup\x00', 0x0, 0x0)
futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
pipe2(&(0x7f0000000200), 0x4000)
futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, 0x0, &(0x7f0000048000), 0x0)
futex(0x0, 0xc, 0x0, 0x0, &(0x7f0000048000), 0x0)
ioctl$KVM_GET_API_VERSION(r4, 0xae00, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x0, 0x0)
exit(0x0)
prlimit64(0x0, 0x0, &(0x7f0000000040), &(0x7f0000000240))
lstat(&(0x7f0000000300)='./file0\x00', 0x0)
shutdown(0xffffffffffffffff, 0x0)
r5 = gettid()
ioctl$BLKROSET(r1, 0x125d, &(0x7f0000000040)=0x5)
clock_gettime(0x0, &(0x7f0000000340)={<r6=>0x0, <r7=>0x0})
timer_settime(r0, 0x1, &(0x7f0000000300)={{0x0, 0x989680}, {r6, r7+10000000}}, 0x0)
tkill(r5, 0x14)

21:48:00 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0xffffff9e}, 0x0)

21:48:00 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x800000000000000}, 0x1c)

21:48:00 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0xf0ffffff}, 0x0)

21:48:00 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0xfffffff0}, 0x0)

21:48:00 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0xfffff000}, 0x0)

21:48:00 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x900000000000000}, 0x1c)

21:48:01 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
r1 = shmget$private(0x0, 0x3000, 0x2, &(0x7f0000ffd000/0x3000)=nil)
shmat(r1, &(0x7f0000ffe000/0x1000)=nil, 0x1000)
r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cachefiles\x00', 0x80, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r2, 0xc08c5336, &(0x7f0000000080)={0xff, 0x1, 0x3, 'queue1\x00', 0x8})
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)

[ 2009.325202][T12103] IPVS: ftp: loaded support on port[0] = 21
21:48:01 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x98\x00'}, &(0x7f0000000300)=0x54)

21:48:01 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x3000000000000}, 0x0)

21:48:01 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0xffffff7f}, 0x0)

21:48:01 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0xa00000000000000}, 0x1c)

21:48:01 executing program 3:
r0 = epoll_create1(0x0)
r1 = epoll_create1(0x0)
close(r0)
syz_open_dev$vbi(&(0x7f0000000040)='/dev/vbi#\x00', 0xffffffffffffffff, 0x2)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0))

21:48:01 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0xffffff9e}, 0x0)

21:48:01 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x40030000000000}, 0x0)

[ 2009.606076][T12162] IPVS: ftp: loaded support on port[0] = 21
21:48:01 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x1000000000000000}, 0x1c)

21:48:01 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0xf0ffffffffffff}, 0x0)

21:48:01 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0xfffffff0}, 0x0)

21:48:01 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000080)={0x0, 'veth0_to_bridge\x00'}, 0x18)
ioctl(r0, 0x800000000008982, &(0x7f0000000080))
openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-monitor\x00', 0x4000, 0x0)
r1 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x200, 0x189100)
ioctl$PPPIOCGIDLE(r1, 0x8010743f, &(0x7f0000000040))

[ 2010.234457][T12162] IPVS: ftp: loaded support on port[0] = 21
21:48:02 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x3000000000000}, 0x0)

21:48:02 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x01\x9c\x00'}, &(0x7f0000000300)=0x54)

21:48:02 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x2001001000000000}, 0x1c)

21:48:02 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x100000000000000}, 0x0)

21:48:02 executing program 3:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuacct.stat\x00', 0x0, 0x0)
ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f0000000580)={0xb, @raw_data="03224e03bc6157f809f6eadca894072dd53e6f8bcb8711b31de6275802751174b24c38de509d31d5224fcf7176eab6e5ec2f83f95f6801355f2d4ccc7f863bae81a2bab3d79bbd80f35e2872ca4cf50b4c5a9b3651ed13c59ee9a2b79123233809b861d238c3f45db60e506259bad64dcb61d0f92ed5ad9fd8c147a5234a4953aeb0c58bbc9be9e397f8090343deb24347ee49003e0ff78534dd429241c1ac5bc600a2e896dfffd3a196beaf7a6dac2989a1a8ebefdc57b899e5d61953c20fd72e119472ab24883e"})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000dc9ff0)={0x2, 0x4e20}, 0x10)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='lo\x00', 0x10)
setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000000000)=0x8080000000, 0x4)
setsockopt$ARPT_SO_SET_ADD_COUNTERS(r1, 0x0, 0x61, &(0x7f0000000500)={'filter\x00', 0x4}, 0x68)
socketpair(0x10, 0xe, 0x4000000000000000, &(0x7f0000000280)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = add_key(&(0x7f0000000400)='encrypted\x00', &(0x7f0000000480)={'syz', 0x0}, &(0x7f0000000680)="42fb12690fbf6ff333b2a021ae5648454644f4c0a752bdd6bcf9439b83dff8e5ee761e0a36b0a08cc078c5e8e2bd4bc28dbb2f63879cf4ca145836493746de0f25552c7071f4ab8bb45c9c26156b5e8f985775d586c6c5f6206533269f76e090f482cae67cf6ebb2dbd2f8e7", 0x6c, 0xfffffffffffffffa)
r4 = request_key(&(0x7f0000000a00)='big_key\x00', &(0x7f0000000a40)={'syz', 0x2}, &(0x7f0000000a80)='}\x00', 0xfffffffffffffff9)
keyctl$instantiate_iov(0x14, r3, &(0x7f0000000980)=[{&(0x7f0000000700)="2d8b5d1a205eae32dd102507c631bed6e3403edf2e72d720ac52f46eb5d3419159982e70a36627c94c2eb3a13d6d46977cffb09459dcd152a27c274db1ee06773afa6c5813f8386edb17a5a657340f659ff8b698839ebe6a89cb8ec3da219984bd7f2839c882973ff694bf945cc3ff51a87e9ca691", 0x75}, {&(0x7f0000000780)="65b8fc7b88109ea5fae40d98eccd449db732053c41a276d3986e6a335a474718533de9f520acbcaea56e2de118069657d93347eaf7d77c3f289fea05d1b3d70ce772077958b6beb77951e78bb7c21df47881a4d11a02c961d57dd44066f96679987e6262da2aae0d8d25921b332ed2c1bbd417195259d9466043823faa18425f8ab4afbbedd41306861ba44cbcbdb90bf3e7927b77633504a34b27b7033b81bc0c6f10c91817d8240fd2d359b49f5c3d3a98f5406e42538a9a234b589a23", 0xbe}, {&(0x7f00000004c0)="51c36c7e24", 0x5}, {&(0x7f0000000840)="7aeb25fd63cee79dec15fbe8161b2b4d7a182a39c94b24e326322678b3e78479f8918c55d87af21ac6c8a2fbb1ee4f95ea5ad10680f02d47a8e5fb3233bc0d6cb12a9a1bd33564490ec5b62b93c8d970421dae852b50014a08a39e4c6a4a71f6c318a52ab5c222242f26aa377592f9a6f69caee0747265f04e562136153b05d17cfbb2", 0x83}, {&(0x7f0000000900)="8f9c3b0eec6786abf145e0dd874606283b2345823b9a68fbb560590bb567d23c628c028e21d2cd5d60aeaed4e864787516b67c7c69d72915d28afcc661388f07b97e95eb605b7a948bcc6efe62977e4a753a576f2f6f42778d3aec826d951361d7e87ce00575a3cc34c136e73fb74437b3b30f1fbc056463b8", 0x79}], 0x5, r4)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0)
sendto$inet(r1, 0x0, 0x0, 0x20000000, &(0x7f0000000080)={0x2, 0x4e20}, 0x10)
setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x9c)
getsockopt$sock_timeval(r2, 0x1, 0x14, &(0x7f0000000200), &(0x7f0000000440)=0x10)
getpeername$inet(0xffffffffffffffff, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000000240)={<r5=>0x0, 0x9, 0x0, 0x5, 0x6}, &(0x7f0000000280)=0x18)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f00000002c0)={0x7ff, 0x0, 0xffff, 0xa05, r5}, &(0x7f0000000340)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000040)={0x2, [0x0, <r6=>0x0]}, &(0x7f0000000080)=0xc)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f00000000c0)={0xffffffffffffffff, 0x200, 0x5, 0x161beb2e, r6}, &(0x7f0000000100)=0x10)
ioctl$RTC_ALM_SET(r0, 0x40247007, &(0x7f00000003c0)={0x19, 0x29, 0x16, 0xc, 0x5, 0x100, 0x1, 0x126, 0xffffffffffffffff})
r7 = socket$inet6(0xa, 0x1, 0x8010000000000084)
ioctl$sock_inet_SIOCGIFPFLAGS(r0, 0x8935, &(0x7f0000000380)={'\x00', 0xc5d832e})
sendmmsg$inet_sctp(r7, &(0x7f0000001cc0)=[{&(0x7f0000000300)=@in={0x2, 0x4e24, @local}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000200)="b1", 0x1}, {0x0}], 0x2}], 0x1, 0x0)

21:48:02 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000080)={0x6, &(0x7f0000000040)=[{0x101, 0x55, 0x5, 0xffffffff}, {0x0, 0x5, 0xb78, 0x10000}, {0x4, 0xffffffffffffff01, 0x3f}, {0x2, 0xfc9, 0x1b, 0x2}, {0x100000001, 0x3, 0x60, 0x3}, {0x3, 0x1f, 0x3, 0x80}]}, 0x10)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='projid_map\x00')
ioctl$SIOCAX25CTLCON(r1, 0x89e8, &(0x7f0000000100)={@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x3, 0x4, 0x4, [@default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null]})
syz_emit_ethernet(0x83, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd601bfc97004d8800fe800000000000000000000000000000ff02000000000000000000000000000100004e20004d9078e29607149378d33e1db1c73936c77aa3f7fac33b842bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"], 0x0)

21:48:02 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x40030000000000}, 0x0)

21:48:02 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x200000000000000}, 0x0)

21:48:02 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0xf0ffffffffffff}, 0x0)

[ 2010.637293][T12208] IPVS: ftp: loaded support on port[0] = 21
21:48:02 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x3f00000000000000}, 0x1c)

21:48:02 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x300000000000000}, 0x0)

21:48:02 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x100000000000000}, 0x0)

21:48:02 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4000000000000000}, 0x1c)

[ 2011.228001][T12208] IPVS: ftp: loaded support on port[0] = 21
[ 2011.246325][    C1] net_ratelimit: 24 callbacks suppressed
[ 2011.246333][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2011.246384][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 2011.252101][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 2011.252222][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2011.258182][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 2011.263842][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 2011.269761][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 2011.275574][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2011.281403][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 2011.287085][    C1] protocol 88fb is buggy, dev hsr_slave_1
21:48:03 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\xc1\x00'}, &(0x7f0000000300)=0x54)

21:48:03 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x400000000000000}, 0x0)

21:48:03 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x200000000000000}, 0x0)

21:48:03 executing program 3:
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f00000040c0), 0x1000)
r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vsock\x00', 0x2, 0x0)
epoll_pwait(r1, &(0x7f00000000c0)=[{}, {}, {}, {}, {}], 0x5, 0x13, &(0x7f00000001c0)={0x8000}, 0x8)
read$FUSE(r0, &(0x7f0000003000), 0x1000)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@known='trusted.overlay.impure\x00', 0x0, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000140)="0adc1f023c123f3188a070")
ioctl$EXT4_IOC_PRECACHE_EXTENTS(r0, 0x6612)
unshare(0x0)
write$FUSE_IOCTL(r0, &(0x7f0000000200)={0x20, 0x0, 0x2, {0x7}}, 0x20)
write$FUSE_GETXATTR(r0, &(0x7f00000002c0)={0x18, 0x0, 0x4}, 0x18)

21:48:03 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x7800000000000000}, 0x1c)

21:48:03 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x20d9e2e672d31e3, 0x0, 0x36e}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaa8799b830412e08d1aaaaaaaaaaaaaa86dd601bfc97004d8800fe800000000000000000000000000000ff02000000000000000000000000000100004e20004d9078e29607149378d33e1db1c73936c77aa3f7fac33b89685546a495e0a3db68730dcc01042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d02cafff87429e50b32881721afab69cc3712c37ed0c94f1bf5f49c8c29b9ae376849040babbbc80ba303f34425ebda0d8a82557a3b0df34d87757d20666bc89510acde004ec2cf90910e920698a84d235f40b6b518e628ecec5346ae5ddc"], 0x0)
listxattr(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)=""/251, 0xfb)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/ip6_tables_matches\x00')
write$P9_RUNLINKAT(r1, &(0x7f0000000080)={0x7, 0x4d, 0x1}, 0x7)

21:48:03 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x800000000000000}, 0x0)

21:48:03 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0xfc00000000000000}, 0x1c)

[ 2011.691867][T12253] IPVS: ftp: loaded support on port[0] = 21
21:48:03 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x400000, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r1, 0x4068aea3, &(0x7f0000000080)={0x7b, 0x0, [0x1c, 0x100, 0x7, 0x7f7]})
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)

21:48:03 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x300000000000000}, 0x0)

21:48:03 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0xa00000000000000}, 0x0)

21:48:03 executing program 3:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x401, 0x400000)
setsockopt$inet_sctp6_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000380)=@int=0x2, 0x4)
socket$nl_xfrm(0x11, 0x3, 0x6)
r1 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ptype\x00')
setxattr$security_capability(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)='security.capability\x00', &(0x7f0000000300)=@v2={0x2000000, [{0x4, 0x2}, {0x8, 0x9}]}, 0x14, 0x2)
fsetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
getsockname(0xffffffffffffffff, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f0000000140)={<r2=>0x0, @in6={{0xa, 0x4e21, 0x6, @mcast1}}, [0x4, 0x2, 0x1, 0x9, 0x6, 0x0, 0xd5, 0x7, 0x1, 0xfffffffffffffffa, 0xb723, 0x8, 0x80, 0x8, 0x1000]}, &(0x7f0000000000)=0x100)
getsockopt$inet_sctp_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000340)=@assoc_value={r2, 0x4ae0}, &(0x7f0000000080)=0x8)
sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, &(0x7f0000000080)}, 0x0)
preadv(r1, &(0x7f00000017c0), 0x1fe, 0x400000000000)
mmap$binder(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1000002, 0x10, r1, 0x0)
unlink(0x0)

[ 2012.321499][T12253] IPVS: ftp: loaded support on port[0] = 21
21:48:04 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x02\xc6\x00'}, &(0x7f0000000300)=0x54)

21:48:04 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x400000000000000}, 0x0)

21:48:04 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0xfe80000000000000}, 0x1c)

21:48:04 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0xe00000000000000}, 0x0)

21:48:04 executing program 3:
socket$netlink(0x10, 0x3, 0x0)

21:48:04 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0xf00000000000000}, 0x0)

21:48:04 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x800000000000000}, 0x0)

21:48:04 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x10000000004e22, 0x0, @empty, 0xffffffffffffffff}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
getsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000040), &(0x7f0000000080)=0x4)
syz_emit_ethernet(0x4, &(0x7f0000000200)=ANY=[@ANYRES16=r0, @ANYPTR=&(0x7f0000000140)=ANY=[@ANYRES32=r0, @ANYRESDEC=r0], @ANYRESDEC=r0, @ANYRESDEC=r0], 0x0)

[ 2012.724282][T12294] IPVS: ftp: loaded support on port[0] = 21
21:48:04 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0xfec0000000000000}, 0x1c)

21:48:04 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ffb000/0x2000)=nil)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000080)=""/19)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r2, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r4 = getpid()
write$FUSE_LK(r3, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r4}}}, 0x28)
ioctl$BLKTRACESTOP(r3, 0x1275, 0x0)
r5 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r5, 0x3a)
r6 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r3, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r6, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:04 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x1000000000000000}, 0x0)

21:48:04 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0xa00000000000000}, 0x0)

[ 2012.939908][T12306] binder: 12305 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2012.939992][T12306] binder: 12305:12306 ioctl c018620c 20000200 returned -22
[ 2013.004424][T12315] binder: 12313 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2013.004488][T12315] binder: 12313:12315 ioctl c018620c 20000200 returned -22
[ 2013.351939][T12294] IPVS: ftp: loaded support on port[0] = 21
21:48:05 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x01\xc8\x00'}, &(0x7f0000000300)=0x54)

21:48:05 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0xff00000000000000}, 0x1c)

21:48:05 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ffb000/0x2000)=nil)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000080)=""/19)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r2, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r4 = getpid()
write$FUSE_LK(r3, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r4}}}, 0x28)
ioctl$BLKTRACESTOP(r3, 0x1275, 0x0)
r5 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r5, 0x3a)
r6 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r3, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r6, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:05 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x6000000000000000}, 0x0)

21:48:05 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0xe00000000000000}, 0x0)

21:48:05 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x8c1b000000000000}, 0x0)

21:48:05 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0xffffffff00000000}, 0x1c)

[ 2013.710696][T12335] IPVS: ftp: loaded support on port[0] = 21
[ 2013.718281][T12329] binder: 12322 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2013.718314][T12329] binder: 12322:12329 ioctl c018620c 20000200 returned -22
21:48:05 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x1, &(0x7f0000000280)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd601bfc97004d8800fe800000000000000000000000000000ff02000000000000000000000000000100004e20004d9078e29607149378d33e1db1c7394dc77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"], 0x0)

21:48:05 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0xf00000000000000}, 0x0)

21:48:05 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x9effffff00000000}, 0x0)

21:48:05 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x1000000000000000}, 0x0)

21:48:05 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ffb000/0x2000)=nil)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000080)=""/19)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r2, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r4 = getpid()
write$FUSE_LK(r3, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r4}}}, 0x28)
ioctl$BLKTRACESTOP(r3, 0x1275, 0x0)
r5 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r5, 0x3a)
r6 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r3, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r6, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

[ 2014.119044][T12359] binder: 12358 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2014.119098][T12359] binder: 12358:12359 ioctl c018620c 20000200 returned -22
[ 2014.367704][T12335] IPVS: ftp: loaded support on port[0] = 21
21:48:06 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0xf0ffffff00000000}, 0x0)

21:48:06 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x2}, 0x1c)

21:48:06 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x6000000000000000}, 0x0)

21:48:06 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x03\xf2\x00'}, &(0x7f0000000300)=0x54)

21:48:06 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ffb000/0x2000)=nil)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000080)=""/19)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r2, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r4 = getpid()
write$FUSE_LK(r3, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r4}}}, 0x28)
ioctl$BLKTRACESTOP(r3, 0x1275, 0x0)
r5 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r5, 0x3a)
r6 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r3, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r6, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:06 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
sendto$inet6(r0, &(0x7f0000000400)="c9591c7db7eb56020da7781a2abb3e57daab60f26c4a10c797a10feffb10939bed593f85880fd6e413272d035b7f35a49fcefddf3d1d392c7a8c6fbed9b3ef72144ad79b7407598a7c2b030382367c68e33eb6fd46ea1dccbe7eebc024edb6119243182c7913f2bcac302383084bb3be51398d444b7801a9fdbb30e80ec668097fd9ec3d39ca83a3e918258d9b0e997f528f0b8086096f0b588035f6d18884ed7b767da5e9fb193f3104dfa2d328908eafba34b4c52d4e71a9eef3a96131f3161514e25fcecae7b891a8e2e57aae8275a23a482ed960e089e453c96d21edcda2b421ffee95de0fb662c71494c854430387adca06f50b3b4c391648829e7af47cf8c9591eaadef64a6e865507634a37c27ff313cab420345b0db8624025cdbe329b00973b00f7cc6642d2ae023c828610bc53c4071a99bcb4e562eafd94ec8ec7ab37774b039d5ef0e1937397aac6aaf9701dd340f1baacef6a20076c7690037ea87fe38b508d997aa9a5c87a7b478583e29144d462a20ecd75de457e27aae8b3005993f5563cea222d2366ddf266f588838b80d168df271e4032570cb9a92cd1083cf93a727641367d6be55abec31055671ea74689e5b4a094264a6fc76e3af4af60dd19b09353362b54ec18484ee055adb1b98f36657585c3b4c5b92b0ec21034790216399312db357e406a2f1f08f296da3c6c6eb39b2cac1342c4bd6a694f32df20ef524a96b695eae970bd1414b54cc874dca33138d0d110614a48bb49d492cbd13603c4918563c79fbf07ee65c35fa1cadfb23c73af9f7acf5c17d18cb9de2bcc48aaaea192cd5f303e8eaa30c13809538b15074aa47c98dbc8dbd1b873538c9b8b2b48bdb997e23b3127b5e8dd29097250d66154301bb995c38a0ee272dc2117cce3388722f5a3e2a0fe5c4f8882fd39d013906865af9de14091e2d909d35b26f5d8c269a44a4435da433512100fbf3a40258f43ffb5692c0a4774d4a3987f4a205a7ca160d1b7a952bb7b2d8b2e3da52892b13c50f25c3cfadfb057602e9aeef25ab9085f9de84260c7c48d14a03ffa8920a89e6b5b6a7412f2b30c84691380256787f2cc318bb615ed4ef919096693e61da0bc40a488934aa1b12b29c92f2743a78beaca78b4f5dbf8cb30eb0fdafaab97e34d75d92d34c1acd4901ae55e8f60bdc2f2d576b30e97b15bd41467a832c253e6fadba916e2cfb98226298b9228fd6a0c51b82bd19f3e1212933766665650ab60a3cb72f92361ffe6e884ddc0447248a2c79603cabcd245111e9ec5a1293265a0ed6c85dfa0768d8c24fac0fa493d6e72804af822358c063bdb4927a79b17b084b2d4c551b1ac6b46b4ba8ff34b8acdbe0aeca57de3a751ccf8b734dd53adc26849173f1635d1fda42f2de5c133fc657cd46a74593a2e60d439daebae6b56d281d84991f5f4fb0af4959651997a6dff62de1cd741c432d5030973a2105a090b1b2887f27bfb7e842743a97ae77f447a70d7e89491a1db988206d8da82be5ea81c10ad7f3e6e21e9bbdb646511f1333eaabf83f41a9763e0b5c727f422cbfd1458ef9ee9b978cc021aaa07f38797850dea9c90c59287a0e3cd3773f1ff6fcb2fa3dc23c98c1ce8f95be72603389c5a143de6079211b92a4f64aa4725a8a0f7aebb516610d227d4a4d1cafdca92ead4e00732bbccb51e2e20bd4d5c0414865e44b817fce3d4ea105dbeae2ed5c232c6606d3e49b60082d9625324ddc4024321eb21ef26a53b406eb6333fd4d84ca937e64a8b3ebb21b7332d4c2db12b1e92468ccee183075699cb1039de0c3512a444193c26228dc6cf38311c04a5558bd99ffd42629485034b0ca7aaa6a2f3ed30b485ad7cf93e9cceb7f9b1b271e6200f11f5b6c1c945d08c808cefe33572c9751817b17bae96c19f35e577cf7ba4609b12dcdd151bed692c8917ed3a303a744832850724202aa0ce651bfb34b46d876eb425c92a411859dc29520ff701a2194316561a6e55d8bf6715b32a47f601fde3333d62b3bf34c6d366fee07e8fa6b5095dbaa090c81a1f6ad82f79e531a5fc543dbadbe2dbd1af84d7b147e7d9ee2c11f16a967042ce8312fc22f1f615942c12de270338b042d96282bf4ad7029e09748bc3b3b8f2f0610d857fd5d20576027e0fd8d3b7111d5b9744c05246eeac745b00b80d18daa53ce29f06ec8305b3d12a54c8cb10ec743f733a7fe5d79499a016a75e072f071169ab9dd99f61db7f479af31dcfc5bb10746dcb5c28df9733191c758eca2135227fffed55c5cacee4de20479af0fa0ca38abda9297b0e21151fcd9b74baf9ed5cb29c028c2060dc40957e534ead8e179c251e538c5ea4ae9bedcbe824fdb2bfd3ba3474ab59e8d2836177ec3267c7ed9346e051d08f8fad08f23122ddfde5a7dacb2ab31cc60772b171b31db6a93f7a8192ec6cf3d980d8b93d816128576ba76e584f68a5e9bad8d85df7419447ba39ceeb6b0c570a17f94d3186271b0d0acac2fc03b1e66991fdaa3e002347151ac9c51836b15749d29c9760d65e160b8e83c63c8ab8020eae4a0233d29fb8d009fcae8f4c405eb51a58c7e6988ac10714c6edf718d58ea3c39b96ddc102c94d2dd54352d761d118743a27297f803da90d80ddc7a79b188ada0ab6c660a943704e288bbb4a102733d200e088223984c11288d373c3eec62e2163adefbfcaddd64f7ff0a8be44ac33c254ca71490401cba6ccb46bdd17053fd08bceabffc19fe5c6f8905f3ac1648e8e5a9bf97a8f9dae155daf327cc6c9a00a340da3050d00f318d310065541a056f642e7f9a43824dbca691a50f70767288ded6028f1a72b529984014a81a2779cea5df21c744e5b039c92f835001f369f0018f73165c489cecd3e919563029264f937b2b39cbac4d8dd34e92ff1652a3c7b7798eb9e9139f8e75f334b143cffe9e79d7714243d352912d77fc18c6f3254caaf84dac4bf8df9b757a04f79d72065a562a40b6985b581401e3750d85736a31dea3ca5385754f4ba2bdc750b67ed5f79867e11c619b65c4bf3656e5b51fcaa3986d20adceb0494ad87c747ae42d49ec2ba04c3961dd20dde60e89b4598e30d0e419b646466d4c687b74021363a40e4d703a4eb208d8bc01be9778f4d90872f5d7239bb40147f98bbb9e86cdca641d7c12053db3e7ac8f9e07585ad08e161013337d7664df2e5b3f2668f39a483660cd728da2b1116a4de116c3e35bf2dfb5f6e6ebf6a09a7b623f12fd9d987d1aec64c080b285443c16e76a70abb487fc89ad7aba965d1526303525fc6d69ce53eaa1534b51a4dc6e9a5a055b883b4b925bac2c0fb6f55b884f063e0c3ebcde479494d18e00a01e0cc97c47a53a4015f41b26350a1a52eb09acf4b05376d022fa10940b54a13044e62e2788168672d0e769caa7cb951b17fe9bf58fa83b2afb9061702006d6a949df2195b9b7edf1d3ce697395997c6c65f6bffe221b3c0fd16b05847366b1ae4a20fe247647ee8bd4fc41aee8dc9059464fed9e9a7a5c29f74c35a303dfb5bf5c4d692208f2dac5ba3d4623b6e0f12a61c501779d11e44f1b5142455fda8216b4ebd8c7fa6d16d51a9c23697a6d3d9ecb0fc6bd6a1cc79f623bc89ba0a6739faa655cc81a062569f5072b9fa59ac11355437da4287ad5ffce9d6bfdcbfa44d9df62d2d6d6db0bedd040ecb98755ca7c179188229a19f39252b551017b5dc70bdb1bc20825b16c40a04837a62454946ce8aaf99d6550fb7a693c43aea15043d60f2887704343528d22d6c1c80d8a1e8a53e474942abcd7ca32cf85d3a2190dd8ee7a9fb97d8bb0f21e10ed1c686db32292297aa70fceaf7b63ea28cf9de64004b7be1ab1d19728b1734bace4284dca3713997c90d23d98a50abae3da16d9f901e4bc049cd4e1600139c1efde00248d746fa59831ae7d6dbee3041971d4032a52f78292f78626d64dcd5c22366f0610d873f154543c0c808a7918d99393c91f467787118544d3119097e5319fcf3c6a84d793e11856a0d3ffce02733da4d35eb8bfd4e184fc734b6405eea09f6b425f23f83a92094fda654424410e5f473a16ebd65572aef67d75e66208bc47ed61fe51774d4ad505c359d95b9cacf826e6d9e8990f92640e01058366f2d9be5937bd590c4f5dbd7cb0ad20e11d8825136f3eeae8ee3e89efa2f8136c8e6ba1d3690e69613d70cdc5bc389f39b2b5ce9a791dc12f5b95b24c4a0eb57f8f005dc9b8492b0e54b2cb1548775bbb83dfa838d97e0f2d41b104b768a0698c64858b95abe5010080b19435100c5ba1ab321fd4e6cdd753813b51e98c6f417d4c77bf0b406f8059b770c512b226a7a8d2d0a59d10b46b097215ca9c2a986586bab7c270341265865525bbffa10d18dcdd88357f74ebb6d240c5ea0b21669e2d14362a2e960db07db15c7e96e0c256b55833f079fd59041fd1029c7666af7fd057aa78bc84c8e1fbad12dccbbe0ce8222aa45cee60f198c6c40554eb3b2d4ed0773c4292f7fa3f2c06a3badee400d410c2e0a5a8ae019ccbdf263488789e8d61cdd71f8aeddb467c7100d8a3e3454ac8cd9fe70f9a64e9753345a68f21fcd8e77158ea133ee6067c28e90b0337b467f1b32db1be1d8e584395d4f61e77d59a327d5bed324753d1e3a1e5ebc18f22d33912482794a384d38b904a3f1ff6022a7c8eb7aa8d98095ff0de283b109907d32ba60c15a54b55274e6469526c4b73a9f355b708e35757d8048612f80834cfa3106a94ceac693607119ae1fa9d5fa246eaccab985a0cf95b5c6a72646778e0499246960a2d48f9054310b8d2956d2e8fa2d78e93069ad5dd0574253ea906f12888b9fb4e31dbdb40690d2257bfed5ea4cd53ca639948e5d93cb7ec6c05bf3afb5153b4d125e1a0aa140d9ba03e1a4816c2b1624bf7f7c209c75de8660efdbcb2ce602d1e4991c9b1abff2ff75629d9a74385057d48fdfbdc26c0084b69d90b487584698fd0ed177f161e8cf71c18cb2b6adb6176e96b768a97a14341b6cb98c6a7baa26f4c61324cb0223bd59eb9928f61a4c41b90930cf6110c5e0feb58954bdd324d42239b6938bb968074851f4e87523bf3d5cdee76637c013f8eaad3a72f3dc2fdefd261667519b58aca50a8ae5c17a5e62a7a917a4697d33f270aa9bb53e22cdc807f27d44cdc87cc6bf0c6ca6d9619f5a14a9cd942bcc3d5db94cc14d762838d2bb3bb05df4f1b4ec159316c77d3408c6b72443161958eb921f8cd062b72458949e8750fb81a02a1e78d6c5d581f877dd37723a21e6b608c22910070fd6ef6b1ec49510be1dac9fa5edcbe6d9d0a78e8d9a31273b56ebecbfbb56301fbd1e7d1f3de4a96b2a02c24e3869717dbcfb1d6fc77cb2c3385c9d95bdb1cfcdbee4b811a24faf83269bde5dbca45490a948eda2d4d17b7becdc0fadfb8d3f46b5d018bc3b5f58c822956a2dd31d8317cbd361c607109a1d561a49193ac3987403a8fedb1e35c46b9f951074e06806dd9ac99a0303736334a16ffa14c49838bd76e5fdd8ade0f6505d6d2025f2d1cc427e2a9c75a188887d52b04c2dd0508a9e603a22f9aecafb417b7261632170876082d198c60730b930a55520346f628e48cd2781f28d4b85b52fc87895671ab03e0f81dede346e1c05c229c6709607da5efaea581ab2c6028e53f2443219fbf9023d4fd99b8771f2e015600089355cdd6f64705b71aa57e52ecc281167bd90407df5fac5b6b3cc423c36a8c982aa2b192692f74830cee18753041117a17762323bf9d50977911f6f4bf905223e4c97708177ab19d13cf0", 0x1000, 0x800, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, 0x1c)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)

21:48:06 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0xffffff7f00000000}, 0x0)

21:48:06 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x7c20000000000000}, 0x0)

[ 2014.747301][T12376] binder: 12368 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2014.747315][T12376] binder: 12368:12376 ioctl c018620c 20000200 returned -22
[ 2014.782944][T12375] IPVS: ftp: loaded support on port[0] = 21
21:48:06 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x3}, 0x1c)

21:48:06 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ffb000/0x2000)=nil)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000080)=""/19)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r2, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r4 = getpid()
write$FUSE_LK(r3, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r4}}}, 0x28)
ioctl$BLKTRACESTOP(r3, 0x1275, 0x0)
r5 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r5, 0x3a)
r6 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r3, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r6, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})

21:48:06 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0xfffffffffffff000}, 0x0)

21:48:06 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x9effffff00000000}, 0x0)

21:48:07 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x4}, 0x1c)

[ 2015.105314][T12391] binder: 12390 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2015.105333][T12391] binder: 12390:12391 ioctl c018620c 20000200 returned -22
21:48:07 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0xf0ffffff00000000}, 0x0)

21:48:07 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ffb000/0x2000)=nil)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000080)=""/19)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r2, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r4 = getpid()
write$FUSE_LK(r3, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r4}}}, 0x28)
ioctl$BLKTRACESTOP(r3, 0x1275, 0x0)
r5 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r5, 0x3a)
r6 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r3, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r6, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})

[ 2015.372697][T12406] binder: 12405 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2015.372732][T12406] binder: 12405:12406 ioctl c018620c 20000200 returned -22
[ 2015.589963][T12375] IPVS: ftp: loaded support on port[0] = 21
21:48:07 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x01\xfe\x00'}, &(0x7f0000000300)=0x54)

21:48:07 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x2}, 0x0)

21:48:07 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0xffffff7f00000000}, 0x0)

21:48:07 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x5}, 0x1c)

21:48:07 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ffb000/0x2000)=nil)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000080)=""/19)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r2, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r4 = getpid()
write$FUSE_LK(r3, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r4}}}, 0x28)
ioctl$BLKTRACESTOP(r3, 0x1275, 0x0)
r5 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r5, 0x3a)
r6 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r3, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r6, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})

21:48:07 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000100)='/dev/full\x00', 0x800, 0x0)
ioctl$VHOST_SET_LOG_BASE(r1, 0x4008af04, &(0x7f0000000180)=&(0x7f0000000140))
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='environ\x00')
setsockopt$bt_BT_VOICE(r2, 0x112, 0xb, &(0x7f0000000080)=0x63, 0x2)
recvmmsg(r0, &(0x7f00000000c0)=[{{0x0, 0x0, 0x0, 0xfffffe37}}], 0x1, 0x40000040, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)

21:48:07 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0xfffffffffffff000}, 0x0)

21:48:07 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x3}, 0x0)

[ 2015.894509][T12423] IPVS: ftp: loaded support on port[0] = 21
21:48:07 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x6}, 0x1c)

21:48:07 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
clock_gettime(0x0, &(0x7f0000000040)={<r1=>0x0, <r2=>0x0})
nanosleep(&(0x7f0000000080)={r1, r2+10000000}, &(0x7f00000000c0))

[ 2015.932718][T12425] binder: 12414 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2015.935426][T12425] binder: 12414:12425 ioctl c018620c 20000200 returned -22
21:48:08 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0)

21:48:08 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x2}, 0x0)

[ 2016.456945][T12423] IPVS: ftp: loaded support on port[0] = 21
21:48:08 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x02\x00'}, &(0x7f0000000300)=0x54)

21:48:08 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ffb000/0x2000)=nil)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000080)=""/19)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r2, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r4 = getpid()
write$FUSE_LK(r3, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r4}}}, 0x28)
ioctl$BLKTRACESTOP(r3, 0x1275, 0x0)
r5 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r5, 0x3a)
r6 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r3, 0x40047452, &(0x7f00000001c0))
ioctl$BINDER_WRITE_READ(r6, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:08 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x8}, 0x0)

21:48:08 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x7}, 0x1c)

21:48:08 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x3}, 0x0)

21:48:08 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0xa}, 0x0)

21:48:08 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x4}, 0x0)

[ 2016.817132][T12458] binder: 12456 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2016.817181][T12458] binder: 12456:12458 ioctl c018620c 20000200 returned -22
[ 2016.831030][T12462] IPVS: ftp: loaded support on port[0] = 21
21:48:08 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x8}, 0x1c)

21:48:08 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ffb000/0x2000)=nil)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000080)=""/19)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r2, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r4 = getpid()
write$FUSE_LK(r3, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r4}}}, 0x28)
ioctl$BLKTRACESTOP(r3, 0x1275, 0x0)
r5 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r5, 0x3a)
r6 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r6, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:09 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x8b, &(0x7f0000000400)={@broadcast, @local, [{[{0x9100, 0x4, 0x800000006, 0x2}], {0x8100, 0x7ff, 0x3ff, 0x40000002}}], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000200)=ANY=[@ANYRES32=<r1=>0x0, @ANYBLOB="ee0000003263bbe93f02cfef60dc4ae5d1b2b2eace3ef0867d02adb4bf99446dc47f5b2e5a904ffd7edb486f2a762194d737cfe7d2c94c151d4c245ba36c361396ee6dff87b7ba31f38df3f7a24e8e643e03c7c3dc60c741586f019b1f0ad580a209036e0a0cd440b17f71092b65f3cd0da1dd8df898ab100a327041290539b402642cc382279e97da40b8e6d2fc2465d1f486471df771528b3ce18e058d8233db879cc1e71dd4a76caa59c509c41185cf352a9eba46e7c4604593840a477228043fa576fff07e61163aa6d3edca50213b5d92f25d776906cf4975712d80d4f25817383ba8c0fb97b49c5e77b8bd35bf04370992f54d5b5388adba0c454d19fc52eb6d592f049b1b6cc0d607a10eefe293f337bfc0d6a0bcf4716e063cca40c30000000000000000"], &(0x7f0000000140)=0xf6)
getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000180)={r1, 0x5}, &(0x7f00000001c0)=0x8)

21:48:09 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0xe}, 0x0)

21:48:09 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x8}, 0x0)

[ 2017.119388][T12480] binder: 12479 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2017.119465][T12480] binder: 12479:12480 ioctl c018620c 20000200 returned -22
[ 2017.425827][T12462] IPVS: ftp: loaded support on port[0] = 21
[ 2017.486301][    C1] net_ratelimit: 23 callbacks suppressed
[ 2017.486310][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2017.486352][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 2017.492046][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 2017.492162][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2017.497867][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 2017.503571][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 2017.509374][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 2017.515068][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2017.520747][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 2017.526480][    C1] protocol 88fb is buggy, dev hsr_slave_1
21:48:09 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x04\x00'}, &(0x7f0000000300)=0x54)

21:48:09 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x9}, 0x1c)

21:48:09 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ffb000/0x2000)=nil)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000080)=""/19)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r2, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r4 = getpid()
write$FUSE_LK(r3, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r4}}}, 0x28)
ioctl$BLKTRACESTOP(r3, 0x1275, 0x0)
r5 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r5, 0x3a)
r6 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r6, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:09 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0xf}, 0x0)

21:48:09 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0xa}, 0x0)

21:48:09 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x0)

21:48:09 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0xe}, 0x0)

21:48:09 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0xa}, 0x1c)

21:48:09 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ffb000/0x2000)=nil)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000080)=""/19)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r2, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r4 = getpid()
write$FUSE_LK(r3, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r4}}}, 0x28)
ioctl$BLKTRACESTOP(r3, 0x1275, 0x0)
r5 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r5, 0x3a)
r6 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r6, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

[ 2017.802488][T12502] IPVS: ftp: loaded support on port[0] = 21
[ 2017.835467][T12500] binder: 12499:12500 ioctl c018620c 20000200 returned -22
[ 2018.033875][T12517] binder_ioctl_get_node_info_for_ref: 1 callbacks suppressed
[ 2018.033886][T12517] binder: 12510 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2018.033900][T12517] binder: 12510:12517 ioctl c018620c 20000200 returned -22
21:48:10 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0xf}, 0x0)

21:48:10 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x10}, 0x1c)

21:48:10 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x60}, 0x0)

[ 2018.372971][T12502] IPVS: ftp: loaded support on port[0] = 21
21:48:10 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x01\x00'}, &(0x7f0000000300)=0x54)

21:48:10 executing program 5:
r0 = socket$inet6(0xa, 0x2, 0x88)
r1 = syz_open_dev$adsp(&(0x7f00000000c0)='/dev/adsp#\x00', 0x6, 0x210080)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r1, 0x40a85323, &(0x7f0000000100)={{0x7be8, 0x8001}, 'port0\x00', 0x10, 0x20, 0x5, 0x1ad, 0x1, 0x1, 0xd, 0x0, 0x2, 0x27})
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x442800, 0x0)
r2 = syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x7ff, 0x0)
ioctl$CAPI_INSTALLED(r2, 0x80024322)
syz_emit_ethernet(0x83, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd601bfc97004d8800fe800000000000000000000000000000ff02000000000000000000000000000100004e20004d9078e29607149378d33e1db1c73936c77aa3f7fac33b042bd3682368625319b2c0018973d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32883621afab69cc3712c37ed0"], 0x0)

21:48:10 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ffb000/0x2000)=nil)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000080)=""/19)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r2, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r4 = getpid()
write$FUSE_LK(r3, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r4}}}, 0x28)
ioctl$BLKTRACESTOP(r3, 0x1275, 0x0)
r5 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r5, 0x3a)
ioctl$PPPIOCSMRU1(r3, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:10 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x78}, 0x1c)

21:48:10 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0xf0}, 0x0)

21:48:10 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x10}, 0x0)

21:48:10 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x60}, 0x0)

21:48:10 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x300}, 0x0)

21:48:10 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ffb000/0x2000)=nil)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000080)=""/19)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r2, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r4 = getpid()
write$FUSE_LK(r3, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r4}}}, 0x28)
ioctl$BLKTRACESTOP(r3, 0x1275, 0x0)
getpgrp(0xffffffffffffffff)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r3, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

[ 2018.715162][T12542] IPVS: ftp: loaded support on port[0] = 21
21:48:10 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0xfc}, 0x1c)

21:48:10 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0xf0}, 0x0)

21:48:10 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0xa00}, 0x0)

[ 2019.045702][T12563] binder: 12554 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2019.045715][T12563] binder: 12554:12563 ioctl c018620c 20000200 returned -22
[ 2019.424122][T12542] IPVS: ftp: loaded support on port[0] = 21
21:48:11 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x02\x00'}, &(0x7f0000000300)=0x54)

21:48:11 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x300}, 0x1c)

21:48:11 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ffb000/0x2000)=nil)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000080)=""/19)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r2, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r4 = getpid()
write$FUSE_LK(r3, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r4}}}, 0x28)
ioctl$BLKTRACESTOP(r3, 0x1275, 0x0)
getpgrp(0xffffffffffffffff)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r3, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:11 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0xe00}, 0x0)

21:48:11 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x300}, 0x0)

21:48:11 executing program 5:
r0 = syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0x1f, 0x280402)
sendto$inet6(r0, &(0x7f0000000080)="b93db7befb571d0c4efb694f0ad70083e98c251b942cdfc465fe758546d8c8dd294e61f6e78e95cae5e906a1d4f2e7b04bbec98319ac257999d9b20ee754bd", 0x3f, 0x4000814, &(0x7f00000000c0)={0xa, 0x4e23, 0x400, @mcast1, 0x6621}, 0x1c)
r1 = socket$inet6(0xa, 0x80002, 0x88)
clock_gettime(0x0, &(0x7f0000000100)={<r2=>0x0, <r3=>0x0})
ioctl$VIDIOC_PREPARE_BUF(r0, 0xc058565d, &(0x7f0000000140)={0x100000000, 0x9, 0x4, 0x20, {r2, r3/1000+10000}, {0x2, 0x3, 0x2, 0xb9, 0x1ff, 0x7, "d2675977"}, 0x2, 0x4, @userptr=0x77d, 0x4})
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r1, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)

21:48:11 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0xf00}, 0x0)

21:48:11 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0xa00}, 0x0)

21:48:11 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x500}, 0x1c)

[ 2019.859900][T12582] IPVS: ftp: loaded support on port[0] = 21
[ 2019.913502][T12576] syz-executor3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000
21:48:11 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0xe00}, 0x0)

21:48:11 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x1b8c}, 0x0)

[ 2020.082065][T12576] CPU: 0 PID: 12576 Comm: syz-executor3 Not tainted 5.0.0-rc1-next-20190109 #8
[ 2020.091046][T12576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2020.101101][T12576] Call Trace:
[ 2020.104399][T12576]  dump_stack+0x1db/0x2d0
[ 2020.104420][T12576]  ? dump_stack_print_info.cold+0x20/0x20
[ 2020.104442][T12576]  ? check_preemption_disabled+0x48/0x290
[ 2020.114491][T12576]  dump_header+0x1e6/0x116c
[ 2020.114512][T12576]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2020.114527][T12576]  ? perf_trace_lock+0x750/0x750
[ 2020.114542][T12576]  ? print_usage_bug+0xd0/0xd0
[ 2020.114574][T12576]  ? pagefault_out_of_memory+0x1a1/0x1a1
[ 2020.124771][T12576]  ? ___ratelimit+0x37c/0x686
[ 2020.124796][T12576]  ? mark_held_locks+0xb1/0x100
[ 2020.124817][T12576]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2020.124833][T12576]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2020.124852][T12576]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2020.135395][T12576]  ? trace_hardirqs_on+0xbd/0x310
[ 2020.135414][T12576]  ? kasan_check_read+0x11/0x20
[ 2020.135428][T12576]  ? ___ratelimit+0x37c/0x686
[ 2020.135444][T12576]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2020.135459][T12576]  ? do_raw_spin_trylock+0x270/0x270
[ 2020.135479][T12576]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2020.145854][T12576]  ? lock_acquire+0x1db/0x570
[ 2020.145881][T12576]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 2020.145896][T12576]  ? ___ratelimit+0xac/0x686
[ 2020.145912][T12576]  ? idr_get_free+0xee0/0xee0
[ 2020.145934][T12576]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2020.155451][T12576]  oom_kill_process.cold+0x10/0x9ca
[ 2020.155473][T12576]  ? cgroup_procs_next+0x70/0x70
[ 2020.155495][T12576]  ? _raw_spin_unlock_irq+0x5e/0x90
[ 2020.155515][T12576]  ? oom_badness+0xa50/0xa50
[ 2020.167097][T12576]  ? oom_evaluate_task+0x540/0x540
[ 2020.167116][T12576]  ? mem_cgroup_iter_break+0x30/0x30
[ 2020.167131][T12576]  ? mutex_trylock+0x2d0/0x2d0
[ 2020.167147][T12576]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2020.167179][T12576]  ? rcu_read_unlock_special+0x380/0x380
[ 2020.167203][T12576]  out_of_memory+0x885/0x1420
[ 2020.177479][T12576]  ? mem_cgroup_iter+0x4f4/0xf50
[ 2020.177503][T12576]  ? oom_killer_disable+0x340/0x340
[ 2020.177522][T12576]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[ 2020.177540][T12576]  ? lock_acquire+0x1db/0x570
[ 2020.177579][T12576]  mem_cgroup_out_of_memory+0x160/0x210
[ 2020.177600][T12576]  ? do_raw_spin_unlock+0xa0/0x330
[ 2020.187095][T12576]  ? memory_oom_group_write+0x160/0x160
[ 2020.187111][T12576]  ? do_raw_spin_trylock+0x270/0x270
[ 2020.187140][T12576]  ? _raw_spin_unlock+0x2d/0x50
21:48:12 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0xf00}, 0x0)

[ 2020.187159][T12576]  try_charge+0x1457/0x1d00
[ 2020.187186][T12576]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 2020.187205][T12576]  ? find_held_lock+0x35/0x120
[ 2020.198262][T12576]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[ 2020.198281][T12576]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2020.198302][T12576]  ? lock_downgrade+0xbe0/0xbe0
[ 2020.198320][T12576]  ? kasan_check_read+0x11/0x20
[ 2020.198337][T12576]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2020.198362][T12576]  ? rcu_read_unlock_special+0x380/0x380
[ 2020.208738][T12576]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[ 2020.208761][T12576]  __memcg_kmem_charge_memcg+0x7c/0x130
[ 2020.208777][T12576]  ? memcg_kmem_put_cache+0xb0/0xb0
[ 2020.208790][T12576]  ? lock_release+0xc40/0xc40
[ 2020.208816][T12576]  __memcg_kmem_charge+0x136/0x300
[ 2020.208837][T12576]  __alloc_pages_nodemask+0x7b8/0xdc0
[ 2020.219210][T12576]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[ 2020.219224][T12576]  ? rcu_pm_notify+0xd0/0xd0
[ 2020.219253][T12576]  ? rcu_read_lock_sched_held+0x110/0x130
[ 2020.219269][T12576]  ? kmem_cache_alloc_node+0x347/0x710
[ 2020.219281][T12576]  ? print_usage_bug+0xd0/0xd0
[ 2020.219309][T12576]  copy_process+0x847/0x8700
[ 2020.229845][T12576]  ? print_usage_bug+0xd0/0xd0
[ 2020.229865][T12576]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2020.229882][T12576]  ? check_preemption_disabled+0x48/0x290
[ 2020.229905][T12576]  ? __lock_acquire+0x572/0x4a10
[ 2020.229918][T12576]  ? mark_held_locks+0x100/0x100
[ 2020.229945][T12576]  ? __cleanup_sighand+0x70/0x70
[ 2020.240049][T12576]  ? mark_held_locks+0x100/0x100
[ 2020.240065][T12576]  ? find_held_lock+0x35/0x120
[ 2020.240084][T12576]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2020.240098][T12576]  ? check_preemption_disabled+0x48/0x290
[ 2020.240118][T12576]  ? debug_smp_processor_id+0x1c/0x20
[ 2020.240133][T12576]  ? perf_trace_lock_acquire+0x138/0x7d0
[ 2020.240150][T12576]  ? delayacct_end+0xc9/0x100
[ 2020.240169][T12576]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2020.249943][T12576]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2020.249957][T12576]  ? perf_trace_lock+0x750/0x750
[ 2020.249971][T12576]  ? perf_trace_lock_acquire+0x138/0x7d0
[ 2020.249990][T12576]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2020.250004][T12576]  ? find_held_lock+0x35/0x120
[ 2020.250022][T12576]  ? print_usage_bug+0xd0/0xd0
[ 2020.250044][T12576]  ? psi_memstall_leave+0x1f8/0x280
[ 2020.250059][T12576]  ? find_held_lock+0x35/0x120
[ 2020.250079][T12576]  ? __lock_acquire+0x572/0x4a10
[ 2020.260464][T12576]  ? _raw_spin_unlock_irq+0x28/0x90
[ 2020.260479][T12576]  ? _raw_spin_unlock_irq+0x28/0x90
[ 2020.260495][T12576]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2020.260511][T12576]  ? trace_hardirqs_on+0xbd/0x310
[ 2020.260534][T12576]  ? mark_held_locks+0x100/0x100
[ 2020.260549][T12576]  ? check_preemption_disabled+0x48/0x290
[ 2020.260587][T12576]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2020.260607][T12576]  ? check_preemption_disabled+0x48/0x290
[ 2020.271629][T12576]  ? debug_smp_processor_id+0x1c/0x20
[ 2020.271645][T12576]  ? perf_trace_lock_acquire+0x138/0x7d0
[ 2020.271667][T12576]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2020.271682][T12576]  ? perf_trace_lock+0x750/0x750
[ 2020.271695][T12576]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2020.271716][T12576]  ? try_to_free_pages+0xb70/0xb70
[ 2020.271738][T12576]  ? percpu_ref_put_many+0x129/0x270
[ 2020.282073][T12576]  ? blkcg_maybe_throttle_current+0x75e/0x13c0
[ 2020.282094][T12576]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2020.282119][T12576]  _do_fork+0x1a9/0x1170
[ 2020.282141][T12576]  ? fork_idle+0x1d0/0x1d0
[ 2020.282167][T12576]  ? trace_hardirqs_off+0xb8/0x310
[ 2020.292340][T12576]  ? get_mctgt_type_thp.isra.0+0x4c0/0x4c0
[ 2020.292359][T12576]  ? prepare_exit_to_usermode+0x32e/0x3b0
[ 2020.292375][T12576]  ? do_syscall_64+0x8c/0x800
[ 2020.292390][T12576]  ? do_syscall_64+0x8c/0x800
[ 2020.292407][T12576]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2020.292430][T12576]  ? trace_hardirqs_on+0xbd/0x310
[ 2020.302937][T12576]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2020.302956][T12576]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2020.302981][T12576]  __x64_sys_clone+0xbf/0x150
[ 2020.303003][T12576]  do_syscall_64+0x1a3/0x800
[ 2020.303028][T12576]  ? syscall_return_slowpath+0x5f0/0x5f0
[ 2020.313727][T12576]  ? prepare_exit_to_usermode+0x232/0x3b0
[ 2020.313747][T12576]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2020.313776][T12576]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2020.313790][T12576] RIP: 0033:0x45a899
[ 2020.313807][T12576] Code: ff 48 85 f6 0f 84 97 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 6e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75
[ 2020.313815][T12576] RSP: 002b:00007ffd98177ae8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038
[ 2020.324669][T12576] RAX: ffffffffffffffda RBX: 00007f58d409f700 RCX: 000000000045a899
[ 2020.324678][T12576] RDX: 00007f58d409f9d0 RSI: 00007f58d409edb0 RDI: 00000000003d0f00
[ 2020.324687][T12576] RBP: 00007ffd98177cf0 R08: 00007f58d409f700 R09: 00007f58d409f700
[ 2020.324694][T12576] R10: 00007f58d409f9d0 R11: 0000000000000202 R12: 0000000000000000
[ 2020.324702][T12576] R13: 00007ffd98177b9f R14: 00007f58d409f9c0 R15: 000000000073bfac
[ 2020.408698][T12576] memory: usage 307192kB, limit 307200kB, failcnt 3836
[ 2020.469316][T12576] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2020.687753][T12576] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2020.846501][T12576] Memory cgroup stats for /syz3: cache:56KB rss:245616KB rss_huge:215040KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:245672KB inactive_file:0KB active_file:0KB unevictable:0KB
[ 2020.869758][T12576] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor3,pid=25851,uid=0
[ 2020.888851][T12576] Memory cgroup out of memory: Kill process 25851 (syz-executor3) score 1107 or sacrifice child
[ 2020.899579][T12576] Killed process 25851 (syz-executor3) total-vm:70532kB, anon-rss:2204kB, file-rss:33748kB, shmem-rss:0kB
[ 2020.972911][T12579] syz-executor3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000
[ 2020.989861][T12605] binder: 12576 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2020.989876][T12605] binder: 12576:12605 ioctl c018620c 20000200 returned -22
[ 2021.008750][T12579] CPU: 0 PID: 12579 Comm: syz-executor3 Not tainted 5.0.0-rc1-next-20190109 #8
[ 2021.017727][T12579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2021.027819][T12579] Call Trace:
[ 2021.031138][T12579]  dump_stack+0x1db/0x2d0
[ 2021.035486][T12579]  ? dump_stack_print_info.cold+0x20/0x20
[ 2021.041223][T12579]  ? check_preemption_disabled+0x48/0x290
[ 2021.046979][T12579]  dump_header+0x1e6/0x116c
[ 2021.051508][T12579]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2021.056990][T12579]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2021.062300][T12579]  ? retint_kernel+0x2d/0x2d
[ 2021.066926][T12579]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2021.072610][T12579]  ? pagefault_out_of_memory+0x1a1/0x1a1
[ 2021.078276][T12579]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2021.084497][T12579]  ? ___ratelimit+0x37c/0x686
[ 2021.089221][T12579]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2021.094719][T12579]  ? retint_kernel+0x2d/0x2d
[ 2021.099343][T12579]  ? _raw_spin_unlock_irqrestore+0x95/0xe0
[ 2021.105191][T12579]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 2021.111045][T12579]  ? ___ratelimit+0xac/0x686
[ 2021.115664][T12579]  ? idr_get_free+0xee0/0xee0
[ 2021.120382][T12579]  oom_kill_process.cold+0x10/0x9ca
[ 2021.125632][T12579]  ? cgroup_procs_next+0x70/0x70
[ 2021.130622][T12579]  ? _raw_spin_unlock_irq+0x5e/0x90
[ 2021.135864][T12579]  ? oom_badness+0xa50/0xa50
[ 2021.140491][T12579]  ? oom_evaluate_task+0x540/0x540
[ 2021.145639][T12579]  ? mem_cgroup_iter_break+0x30/0x30
[ 2021.150960][T12579]  ? mutex_trylock+0x2d0/0x2d0
[ 2021.155751][T12579]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2021.162044][T12579]  ? rcu_read_unlock_special+0x380/0x380
[ 2021.167722][T12579]  out_of_memory+0x885/0x1420
[ 2021.172434][T12579]  ? mem_cgroup_iter+0x4f4/0xf50
[ 2021.177408][T12579]  ? oom_killer_disable+0x340/0x340
[ 2021.182652][T12579]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[ 2021.188508][T12579]  ? lock_acquire+0x1db/0x570
[ 2021.193236][T12579]  mem_cgroup_out_of_memory+0x160/0x210
[ 2021.198817][T12579]  ? do_raw_spin_unlock+0xa0/0x330
[ 2021.203973][T12579]  ? memory_oom_group_write+0x160/0x160
[ 2021.209577][T12579]  ? do_raw_spin_trylock+0x270/0x270
[ 2021.215380][T12579]  ? _raw_spin_unlock+0x2d/0x50
[ 2021.220268][T12579]  try_charge+0xd42/0x1d00
[ 2021.224748][T12579]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 2021.230356][T12579]  ? find_held_lock+0x35/0x120
[ 2021.235175][T12579]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[ 2021.240761][T12579]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2021.247038][T12579]  ? lock_downgrade+0xbe0/0xbe0
[ 2021.251920][T12579]  ? kasan_check_read+0x11/0x20
[ 2021.256789][T12579]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2021.262793][T12579]  ? rcu_read_unlock_special+0x380/0x380
[ 2021.268455][T12579]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[ 2021.274030][T12579]  __memcg_kmem_charge_memcg+0x7c/0x130
[ 2021.279613][T12579]  ? memcg_kmem_put_cache+0xb0/0xb0
[ 2021.284846][T12579]  __memcg_kmem_charge+0x136/0x300
[ 2021.289987][T12579]  __alloc_pages_nodemask+0x7b8/0xdc0
[ 2021.295398][T12579]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[ 2021.301167][T12579]  ? rcu_pm_notify+0xd0/0xd0
[ 2021.305799][T12579]  ? rcu_read_lock_sched_held+0x110/0x130
[ 2021.311545][T12579]  ? kmem_cache_alloc_node+0x347/0x710
[ 2021.317050][T12579]  copy_process+0x847/0x8700
[ 2021.321675][T12579]  ? ___might_sleep+0x1e7/0x310
[ 2021.326550][T12579]  ? arch_local_save_flags+0x50/0x50
[ 2021.331883][T12579]  ? __schedule+0x1e60/0x1e60
[ 2021.336607][T12579]  ? do_raw_spin_trylock+0x270/0x270
[ 2021.341934][T12579]  ? __cleanup_sighand+0x70/0x70
[ 2021.346893][T12579]  ? futex_wait_queue_me+0x539/0x810
[ 2021.352201][T12579]  ? refill_pi_state_cache.part.0+0x310/0x310
[ 2021.358287][T12579]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2021.364040][T12579]  ? handle_futex_death+0x230/0x230
[ 2021.369271][T12579]  ? fixup_owner+0x250/0x250
[ 2021.373874][T12579]  ? __sanitizer_cov_trace_switch+0x49/0x80
[ 2021.379792][T12579]  ? drop_futex_key_refs.isra.0+0x6f/0xf0
[ 2021.385547][T12579]  ? futex_wait+0x6e6/0xa40
[ 2021.390094][T12579]  ? print_usage_bug+0xd0/0xd0
[ 2021.394887][T12579]  ? futex_wait_setup+0x430/0x430
[ 2021.399936][T12579]  ? drop_futex_key_refs.isra.0+0x6f/0xf0
[ 2021.405687][T12579]  ? __lock_acquire+0x572/0x4a10
[ 2021.410662][T12579]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2021.416148][T12579]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2021.421454][T12579]  ? retint_kernel+0x2d/0x2d
[ 2021.426070][T12579]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2021.431788][T12579]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2021.438085][T12579]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2021.443597][T12579]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2021.449790][T12579]  ? debug_smp_processor_id+0x1c/0x20
[ 2021.455200][T12579]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2021.460722][T12579]  ? retint_kernel+0x2d/0x2d
[ 2021.465338][T12579]  ? __might_fault+0x12b/0x1e0
[ 2021.470134][T12579]  ? lock_release+0x546/0xc40
[ 2021.474839][T12579]  ? lock_acquire+0x1db/0x570
[ 2021.479543][T12579]  ? lock_downgrade+0xbe0/0xbe0
[ 2021.484428][T12579]  ? lock_release+0xc40/0xc40
[ 2021.489158][T12579]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2021.494976][T12579]  _do_fork+0x1a9/0x1170
[ 2021.499265][T12579]  ? fork_idle+0x1d0/0x1d0
[ 2021.503678][T12579]  ? kasan_check_read+0x11/0x20
[ 2021.508526][T12579]  ? _copy_to_user+0xc9/0x120
[ 2021.513199][T12579]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2021.519449][T12579]  ? put_timespec64+0x115/0x1b0
[ 2021.524291][T12579]  ? nsecs_to_jiffies+0x30/0x30
[ 2021.529135][T12579]  ? do_syscall_64+0x8c/0x800
[ 2021.533810][T12579]  ? do_syscall_64+0x8c/0x800
[ 2021.538494][T12579]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2021.543779][T12579]  ? trace_hardirqs_on+0xbd/0x310
[ 2021.546516][T12582] IPVS: ftp: loaded support on port[0] = 21
[ 2021.548818][T12579]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2021.548841][T12579]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2021.548864][T12579]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2021.567079][T12579]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2021.567104][T12579]  __x64_sys_clone+0xbf/0x150
[ 2021.567127][T12579]  do_syscall_64+0x1a3/0x800
[ 2021.567145][T12579]  ? syscall_return_slowpath+0x5f0/0x5f0
[ 2021.567169][T12579]  ? prepare_exit_to_usermode+0x232/0x3b0
[ 2021.579244][T12579]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2021.579272][T12579]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2021.579294][T12579] RIP: 0033:0x457ec9
[ 2021.579322][T12579] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2021.579330][T12579] RSP: 002b:00007f58d40bfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2021.579345][T12579] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457ec9
[ 2021.579363][T12579] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000002102001ffc
[ 2021.588634][T12579] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000
[ 2021.588643][T12579] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f58d40c06d4
[ 2021.588652][T12579] R13: 00000000004be2a0 R14: 00000000004ce600 R15: 00000000ffffffff
[ 2021.598169][T12579] memory: usage 304928kB, limit 307200kB, failcnt 3836
[ 2021.644709][T12579] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2021.701364][T12579] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2021.709043][T12579] Memory cgroup stats for /syz3: cache:56KB rss:243600KB rss_huge:212992KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:243508KB inactive_file:0KB active_file:0KB unevictable:0KB
[ 2021.732007][T12579] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor3,pid=26992,uid=0
[ 2021.748179][T12579] Memory cgroup out of memory: Kill process 26992 (syz-executor3) score 1107 or sacrifice child
[ 2021.759418][T12579] Killed process 26992 (syz-executor3) total-vm:70532kB, anon-rss:2204kB, file-rss:33748kB, shmem-rss:0kB
21:48:13 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x04\x00'}, &(0x7f0000000300)=0x54)

21:48:13 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x600}, 0x1c)

21:48:13 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x6000}, 0x0)

21:48:13 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
signalfd(r0, &(0x7f0000000140)={0x25324bcd}, 0x8)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
sendto$inet6(r0, &(0x7f0000000080)="cffb52cb96a680fdbd8c20bb8dd720c1cbacc0bad3f4d1591f8a4bb8fb9be794450803be4ab0242afe16098b37bbd36956bc1d06cec55131a56479999616fb860618b56f7c30172243578e5e9c662a8930a4996a69ad2832afd358a58ae1f3349e00560304d67028be1da9c77874aedc21", 0x71, 0x20008000, &(0x7f0000000100)={0xa, 0x4e22, 0x7, @remote, 0x5}, 0x1c)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)
r1 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vfio/vfio\x00', 0x4002, 0x0)
setsockopt$TIPC_GROUP_LEAVE(r1, 0x10f, 0x88)

21:48:13 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x207c}, 0x0)

21:48:13 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ffb000/0x2000)=nil)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000080)=""/19)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r2, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r4 = getpid()
write$FUSE_LK(r3, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r4}}}, 0x28)
ioctl$BLKTRACESTOP(r3, 0x1275, 0x0)
tgkill(0x0, 0x0, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r3, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

[ 2022.015039][T12622] IPVS: ftp: loaded support on port[0] = 21
21:48:14 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x8c1b}, 0x0)

21:48:14 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x6000}, 0x0)

[ 2022.046020][T12617] binder: 12616 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2022.046071][T12617] binder: 12616:12617 ioctl c018620c 20000200 returned -22
21:48:14 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x700}, 0x1c)

21:48:14 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0xf000}, 0x0)

21:48:14 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x7c20}, 0x0)

21:48:14 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ffb000/0x2000)=nil)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000080)=""/19)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r2, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r4 = getpid()
write$FUSE_LK(r3, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r4}}}, 0x28)
r5 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r5, 0x3a)
r6 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r3, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r6, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

[ 2022.449080][T12644] binder: 12642 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2022.449099][T12644] binder: 12642:12644 ioctl c018620c 20000200 returned -22
[ 2022.751477][T12622] IPVS: ftp: loaded support on port[0] = 21
21:48:15 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x11\x00'}, &(0x7f0000000300)=0x54)

21:48:15 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x900}, 0x1c)

21:48:15 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0xf000}, 0x0)

21:48:15 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x30000}, 0x0)

21:48:15 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ffb000/0x2000)=nil)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000080)=""/19)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r2, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r4 = getpid()
write$FUSE_LK(r3, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r4}}}, 0x28)
r5 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r5, 0x3a)
r6 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r3, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r6, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:15 executing program 5:
r0 = socket$inet6(0xa, 0x1000080002, 0x8c)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e25, 0x0, @empty, 0xe}, 0x1c)
r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x8001, 0x0)
clock_gettime(0x0, &(0x7f00000000c0)={<r2=>0x0, <r3=>0x0})
clock_gettime(0x0, &(0x7f0000000100)={<r4=>0x0, <r5=>0x0})
write$sndseq(r1, &(0x7f0000000180)=[{0x6, 0x2, 0x0, 0x12a1, @time, {0x1ffe000, 0x10000}, {0x81, 0x4}, @quote={{0x8, 0x1}, 0x3, &(0x7f0000000080)={0x7fffffff, 0x7fff, 0x800, 0xf6, @time={0x0, 0x1c9c380}, {0x3f, 0x7}, {0x1, 0x4}, @queue={0xb32, {0xfffffffffffffff7, 0x81}}}}}, {0x1, 0x6, 0x32, 0x2, @time={r2, r3+30000000}, {0x5}, {0xffffffff, 0x7a8000}, @quote={{0x6, 0x778}, 0x2, &(0x7f0000000140)={0x6c5039e7, 0xa1d7, 0x2d, 0x5, @time={r4, r5+30000000}, {0xd057000000000000, 0x1}, {0x4, 0x101}, @raw32={[0x8, 0x7, 0x9c]}}}}], 0x60)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd601bfc97004d8800fe800000000000000000000000000000ff02000000000000000000000000000100004e20004d9096e2960714937807001db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"], 0x0)

21:48:15 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x34000}, 0x0)

[ 2023.184708][T12659] IPVS: ftp: loaded support on port[0] = 21
[ 2023.219080][T12667] binder: 12651 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2023.219093][T12667] binder: 12651:12667 ioctl c018620c 20000200 returned -22
21:48:15 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ffb000/0x2000)=nil)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000080)=""/19)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r2, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r4 = getpid()
write$FUSE_LK(r3, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r4}}}, 0x28)
r5 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r5, 0x3a)
r6 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r3, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r6, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:15 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0xa00}, 0x1c)

21:48:15 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x30000}, 0x0)

21:48:15 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x400300}, 0x0)

21:48:15 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000100)={<r1=>0x0, 0xb3, "1d0e3846da691ccbdaf23645beffe448c6f555b024974e86eec62efce261c14c7327133b3c5eaece3af32167d1213bfe5ea0b4239816b8ba287359e96df26bc883293f9efe77bf10af27b5b9280017737a340b6e67a4f0a5ea96043632c569e22d1acf75fea740b36f0f9ff29276539937cc6cfd9ae6988f013915e12ce6d9cf202f51224a6468d3459a693af93e0461089d1514fdb9f192f91e1531e7e2d1dec185db9daa232fe1ab2c02d6d031e23f4be551"}, &(0x7f00000001c0)=0xbb)
getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000200)={r1, 0xff}, &(0x7f0000000240)=0x8)
r2 = syz_open_dev$vcsa(&(0x7f00000000c0)='/dev/vcsa#\x00', 0x101, 0x2)
setsockopt$RDS_RECVERR(r2, 0x114, 0x5, &(0x7f00000002c0), 0xffffffffffffff51)
ioctl$sock_netrom_SIOCDELRT(r2, 0x890c, &(0x7f0000000040)={0x1, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={'rose', 0x0}, 0x80000000, 'syz1\x00', @null, 0x1, 0x0, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @default]})

[ 2023.555017][T12686] binder: 12679 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2023.555030][T12686] binder: 12679:12686 ioctl c018620c 20000200 returned -22
[ 2023.726288][    C0] net_ratelimit: 26 callbacks suppressed
[ 2023.726299][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 2023.736324][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2023.737861][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 2023.743582][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 2023.749405][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 2023.755154][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2023.760827][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 2023.766609][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 2023.772402][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 2023.778186][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2023.869306][T12659] IPVS: ftp: loaded support on port[0] = 21
21:48:16 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x1d\x00'}, &(0x7f0000000300)=0x54)

21:48:16 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x34000}, 0x0)

21:48:16 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x3f00}, 0x1c)

21:48:16 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0xf0ffff}, 0x0)

21:48:16 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ffb000/0x2000)=nil)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000080)=""/19)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r2, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
getpid()
ioctl$BLKTRACESTOP(r3, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r3, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:16 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x1000000}, 0x0)

[ 2024.221183][T12700] IPVS: ftp: loaded support on port[0] = 21
21:48:16 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x400300}, 0x0)

[ 2024.265917][T12694] binder: 12693 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2024.265969][T12694] binder: 12693:12694 ioctl c018620c 20000200 returned -22
21:48:16 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x4000}, 0x1c)

21:48:16 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ffb000/0x2000)=nil)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000080)=""/19)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r2, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
getpid()
ioctl$BLKTRACESTOP(r3, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r3, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:16 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x2000000}, 0x0)

21:48:16 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000040)=<r1=>0x0)
sched_getscheduler(r1)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)

21:48:16 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0xf0ffff}, 0x0)

[ 2024.657547][T12719] syz-executor3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2024.686718][T12719] CPU: 1 PID: 12719 Comm: syz-executor3 Not tainted 5.0.0-rc1-next-20190109 #8
[ 2024.695711][T12719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2024.705872][T12719] Call Trace:
[ 2024.709190][T12719]  dump_stack+0x1db/0x2d0
[ 2024.713545][T12719]  ? dump_stack_print_info.cold+0x20/0x20
[ 2024.719302][T12719]  ? check_preemption_disabled+0x48/0x290
[ 2024.725152][T12719]  dump_header+0x1e6/0x116c
[ 2024.729755][T12719]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2024.735400][T12719]  ? perf_trace_lock+0x750/0x750
[ 2024.740354][T12719]  ? print_usage_bug+0xd0/0xd0
[ 2024.745136][T12719]  ? pagefault_out_of_memory+0x1a1/0x1a1
[ 2024.750785][T12719]  ? ___ratelimit+0x37c/0x686
[ 2024.755484][T12719]  ? mark_held_locks+0xb1/0x100
[ 2024.760348][T12719]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2024.766167][T12719]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2024.771988][T12719]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2024.777291][T12719]  ? trace_hardirqs_on+0xbd/0x310
[ 2024.782326][T12719]  ? kasan_check_read+0x11/0x20
[ 2024.787184][T12719]  ? ___ratelimit+0x37c/0x686
[ 2024.791875][T12719]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2024.797694][T12719]  ? do_raw_spin_trylock+0x270/0x270
[ 2024.802990][T12719]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2024.808738][T12719]  ? lock_acquire+0x1db/0x570
[ 2024.813430][T12719]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 2024.819245][T12719]  ? ___ratelimit+0xac/0x686
[ 2024.823844][T12719]  ? idr_get_free+0xee0/0xee0
[ 2024.828532][T12719]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2024.833851][T12719]  oom_kill_process.cold+0x10/0x9ca
[ 2024.839064][T12719]  ? cgroup_procs_next+0x70/0x70
[ 2024.844030][T12719]  ? _raw_spin_unlock_irq+0x5e/0x90
[ 2024.849240][T12719]  ? oom_badness+0xa50/0xa50
[ 2024.853867][T12719]  ? oom_evaluate_task+0x540/0x540
[ 2024.859029][T12719]  ? mem_cgroup_iter_break+0x30/0x30
[ 2024.864335][T12719]  ? mutex_trylock+0x2d0/0x2d0
[ 2024.869117][T12719]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2024.875383][T12719]  ? rcu_read_unlock_special+0x380/0x380
[ 2024.881034][T12719]  out_of_memory+0x885/0x1420
[ 2024.885720][T12719]  ? mem_cgroup_iter+0x4f4/0xf50
[ 2024.890675][T12719]  ? oom_killer_disable+0x340/0x340
[ 2024.895885][T12719]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[ 2024.901706][T12719]  ? lock_acquire+0x1db/0x570
[ 2024.906403][T12719]  mem_cgroup_out_of_memory+0x160/0x210
[ 2024.911954][T12719]  ? do_raw_spin_unlock+0xa0/0x330
[ 2024.917075][T12719]  ? memory_oom_group_write+0x160/0x160
[ 2024.922640][T12719]  ? do_raw_spin_trylock+0x270/0x270
[ 2024.927948][T12719]  ? _raw_spin_unlock+0x2d/0x50
[ 2024.932808][T12719]  try_charge+0x1457/0x1d00
[ 2024.937320][T12719]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[ 2024.942879][T12719]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 2024.948429][T12719]  ? lock_downgrade+0xbe0/0xbe0
[ 2024.953282][T12719]  ? kasan_check_read+0x11/0x20
[ 2024.958142][T12719]  ? rcu_read_unlock_special+0x380/0x380
[ 2024.963794][T12719]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[ 2024.969365][T12719]  ? get_mem_cgroup_from_page+0x190/0x190
[ 2024.975127][T12719]  ? rcu_read_lock_sched_held+0x110/0x130
[ 2024.980886][T12719]  mem_cgroup_try_charge+0x43a/0xdb0
[ 2024.986177][T12719]  ? mem_cgroup_protected+0xa10/0xa10
[ 2024.991579][T12719]  ? check_preemption_disabled+0x48/0x290
[ 2024.997349][T12719]  ? print_usage_bug+0xd0/0xd0
[ 2025.002178][T12719]  ? __lock_acquire+0x572/0x4a10
[ 2025.007213][T12719]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 2025.013600][T12719]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 2025.019904][T12719]  mem_cgroup_try_charge_delay+0x1f/0xa0
[ 2025.025641][T12719]  wp_page_copy+0x45a/0x1c70
[ 2025.030621][T12719]  ? __lock_acquire+0x572/0x4a10
[ 2025.035589][T12719]  ? pmd_pfn+0x1d0/0x1d0
[ 2025.039845][T12719]  ? find_held_lock+0x35/0x120
[ 2025.044622][T12719]  ? do_wp_page+0x894/0x1e80
[ 2025.049237][T12719]  ? kasan_check_read+0x11/0x20
[ 2025.054096][T12719]  ? do_raw_spin_unlock+0xa0/0x330
[ 2025.059213][T12719]  ? _vm_normal_page+0x15d/0x3d0
[ 2025.064158][T12719]  ? do_raw_spin_trylock+0x270/0x270
[ 2025.069458][T12719]  ? print_usage_bug+0xd0/0xd0
[ 2025.074235][T12719]  do_wp_page+0x89c/0x1e80
[ 2025.078663][T12719]  ? find_held_lock+0x35/0x120
[ 2025.083454][T12719]  ? finish_mkwrite_fault+0x4f0/0x4f0
[ 2025.088852][T12719]  ? __lock_acquire+0x572/0x4a10
[ 2025.093813][T12719]  ? lock_acquire+0x1db/0x570
[ 2025.098517][T12719]  ? __handle_mm_fault+0x1d80/0x55a0
[ 2025.103826][T12719]  ? kasan_check_write+0x14/0x20
[ 2025.108803][T12719]  ? do_raw_spin_lock+0x156/0x360
[ 2025.113846][T12719]  ? lock_release+0xc40/0xc40
[ 2025.118547][T12719]  ? rwlock_bug.part.0+0x90/0x90
[ 2025.123514][T12719]  ? pmd_devmap_trans_unstable+0x1d0/0x1d0
[ 2025.129339][T12719]  ? add_mm_counter_fast.part.0+0x40/0x40
[ 2025.135080][T12719]  __handle_mm_fault+0x2c8e/0x55a0
[ 2025.140223][T12719]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2025.145791][T12719]  ? check_preemption_disabled+0x48/0x290
[ 2025.151520][T12719]  ? handle_mm_fault+0x3cc/0xc80
[ 2025.156485][T12719]  ? lock_downgrade+0xbe0/0xbe0
[ 2025.161355][T12719]  ? kasan_check_read+0x11/0x20
[ 2025.166218][T12719]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2025.172207][T12719]  ? rcu_read_unlock_special+0x380/0x380
[ 2025.174332][T12700] IPVS: ftp: loaded support on port[0] = 21
[ 2025.177842][T12719]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2025.177859][T12719]  ? check_preemption_disabled+0x48/0x290
[ 2025.177883][T12719]  handle_mm_fault+0x4ec/0xc80
[ 2025.177902][T12719]  ? __handle_mm_fault+0x55a0/0x55a0
[ 2025.177932][T12719]  __do_page_fault+0x5da/0xd60
[ 2025.177966][T12719]  do_page_fault+0xe6/0x7d8
[ 2025.200588][T12719]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2025.200611][T12719]  ? vmalloc_sync_all+0x30/0x30
[ 2025.200631][T12719]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2025.231902][T12719]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2025.238143][T12719]  ? prepare_exit_to_usermode+0x232/0x3b0
[ 2025.238159][T12719]  ? page_fault+0x8/0x30
[ 2025.238176][T12719]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2025.238192][T12719]  ? page_fault+0x8/0x30
[ 2025.238207][T12719]  page_fault+0x1e/0x30
[ 2025.238220][T12719] RIP: 0033:0x40d130
[ 2025.238236][T12719] Code: 89 f8 49 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 74 ff ff ff bf 19 d5 4b 00 31 c0 e8 08 49 ff ff 31 ff e8 41 45 ff ff 90 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 36 33 64 00
[ 2025.238250][T12719] RSP: 002b:00007ffd98177b50 EFLAGS: 00010246
[ 2025.285577][T12719] RAX: 00000000b2a79971 RBX: 0000000007a0ab86 RCX: 0000001b2e920000
[ 2025.285588][T12719] RDX: 0000000000000000 RSI: 0000000000001971 RDI: ffffffffb2a79971
[ 2025.285598][T12719] RBP: 0000000000000005 R08: 00000000b2a79971 R09: 00000000b2a79975
[ 2025.285607][T12719] R10: 00007ffd98177ce0 R11: 0000000000000246 R12: 000000000073bf00
[ 2025.285616][T12719] R13: 0000000080000000 R14: 00007f58d5ec1008 R15: 0000000000000005
[ 2025.310850][T12719] memory: usage 307200kB, limit 307200kB, failcnt 3866
[ 2025.340106][T12719] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2025.348352][T12719] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2025.355508][T12719] Memory cgroup stats for /syz3: cache:56KB rss:245500KB rss_huge:215040KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:245596KB inactive_file:0KB active_file:0KB unevictable:0KB
[ 2025.377963][T12719] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor3,pid=27012,uid=0
[ 2025.394851][T12719] Memory cgroup out of memory: Kill process 27012 (syz-executor3) score 1107 or sacrifice child
[ 2025.405771][T12719] Killed process 27012 (syz-executor3) total-vm:70532kB, anon-rss:2204kB, file-rss:33748kB, shmem-rss:0kB
[ 2025.450820][T12724] binder: 12719 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2025.450853][T12724] binder: 12719:12724 ioctl c018620c 20000200 returned -22
21:48:17 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x01\x1e\x00'}, &(0x7f0000000300)=0x54)

21:48:17 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x3000000}, 0x0)

21:48:17 executing program 5:
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(0xffffffffffffffff, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000180)=ANY=[@ANYBLOB="0000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000740500007f0000000000000020000000000000000600000000000000ffffffff00000000000000000000000000000000000000000000000000000000080000004000000000080000000000000300000000000000feffffffffffffff05000000000000000000000000eb47c31685130e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec4f52a46b5c2b3c131e46e0d5af29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"])
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vga_arbiter\x00', 0x10000, 0x0)
ioctl$VIDIOC_G_AUDIO(r0, 0x80345621, &(0x7f0000000300))
getsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000340), 0x10)
r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(r1, 0xc0086420, &(0x7f0000000080)={<r2=>0x0})
ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r1, 0xc008551c, &(0x7f00000000c0)={0x7, 0xc, [0x4, 0x5, 0xb2]})
syz_emit_ethernet(0x2, &(0x7f0000000140)=ANY=[@ANYRES64=r2, @ANYRESDEC=r2], 0x0)

21:48:17 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x1000000}, 0x0)

21:48:17 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ffb000/0x2000)=nil)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000080)=""/19)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r2, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
getpid()
ioctl$BLKTRACESTOP(r3, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r3, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:17 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x7800}, 0x1c)

[ 2025.683115][T12739] Unknown ioctl -1073191904
[ 2025.736969][T12744] Unknown ioctl -1073195748
21:48:17 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

[ 2025.770843][T12746] IPVS: ftp: loaded support on port[0] = 21
[ 2025.778679][T12740] binder: 12738 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2025.778701][T12740] binder: 12738:12740 ioctl c018620c 20000200 returned -22
[ 2025.805749][T12744] Unknown ioctl -1073191904
21:48:17 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x80fe}, 0x1c)

21:48:17 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x2000000}, 0x0)

[ 2025.825662][T12749] Unknown ioctl -1073195748
21:48:17 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ffb000/0x2000)=nil)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000080)=""/19)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r2, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
write$FUSE_LK(r3, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2}}}, 0x28)
ioctl$BLKTRACESTOP(r3, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r3, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:17 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x8000000}, 0x0)

21:48:17 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)

[ 2026.054218][T12762] binder: 12760 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2026.054269][T12762] binder: 12760:12762 ioctl c018620c 20000200 returned -22
[ 2026.261984][T12746] IPVS: ftp: loaded support on port[0] = 21
21:48:18 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x01*\x00'}, &(0x7f0000000300)=0x54)

21:48:18 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0xc0fe}, 0x1c)

21:48:18 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x3000000}, 0x0)

21:48:18 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ffb000/0x2000)=nil)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000080)=""/19)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r2, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
write$FUSE_LK(r3, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2}}}, 0x28)
ioctl$BLKTRACESTOP(r3, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r3, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:18 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0xa000000}, 0x0)

21:48:18 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x4000000}, 0x0)

21:48:18 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0xe000000}, 0x0)

21:48:18 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0xfc00}, 0x1c)

[ 2026.714307][T12780] IPVS: ftp: loaded support on port[0] = 21
[ 2026.717869][T12777] binder: 12771 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2026.717926][T12777] binder: 12771:12777 ioctl c018620c 20000200 returned -22
21:48:18 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ffb000/0x2000)=nil)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000080)=""/19)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r2, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
write$FUSE_LK(r3, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2}}}, 0x28)
ioctl$BLKTRACESTOP(r3, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r3, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:18 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x8000000}, 0x0)

21:48:18 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000000140)=[{{0x0, 0x0, 0x0}}], 0x2ce, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="baaaaaaaaaaaaaa6aaaaaaaa86dd601bfc97004d8800fe8000000020000000000000000000f9fe02000000000000000000000000000100004e20004d9078e29607149378d33e1da8c73936c77aa3f7fac33b042bd36823686253fb33ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed00f9fb7efd8f383c1f5fcbf875c3ccf8677b7a2165ee69dd0a64d05"], 0x0)

21:48:18 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0xfe80}, 0x1c)

[ 2026.928448][T12792] binder: 12790 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2026.928550][T12792] binder: 12790:12792 ioctl c018620c 20000200 returned -22
[ 2027.336749][T12780] IPVS: ftp: loaded support on port[0] = 21
21:48:19 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x010\x00'}, &(0x7f0000000300)=0x54)

21:48:19 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0xf000000}, 0x0)

21:48:19 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ffb000/0x2000)=nil)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000080)=""/19)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r2, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r3 = getpid()
write$FUSE_LK(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(0xffffffffffffffff, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(0xffffffffffffffff, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:19 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0xa000000}, 0x0)

21:48:19 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0xfec0}, 0x1c)

21:48:19 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0xe000000}, 0x0)

21:48:19 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0xff00}, 0x1c)

21:48:19 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x10000000}, 0x0)

[ 2027.692728][T12826] IPVS: ftp: loaded support on port[0] = 21
[ 2027.728138][T12825] binder: 12816 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2027.728191][T12825] binder: 12816:12825 ioctl c018620c 20000200 returned -22
21:48:19 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ffb000/0x2000)=nil)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000080)=""/19)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r2, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r3 = getpid()
write$FUSE_LK(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(0xffffffffffffffff, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(0xffffffffffffffff, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:19 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0xf000000}, 0x0)

21:48:19 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x1}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd601bfc97004d8800fe800019000000000000000000000000ff020000008fd9341d937821ee1617e20a000000000000000000000100044e20004d9078e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ec432e73d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32"], 0x0)

21:48:19 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x60000000}, 0x0)

[ 2028.133219][T12850] binder: 12842 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2028.133270][T12850] binder: 12842:12850 ioctl c018620c 20000200 returned -22
[ 2028.443463][T12827] IPVS: ftp: loaded support on port[0] = 21
[ 2029.966275][    C1] net_ratelimit: 24 callbacks suppressed
[ 2029.966286][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2029.966310][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 2029.972025][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 2029.977857][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 2029.983650][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2029.989415][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 2029.995050][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 2030.000823][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 2030.006678][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2030.012346][    C0] protocol 88fb is buggy, dev hsr_slave_0
21:48:23 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\xff\xff\xff8\x00'}, &(0x7f0000000300)=0x54)

21:48:23 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x100000}, 0x1c)

21:48:23 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x10000000}, 0x0)

21:48:23 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x8c1b0000}, 0x0)

21:48:23 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ffb000/0x2000)=nil)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000080)=""/19)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r2, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r3 = getpid()
write$FUSE_LK(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(0xffffffffffffffff, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(0xffffffffffffffff, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:23 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0xfffffe16, 0x0}, 0x3f11}], 0x1, 0x103, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="38010000100013070000000000000000e00000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="f0000000000000000000ffffffffffff000000003200000000000000000000000000ffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007804d475cec0b6c96a04a5fc3317a637bef7a3f2416b14bc3a"], 0x138}}, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd601bfc97004d8800fe800000000000000000000000000000ff02000000000000000000000000000100004e20004d9078009607149378d33e1db1c73936c77aa3f7fac33b042bd36823686253196d0d4734ecb10600000000000000fb96cc7c6fe4e24d1f4afff87429e50b32881721afab69cc3712"], 0x0)
getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000400)={{{@in=@initdev, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in=@initdev}, 0x0, @in6=@dev}}, &(0x7f00000002c0)=0xe8)
sendmsg$nl_xfrm(r1, &(0x7f0000000680)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000300)={&(0x7f0000000500)=@report={0x160, 0x20, 0x2, 0x70bd28, 0x25dfdbfd, {0xff, {@in=@loopback, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4e22, 0x0, 0x4e24, 0x7, 0xa, 0xa0, 0xa0, 0x21, 0x0, r2}}, [@proto={0x8, 0x19, 0xff}, @sec_ctx={0x10c, 0x8, {0x105, 0x8, 0xa3927fac86fd969f, 0x84, 0xfd, "bf467e62a25543899660c30c1fede016976464b899c8a9b7b61201351ace897699d68b957c5f71872a76b66ba866bc5e2264754fe7f26ebaa06f37b756541a61811a6c6d85aba96f63d2b4fdb1d56881461a23309d898897fcdf000761c19ffe335f552763ada976d43afed8f13125c6f9158ac071f728d0da032a25a3173ccc0bbe5a494e664f0393ae90716d980d69c037ca1641f38d424d97b680bc49f88e965dfd060b0a4046ea63dde4847931610dbf3df8217fdb8ee8101b507530b948e25e01bccbe999b2665fa58e666dc923e1db91aa73d058e7a9b7adff0d199a36604269e01284eefe71eb93927a6713e75404dac5c8e9539d4ad5d34d87"}}]}, 0x160}, 0x1, 0x0, 0x0, 0x4c084}, 0x81)

21:48:23 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x1000000}, 0x1c)

21:48:23 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x9effffff}, 0x0)

21:48:23 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x60000000}, 0x0)

[ 2031.914099][T12865] binder: 12863 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2031.914149][T12865] binder: 12863:12865 ioctl c018620c 20000200 returned -22
[ 2031.941118][T12872] IPVS: ftp: loaded support on port[0] = 21
21:48:23 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ffb000/0x2000)=nil)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000080)=""/19)
openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:24 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x2000000}, 0x1c)

21:48:24 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0xf0ffffff}, 0x0)

[ 2032.269381][T12892] binder: 12884 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2032.269396][T12892] binder: 12884:12892 ioctl c018620c 20000200 returned -22
[ 2032.596022][T12872] IPVS: ftp: loaded support on port[0] = 21
21:48:24 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00@\x00'}, &(0x7f0000000300)=0x54)

21:48:24 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x7c200000}, 0x0)

21:48:24 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0xfffff000}, 0x0)

21:48:24 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x3000000}, 0x1c)

21:48:24 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ffb000/0x2000)=nil)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000080)=""/19)
openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:24 executing program 5:
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x10000000004e20, 0x0, @dev={0xfe, 0x80, [], 0x1d}}, 0x1c)
recvmmsg(0xffffffffffffffff, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffff9c, 0x84, 0xf, &(0x7f0000000080)={<r0=>0x0, @in={{0x2, 0x4e23, @local}}, 0x4, 0x4, 0x7, 0x3, 0x8}, &(0x7f0000000000)=0x98)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000140)={r0, 0x1f, 0x30}, 0xc)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)

21:48:24 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0xffffff7f}, 0x0)

21:48:24 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x9effffff}, 0x0)

21:48:24 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd601bfc97004d8800fe800000000000000000000000000000ff02000000000000000000000000000100004e20004d9078e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3710c37ed0"], 0x0)

21:48:24 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x4000000}, 0x1c)

[ 2033.018586][T12915] binder: 12905 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2033.018597][T12915] binder: 12905:12915 ioctl c018620c 20000200 returned -22
[ 2033.022022][T12911] IPVS: ftp: loaded support on port[0] = 21
21:48:25 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0xffffff9e}, 0x0)

21:48:25 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ffb000/0x2000)=nil)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000080)=""/19)
openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

[ 2033.326704][T12931] binder: 12930 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2033.326755][T12931] binder: 12930:12931 ioctl c018620c 20000200 returned -22
[ 2033.674303][T12911] IPVS: ftp: loaded support on port[0] = 21
21:48:25 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x5000000}, 0x1c)

21:48:25 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0xf0ffffff}, 0x0)

21:48:25 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0xfffffff0}, 0x0)

21:48:25 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x02L\x00'}, &(0x7f0000000300)=0x54)

21:48:25 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ffb000/0x2000)=nil)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000080)=""/19)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r2, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r4 = getpid()
write$FUSE_LK(r3, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r4}}}, 0x28)
ioctl$BLKTRACESTOP(r3, 0x1275, 0x0)
r5 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r5, 0x3a)
r6 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r3, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r6, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:25 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffeda}}], 0x193, 0x2, 0x0)
r1 = dup(r0)
ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f00000015c0)=<r2=>0x0)
tkill(r2, 0x3a)
getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffff9c, 0x84, 0x70, &(0x7f00000000c0)={<r3=>0x0, @in={{0x2, 0x4e24, @rand_addr=0x44b5}}, [0x8, 0x9, 0x9, 0x2, 0x6, 0xffffffffffffffff, 0x2eb, 0x95e, 0x800, 0x7, 0x200, 0x5, 0x1f, 0xffff, 0xeed1]}, &(0x7f00000001c0)=0x100)
setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r0, 0x84, 0x23, &(0x7f0000000200)={r3, 0x1}, 0x8)
r4 = syz_open_dev$usbmon(0x0, 0x0, 0x0)
io_cancel(0x0, 0x0, 0x0)
getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, 0x0, 0x0)
ioctl$EVIOCGBITKEY(0xffffffffffffffff, 0x80404521, 0x0)
r5 = open(&(0x7f0000000280)='./bus\x00', 0x141042, 0x0)
add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffa)
connect$pppoe(r4, &(0x7f0000001580)={0x18, 0x0, {0x2, @link_local, 'caif0\x00'}}, 0x1e)
ftruncate(r5, 0x7fff)
sendfile(r5, r5, 0x0, 0x800000000002)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)
ioctl$SG_SET_COMMAND_Q(r4, 0x2271, &(0x7f0000000040)=0x1)
io_setup(0x1, &(0x7f00000002c0)=<r6=>0x0)
io_submit(r6, 0x2, &(0x7f0000001540)=[&(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x40, r5, &(0x7f0000000400)="81fb999178bb3581c6a27046ae9612659f6ee547296f46e07146c2e864bcdfc72816383c664750745f2f80550b546f63306984ac4707f826a2eb0bc062dd877afc61cdc90c433f7c4ca675a1894a695d9289a4fc3d13ae52929ef3e5ee4348dbbc96ed5ea9afeaea2467b98c6bdb0f735abd1a4e57c18ecc0e8a4589f116f6335f43210d1f937089d473ddc26efa48ce4a97211143327734040c880424dabe3c60c29bf17c6bacbc96726c189a8cdc6aae1d1e6a3771ef802cc09de9a20e640f6d724c2fe555b591e37805d27921a3d0de43c75f2293627cba75e972262068bc0957292c60f566b9a0fc3f53ef870776b469935a2783e64f1d45e02d8f03973cfdd91e3675e44fee691e4cb0a7a2d54b0eca8ca9804f0f85d304a89b31ffdfa1a32a50fc649dba59ff6b07b0a5c5413077c8725c34df01f67e16046f790e25d39848c8100f716edd3be6c25dfcafef1f41dadcd72924899bd170246e296652da63d9abb1807f86c1b524db4d160cf589d9fb24437df8491f56efb29c04a63b9df4dcde7e2f41986d1875a3d4ab1d0fc45297def7b48e7756c7abe6e7383d4a85da905477769d367fcaebf4bf42bf506ac6e187c762362f05b6e6e526a83159b073e0246ac749389768b4f6e8f53cbb42d1d4037932a6064793143c8b4aee85903a4387ebbebc610ec156b9b1ad7381b86c67421a7209a48420ded103460698dabf4b537d62ecc4b2d1f9818319ac8ef722dfd90e485c66b9e4d4f395d2f6445c4486d72ad85c077a6c8aa6665fe3fadfe7f5b6682e4e9b7c06f5f15f1bc1984dab9d1f3a28921519beec4329458f80b0d93e98def1c6b636446b950635e3a6711ada6b54935fa54f3e42b7d2053bcbf2484821d420c660f807780d3f0af6d41e9f12388a8bcd6da84ed645bdf1730a6b067988258627673b59243506b132970b261f61ea3af40ac4fc3d4c7032a19add0f7e8c918b25efc81dbed0e3028a9a0d01b43f30774c21536d70735102b7a5b46e8d2e7c2c55154722ae3ee8ffeb701a85f2e1220da32fdaba71d6aa8593bcd0275b54cb1e36f1651b495add8b6bafe17b0858bf861ec63bf68cf76b8f227146f7ddb58aee526cf1736fe323917ebcfb696e0ebe64feee4932eaa76cb775c6239f0ce6f9be3ad8c1ef55fdcc86c7a003371022165d94083c794548e0e623384db63ef747be0fe1335e9e1ad22cdccc7e8af7750dc340b51f54911b3da80a2eb53ca783eca3a3e57953e6dde8d1e4dd6f1c99458572db205f630e29b2054b264be6126e6c698cc3ebbf5346becc1747a3b3cf899797f405a3211b8131b6a052d8e502f78a0fc390dc3421ab76d6847cfeb7ba300d1012e6a5edf90be7eff814740825f8bc29c06b77431f0d77f83d5599904c0c5dbdc4c32ebcc682e9050eb0c2b263e996b084faf686a1590fe8d01897617bd3cb6854b5bb500f099d9ddcd676c202cfbbf5b5247d21dcb39f9ce9d3e5271b477dd427ead4a66958d8604dc08dd06ce840656a45815d6f75f15b3c06016627f8a4b61f499a18a806aa4007800d6b792b94200219291b4a488ee77efdf7990abb5a3383c1b32cdf21337fbbd3ee5d6306be6a29fa99f34826ee34ed67733c13d25c49aa1d5104fa4d3cccccc4c464d20273d30e572654556e44749e98d1e9064c96fe7fa582d7027c8b4e4dc720e14bae7b5e4d2b4a0eb721b7155d126db251568aeab513ce1eebf3b1b2a276c546d88f50d4710aed1efb3815ddc416b48641af838a9669ba4e88ddffea02a85c131972938524ff1c52f2cc331c9c1ad6e2134e248bbb49f634d3118bb083ae2716ee0d5ff0571dd37921f20c2838ead72b01334607170991ee952eb657429d4173569774d3e96e0c83e55157c4d068467fb18ff5e49445fff33419fb85170d2e5cbbf216dba78564e472869215efe9fb16c339b1b2e73d0fb512b5d8b159c5f5d54f95aaac9f7535220f03b3b23cb73c5c6b226bbc58722d849bb4dd64fb10067f220d9097226c0ca701c6d3046ccffcd486e96008dc4ad16c9d365568adec4f10e04d0ba5dfb20421f2d5a8681acb5118565971bb136d80db2af5cac244124f14363ef92ecf2f67b5fbd4c5958f11935f8c5d012bf4d06efc47ad3d61040ffdc6f4ad19104d81280d9447a91632a55c2b9cb10a888bc72038d42482d46f74ffd8da9e5ee71b987d17df49e8102d8165e246fb1e71d7fd0bcc8509e2053cacf2fc23be5c07738e4db0fb0c26f3acdb2e8e7fb4553896172bd205cf566674931baa6948407ade8bcca14c4301cc9daf6fa930865a6b9163d673ed10236eeb66abfee57e2e67d7655feb69b152c1843eec111dcd69d196741b9e7be8630173c987a944ac87d601dad09cf98c0f1a6bfc762e78c7c4b0e0bc84b5adab06db847a3a76ff1a0a622105661cb42b1dd465a48559cc3b808e6793dee4422655633c0928b41f15c39ab6ad60c8021829b729b74f62e69287a34b2133610338a0915a53756561ff310f831b25c36a8c22dbf9d5f904138bac98b5d0592b892095f6dd5287a8d9170f58b3d5d6d8598b39dfe6dc27512e658813fbeab6690b90fb8a87f2c83e7197d08f7bc41b06059be7a61bf13333aba648f2702dddd68efbf7289c09ef480112397938b36a1d9f39ecf3804a762ff98dd3fbc3d5bf9fb3d8f3857ac5c65db78f77b28864ddf866fa385c58c291ad312c8645716853f51a1f08945fc6b142a991a05340a3f701f0d3ad346ab94939383a911b1b01cd04b6f5112728995931218ea26c3645a1f73b40c1f6c58090feafb1cdf1a031bb78d18ddd76995b7ad5ef76e720039cb5eee8f6d8911b796694d68ad11b0de431fc7ddf7d24c7303771707729a91058c83428d63c0d615628fb4fc1080d5a5587c2f9c0f4cfc749e6da511f308c4abaf14b003289b0c22f6bdd014bd322c534b100cd234d7df235f05d8f2793584262a0b23dd1268b9b1a51549c73c3c460e9c162b342fcebb619b828e1c5b79674983b721d371129cef9348bf90b9ac54158eb3e41210d5b68802350cd5775ee9441ed9fe89be82106e0a80c58d5004eaf9331620148ff75094bbfb56c8d33f9d4be194f014013b5708e5431f6fec9366b6b75fdd0473922c88564b28179b46fa7e7a31a47b8c2afd7974289b87cf934cf0cb98f075fafac5c707e767ddd18a457001d242a244f62b5866d97a258487e951f3b31d64cf74b5aa222ab405e60d3f6de812b888dfae8203e5eb03934280a66940d76e02eb2c1879ccc281659242a13c1713cee17945a744da2b315d2ad981f299e34715695c5b9ebe48af2c4e68ad026fcb319f6db76354198d7f016cbdf7975c4a3eadd6280df1180b354cd8346df85ac2cefd61ef6c1af1dccb38d5d6c66cdc3c593b32eef7c55a10ea309634e9a173145ca7b01f4378fd151b6566a70d94babf930e4266f13ce1f19a428647c13cb9936fde8ef1b673c7f6b5cb480a427b294a74af869b0be5fd65643307801e9d5881436bc3ab96d3eb45d4055757845678756f33b3d3d759df4fa192f2f8298ad041f8940bc076fee1eafa304238a0daaf5374433b9ae2866c8162842ab88218d202b0484806205a4dc5be5d1797cd4c3e237209ab522817970803edca15e4f088b48b6a1247741189a7bd9e34bc55bce3a43c9cb8e2db5ee239229fdf2b134d517862a4ae7b13e1f7fbb15c4e0f36e01227a93961ba3a76db3094e1ac0dc3741aaec7a27ebc3d7070ccf745cdbde9c6747a6ece3a5e63fa7896febe41aa7275719c4f71c64f01fe733a259772b28824c17fe6917f8f42a28ed607949afacd379fde8ca576fc28a6523bb8c67edc465d42e4d79fad3a6351f646130134bf43c6324b2df5c2237a9f3ebd061def5b95ad514c9364417a23a908f82b4b54409ba320670f2db5c441e1daa4dcf197edf15ca0f056889b6c5532ea38b3dd7fdf84826faf77757e9293d7d97bf15f27917f3978af0723da648e769575ed49a41216477de2af0e34a8cb9c40328fc3810716b089793a8654d81e8bf8f1859f187a2c578f36567182d43b32285c5ea727b88d06f06eed32295425361cac0197697d6d2f02cab088d7f3ce1051dec3e7725277044b78a1b2ce87260a32f23299987ee9f0da336bd803e1933e25a9f41997c39d0c68b8b1a8de11ddb037226673f02fc4f7fff31f5448e2e35c2ffde7745282822981de8c62dd84fd30a1877890faecd4a12001d2397f0945652eb18ef8d80b1c20028b7660e4b9f8c4a028fd9c52d90d18b1ade4438384f320be145d91e261d54652b3754184b70133d364e76349692aaaf000dee58a41d02d399ff3fbd7b25aaddce45f0e008a88914d3dbf08df463ec7cacc1adadf713879cc697b349138788ebced1662e20bf2aadbe1c582bbaa91e6f2821d4646dbd70076e321c7d7c954dbbaf379921c756a97c39ae0896fb9d15f19b0a7253849ae630bdb09293f36c9ab4284d45bdb000b552855cc9dfd5752ffc8d6e2b3fa4298bfa1f0806745ee2bdd9516d014baef4075774849c344ab00ee84cb6d5023e203d5bbf88ea473371fd71fa92c710e7359be9cc4ef83821606acc849710b1f0af56e0da8dd364ed4a3492b8ed01c97d2f3ce0c2d7fc0934a709dcc51fd4cafe6a87c0ec5c0705edb0dce98a83f53d2c62771f6c5b8f88cbfa97514ef68ec4dbd6d536f8c3b563f9fb66d8fd7907c2fed93c6735ca138ab1b889cf90aea11218b19c75e435bae6474f380046e205c44f32a3161e7a4df752cdb98e5cc0adc3723eddd4fb8e36d70ad0732e7590aa8a2ac1ec1492ac0a1a76c4bb47b2278f824a04d4413c4ea181adee34a0e20d48189c6c033d8e914bd4b457e478df1830904a69c5b97b8294d950407ec79036d378c18de91a1379fa8e17235bb03fb8862f8e62168d1c5ef717bc1b2014d620d86b449281081bd8ff821e06612a1c0220474cc93bb9d60ac51e5f92a42256a0c4f8245153860304265b538d57d8c8766d3fe2b111977f03707842056d9567e0acb5e8da6ef9e6539c09013d30dc1a7fc8846c622577fee4a0b8b0ed92b43a15236613afe1eead82d36330430e67f52010f857552c287f2457933c74b8b187f7bcecb1a5fb9e04bdfae77718db53de8b1b3e14823d855cf8997315a733e5c6b0d9f933857b142271c2cc69b57f733b63e94ea72c948614d269854021a28a8da208972ad419a71d2ddc95e49a6be0628fba402c2408cad541db5e5b3c43b24a45475150741784d5d4ae4f836fb0a6e8649a41363194584d30f6762364df0be8d8da4d8638df503c25f5f2b4d10dbb1f49735d052ac23eb8ad6bf2eeb8ba897862bfd048021cc1159fe99b938f8f329082df6922af4b738f0a78843d1066a845cac11c34ea08851b1b37bb2950edba4b3de2ebd625352d82d19bd07afeae2a6fe290afba084cf1c6f71cc2181bba174c4ac714166a8fbc7b81e6c1ad65d5c754f7ea8e279335eeff7c2d8c3a45507ed15bc1bb573865e8fb0bc3e898540165d7d4c948a08ca2aae0ec80646dacf882dc5475b4cf09bc74d7d8d4bcc8d08d7ced4325e828e393c950275c1b3dc9f033382eb42149c749fdddd71323e51d9bb1c367540a72cf3b274422392e2c15cb9f72f808b98f2d4912120babb81ff69d253792eec50222452704574a6d3bdfac9133775a24525a7a1c9edda6a3e1e972efc9686210c9096851d00381204ad3319aa2a9f20a3a0dbc9743aa793adc11561f6864fba1f60bca5fec8a9990a898c1a561ccf94f7e4b7725e4", 0x1000, 0x6, 0x0, 0x1, r5}, &(0x7f0000001500)={0x0, 0x0, 0x0, 0x1, 0x3, r5, &(0x7f0000001400)="8b157b54bd3d11b71143eb6569f093c0a2dc394e053e9e3dc237cc3f392ab5f270f47092a7dbb85e7e11a995c5324c3c9715c425c8301be59f5935abc603a08e81a43052ff613397ffbb8963b1f769f6ab3b0500d637839dfe3b7c3d540c13eea7ba998ff67b782af41a66c644664ebbd7bf8b3bc170793ddea5688cb055971fdd964ed55ffb91504bf13c3f0b416b83d5d8156d9e6ad98920e195f197a85af96ddd8b8ede6939333b0f85f96c0297497a738b3d4cc9d47e84a88e34d2d33d92ac62dd5c8d857ce0e9fa427e5291916cf1f9fca98cb83e8303a631d38b64178fe300bcf487a4a97e3c1980885e9bb34ada05e8c5e405840d4e81ae51", 0xfc, 0x6, 0x0, 0x0, r4}])
symlink(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='./file0\x00')

21:48:25 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x3000000000000}, 0x0)

21:48:25 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x6000000}, 0x1c)

[ 2033.995836][T12937] syz-executor3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000
[ 2034.010178][T12946] IPVS: ftp: loaded support on port[0] = 21
[ 2034.046415][T12937] CPU: 0 PID: 12937 Comm: syz-executor3 Not tainted 5.0.0-rc1-next-20190109 #8
[ 2034.055422][T12937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2034.055441][T12937] Call Trace:
[ 2034.068837][T12937]  dump_stack+0x1db/0x2d0
[ 2034.073203][T12937]  ? dump_stack_print_info.cold+0x20/0x20
[ 2034.078963][T12937]  ? check_preemption_disabled+0x48/0x290
[ 2034.084740][T12937]  dump_header+0x1e6/0x116c
[ 2034.089287][T12937]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2034.094956][T12937]  ? perf_trace_lock+0x750/0x750
[ 2034.099956][T12937]  ? print_usage_bug+0xd0/0xd0
[ 2034.104788][T12937]  ? pagefault_out_of_memory+0x1a1/0x1a1
[ 2034.110477][T12937]  ? ___ratelimit+0x37c/0x686
[ 2034.115194][T12937]  ? mark_held_locks+0xb1/0x100
[ 2034.120070][T12937]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2034.120088][T12937]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2034.120120][T12937]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2034.131767][T12937]  ? trace_hardirqs_on+0xbd/0x310
[ 2034.131787][T12937]  ? kasan_check_read+0x11/0x20
[ 2034.131809][T12937]  ? ___ratelimit+0x37c/0x686
[ 2034.151733][T12937]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2034.157580][T12937]  ? do_raw_spin_trylock+0x270/0x270
[ 2034.157606][T12937]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2034.157619][T12937]  ? lock_acquire+0x1db/0x570
[ 2034.157645][T12937]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 2034.157660][T12937]  ? ___ratelimit+0xac/0x686
[ 2034.157676][T12937]  ? idr_get_free+0xee0/0xee0
[ 2034.157691][T12937]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2034.157717][T12937]  oom_kill_process.cold+0x10/0x9ca
[ 2034.157738][T12937]  ? cgroup_procs_next+0x70/0x70
[ 2034.157755][T12937]  ? _raw_spin_unlock_irq+0x5e/0x90
[ 2034.157769][T12937]  ? oom_badness+0xa50/0xa50
[ 2034.157788][T12937]  ? oom_evaluate_task+0x540/0x540
[ 2034.157815][T12937]  ? mem_cgroup_iter_break+0x30/0x30
[ 2034.168866][T12937]  ? mutex_trylock+0x2d0/0x2d0
[ 2034.168884][T12937]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2034.168917][T12937]  ? rcu_read_unlock_special+0x380/0x380
[ 2034.168944][T12937]  out_of_memory+0x885/0x1420
[ 2034.168963][T12937]  ? mem_cgroup_iter+0x4f4/0xf50
[ 2034.168981][T12937]  ? oom_killer_disable+0x340/0x340
[ 2034.168998][T12937]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[ 2034.169015][T12937]  ? lock_acquire+0x1db/0x570
[ 2034.169041][T12937]  mem_cgroup_out_of_memory+0x160/0x210
[ 2034.169056][T12937]  ? do_raw_spin_unlock+0xa0/0x330
[ 2034.169080][T12937]  ? memory_oom_group_write+0x160/0x160
[ 2034.184205][T12937]  ? do_raw_spin_trylock+0x270/0x270
[ 2034.184240][T12937]  ? _raw_spin_unlock+0x2d/0x50
21:48:26 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0xfffff000}, 0x0)

[ 2034.184263][T12937]  try_charge+0x1457/0x1d00
[ 2034.184291][T12937]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 2034.214651][T12937]  ? find_held_lock+0x35/0x120
[ 2034.214672][T12937]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[ 2034.214693][T12937]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2034.214722][T12937]  ? lock_downgrade+0xbe0/0xbe0
[ 2034.267062][T12937]  ? kasan_check_read+0x11/0x20
[ 2034.267083][T12937]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2034.267111][T12937]  ? rcu_read_unlock_special+0x380/0x380
[ 2034.297999][T12937]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[ 2034.298023][T12937]  __memcg_kmem_charge_memcg+0x7c/0x130
[ 2034.298044][T12937]  ? memcg_kmem_put_cache+0xb0/0xb0
[ 2034.313907][T12937]  ? lock_release+0xc40/0xc40
[ 2034.352707][T12937]  __memcg_kmem_charge+0x136/0x300
[ 2034.352733][T12937]  __alloc_pages_nodemask+0x7b8/0xdc0
[ 2034.352759][T12937]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[ 2034.352776][T12937]  ? rcu_pm_notify+0xd0/0xd0
[ 2034.352802][T12937]  ? rcu_read_lock_sched_held+0x110/0x130
[ 2034.389124][T12937]  ? kmem_cache_alloc_node+0x347/0x710
[ 2034.394619][T12937]  ? print_usage_bug+0xd0/0xd0
[ 2034.399416][T12937]  copy_process+0x847/0x8700
[ 2034.404023][T12937]  ? print_usage_bug+0xd0/0xd0
[ 2034.408806][T12937]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2034.415054][T12937]  ? check_preemption_disabled+0x48/0x290
[ 2034.415081][T12937]  ? __lock_acquire+0x572/0x4a10
[ 2034.415094][T12937]  ? mark_held_locks+0x100/0x100
[ 2034.415124][T12937]  ? __cleanup_sighand+0x70/0x70
[ 2034.415144][T12937]  ? mark_held_locks+0x100/0x100
[ 2034.415159][T12937]  ? find_held_lock+0x35/0x120
[ 2034.415180][T12937]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2034.452027][T12937]  ? check_preemption_disabled+0x48/0x290
[ 2034.457772][T12937]  ? debug_smp_processor_id+0x1c/0x20
[ 2034.463168][T12937]  ? perf_trace_lock_acquire+0x138/0x7d0
[ 2034.468825][T12937]  ? delayacct_end+0xc9/0x100
[ 2034.473525][T12937]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2034.479792][T12937]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2034.479808][T12937]  ? perf_trace_lock+0x750/0x750
[ 2034.479824][T12937]  ? perf_trace_lock_acquire+0x138/0x7d0
[ 2034.479846][T12937]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2034.479861][T12937]  ? find_held_lock+0x35/0x120
[ 2034.479879][T12937]  ? print_usage_bug+0xd0/0xd0
[ 2034.479899][T12937]  ? psi_memstall_leave+0x1f8/0x280
[ 2034.479912][T12937]  ? find_held_lock+0x35/0x120
[ 2034.479929][T12937]  ? __lock_acquire+0x572/0x4a10
[ 2034.479946][T12937]  ? _raw_spin_unlock_irq+0x28/0x90
[ 2034.479962][T12937]  ? _raw_spin_unlock_irq+0x28/0x90
[ 2034.479977][T12937]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2034.479993][T12937]  ? trace_hardirqs_on+0xbd/0x310
[ 2034.480013][T12937]  ? mark_held_locks+0x100/0x100
[ 2034.480036][T12937]  ? check_preemption_disabled+0x48/0x290
[ 2034.511403][T12937]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2034.511421][T12937]  ? check_preemption_disabled+0x48/0x290
[ 2034.511441][T12937]  ? debug_smp_processor_id+0x1c/0x20
[ 2034.511457][T12937]  ? perf_trace_lock_acquire+0x138/0x7d0
[ 2034.511480][T12937]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2034.511495][T12937]  ? perf_trace_lock+0x750/0x750
[ 2034.511508][T12937]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2034.511535][T12937]  ? try_to_free_pages+0xb70/0xb70
[ 2034.563967][T12937]  ? percpu_ref_put_many+0x129/0x270
[ 2034.563993][T12937]  ? blkcg_maybe_throttle_current+0x75e/0x13c0
[ 2034.564014][T12937]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2034.564039][T12937]  _do_fork+0x1a9/0x1170
[ 2034.564064][T12937]  ? fork_idle+0x1d0/0x1d0
[ 2034.564093][T12937]  ? trace_hardirqs_off+0xb8/0x310
[ 2034.564106][T12937]  ? get_mctgt_type_thp.isra.0+0x4c0/0x4c0
[ 2034.564131][T12937]  ? prepare_exit_to_usermode+0x32e/0x3b0
[ 2034.633180][T12937]  ? do_syscall_64+0x8c/0x800
[ 2034.633197][T12937]  ? do_syscall_64+0x8c/0x800
[ 2034.633215][T12937]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2034.633234][T12937]  ? trace_hardirqs_on+0xbd/0x310
[ 2034.633256][T12937]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2034.633273][T12937]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2034.633296][T12937]  __x64_sys_clone+0xbf/0x150
[ 2034.633317][T12937]  do_syscall_64+0x1a3/0x800
[ 2034.685576][T12937]  ? syscall_return_slowpath+0x5f0/0x5f0
[ 2034.691242][T12937]  ? prepare_exit_to_usermode+0x232/0x3b0
[ 2034.696992][T12937]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2034.702558][T12937]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2034.702585][T12937] RIP: 0033:0x45a899
[ 2034.702609][T12937] Code: ff 48 85 f6 0f 84 97 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 6e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75
[ 2034.702618][T12937] RSP: 002b:00007ffd98177ae8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038
[ 2034.702634][T12937] RAX: ffffffffffffffda RBX: 00007f58d40c0700 RCX: 000000000045a899
[ 2034.702645][T12937] RDX: 00007f58d40c09d0 RSI: 00007f58d40bfdb0 RDI: 00000000003d0f00
[ 2034.702655][T12937] RBP: 00007ffd98177cf0 R08: 00007f58d40c0700 R09: 00007f58d40c0700
[ 2034.702665][T12937] R10: 00007f58d40c09d0 R11: 0000000000000202 R12: 0000000000000000
[ 2034.702674][T12937] R13: 00007ffd98177b9f R14: 00007f58d40c09c0 R15: 000000000073bf0c
[ 2034.730774][T12937] memory: usage 307172kB, limit 307200kB, failcnt 3909
21:48:26 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x40030000000000}, 0x0)

21:48:26 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x7000000}, 0x1c)

21:48:26 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0xffffff7f}, 0x0)

[ 2034.836712][T12937] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2034.844775][T12937] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2034.866788][T12937] Memory cgroup stats for /syz3: cache:56KB rss:244288KB rss_huge:212992KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:244408KB inactive_file:0KB active_file:4KB unevictable:0KB
[ 2034.907319][T12937] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor3,pid=27068,uid=0
21:48:26 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0xf0ffffffffffff}, 0x0)

21:48:26 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0xffffff9e}, 0x0)

21:48:26 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x8000000}, 0x1c)

[ 2034.967373][T12937] Memory cgroup out of memory: Kill process 27068 (syz-executor3) score 1107 or sacrifice child
[ 2034.994511][T12937] Killed process 27068 (syz-executor3) total-vm:70532kB, anon-rss:2204kB, file-rss:33748kB, shmem-rss:0kB
[ 2035.193086][T12979] binder: 12937 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2035.193159][T12979] binder: 12937:12979 ioctl c018620c 20000200 returned -22
[ 2035.374830][T12946] IPVS: ftp: loaded support on port[0] = 21
21:48:27 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00b\x00'}, &(0x7f0000000300)=0x54)

21:48:27 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x181100, 0x0)
ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(r1, 0xc008551b, &(0x7f0000000080)={0x7fff, 0x8, [0xdb5, 0x1]})
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)

21:48:27 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0xfffffff0}, 0x0)

21:48:27 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x100000000000000}, 0x0)

21:48:27 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ffb000/0x2000)=nil)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000080)=""/19)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r2, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r4 = getpid()
write$FUSE_LK(r3, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r4}}}, 0x28)
ioctl$BLKTRACESTOP(r3, 0x1275, 0x0)
r5 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r5, 0x3a)
r6 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r3, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r6, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:27 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x9000000}, 0x1c)

21:48:27 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x3000000000000}, 0x0)

21:48:27 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0xa000000}, 0x1c)

21:48:27 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x200000000000000}, 0x0)

[ 2035.702258][T12990] syz-executor3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2035.720200][T13000] IPVS: ftp: loaded support on port[0] = 21
[ 2035.732790][T12990] CPU: 0 PID: 12990 Comm: syz-executor3 Not tainted 5.0.0-rc1-next-20190109 #8
[ 2035.741775][T12990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2035.751849][T12990] Call Trace:
[ 2035.755160][T12990]  dump_stack+0x1db/0x2d0
[ 2035.759501][T12990]  ? dump_stack_print_info.cold+0x20/0x20
[ 2035.765226][T12990]  ? check_preemption_disabled+0x48/0x290
[ 2035.770972][T12990]  dump_header+0x1e6/0x116c
[ 2035.775495][T12990]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2035.781142][T12990]  ? perf_trace_lock+0x750/0x750
[ 2035.786107][T12990]  ? print_usage_bug+0xd0/0xd0
[ 2035.790889][T12990]  ? pagefault_out_of_memory+0x1a1/0x1a1
[ 2035.796532][T12990]  ? ___ratelimit+0x37c/0x686
21:48:27 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x300000000000000}, 0x0)

[ 2035.796558][T12990]  ? mark_held_locks+0xb1/0x100
[ 2035.796588][T12990]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2035.796611][T12990]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2035.796625][T12990]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2035.796641][T12990]  ? trace_hardirqs_on+0xbd/0x310
[ 2035.796657][T12990]  ? kasan_check_read+0x11/0x20
[ 2035.796669][T12990]  ? ___ratelimit+0x37c/0x686
[ 2035.796683][T12990]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2035.796698][T12990]  ? do_raw_spin_trylock+0x270/0x270
[ 2035.796718][T12990]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2035.832981][T12990]  ? lock_acquire+0x1db/0x570
[ 2035.833007][T12990]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 2035.833023][T12990]  ? ___ratelimit+0xac/0x686
[ 2035.833040][T12990]  ? idr_get_free+0xee0/0xee0
[ 2035.833054][T12990]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2035.833083][T12990]  oom_kill_process.cold+0x10/0x9ca
[ 2035.884753][T12990]  ? cgroup_procs_next+0x70/0x70
[ 2035.884778][T12990]  ? _raw_spin_unlock_irq+0x5e/0x90
[ 2035.884801][T12990]  ? oom_badness+0xa50/0xa50
[ 2035.899522][T12990]  ? oom_evaluate_task+0x540/0x540
[ 2035.904646][T12990]  ? mem_cgroup_iter_break+0x30/0x30
[ 2035.909943][T12990]  ? mutex_trylock+0x2d0/0x2d0
[ 2035.914716][T12990]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2035.920977][T12990]  ? rcu_read_unlock_special+0x380/0x380
[ 2035.926641][T12990]  out_of_memory+0x885/0x1420
[ 2035.926663][T12990]  ? mem_cgroup_iter+0x4f4/0xf50
[ 2035.926685][T12990]  ? oom_killer_disable+0x340/0x340
[ 2035.926702][T12990]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[ 2035.926718][T12990]  ? lock_acquire+0x1db/0x570
21:48:27 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x400000000000000}, 0x0)

[ 2035.926745][T12990]  mem_cgroup_out_of_memory+0x160/0x210
[ 2035.926759][T12990]  ? do_raw_spin_unlock+0xa0/0x330
[ 2035.926775][T12990]  ? memory_oom_group_write+0x160/0x160
[ 2035.926787][T12990]  ? do_raw_spin_trylock+0x270/0x270
[ 2035.926813][T12990]  ? _raw_spin_unlock+0x2d/0x50
[ 2035.926828][T12990]  try_charge+0x1457/0x1d00
[ 2035.926841][T12990]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[ 2035.926863][T12990]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 2035.926874][T12990]  ? lock_downgrade+0xbe0/0xbe0
[ 2035.926891][T12990]  ? kasan_check_read+0x11/0x20
[ 2035.926912][T12990]  ? rcu_read_unlock_special+0x380/0x380
[ 2035.968327][T12990]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[ 2035.968349][T12990]  ? get_mem_cgroup_from_page+0x190/0x190
[ 2035.968375][T12990]  ? rcu_read_lock_sched_held+0x110/0x130
[ 2035.968399][T12990]  mem_cgroup_try_charge+0x43a/0xdb0
[ 2035.983026][T12990]  ? mem_cgroup_protected+0xa10/0xa10
[ 2035.983053][T12990]  ? check_preemption_disabled+0x48/0x290
[ 2035.983070][T12990]  ? print_usage_bug+0xd0/0xd0
[ 2035.983090][T12990]  ? __lock_acquire+0x572/0x4a10
[ 2036.021047][T12990]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 2036.021062][T12990]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 2036.021090][T12990]  mem_cgroup_try_charge_delay+0x1f/0xa0
[ 2036.021117][T12990]  wp_page_copy+0x45a/0x1c70
[ 2036.065315][T12990]  ? __lock_acquire+0x572/0x4a10
[ 2036.065344][T12990]  ? pmd_pfn+0x1d0/0x1d0
[ 2036.065360][T12990]  ? find_held_lock+0x35/0x120
[ 2036.065377][T12990]  ? do_wp_page+0x894/0x1e80
[ 2036.065408][T12990]  ? kasan_check_read+0x11/0x20
[ 2036.098936][T12990]  ? do_raw_spin_unlock+0xa0/0x330
[ 2036.104053][T12990]  ? _vm_normal_page+0x15d/0x3d0
[ 2036.109001][T12990]  ? do_raw_spin_trylock+0x270/0x270
[ 2036.114298][T12990]  ? print_usage_bug+0xd0/0xd0
[ 2036.114325][T12990]  do_wp_page+0x89c/0x1e80
[ 2036.114339][T12990]  ? find_held_lock+0x35/0x120
[ 2036.114363][T12990]  ? finish_mkwrite_fault+0x4f0/0x4f0
[ 2036.114377][T12990]  ? __lock_acquire+0x572/0x4a10
[ 2036.114397][T12990]  ? lock_acquire+0x1db/0x570
[ 2036.123583][T12990]  ? __handle_mm_fault+0x1d80/0x55a0
[ 2036.148587][T12990]  ? kasan_check_write+0x14/0x20
[ 2036.153551][T12990]  ? do_raw_spin_lock+0x156/0x360
[ 2036.158619][T12990]  ? lock_release+0xc40/0xc40
[ 2036.163325][T12990]  ? rwlock_bug.part.0+0x90/0x90
[ 2036.168274][T12990]  ? pmd_devmap_trans_unstable+0x1d0/0x1d0
[ 2036.168291][T12990]  ? add_mm_counter_fast.part.0+0x40/0x40
[ 2036.168319][T12990]  __handle_mm_fault+0x2c8e/0x55a0
[ 2036.168346][T12990]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2036.184963][T12990]  ? check_preemption_disabled+0x48/0x290
[ 2036.184986][T12990]  ? handle_mm_fault+0x3cc/0xc80
[ 2036.185022][T12990]  ? lock_downgrade+0xbe0/0xbe0
[ 2036.185045][T12990]  ? kasan_check_read+0x11/0x20
[ 2036.206386][    C1] net_ratelimit: 26 callbacks suppressed
[ 2036.206394][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2036.210894][T12990]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2036.216638][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 2036.222218][T12990]  ? rcu_read_unlock_special+0x380/0x380
[ 2036.228351][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2036.233906][T12990]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2036.239644][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 2036.245226][T12990]  ? check_preemption_disabled+0x48/0x290
[ 2036.251631][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2036.257152][T12990]  handle_mm_fault+0x4ec/0xc80
[ 2036.257173][T12990]  ? __handle_mm_fault+0x55a0/0x55a0
[ 2036.257204][T12990]  __do_page_fault+0x5da/0xd60
[ 2036.262943][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 2036.268620][T12990]  do_page_fault+0xe6/0x7d8
[ 2036.268636][T12990]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2036.268656][T12990]  ? vmalloc_sync_all+0x30/0x30
21:48:28 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x40030000000000}, 0x0)

[ 2036.299265][T12990]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2036.299287][T12990]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2036.299315][T12990]  ? prepare_exit_to_usermode+0x232/0x3b0
[ 2036.299330][T12990]  ? page_fault+0x8/0x30
[ 2036.299354][T12990]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2036.322281][T12990]  ? page_fault+0x8/0x30
[ 2036.322299][T12990]  page_fault+0x1e/0x30
[ 2036.322313][T12990] RIP: 0033:0x40d130
[ 2036.322328][T12990] Code: 89 f8 49 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 74 ff ff ff bf 19 d5 4b 00 31 c0 e8 08 49 ff ff 31 ff e8 41 45 ff ff 90 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 36 33 64 00
[ 2036.322343][T12990] RSP: 002b:00007ffd98177b50 EFLAGS: 00010246
[ 2036.344515][T12990] RAX: 0000000020b24253 RBX: 000000007c39e4ec RCX: 0000001b2e920000
[ 2036.344525][T12990] RDX: 0000000000000000 RSI: 0000000000000253 RDI: ffffffff20b24253
[ 2036.344534][T12990] RBP: 0000000000000001 R08: 0000000020b24253 R09: 0000000020b24257
[ 2036.344543][T12990] R10: 00007ffd98177ce0 R11: 0000000000000246 R12: 000000000073bf00
[ 2036.344554][T12990] R13: 0000000080000000 R14: 00007f58d5ec1008 R15: 0000000000000001
[ 2036.368531][T12990] memory: usage 307200kB, limit 307200kB, failcnt 3932
[ 2036.417997][T12990] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2036.426589][T12990] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2036.433454][T12990] Memory cgroup stats for /syz3: cache:56KB rss:244284KB rss_huge:212992KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:244396KB inactive_file:0KB active_file:0KB unevictable:0KB
[ 2036.466296][T12990] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor3,pid=27341,uid=0
[ 2036.490249][T12990] Memory cgroup out of memory: Kill process 27341 (syz-executor3) score 1107 or sacrifice child
[ 2036.501695][T12990] Killed process 27341 (syz-executor3) total-vm:70532kB, anon-rss:2204kB, file-rss:33748kB, shmem-rss:0kB
[ 2036.593646][T13021] binder: 12990 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2036.593659][T13021] binder: 12990:13021 ioctl c018620c 20000200 returned -22
[ 2036.733281][T13000] IPVS: ftp: loaded support on port[0] = 21
[ 2036.766332][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 2036.772204][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 2036.778109][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 2036.778173][    C0] protocol 88fb is buggy, dev hsr_slave_1
21:48:28 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00c\x00'}, &(0x7f0000000300)=0x54)

21:48:28 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x800000000000000}, 0x0)

21:48:28 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0xf0ffffffffffff}, 0x0)

21:48:28 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd601bfc97004d8800fe800000000000000000000000000000ff02000000000000000000000000000100004e20004d9078e2fac33b042bd368236862531934ecb1c373d6ea51369e92fbd54218afe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"], 0x0)

21:48:28 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x10000000}, 0x1c)

21:48:28 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ffb000/0x2000)=nil)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000080)=""/19)
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r2, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r4 = getpid()
write$FUSE_LK(r3, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r4}}}, 0x28)
ioctl$BLKTRACESTOP(r3, 0x1275, 0x0)
r5 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r5, 0x3a)
r6 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r3, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r6, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:29 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x10000120}, 0x1c)

21:48:29 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x100000000000000}, 0x0)

21:48:29 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0xa00000000000000}, 0x0)

[ 2037.104035][T13034] IPVS: ftp: loaded support on port[0] = 21
[ 2037.125781][T13027] syz-executor3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2037.188594][T13027] CPU: 1 PID: 13027 Comm: syz-executor3 Not tainted 5.0.0-rc1-next-20190109 #8
[ 2037.197603][T13027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2037.207672][T13027] Call Trace:
[ 2037.210982][T13027]  dump_stack+0x1db/0x2d0
[ 2037.215467][T13027]  ? dump_stack_print_info.cold+0x20/0x20
[ 2037.221196][T13027]  ? check_preemption_disabled+0x48/0x290
[ 2037.226938][T13027]  dump_header+0x1e6/0x116c
[ 2037.231455][T13027]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2037.237110][T13027]  ? perf_trace_lock+0x750/0x750
[ 2037.242490][T13027]  ? print_usage_bug+0xd0/0xd0
[ 2037.247272][T13027]  ? pagefault_out_of_memory+0x1a1/0x1a1
[ 2037.252917][T13027]  ? ___ratelimit+0x37c/0x686
[ 2037.257625][T13027]  ? mark_held_locks+0xb1/0x100
[ 2037.262493][T13027]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2037.268317][T13027]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2037.274150][T13027]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2037.279457][T13027]  ? trace_hardirqs_on+0xbd/0x310
[ 2037.284503][T13027]  ? kasan_check_read+0x11/0x20
[ 2037.289365][T13027]  ? ___ratelimit+0x37c/0x686
[ 2037.294076][T13027]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2037.299913][T13027]  ? do_raw_spin_trylock+0x270/0x270
[ 2037.305219][T13027]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2037.310979][T13027]  ? lock_acquire+0x1db/0x570
[ 2037.315683][T13027]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 2037.321511][T13027]  ? ___ratelimit+0xac/0x686
[ 2037.326123][T13027]  ? idr_get_free+0xee0/0xee0
[ 2037.330816][T13027]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2037.336138][T13027]  oom_kill_process.cold+0x10/0x9ca
[ 2037.341367][T13027]  ? cgroup_procs_next+0x70/0x70
[ 2037.346337][T13027]  ? _raw_spin_unlock_irq+0x5e/0x90
[ 2037.351563][T13027]  ? oom_badness+0xa50/0xa50
[ 2037.356195][T13027]  ? oom_evaluate_task+0x540/0x540
[ 2037.361336][T13027]  ? mem_cgroup_iter_break+0x30/0x30
[ 2037.366646][T13027]  ? mutex_trylock+0x2d0/0x2d0
[ 2037.371439][T13027]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2037.377724][T13027]  ? rcu_read_unlock_special+0x380/0x380
[ 2037.383393][T13027]  out_of_memory+0x885/0x1420
[ 2037.388100][T13027]  ? mem_cgroup_iter+0x4f4/0xf50
[ 2037.393083][T13027]  ? oom_killer_disable+0x340/0x340
[ 2037.398315][T13027]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[ 2037.398335][T13027]  ? lock_acquire+0x1db/0x570
[ 2037.398365][T13027]  mem_cgroup_out_of_memory+0x160/0x210
[ 2037.398383][T13027]  ? do_raw_spin_unlock+0xa0/0x330
[ 2037.398400][T13027]  ? memory_oom_group_write+0x160/0x160
[ 2037.398412][T13027]  ? do_raw_spin_trylock+0x270/0x270
[ 2037.398440][T13027]  ? _raw_spin_unlock+0x2d/0x50
[ 2037.398463][T13027]  try_charge+0x1457/0x1d00
[ 2037.414502][T13027]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[ 2037.414531][T13027]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 2037.414546][T13027]  ? lock_downgrade+0xbe0/0xbe0
[ 2037.414563][T13027]  ? kasan_check_read+0x11/0x20
[ 2037.414608][T13027]  ? rcu_read_unlock_special+0x380/0x380
[ 2037.414632][T13027]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[ 2037.435447][T13027]  ? get_mem_cgroup_from_page+0x190/0x190
[ 2037.435474][T13027]  ? rcu_read_lock_sched_held+0x110/0x130
[ 2037.435497][T13027]  mem_cgroup_try_charge+0x43a/0xdb0
[ 2037.435520][T13027]  ? mem_cgroup_protected+0xa10/0xa10
[ 2037.435545][T13027]  ? print_usage_bug+0xd0/0xd0
[ 2037.456082][T13027]  ? finish_task_switch+0x1e9/0xac0
[ 2037.456107][T13027]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 2037.456121][T13027]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 2037.456147][T13027]  mem_cgroup_try_charge_delay+0x1f/0xa0
[ 2037.456167][T13027]  wp_page_copy+0x45a/0x1c70
[ 2037.456183][T13027]  ? __lock_acquire+0x572/0x4a10
[ 2037.456209][T13027]  ? pmd_pfn+0x1d0/0x1d0
21:48:29 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x20010010}, 0x1c)

[ 2037.472254][T13027]  ? find_held_lock+0x35/0x120
[ 2037.472271][T13027]  ? do_wp_page+0x894/0x1e80
[ 2037.472303][T13027]  ? kasan_check_read+0x11/0x20
[ 2037.472320][T13027]  ? do_raw_spin_unlock+0xa0/0x330
[ 2037.472334][T13027]  ? _vm_normal_page+0x15d/0x3d0
[ 2037.472348][T13027]  ? do_raw_spin_trylock+0x270/0x270
[ 2037.472370][T13027]  ? __schedule+0x89f/0x1e60
[ 2037.483849][T13027]  ? print_usage_bug+0xd0/0xd0
[ 2037.483873][T13027]  do_wp_page+0x89c/0x1e80
[ 2037.483887][T13027]  ? find_held_lock+0x35/0x120
[ 2037.483910][T13027]  ? finish_mkwrite_fault+0x4f0/0x4f0
[ 2037.483924][T13027]  ? __lock_acquire+0x572/0x4a10
[ 2037.483943][T13027]  ? lock_acquire+0x1db/0x570
[ 2037.483964][T13027]  ? __handle_mm_fault+0x1d80/0x55a0
[ 2037.494640][T13027]  ? kasan_check_write+0x14/0x20
[ 2037.494658][T13027]  ? do_raw_spin_lock+0x156/0x360
[ 2037.494669][T13027]  ? lock_release+0xc40/0xc40
[ 2037.494686][T13027]  ? rwlock_bug.part.0+0x90/0x90
[ 2037.494706][T13027]  ? pmd_devmap_trans_unstable+0x1d0/0x1d0
[ 2037.494719][T13027]  ? add_mm_counter_fast.part.0+0x40/0x40
21:48:29 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x3f000000}, 0x1c)

[ 2037.494745][T13027]  __handle_mm_fault+0x2c8e/0x55a0
[ 2037.494771][T13027]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2037.504740][T13027]  ? check_preemption_disabled+0x48/0x290
[ 2037.504761][T13027]  ? handle_mm_fault+0x3cc/0xc80
[ 2037.504792][T13027]  ? lock_downgrade+0xbe0/0xbe0
[ 2037.504809][T13027]  ? kasan_check_read+0x11/0x20
[ 2037.504827][T13027]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2037.504844][T13027]  ? rcu_read_unlock_special+0x380/0x380
[ 2037.504862][T13027]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
21:48:29 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0xe00000000000000}, 0x0)

[ 2037.504882][T13027]  ? check_preemption_disabled+0x48/0x290
[ 2037.517406][T13027]  handle_mm_fault+0x4ec/0xc80
[ 2037.517427][T13027]  ? __handle_mm_fault+0x55a0/0x55a0
[ 2037.517457][T13027]  __do_page_fault+0x5da/0xd60
[ 2037.517485][T13027]  do_page_fault+0xe6/0x7d8
[ 2037.517501][T13027]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2037.517517][T13027]  ? vmalloc_sync_all+0x30/0x30
[ 2037.517529][T13027]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2037.517547][T13027]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2037.517580][T13027]  ? prepare_exit_to_usermode+0x232/0x3b0
[ 2037.527802][T13027]  ? page_fault+0x8/0x30
[ 2037.527823][T13027]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2037.527840][T13027]  ? page_fault+0x8/0x30
[ 2037.527856][T13027]  page_fault+0x1e/0x30
[ 2037.527871][T13027] RIP: 0033:0x40d130
[ 2037.527887][T13027] Code: 89 f8 49 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 74 ff ff ff bf 19 d5 4b 00 31 c0 e8 08 49 ff ff 31 ff e8 41 45 ff ff 90 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 36 33 64 00
[ 2037.527895][T13027] RSP: 002b:00007ffd98177b50 EFLAGS: 00010246
[ 2037.527906][T13027] RAX: 00000000cb4ee433 RBX: 00000000955c87df RCX: 0000001b2e920000
[ 2037.527915][T13027] RDX: 0000000000000000 RSI: 0000000000000433 RDI: ffffffffcb4ee433
[ 2037.527923][T13027] RBP: 000000000000000a R08: 00000000cb4ee433 R09: 00000000cb4ee437
[ 2037.527938][T13027] R10: 00007ffd98177ce0 R11: 0000000000000246 R12: 000000000073bf00
[ 2037.537100][T13027] R13: 0000000080000000 R14: 00007f58d5ec1008 R15: 000000000000000a
[ 2037.569779][T13027] memory: usage 307200kB, limit 307200kB, failcnt 3963
[ 2037.706742][T13027] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2037.855730][T13038] IPVS: ftp: loaded support on port[0] = 21
[ 2037.864590][T13027] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2037.879321][T13027] Memory cgroup stats for /syz3: cache:56KB rss:244248KB rss_huge:212992KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:244396KB inactive_file:0KB active_file:0KB unevictable:0KB
[ 2037.933554][T13027] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor3,pid=27401,uid=0
[ 2037.953297][T13027] Memory cgroup out of memory: Kill process 27401 (syz-executor3) score 1107 or sacrifice child
[ 2037.964332][T13027] Killed process 27401 (syz-executor3) total-vm:70532kB, anon-rss:2204kB, file-rss:33748kB, shmem-rss:0kB
21:48:32 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\xff\xff\xfep\x00'}, &(0x7f0000000300)=0x54)

21:48:32 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x200000000000000}, 0x0)

21:48:32 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0xf00000000000000}, 0x0)

21:48:32 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x40000000}, 0x1c)

21:48:32 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x40, 0x0)
clock_gettime(0x0, &(0x7f0000000180)={<r2=>0x0, <r3=>0x0})
clock_gettime(0x0, &(0x7f00000001c0)={<r4=>0x0, <r5=>0x0})
utimensat(r1, &(0x7f0000000140)='./file0\x00', &(0x7f0000000200)={{r2, r3/1000+30000}, {r4, r5/1000+30000}}, 0x100)
ioctl$sock_bt_hidp_HIDPGETCONNINFO(r1, 0x800448d3, &(0x7f0000000080)={{0x5e, 0x3, 0xec, 0xfff, 0x4, 0xfffffffffffffe00}, 0x100000000, 0x10000, 0x3, 0x4, 0x3, "74e8a38970c864a49d17aa18f347b2efd072c8a85319b2686eda503c9ba119d721d8606cda027a3a91f17de6d238d4ceed6f5e4bb7ba9167ea8191be15a42b074a1ff79b7f9c2dfa813c2003ba600358338f3871716510c90937c9cfb30c5b104f624e5cb62e6da459051d036826443c4c9e66e740fd1df83771913e6aec9e20"})

21:48:32 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ffb000/0x2000)=nil)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000080)=""/19)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(0xffffffffffffffff, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:32 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x1000000000000000}, 0x0)

21:48:32 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x300000000000000}, 0x0)

21:48:32 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x78000000}, 0x1c)

[ 2040.235610][T13075] IPVS: ftp: loaded support on port[0] = 21
[ 2040.310005][T13068] syz-executor3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000
21:48:32 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x6000000000000000}, 0x0)

[ 2040.384385][T13068] CPU: 1 PID: 13068 Comm: syz-executor3 Not tainted 5.0.0-rc1-next-20190109 #8
[ 2040.393364][T13068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2040.393371][T13068] Call Trace:
[ 2040.393397][T13068]  dump_stack+0x1db/0x2d0
[ 2040.393418][T13068]  ? dump_stack_print_info.cold+0x20/0x20
[ 2040.393433][T13068]  ? check_preemption_disabled+0x48/0x290
[ 2040.393461][T13068]  dump_header+0x1e6/0x116c
[ 2040.427052][T13068]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2040.432708][T13068]  ? perf_trace_lock+0x750/0x750
[ 2040.437673][T13068]  ? print_usage_bug+0xd0/0xd0
[ 2040.442472][T13068]  ? pagefault_out_of_memory+0x1a1/0x1a1
[ 2040.448146][T13068]  ? ___ratelimit+0x37c/0x686
[ 2040.452864][T13068]  ? mark_held_locks+0xb1/0x100
[ 2040.457745][T13068]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2040.463589][T13068]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2040.469430][T13068]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2040.474734][T13068]  ? trace_hardirqs_on+0xbd/0x310
[ 2040.479780][T13068]  ? kasan_check_read+0x11/0x20
[ 2040.484645][T13068]  ? ___ratelimit+0x37c/0x686
[ 2040.489343][T13068]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2040.495174][T13068]  ? do_raw_spin_trylock+0x270/0x270
[ 2040.500478][T13068]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2040.506211][T13068]  ? lock_acquire+0x1db/0x570
[ 2040.510915][T13068]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 2040.516746][T13068]  ? ___ratelimit+0xac/0x686
[ 2040.521360][T13068]  ? idr_get_free+0xee0/0xee0
[ 2040.521389][T13068]  ? lockdep_hardirqs_on+0x415/0x5d0
21:48:32 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x8c1b000000000000}, 0x0)

[ 2040.521427][T13068]  oom_kill_process.cold+0x10/0x9ca
[ 2040.521458][T13068]  ? cgroup_procs_next+0x70/0x70
[ 2040.521492][T13068]  ? _raw_spin_unlock_irq+0x5e/0x90
[ 2040.546788][T13068]  ? oom_badness+0xa50/0xa50
[ 2040.551434][T13068]  ? oom_evaluate_task+0x540/0x540
[ 2040.556584][T13068]  ? mem_cgroup_iter_break+0x30/0x30
[ 2040.561904][T13068]  ? mutex_trylock+0x2d0/0x2d0
[ 2040.566689][T13068]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2040.572973][T13068]  ? rcu_read_unlock_special+0x380/0x380
[ 2040.578654][T13068]  out_of_memory+0x885/0x1420
21:48:32 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0xfc000000}, 0x1c)

[ 2040.583366][T13068]  ? mem_cgroup_iter+0x4f4/0xf50
[ 2040.583388][T13068]  ? oom_killer_disable+0x340/0x340
[ 2040.583407][T13068]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[ 2040.583425][T13068]  ? lock_acquire+0x1db/0x570
[ 2040.583452][T13068]  mem_cgroup_out_of_memory+0x160/0x210
[ 2040.583474][T13068]  ? do_raw_spin_unlock+0xa0/0x330
[ 2040.614761][T13068]  ? memory_oom_group_write+0x160/0x160
[ 2040.620328][T13068]  ? do_raw_spin_trylock+0x270/0x270
[ 2040.625649][T13068]  ? _raw_spin_unlock+0x2d/0x50
[ 2040.630521][T13068]  try_charge+0x1457/0x1d00
[ 2040.635039][T13068]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[ 2040.640624][T13068]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 2040.646181][T13068]  ? lock_downgrade+0xbe0/0xbe0
[ 2040.651054][T13068]  ? kasan_check_read+0x11/0x20
[ 2040.655939][T13068]  ? rcu_read_unlock_special+0x380/0x380
[ 2040.661654][T13068]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[ 2040.667236][T13068]  ? get_mem_cgroup_from_page+0x190/0x190
[ 2040.672995][T13068]  ? rcu_read_lock_sched_held+0x110/0x130
[ 2040.678753][T13068]  mem_cgroup_try_charge+0x43a/0xdb0
[ 2040.684063][T13068]  ? mem_cgroup_protected+0xa10/0xa10
[ 2040.684103][T13068]  ? __anon_vma_prepare+0x36d/0x760
[ 2040.684124][T13068]  ? anon_vma_fork+0x880/0x880
[ 2040.684139][T13068]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 2040.684160][T13068]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 2040.711979][T13068]  mem_cgroup_try_charge_delay+0x1f/0xa0
[ 2040.712004][T13068]  __handle_mm_fault+0x2594/0x55a0
[ 2040.712028][T13068]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2040.728341][T13068]  ? check_preemption_disabled+0x48/0x290
[ 2040.734102][T13068]  ? handle_mm_fault+0x3cc/0xc80
[ 2040.739085][T13068]  ? lock_downgrade+0xbe0/0xbe0
[ 2040.743967][T13068]  ? kasan_check_read+0x11/0x20
[ 2040.748944][T13068]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2040.748961][T13068]  ? rcu_read_unlock_special+0x380/0x380
[ 2040.748978][T13068]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2040.748994][T13068]  ? check_preemption_disabled+0x48/0x290
[ 2040.749020][T13068]  handle_mm_fault+0x4ec/0xc80
[ 2040.749041][T13068]  ? __handle_mm_fault+0x55a0/0x55a0
[ 2040.749053][T13068]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2040.749065][T13068]  ? vmacache_update+0x114/0x140
[ 2040.749089][T13068]  __do_page_fault+0x5da/0xd60
[ 2040.749113][T13068]  ? do_futex+0x2910/0x2910
[ 2040.749136][T13068]  do_page_fault+0xe6/0x7d8
[ 2040.749150][T13068]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2040.749166][T13068]  ? vmalloc_sync_all+0x30/0x30
[ 2040.749179][T13068]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2040.749204][T13068]  ? syscall_return_slowpath+0x5f0/0x5f0
[ 2040.773044][T13068]  ? prepare_exit_to_usermode+0x232/0x3b0
[ 2040.773061][T13068]  ? page_fault+0x8/0x30
[ 2040.773081][T13068]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2040.773104][T13068]  ? page_fault+0x8/0x30
[ 2040.773123][T13068]  page_fault+0x1e/0x30
[ 2040.854154][T13068] RIP: 0033:0x40f8ef
[ 2040.854174][T13068] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41
[ 2040.854183][T13068] RSP: 002b:00007ffd98177b30 EFLAGS: 00010206
[ 2040.854197][T13068] RAX: 00007f58d407f000 RBX: 0000000000020000 RCX: 0000000000457f1a
[ 2040.854206][T13068] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000
[ 2040.854217][T13068] RBP: 00007ffd98177c10 R08: ffffffffffffffff R09: 0000000000000000
[ 2040.854226][T13068] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd98177cf0
[ 2040.854235][T13068] R13: 00007f58d409f700 R14: 000000000073bfac R15: 000000000073bfac
[ 2040.906478][T13068] memory: usage 307168kB, limit 307200kB, failcnt 3992
[ 2040.949222][T13068] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2040.957762][T13068] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2040.964634][T13068] Memory cgroup stats for /syz3: cache:56KB rss:244228KB rss_huge:212992KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:244396KB inactive_file:0KB active_file:0KB unevictable:0KB
[ 2041.026298][T13068] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor3,pid=32452,uid=0
[ 2041.056313][T13068] Memory cgroup out of memory: Kill process 32452 (syz-executor3) score 1107 or sacrifice child
[ 2041.067161][T13068] Killed process 32452 (syz-executor3) total-vm:70532kB, anon-rss:2204kB, file-rss:33748kB, shmem-rss:0kB
[ 2041.261656][T13075] IPVS: ftp: loaded support on port[0] = 21
21:48:33 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00q\x00'}, &(0x7f0000000300)=0x54)

21:48:33 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x400000000000000}, 0x0)

21:48:33 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0xfe800000}, 0x1c)

21:48:33 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
r1 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x1, 0x14800)
ioctl$RNDADDTOENTCNT(r1, 0x40045201, &(0x7f0000000080)=0x100000000)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)

21:48:33 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x9effffff00000000}, 0x0)

21:48:33 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ffb000/0x2000)=nil)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(r1, 0x2, &(0x7f0000000080)=""/19)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(0xffffffffffffffff, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:33 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x800000000000000}, 0x0)

21:48:33 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0xf0ffffff00000000}, 0x0)

[ 2041.633440][T13102] binder: 13101 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2041.633474][T13102] binder: 13101:13102 ioctl c018620c 20000200 returned -22
21:48:33 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0xfec00000}, 0x1c)

[ 2041.698307][T13114] IPVS: ftp: loaded support on port[0] = 21
21:48:33 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0xa00000000000000}, 0x0)

21:48:33 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0xffffff7f00000000}, 0x0)

21:48:33 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ffb000/0x2000)=nil)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

[ 2042.091050][T13130] syz-executor3 invoked oom-killer: gfp_mask=0x6040c0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=1000
[ 2042.106379][T13130] CPU: 0 PID: 13130 Comm: syz-executor3 Not tainted 5.0.0-rc1-next-20190109 #8
[ 2042.115340][T13130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2042.125444][T13130] Call Trace:
[ 2042.128750][T13130]  dump_stack+0x1db/0x2d0
[ 2042.133106][T13130]  ? dump_stack_print_info.cold+0x20/0x20
[ 2042.138829][T13130]  ? check_preemption_disabled+0x48/0x290
[ 2042.138861][T13130]  dump_header+0x1e6/0x116c
[ 2042.138881][T13130]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2042.138894][T13130]  ? perf_trace_lock+0x750/0x750
[ 2042.138917][T13130]  ? print_usage_bug+0xd0/0xd0
[ 2042.149139][T13130]  ? pagefault_out_of_memory+0x1a1/0x1a1
[ 2042.149156][T13130]  ? ___ratelimit+0x37c/0x686
[ 2042.149179][T13130]  ? mark_held_locks+0xb1/0x100
[ 2042.149204][T13130]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2042.159740][T13130]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2042.159757][T13130]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2042.159774][T13130]  ? trace_hardirqs_on+0xbd/0x310
[ 2042.159792][T13130]  ? kasan_check_read+0x11/0x20
[ 2042.159810][T13130]  ? ___ratelimit+0x37c/0x686
[ 2042.170197][T13130]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2042.170213][T13130]  ? do_raw_spin_trylock+0x270/0x270
[ 2042.170227][T13130]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2042.170239][T13130]  ? lock_acquire+0x1db/0x570
[ 2042.170264][T13130]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 2042.170283][T13130]  ? ___ratelimit+0xac/0x686
[ 2042.179791][T13130]  ? idr_get_free+0xee0/0xee0
[ 2042.179807][T13130]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2042.179837][T13130]  oom_kill_process.cold+0x10/0x9ca
[ 2042.179858][T13130]  ? cgroup_procs_next+0x70/0x70
[ 2042.191444][T13130]  ? _raw_spin_unlock_irq+0x5e/0x90
[ 2042.191462][T13130]  ? oom_badness+0xa50/0xa50
[ 2042.191484][T13130]  ? oom_evaluate_task+0x540/0x540
[ 2042.191505][T13130]  ? mem_cgroup_iter_break+0x30/0x30
[ 2042.201773][T13130]  ? mutex_trylock+0x2d0/0x2d0
[ 2042.201790][T13130]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2042.201821][T13130]  ? rcu_read_unlock_special+0x380/0x380
[ 2042.211315][T13130]  out_of_memory+0x885/0x1420
[ 2042.211339][T13130]  ? mem_cgroup_iter+0x4f4/0xf50
[ 2042.222410][T13130]  ? oom_killer_disable+0x340/0x340
[ 2042.222430][T13130]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[ 2042.222450][T13130]  ? lock_acquire+0x1db/0x570
[ 2042.232821][T13130]  mem_cgroup_out_of_memory+0x160/0x210
[ 2042.232844][T13130]  ? do_raw_spin_unlock+0xa0/0x330
[ 2042.243207][T13130]  ? memory_oom_group_write+0x160/0x160
[ 2042.243222][T13130]  ? do_raw_spin_trylock+0x270/0x270
[ 2042.243251][T13130]  ? _raw_spin_unlock+0x2d/0x50
[ 2042.253172][T13130]  try_charge+0x1457/0x1d00
[ 2042.253204][T13130]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2042.253224][T13130]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2042.263339][T13130]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 2042.263372][T13130]  ? rcu_read_lock_sched_held+0x110/0x130
[ 2042.273124][T13130]  ? __alloc_pages_nodemask+0xaca/0xdc0
[ 2042.273155][T13130]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[ 2042.283519][T13130]  ? ____cache_alloc_node+0x1be/0x1e0
[ 2042.283535][T13130]  ? cache_grow_begin+0x58b/0x8c0
[ 2042.283554][T13130]  ? cache_grow_begin+0x58b/0x8c0
[ 2042.294545][T13130]  __memcg_kmem_charge_memcg+0x7c/0x130
[ 2042.294570][T13130]  ? memcg_kmem_put_cache+0xb0/0xb0
[ 2042.304854][T13130]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 2042.304869][T13130]  ? __cpuset_node_allowed+0x19f/0x640
[ 2042.304891][T13130]  cache_grow_begin+0x5b7/0x8c0
[ 2042.314985][T13130]  ? kasan_check_read+0x11/0x20
[ 2042.315000][T13130]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2042.315018][T13130]  ? mempolicy_slab_node+0x139/0x390
[ 2042.325485][T13130]  fallback_alloc+0x1fd/0x2d0
[ 2042.325512][T13130]  ____cache_alloc_node+0x1be/0x1e0
[ 2042.336152][T13130]  kmem_cache_alloc_node+0xe3/0x710
[ 2042.336168][T13130]  ? print_usage_bug+0xd0/0xd0
[ 2042.336203][T13130]  copy_process+0x405b/0x8700
[ 2042.347245][T13130]  ? print_usage_bug+0xd0/0xd0
[ 2042.347265][T13130]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2042.347281][T13130]  ? check_preemption_disabled+0x48/0x290
[ 2042.347308][T13130]  ? __lock_acquire+0x572/0x4a10
[ 2042.356640][T13130]  ? mark_held_locks+0x100/0x100
[ 2042.356669][T13130]  ? __cleanup_sighand+0x70/0x70
[ 2042.356687][T13130]  ? mark_held_locks+0x100/0x100
[ 2042.356710][T13130]  ? find_held_lock+0x35/0x120
[ 2042.369167][T13130]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2042.369183][T13130]  ? check_preemption_disabled+0x48/0x290
[ 2042.369201][T13130]  ? debug_smp_processor_id+0x1c/0x20
[ 2042.369215][T13130]  ? perf_trace_lock_acquire+0x138/0x7d0
[ 2042.369239][T13130]  ? delayacct_end+0xc9/0x100
[ 2042.525443][T13114] IPVS: ftp: loaded support on port[0] = 21
[ 2042.528085][T13130]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2042.528105][T13130]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2042.528119][T13130]  ? perf_trace_lock+0x750/0x750
[ 2042.528138][T13130]  ? perf_trace_lock_acquire+0x138/0x7d0
[ 2042.539133][T13130]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2042.549664][T13130]  ? find_held_lock+0x35/0x120
[ 2042.549681][T13130]  ? print_usage_bug+0xd0/0xd0
[ 2042.549704][T13130]  ? psi_memstall_leave+0x1f8/0x280
[ 2042.549722][T13130]  ? find_held_lock+0x35/0x120
[ 2042.561568][T13130]  ? __lock_acquire+0x572/0x4a10
[ 2042.561603][T13130]  ? _raw_spin_unlock_irq+0x28/0x90
[ 2042.561623][T13130]  ? _raw_spin_unlock_irq+0x28/0x90
[ 2042.572165][T13130]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2042.582522][T13130]  ? trace_hardirqs_on+0xbd/0x310
[ 2042.582544][T13130]  ? mark_held_locks+0x100/0x100
[ 2042.582558][T13130]  ? check_preemption_disabled+0x48/0x290
[ 2042.582588][T13130]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2042.607370][T13130]  ? check_preemption_disabled+0x48/0x290
[ 2042.607390][T13130]  ? debug_smp_processor_id+0x1c/0x20
[ 2042.607411][T13130]  ? perf_trace_lock_acquire+0x138/0x7d0
[ 2042.617903][T13130]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2042.617916][T13130]  ? perf_trace_lock+0x750/0x750
[ 2042.617928][T13130]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2042.617950][T13130]  ? try_to_free_pages+0xb70/0xb70
[ 2042.617972][T13130]  ? percpu_ref_put_many+0x129/0x270
[ 2042.650928][T13130]  ? blkcg_maybe_throttle_current+0x75e/0x13c0
[ 2042.667101][T13130]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2042.677482][T13130]  _do_fork+0x1a9/0x1170
[ 2042.677520][T13130]  ? fork_idle+0x1d0/0x1d0
[ 2042.677546][T13130]  ? trace_hardirqs_off+0xb8/0x310
[ 2042.699401][T13130]  ? get_mctgt_type_thp.isra.0+0x4c0/0x4c0
[ 2042.708884][T13130]  ? prepare_exit_to_usermode+0x32e/0x3b0
[ 2042.708900][T13130]  ? do_syscall_64+0x8c/0x800
[ 2042.708915][T13130]  ? do_syscall_64+0x8c/0x800
[ 2042.708937][T13130]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2042.735013][T13130]  ? trace_hardirqs_on+0xbd/0x310
[ 2042.740046][T13130]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2042.746119][T13130]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2042.751942][T13130]  __x64_sys_clone+0xbf/0x150
[ 2042.756633][T13130]  do_syscall_64+0x1a3/0x800
[ 2042.761229][T13130]  ? syscall_return_slowpath+0x5f0/0x5f0
[ 2042.766869][T13130]  ? prepare_exit_to_usermode+0x232/0x3b0
[ 2042.766889][T13130]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2042.766914][T13130]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2042.766927][T13130] RIP: 0033:0x45a899
[ 2042.766948][T13130] Code: ff 48 85 f6 0f 84 97 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 6e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75
[ 2042.787976][T13130] RSP: 002b:00007ffd98177ae8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038
[ 2042.816029][T13130] RAX: ffffffffffffffda RBX: 00007f58d409f700 RCX: 000000000045a899
[ 2042.824006][T13130] RDX: 00007f58d409f9d0 RSI: 00007f58d409edb0 RDI: 00000000003d0f00
[ 2042.831979][T13130] RBP: 00007ffd98177cf0 R08: 00007f58d409f700 R09: 00007f58d409f700
[ 2042.839948][T13130] R10: 00007f58d409f9d0 R11: 0000000000000202 R12: 0000000000000000
[ 2042.839978][T13130] R13: 00007ffd98177b9f R14: 00007f58d409f9c0 R15: 000000000073bfac
[ 2042.856495][    C1] net_ratelimit: 26 callbacks suppressed
[ 2042.856504][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2042.868002][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 2042.873860][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2042.879712][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 2042.885608][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2042.891449][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 2043.006320][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 2043.012195][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 2043.018105][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 2043.023876][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 2043.040571][T13130] memory: usage 307196kB, limit 307200kB, failcnt 4015
[ 2043.056617][T13130] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2043.078484][T13130] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2043.107482][T13130] Memory cgroup stats for /syz3: cache:56KB rss:244388KB rss_huge:212992KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:244388KB inactive_file:0KB active_file:0KB unevictable:0KB
21:48:35 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x88\x00'}, &(0x7f0000000300)=0x54)

21:48:35 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0xff000000}, 0x1c)

21:48:35 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0xe00000000000000}, 0x0)

21:48:35 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0xfffffffffffff000}, 0x0)

21:48:35 executing program 5:
r0 = socket$inet6(0xa, 0x0, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)
r1 = accept$inet(0xffffffffffffff9c, &(0x7f0000000040)={0x2, 0x0, @broadcast}, &(0x7f0000000080)=0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f00000000c0)={<r2=>0x0, 0x1}, &(0x7f0000000100)=0x8)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000140)={r2, @in={{0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x96, 0x4, 0x424, 0x8, 0x2a}, &(0x7f0000000200)=0x98)

[ 2043.146520][T13130] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor3,pid=32510,uid=0
[ 2043.176391][T13130] Memory cgroup out of memory: Kill process 32510 (syz-executor3) score 1107 or sacrifice child
[ 2043.196510][T13130] Killed process 32510 (syz-executor3) total-vm:70532kB, anon-rss:2204kB, file-rss:33748kB, shmem-rss:0kB
21:48:35 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:35 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0xf00000000000000}, 0x0)

21:48:35 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x10000000000000}, 0x1c)

[ 2043.330391][T13149] IPVS: ftp: loaded support on port[0] = 21
[ 2043.378327][T13147] binder: 13130 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2043.378342][T13147] binder: 13130:13147 ioctl c018620c 20000200 returned -22
21:48:35 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x1000000000000000}, 0x0)

21:48:35 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x100000000000000}, 0x1c)

[ 2043.477862][T13131] syz-executor3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000
21:48:35 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

[ 2043.586436][T13131] CPU: 1 PID: 13131 Comm: syz-executor3 Not tainted 5.0.0-rc1-next-20190109 #8
[ 2043.595420][T13131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2043.605471][T13131] Call Trace:
[ 2043.605497][T13131]  dump_stack+0x1db/0x2d0
[ 2043.605523][T13131]  ? dump_stack_print_info.cold+0x20/0x20
[ 2043.618840][T13131]  ? check_preemption_disabled+0x48/0x290
[ 2043.624590][T13131]  dump_header+0x1e6/0x116c
[ 2043.629108][T13131]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2043.629125][T13131]  ? perf_trace_lock+0x750/0x750
[ 2043.629149][T13131]  ? print_usage_bug+0xd0/0xd0
[ 2043.644447][T13131]  ? pagefault_out_of_memory+0x1a1/0x1a1
[ 2043.644466][T13131]  ? ___ratelimit+0x37c/0x686
[ 2043.644489][T13131]  ? mark_held_locks+0xb1/0x100
[ 2043.659634][T13131]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2043.665446][T13131]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2043.665466][T13131]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2043.665485][T13131]  ? trace_hardirqs_on+0xbd/0x310
[ 2043.665509][T13131]  ? kasan_check_read+0x11/0x20
[ 2043.686439][T13131]  ? ___ratelimit+0x37c/0x686
[ 2043.691133][T13131]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2043.696949][T13131]  ? do_raw_spin_trylock+0x270/0x270
[ 2043.702239][T13131]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2043.707965][T13131]  ? lock_acquire+0x1db/0x570
[ 2043.707994][T13131]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 2043.708010][T13131]  ? ___ratelimit+0xac/0x686
[ 2043.708026][T13131]  ? idr_get_free+0xee0/0xee0
[ 2043.708042][T13131]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2043.708073][T13131]  oom_kill_process.cold+0x10/0x9ca
[ 2043.708094][T13131]  ? cgroup_procs_next+0x70/0x70
[ 2043.708129][T13131]  ? _raw_spin_unlock_irq+0x5e/0x90
[ 2043.718616][T13131]  ? oom_badness+0xa50/0xa50
[ 2043.727851][T13131]  ? oom_evaluate_task+0x540/0x540
[ 2043.727870][T13131]  ? mem_cgroup_iter_break+0x30/0x30
[ 2043.727905][T13131]  ? oom_badness+0xa50/0xa50
[ 2043.727928][T13131]  out_of_memory+0x885/0x1420
[ 2043.727948][T13131]  ? mem_cgroup_iter+0x4f4/0xf50
[ 2043.727969][T13131]  ? oom_killer_disable+0x340/0x340
[ 2043.768064][T13131]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[ 2043.788622][T13131]  ? lock_acquire+0x1db/0x570
[ 2043.793320][T13131]  mem_cgroup_out_of_memory+0x160/0x210
[ 2043.793338][T13131]  ? do_raw_spin_unlock+0xa0/0x330
[ 2043.793359][T13131]  ? memory_oom_group_write+0x160/0x160
[ 2043.809512][T13131]  ? do_raw_spin_trylock+0x270/0x270
[ 2043.814818][T13131]  ? _raw_spin_unlock+0x2d/0x50
[ 2043.819683][T13131]  try_charge+0xd42/0x1d00
[ 2043.824122][T13131]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 2043.829676][T13131]  ? find_held_lock+0x35/0x120
[ 2043.834448][T13131]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[ 2043.840005][T13131]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2043.846247][T13131]  ? lock_downgrade+0xbe0/0xbe0
[ 2043.846266][T13131]  ? kasan_check_read+0x11/0x20
[ 2043.846285][T13131]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2043.846304][T13131]  ? rcu_read_unlock_special+0x380/0x380
[ 2043.846332][T13131]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[ 2043.846355][T13131]  __memcg_kmem_charge_memcg+0x7c/0x130
[ 2043.846372][T13131]  ? memcg_kmem_put_cache+0xb0/0xb0
[ 2043.846391][T13131]  ? lock_release+0xc40/0xc40
[ 2043.883874][T13131]  __memcg_kmem_charge+0x136/0x300
[ 2043.883900][T13131]  __alloc_pages_nodemask+0x7b8/0xdc0
[ 2043.883924][T13131]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[ 2043.904746][T13131]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2043.910221][T13131]  ? retint_kernel+0x2d/0x2d
[ 2043.914834][T13131]  copy_process+0x847/0x8700
[ 2043.919444][T13131]  ? ___might_sleep+0x1e7/0x310
[ 2043.924302][T13131]  ? arch_local_save_flags+0x50/0x50
[ 2043.929604][T13131]  ? __schedule+0x1e60/0x1e60
[ 2043.934287][T13131]  ? do_raw_spin_trylock+0x270/0x270
[ 2043.939608][T13131]  ? __cleanup_sighand+0x70/0x70
[ 2043.944553][T13131]  ? futex_wait_queue_me+0x539/0x810
[ 2043.944584][T13131]  ? refill_pi_state_cache.part.0+0x310/0x310
[ 2043.944602][T13131]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2043.944627][T13131]  ? handle_futex_death+0x230/0x230
[ 2043.966846][T13131]  ? fixup_owner+0x250/0x250
[ 2043.971437][T13131]  ? __sanitizer_cov_trace_switch+0x49/0x80
[ 2043.977336][T13131]  ? drop_futex_key_refs.isra.0+0x6f/0xf0
[ 2043.983057][T13131]  ? futex_wait+0x6e6/0xa40
[ 2043.987594][T13131]  ? print_usage_bug+0xd0/0xd0
[ 2043.992364][T13131]  ? futex_wait_setup+0x430/0x430
[ 2043.997400][T13131]  ? drop_futex_key_refs.isra.0+0x6f/0xf0
[ 2044.003138][T13131]  ? __lock_acquire+0x572/0x4a10
[ 2044.008104][T13131]  ? mark_held_locks+0x100/0x100
[ 2044.008131][T13131]  ? __sanitizer_cov_trace_switch+0x4e/0x80
[ 2044.018943][T13131]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2044.025185][T13131]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2044.031430][T13131]  ? check_preemption_disabled+0x48/0x290
[ 2044.037167][T13131]  ? debug_smp_processor_id+0x1c/0x20
[ 2044.042544][T13131]  ? perf_trace_lock_acquire+0x138/0x7d0
[ 2044.042568][T13131]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2044.042605][T13131]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2044.059148][T13131]  ? retint_kernel+0x2d/0x2d
[ 2044.063748][T13131]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2044.069387][T13131]  ? __might_fault+0x12b/0x1e0
[ 2044.074159][T13131]  ? find_held_lock+0x35/0x120
[ 2044.078934][T13131]  ? __might_fault+0x12b/0x1e0
[ 2044.083703][T13131]  ? lock_acquire+0x1db/0x570
[ 2044.088389][T13131]  ? lock_downgrade+0xbe0/0xbe0
[ 2044.093253][T13131]  ? lock_release+0xc40/0xc40
[ 2044.097945][T13131]  _do_fork+0x1a9/0x1170
[ 2044.102193][T13131]  ? retint_kernel+0x2d/0x2d
[ 2044.106789][T13131]  ? fork_idle+0x1d0/0x1d0
[ 2044.106807][T13131]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2044.106823][T13131]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2044.106840][T13131]  ? _copy_to_user+0xc9/0x120
[ 2044.106869][T13131]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[ 2044.106895][T13131]  ? retint_kernel+0x2d/0x2d
[ 2044.106923][T13131]  __x64_sys_clone+0xbf/0x150
[ 2044.106939][T13131]  ? __sanitizer_cov_trace_pc+0x26/0x50
[ 2044.106959][T13131]  do_syscall_64+0x1a3/0x800
[ 2044.143010][T13131]  ? syscall_return_slowpath+0x5f0/0x5f0
[ 2044.158734][T13131]  ? prepare_exit_to_usermode+0x232/0x3b0
[ 2044.164462][T13131]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2044.170031][T13131]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2044.175921][T13131] RIP: 0033:0x457ec9
[ 2044.179821][T13131] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2044.199435][T13131] RSP: 002b:00007f58d40bfc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2044.199451][T13131] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457ec9
[ 2044.199459][T13131] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000002102001ffc
[ 2044.199467][T13131] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000
[ 2044.199475][T13131] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f58d40c06d4
[ 2044.199485][T13131] R13: 00000000004be2a0 R14: 00000000004ce600 R15: 00000000ffffffff
[ 2044.295397][T13131] memory: usage 304800kB, limit 307200kB, failcnt 4015
[ 2044.310313][T13131] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2044.320460][T13131] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2044.333935][T13131] Memory cgroup stats for /syz3: cache:56KB rss:242260KB rss_huge:210944KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:242236KB inactive_file:0KB active_file:0KB unevictable:0KB
[ 2044.365523][T13131] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor3,pid=787,uid=0
[ 2044.388779][T13131] Memory cgroup out of memory: Kill process 787 (syz-executor3) score 1107 or sacrifice child
[ 2044.404737][T13131] Killed process 787 (syz-executor3) total-vm:70532kB, anon-rss:2204kB, file-rss:33748kB, shmem-rss:0kB
21:48:36 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = shmget$private(0x0, 0x2000, 0x54000000, &(0x7f0000ffb000/0x2000)=nil)
shmctl$IPC_STAT(r0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

[ 2044.524889][T13149] IPVS: ftp: loaded support on port[0] = 21
[ 2044.599393][T13178] binder: 13177 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2044.599457][T13178] binder: 13177:13178 ioctl c018620c 20000200 returned -22
21:48:36 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x98\x00'}, &(0x7f0000000300)=0x54)

21:48:36 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x6000000000000000}, 0x0)

21:48:36 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:36 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x200000000000000}, 0x1c)

21:48:36 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
r1 = msgget(0x1, 0x400)
msgctl$IPC_INFO(r1, 0x3, &(0x7f0000000040)=""/155)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)

21:48:36 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:36 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x7c20000000000000}, 0x0)

21:48:36 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

[ 2044.863161][T13187] binder: 13185 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2044.863223][T13187] binder: 13185:13187 ioctl c018620c 20000200 returned -22
[ 2044.897612][T13193] IPVS: ftp: loaded support on port[0] = 21
21:48:36 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x300000000000000}, 0x1c)

21:48:36 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
signalfd4(0xffffffffffffffff, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r0, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r2 = getpid()
write$FUSE_LK(r1, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r2}}}, 0x28)
ioctl$BLKTRACESTOP(r1, 0x1275, 0x0)
r3 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r3, 0x3a)
r4 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r1, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r4, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:37 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x9effffff00000000}, 0x0)

21:48:37 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

[ 2045.058635][T13207] binder: 13206 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2045.058649][T13207] binder: 13206:13207 ioctl c018620c 20000200 returned -22
[ 2045.601213][T13193] IPVS: ftp: loaded support on port[0] = 21
21:48:37 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
signalfd4(0xffffffffffffffff, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r0, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r2 = getpid()
write$FUSE_LK(r1, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r2}}}, 0x28)
ioctl$BLKTRACESTOP(r1, 0x1275, 0x0)
r3 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r3, 0x3a)
r4 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r1, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r4, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:37 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x400000000000000}, 0x1c)

21:48:37 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:37 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0xf0ffffff00000000}, 0x0)

21:48:37 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x01\x9c\x00'}, &(0x7f0000000300)=0x54)

21:48:37 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x10402, 0x0)
ioctl$SCSI_IOCTL_START_UNIT(r1, 0x5)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)
ioctl$SCSI_IOCTL_GET_IDLUN(r1, 0x5382, &(0x7f0000000080))
ioctl$sock_SIOCGIFCONF(r1, 0x8912, &(0x7f0000000180)=@buf={0x52, &(0x7f0000000100)="8ace4cb827d6e31c69abb304cfcf8ecb0d9199335ec0d6dc9a7d56307c6b58b2653a26e62a186425663ce1626f9d2dddd92c1d0a155c82f95fa9a24c46fee28e1334cd65112986964161fe07b813b0578236"})
ioctl$SNDRV_TIMER_IOCTL_TREAD(r1, 0x40045402, &(0x7f00000000c0))

21:48:37 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:37 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
signalfd4(0xffffffffffffffff, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r0, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r2 = getpid()
write$FUSE_LK(r1, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r2}}}, 0x28)
ioctl$BLKTRACESTOP(r1, 0x1275, 0x0)
r3 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r3, 0x3a)
r4 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r1, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r4, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

[ 2045.969527][T13231] binder: 13228 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2045.969540][T13231] binder: 13228:13231 ioctl c018620c 20000200 returned -22
21:48:37 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x500000000000000}, 0x1c)

[ 2046.038082][T13237] IPVS: ftp: loaded support on port[0] = 21
21:48:38 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0xffffff7f00000000}, 0x0)

21:48:38 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

[ 2046.109375][T13243] binder: 13242 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2046.109390][T13243] binder: 13242:13243 ioctl c018620c 20000200 returned -22
21:48:38 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:38 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0xfffffffffffff000}, 0x0)

21:48:38 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:38 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x600000000000000}, 0x1c)

21:48:38 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

[ 2046.909148][T13237] IPVS: ftp: loaded support on port[0] = 21
21:48:39 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\xff\xff\xff\x9d\x00'}, &(0x7f0000000300)=0x54)

21:48:39 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x2}, 0x0)

21:48:39 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x700000000000000}, 0x1c)

21:48:39 executing program 3:
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:39 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:39 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0xd4, &(0x7f0000000040)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)

[ 2047.203982][T13280] binder: 13279 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2047.204057][T13280] binder: 13279:13280 ioctl c018620c 20000200 returned -22
21:48:39 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x3}, 0x0)

21:48:39 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:39 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x800000000000000}, 0x1c)

[ 2047.249370][T13288] IPVS: ftp: loaded support on port[0] = 21
21:48:39 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x0)

21:48:39 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:39 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

[ 2047.546681][T13305] binder: 13304 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2047.546694][T13305] binder: 13304:13305 ioctl c018620c 20000200 returned -22
[ 2047.846877][T13288] IPVS: ftp: loaded support on port[0] = 21
21:48:40 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\xff\xff\xff\x9e\x00'}, &(0x7f0000000300)=0x54)

21:48:40 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x900000000000000}, 0x1c)

21:48:40 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8}, 0x0)

21:48:40 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:40 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:40 executing program 5:
r0 = socket$inet6(0xa, 0x80001, 0x89)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
r1 = syz_open_dev$amidi(&(0x7f0000000140)='/dev/amidi#\x00', 0x6, 0x88a00)
ioctl$SG_GET_RESERVED_SIZE(r1, 0x2272, &(0x7f0000000180))
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd601bfc97004d8800fe800000000000000000000000000000ff02000000000000000000000000000100004e20004d9078e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed086c7174061a1419329304a25e88bb937fa157fcfc49f4445286bdf15cb77400b161213d2b53eeb18bb813fa1f7f4015f66ba5d2ca842366f8aab9c42bc0921535d259430284925e1b15c0217a358f0eedb5016799495f493ced23e"], 0x0)

[ 2048.186447][T13316] binder: 13315 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2048.186460][T13316] binder: 13315:13316 ioctl c018620c 20000200 returned -22
21:48:40 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0xa00000000000000}, 0x1c)

21:48:40 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:40 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0xa}, 0x0)

[ 2048.276550][T13328] IPVS: ftp: loaded support on port[0] = 21
21:48:40 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:40 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
fcntl$setpipe(r0, 0x407, 0x328)
pipe2(&(0x7f00000000c0)={<r1=>0xffffffffffffffff}, 0x80800)
write$apparmor_exec(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="6578656361c7bd5c150f1cc4b4fc2c054c214420fb5d40c15481a6a4cfe0ee00"], 0x6)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)
r2 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock\x00', 0xb0080, 0x0)
setsockopt$inet6_MRT6_ADD_MIF(r2, 0x29, 0xca, &(0x7f0000000080)={0x2000000, 0x1, 0x2bbd, 0x100, 0x2745}, 0xc)
write$UHID_CREATE2(r2, &(0x7f0000000400)={0xb, 'syz0\x00', 'syz1\x00', 'syz1\x00', 0x1000, 0x5, 0x9981, 0x5, 0x9, 0x6, "7d3f2789d4398301dbff7dad0b728a3a2e2d7a1b0d622e21bd08d39f69f35733e07fd5ffc479e37b1814b89362a7c1e8c9402263ae28de0ec6176ceb5772dceff8ac93b05978e2d70facf79bcd899258e7b1bd8c2cbfc8340d59e85ba6d7714d48497d653628190e9fb48accfd7181499b4093a89ba9448c90f79e9d8c30928a0c97185f1907d7f19530f178778a54673fc58593275e2d6873370a2d773fe66b942b61fc7c0f0930994e0b9ec93ecff7d8fc19776383723a2f41deaf498a337f722100dfc210975a1437e0db62953abe41081007af9a73f9417826b8775b290f8e2ec07b368f6adc521afbe9b664ca06c71d4d7a192afd26a7d2518411843006206502a9a86ec8db8e7951ee64eb24a3fae622fe44261c3b7f3aed6095791edcc4fc793243e4464a8b69bbd86e398123407118085e8450bf15966ae90fcdff734e0367088dc78c047503f9ce5bf59fb9c825ca9ec5b6fadc36b94f43e1cb6b216b1c7e229d55465f766e58ef14b987c8cf7f04f72ffdeb81a19a9ba76f187b002085b3d6007b5a95e0c1606705a1da8ccaef535518bb99ff5c6a61bf71fda6208f86ba73e2f272180ceabdd145b8a188ad28549147a2f895ead148201d99026e3b1e248556784fea7b3b58f1c31b40716b8bdd811e64068c5b739e9a398e3d7df4b192bba4f1567c1a94d64c4ca884733570df1c7e4d32c2cd40f54cff30f95ffb5beb1fb96be0c9d83e657e9655e6a0ff45e716cd56adb4568cc0e14dd61afb55a8bddfd779b290e57c7fac7d52b5b69ead157da4fb2314e886d385816a105a0e459d31d7ea3fa8d8cf177c7a8e918bb5ebafff54c8a9fb61a5108d3c26a31cf9efaf9ed848b7d6dbb3665ab66b069a4ee5378c85cc7704674a0ec1e36ced6848a57ec970137804955a2dfd4e3000454143e862fede8a21ad4cadb8d9e290d3385e9fadcdfb92a9ac53052f4904568ed14d12e633ab278072f54664a9b605ead12a8e8bb961b0984a759d46929fe29eafcfc7bf2e9b04e0e11ad9e52256a64d0883eaf688f6559cbd4cec15248df67c437a44ba19d259c9b324c24d8b3314199e966c5b2c877ecb11d8dfbf8ace28d25c15d24ea32ba6100bb6edaf08c9d459c2ff24a92765b1c1ec3667237787945c0465af6c7a4a73f3080b34f708a66244e45e284c0c0ed8752fe46f89ea4b70d8775bc0b75cd511e67b29542900ab95b2f0b795576e1ca33874b393757961ca9e031ceef4c4f4843711c814fcd4d448ca97c8187a71cc17026e23227dfb648f2ed960addc4dc0d38d9a00433ccb4ea34e49a94b762a8be3ff24a61b08ad799c58f902fd6563c7d7c862fb97e6fbb526c2aa4f6fb03c7a0b9eefcbe45b1e317fd569d622be88a5e25232e51d0c5e0ea0032363a6c73b8830e4a14182df86fde2713c5cd803b222f6b1061e0c5e13caad8602fded27ad8beb66b471f607062dbbc141f327b4fd241d699c5af9fd588d3d64f0809a29c6f215224c63a8b1ca493a3fe49f81420d2ef10d358ad0a0b1b405890d9721545ed0c68d88df57819f8c1997b4c37ba69a3fd1a6b625306ebae3ab6c33627a79233d9ee924e0a7ea7ee64b94f7d7ce62ae1bd1f9c43594e04b935d1f46c0fcc56e768469b39175914f898be678ad45bc7694e1ff8841a9a4e70bbf9d73779285c78d69ab5db27cbecb5dd9593af8a89f3ed48645a43533572f50959548a9a1d5ad1b9eb37cc9554e52014f75a8e1dcf57cb37e73e8fd8dc7c70b99c77ae79f92d100a977ac5fe36c3c5f53e1460cc5a5a6c5a9dd314ff95cc116d01bcfdc0aa5fe44cca2050c4e556369597ed315e421d3d50c5e5bfad6a0be0b178deccf7ee115aebc67de3aa18c9c3a2bec33b740c8c4cad2f63c2548ca07719643c2ce960a3962caaf5921a0f42ea831480352523a27b89a7ab24b2de3b4b3a6b82d211fa82e190be37e95e4bb3de2b5078106b01da4c94da9a0128fb0b3523f0e941c80f6c85fddbd2f2c580b68e0ef6185f62d760fe16a8d75e8887d38b1ce6f45a0f952cb4f0911e3f8cb93ef58e336f9342eef5ad873e4d5b2db7c69600fc911d04f17bce20dfbf838aaacb9f9ef98b2369d65c93252af7b91c62a239acce63dc05c4dc294b5ed960b7a882c5639722828c4ed53a58e4477ef9caebae0ae9c8a9282f03089c4ce834c58a7d55d6eca1ecc416e6dd50d2f9d9df3490a892c03ce43c6209bde74fb294055f4d13de180630e8d0786f800ef4cfc47ff9a3c3d4f4fd97e7b50f5af7438bf04cec8e9e2d3a09bd1482d2f14d0ce667fb3bfdc2e3445f179ffc6121f4eeca95333107075e7ab55d51ccd4b82a73d78933c497a46a5871b307710b9ec990c49c45af9ee9224ad165f8e24ba6c134700cd09c06d69fdf9a64a8b47d66ff36ccc69280a52488333c14794919cf5bf36146785769bc4179973ad512cf9c198c47c9c5a63b5f506a0df33fd338ddbd2308c19f54016193559aefb0bdc4e9b0640f12215b4ae814493837dd3e1a3933e2e3faf6294ebf4ade9bbae8b7abd50ecf6f4ae680b933ae9953332c1c4b7ce6903b7a487f86af3b773bfa2ef890b898af8f3eb464b5affd4e5aa3842d41a515cf9b6071cff6a045b6703a15f083070ac4e2f68845fee1e835c157e2440fad2e0c3321bc6e59805b2afaa41d08df9d11add1cbce31d185b014a2a124cd5d2717a48c249113f27fd62b72a36ebcb89b361e2de042f777467795cc7e4f441e2b029bf5514cbcb903255f2442098f1ee69c634e7f5fcb2f1b56d4f4be17244e150213e99b01edcb00a76a4526975ad9c8074551bd0a4682ca2451e4a91511b79a262ab542d50ada3c38a2321d5fb5c104b0bfe889881d52f779f2b86240bed46db11eec96e5bc6821dc7e58dd64822ebb57736fad39fba7722ede118aa0963eea1269ed27018c91a5d4bb9e44beea3d1b2c7a1ad635d80e703a5ed11246c21dbbb041bbe1d0ee117413d9442f8fbd78a07e868743f337339dd2c842bf0f4049674e89cebde22650d8ba915df05afae05c8562d1bd9f1235463237ff019aea69a286fb8d066c76c491c2a44104bae2b49ce9aba9eb61b4f20a860704532bde4cc78ff5d29de9f6cb4c4b653db4335eaf057e8e8c324dcb5ae63d3f0c48d4dc706bf372cb49ab4d8e026fb5ec84ba78463303ccb91cdc08e5298b6cb7a6f36c12f44bdece958191faed12a614ec1a10b0813afab6fae273e3fc771a082b0fab5c823920ccc9258ef3f2d714576126be15c3a48dd58f279ad0e0551892c2167e517abec8c9d80493a7e8fbb618e6ad602258766a33a2dd3cdbe21fe2aece17e7c7fa3e254baa3a474991c5c53e91d01babde1fcf53ed4d1bd625cd5c11115d99e6ac8362817d6d31f68e6c7e833b76bb155826bdc4b53e9b69ff620dc47a0ca677d6ecb0dd2a3d25b170bd7e221e0a2ba2f252162a316b1216c1e01d57d531fc87ca6c751c2bab586547c106311a43aed5479c72fc6ae3d8e8b3720cbd2ff842fbdd11b1b04890975ba60127d32941a4799219c54e997b8cd34e170267115207af6de78fe15a20ce88bb44fe001663ac07491269cf118cf8e86282ef245430384bb31d204bf3a79b77195bab6c01aa1e81f8e587901c8444aa5ac7cbc27e8564d327e78e18e76ce2ab784aaa3f3a1ce04658b00075d42e875dcc4ae05f3e08650a58732bad08bda769149441f00e73e8ec78ba26bec3c78d4eb3848e378f40a4895ced0c564999a54db2a4262975a37c453e2ff30fbb6904b4156c7e0923c1a5a537b213e4d631c0314eaaf052736449b19441079713023b95fbcf9e8078d027d753340e080b2f7c962aab244cd782aa9d0650e3b90f62eee6480003b5406a9d0623d15b30de9134b1a344d00d182ae89f713ff36f4f5ad5ed8dedf0396e03ab57009d96dbab00402ea5e2580711f406a48909816b531f22c90ec249413bf4b073974ef507b918583523c7c09357a2df3dca41a96299bf0281a44857e430ee2a7a857bb0d14b6a02470a10b4507ce6db97d6f4909af4e0420c26d4f24122963fe492378e960766197470725fcc794ec8e645432a168f7c91a3e03e9c6cffa9d06b25a976efd442cb8015c7ebff5e4d66782ddac29b7de47a8592cb36e84fe3f4f703f6e9cb045f10fdafcb7564a693f40e1b91e5b6b2031db2512149be7a6b3c33ffc98cb1c16a4bdd6bc10e2060847bf5f72297eb4516f5a26376bc459a6179472068d2612631596d52b6933f3c0b8fe53ce196106f7a0b2413b1095a09be92bf8c321d2dac751c469afc001e3399b69da916c7d836bd17120ec33a3d391e8bd1010e25bd16ab746a9a04f36394dac9f8001a4b5feb91f10bb73084e08b9a9eac5f7bf1e203310aa882dc2b8135e567cc844aba4a5cd84d506e0c87d5a28486397f66e5facbb3790d5124e518b4dead79070c069023004e8bf75f96a3fca19a7bf3759f1dce2ae3aaff8b9aae171e3bd950ad49837418fd2657d19a5a74c3109e5fabf3a9f8609fe2d03cfa6105203a5da7147cbde99bbced38802aa37d0bae4c71374eee64597c2246a32158325357b4fe267840895ea90f61f9f89d71150dd8e30378e184ea64b85689a021e916b6a77713689dca3ae56ec9c0bfb700d1a0b79740d66c423fbb49cf14038cce537026f093d9302fd81b0816398c78ee6b7119d1b71ec2f7b34341bd330001bfd3bb8221e4c7351ff591bc7aadca43de21e0fdd96b4b29e11043a440973d9d0b643a1fec52eb413cd91e888673159984e14c685a2b26654aacf6e332b61399d9b9291f4300d23909ee8c87cf9a76210d654244c7fc03bfa88b357243c7e2fe56dbef54cdacd828dcc0ac97f3577fdb9c3198b145118e94fd766007371c220741506ae792f036f89a4a7cb6c7d28e2d073514cc8535ba842403002d5f985c93f235f1e39fab5dde6b05fd6c60e310210212ce7d5e65164c9344debed74de956dae78d2bb3b59ef6d5ff7ff7738d61e015ee0dcaae60ee7ceceb28953a4f35664af4efcc598d07887f5ff20c7b18c28df7fa977fe08d459a9a6bb576c92459ecfd6a51783c79a263e9fd65b6c86988aa73292adbeb0445ed766962e4730decf65f5e072ddf6f7bba93fc44575559e1474bae23b652097087b6492fb984969159234b7ef57f11f36d1261bf05a67cf34cb8559a2a1d78cdf8e47e49169cc30e0afbd76d525f035bff41a996fcb2d8a87e98f5784ec0bf8eeb59d7793f741ed8a5c0f40e2d0c0f5bdb6d3ac6ce13cee1d49bd789ea5e88eb02ac0347cdebbceb330bb4be1bc88bc5dd84728f078cf64c59459cb1f5592ec91bf95eb0fce80b81273f4dec1f2aa7f88a65907b268061a86e29eb85ecc7b76f976765e240347dfe6710403bb4df2b2ed80899c8612564e2a261f94160f3987b7be1fb8238af9c6104d14fbf859668ddcee9337b1770c1b1daf1fb43447bb55b375e4ea5bc30689b71b139d091ff539210186bd82cb532b4edd80015ae7ea5dbbdfa4f36036b68e6af9abbc5144a2b39906fc15145e3010f8fb4946550ac9de4fb1065b36c48b67ea32063e7bc0ed4adddee863ab3c45706dc2cecc536bdaa2d4d1f854de783e065b3e2c3156491ac00bbb478500fb289a86d870d5c68482264a678641e09842758bb9db4e6dceb20b1e4e1389b076851ddf8984df98617dc4b7e68c9f4d2cf7fe4932524e17f92314795dca5f6a44467d71d68c7ff3120a93ce600c597b232b278f9be84d318dd0eaff9e1d41cba12b29b05ac251cc0ea89af42db18c72809720"}, 0x1118)

21:48:40 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

[ 2048.512295][T13347] binder: 13346 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2048.512309][T13347] binder: 13346:13347 ioctl c018620c 20000200 returned -22
[ 2048.833634][T13328] IPVS: ftp: loaded support on port[0] = 21
21:48:41 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\xc1\x00'}, &(0x7f0000000300)=0x54)

21:48:41 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0xe}, 0x0)

21:48:41 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x1000000000000000}, 0x1c)

21:48:41 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:41 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

[ 2049.086285][    C1] net_ratelimit: 26 callbacks suppressed
[ 2049.086294][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2049.097806][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 2049.103713][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2049.109587][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 2049.115402][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2049.121226][    C1] protocol 88fb is buggy, dev hsr_slave_1
21:48:41 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0xf}, 0x0)

21:48:41 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x2001001000000000}, 0x1c)

21:48:41 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:41 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

[ 2049.176999][T13367] binder: 13365 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2049.177013][T13367] binder: 13365:13367 ioctl c018620c 20000200 returned -22
[ 2049.213300][T13363] IPVS: ftp: loaded support on port[0] = 21
[ 2049.256256][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 2049.262057][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 2049.267940][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 2049.273723][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 2049.334240][T13377] binder: 13376 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2049.334254][T13377] binder: 13376:13377 ioctl c018620c 20000200 returned -22
21:48:41 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:41 executing program 5:
r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x10000, 0x0)
getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000080)={<r1=>0x0, 0x0, 0x6, [0x4, 0x0, 0x0, 0x1464, 0x1, 0xb22]}, &(0x7f00000000c0)=0x14)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000100)={r1, 0x401, 0x3f}, &(0x7f0000000140)=0x8)
r2 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r2, &(0x7f0000004480), 0x0, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)

21:48:41 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x3f00000000000000}, 0x1c)

[ 2049.928199][T13363] IPVS: ftp: loaded support on port[0] = 21
21:48:42 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x02\xc6\x00'}, &(0x7f0000000300)=0x54)

21:48:42 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x0)

21:48:42 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:42 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x4000000000000000}, 0x1c)

21:48:42 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:42 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e23, 0x1f, @empty, 0x1}, 0x1c)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)

21:48:42 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:42 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x60}, 0x0)

[ 2050.270152][T13409] binder: 13407 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2050.270185][T13409] binder: 13407:13409 ioctl c018620c 20000200 returned -22
[ 2050.294315][T13414] IPVS: ftp: loaded support on port[0] = 21
21:48:42 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x7800000000000000}, 0x1c)

21:48:42 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:42 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:42 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0xf0}, 0x0)

[ 2050.667156][T13433] binder: 13427 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2050.667168][T13433] binder: 13427:13433 ioctl c018620c 20000200 returned -22
[ 2050.975473][T13414] IPVS: ftp: loaded support on port[0] = 21
21:48:43 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x01\xc8\x00'}, &(0x7f0000000300)=0x54)

21:48:43 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0xfc00000000000000}, 0x1c)

21:48:43 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:43 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:43 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x300}, 0x0)

21:48:43 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd601bfc97004d8800fe800000000000000000000000000000ff020000000000000000000000000100004e20004d907807149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721af2b69cc3712c37ed000"], 0x0)

21:48:43 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0xa00}, 0x0)

21:48:43 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:43 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

[ 2051.347408][T13445] binder: 13444 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2051.347465][T13445] binder: 13444:13445 ioctl c018620c 20000200 returned -22
21:48:43 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0xfe80000000000000}, 0x1c)

[ 2051.443226][T13456] IPVS: ftp: loaded support on port[0] = 21
21:48:43 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:43 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0xe00}, 0x0)

[ 2051.694963][T13468] binder: 13467 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2051.695048][T13468] binder: 13467:13468 ioctl c018620c 20000200 returned -22
[ 2052.010604][T13456] IPVS: ftp: loaded support on port[0] = 21
21:48:44 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x03\xf2\x00'}, &(0x7f0000000300)=0x54)

21:48:44 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0xfec0000000000000}, 0x1c)

21:48:44 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:44 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:44 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0xf00}, 0x0)

21:48:44 executing program 5:
openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x802, 0x0)
r0 = socket$inet6(0xa, 0x80002, 0x88)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000003dc0)='/dev/vcs\x00', 0x101000, 0x0)
setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0x30, &(0x7f0000003e00)={0xffffffff, {{0x2, 0x4e20, @local}}, 0x0, 0x2, [{{0x2, 0x4e21, @broadcast}}, {{0x2, 0x4e22, @broadcast}}]}, 0x190)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r1, 0x84, 0x1b, &(0x7f00000000c0)={<r2=>0x0, 0x51, "17e8d740fae7340bb0af05a57db67928ec3e0725709b9921304a8da7f2f3464a30356bd1e53b78bef4d1292c1302be01cf6e1602b7121ea1a7976720d22af0dff98dcf53b5c10838602f6cef4a8ecdc635"}, &(0x7f0000000140)=0x59)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000180)={r2, 0x81, 0x6}, &(0x7f00000001c0)=0x8)
syz_emit_ethernet(0x1, &(0x7f0000000440)=ANY=[@ANYRESDEC=r2], 0x0)
r3 = fcntl$dupfd(r0, 0x0, r0)
ioctl$BLKDISCARD(r3, 0x1277, &(0x7f0000000040)=0x8001)

21:48:44 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:44 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0xff00000000000000}, 0x1c)

21:48:44 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x207c}, 0x0)

[ 2052.466705][T13495] IPVS: ftp: loaded support on port[0] = 21
[ 2052.473739][T13496] binder: 13487 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2052.473751][T13496] binder: 13487:13496 ioctl c018620c 20000200 returned -22
21:48:44 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:44 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0xffffffff00000000}, 0x1c)

21:48:44 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x6000}, 0x0)

[ 2053.038969][T13495] IPVS: ftp: loaded support on port[0] = 21
21:48:45 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x01\xfe\x00'}, &(0x7f0000000300)=0x54)

21:48:45 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:45 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:45 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x2]}}, 0x1c)

21:48:45 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x7c20}, 0x0)

21:48:45 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
r1 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x3, 0x10000)
setsockopt$netrom_NETROM_IDLE(r1, 0x103, 0x7, &(0x7f0000000080)=0x6, 0x4)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)

21:48:45 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:45 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0xf000}, 0x0)

[ 2053.459919][T13530] IPVS: ftp: loaded support on port[0] = 21
[ 2053.494393][T13534] binder: 13524 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
21:48:45 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x3]}}, 0x1c)

[ 2053.494406][T13534] binder: 13524:13534 ioctl c018620c 20000200 returned -22
21:48:45 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:45 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x30000}, 0x0)

21:48:45 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

[ 2053.813298][T13552] binder: 13545 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2053.813311][T13552] binder: 13545:13552 ioctl c018620c 20000200 returned -22
[ 2054.087814][T13530] IPVS: ftp: loaded support on port[0] = 21
21:48:46 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:46 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x4]}}, 0x1c)

21:48:46 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x34000}, 0x0)

21:48:46 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:46 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00p\xfe\xff\xff\x00'}, &(0x7f0000000300)=0x54)

21:48:46 executing program 5:
r0 = socket$inet6(0xa, 0x80001, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x2)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
ioctl$CAPI_GET_FLAGS(r0, 0x80044323, &(0x7f0000000040))
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)

21:48:46 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x5]}}, 0x1c)

21:48:46 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x400300}, 0x0)

21:48:46 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:46 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

[ 2054.478628][T13571] binder: 13560 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2054.478643][T13571] binder: 13560:13571 ioctl c018620c 20000200 returned -22
[ 2054.505225][T13576] IPVS: ftp: loaded support on port[0] = 21
21:48:46 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
r1 = getpgrp(0x0)
move_pages(r1, 0x2, &(0x7f0000000040)=[&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil], &(0x7f0000000080)=[0x1000, 0x3ff], &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x2)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)
r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x880, 0x0)
fanotify_init(0x3a, 0x800)
ioctl$VIDIOC_SUBDEV_DV_TIMINGS_CAP(r2, 0xc0905664, &(0x7f0000000140)={0x0, 0x0, [], @raw_data=[0x7, 0x2, 0xac, 0x0, 0x5, 0x4, 0xfffffffffffffff9, 0x0, 0x100000000, 0x5, 0x3f, 0x100000000, 0x1, 0xbbf, 0x0, 0x6c940eb, 0xff, 0x7ff, 0x401, 0x6, 0x8001, 0x4, 0x82f83f6, 0x4, 0x1, 0x80000000, 0x3, 0x200, 0x4, 0x9, 0x80000000, 0x800]})

21:48:46 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:46 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0xf0ffff}, 0x0)

[ 2054.729408][T13592] binder: 13591 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2054.729423][T13592] binder: 13591:13592 ioctl c018620c 20000200 returned -22
21:48:46 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x6]}}, 0x1c)

21:48:46 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(0xffffffffffffffff, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r0, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r2 = getpid()
write$FUSE_LK(r1, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r2}}}, 0x28)
ioctl$BLKTRACESTOP(r1, 0x1275, 0x0)
r3 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r3, 0x3a)
r4 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r1, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r4, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:46 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

[ 2054.962446][T22568] syz-executor3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=0
[ 2055.016528][T22568] CPU: 1 PID: 22568 Comm: syz-executor3 Not tainted 5.0.0-rc1-next-20190109 #8
[ 2055.025496][T22568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2055.035561][T22568] Call Trace:
[ 2055.038870][T22568]  dump_stack+0x1db/0x2d0
[ 2055.043227][T22568]  ? dump_stack_print_info.cold+0x20/0x20
[ 2055.048943][T22568]  ? check_preemption_disabled+0x48/0x290
[ 2055.048976][T22568]  dump_header+0x1e6/0x116c
[ 2055.048997][T22568]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2055.059195][T22568]  ? perf_trace_lock+0x750/0x750
[ 2055.069732][T22568]  ? print_usage_bug+0xd0/0xd0
[ 2055.074501][T22568]  ? pagefault_out_of_memory+0x1a1/0x1a1
[ 2055.080141][T22568]  ? ___ratelimit+0x37c/0x686
[ 2055.084835][T22568]  ? mark_held_locks+0xb1/0x100
[ 2055.089704][T22568]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2055.095513][T22568]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2055.101316][T22568]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2055.106635][T22568]  ? trace_hardirqs_on+0xbd/0x310
[ 2055.106665][T22568]  ? kasan_check_read+0x11/0x20
[ 2055.106677][T22568]  ? ___ratelimit+0x37c/0x686
[ 2055.106691][T22568]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2055.106704][T22568]  ? do_raw_spin_trylock+0x270/0x270
[ 2055.106737][T22568]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2055.138031][T22568]  ? lock_acquire+0x1db/0x570
[ 2055.142729][T22568]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 2055.148545][T22568]  ? ___ratelimit+0xac/0x686
[ 2055.153143][T22568]  ? idr_get_free+0xee0/0xee0
[ 2055.157819][T22568]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2055.163130][T22568]  oom_kill_process.cold+0x10/0x9ca
[ 2055.168367][T22568]  ? cgroup_procs_next+0x70/0x70
[ 2055.173314][T22568]  ? _raw_spin_unlock_irq+0x5e/0x90
[ 2055.178519][T22568]  ? oom_badness+0xa50/0xa50
[ 2055.183120][T22568]  ? oom_evaluate_task+0x540/0x540
[ 2055.188234][T22568]  ? mem_cgroup_iter_break+0x30/0x30
[ 2055.193520][T22568]  ? mutex_trylock+0x2d0/0x2d0
[ 2055.198281][T22568]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2055.198313][T22568]  ? rcu_read_unlock_special+0x380/0x380
[ 2055.198338][T22568]  out_of_memory+0x885/0x1420
[ 2055.198364][T22568]  ? mem_cgroup_iter+0x4f4/0xf50
[ 2055.219913][T22568]  ? oom_killer_disable+0x340/0x340
[ 2055.225121][T22568]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[ 2055.230936][T22568]  ? lock_acquire+0x1db/0x570
[ 2055.235649][T22568]  mem_cgroup_out_of_memory+0x160/0x210
[ 2055.241198][T22568]  ? do_raw_spin_unlock+0xa0/0x330
[ 2055.246312][T22568]  ? memory_oom_group_write+0x160/0x160
[ 2055.246327][T22568]  ? do_raw_spin_trylock+0x270/0x270
[ 2055.246355][T22568]  ? _raw_spin_unlock+0x2d/0x50
[ 2055.246375][T22568]  try_charge+0x1457/0x1d00
[ 2055.246403][T22568]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 2055.246423][T22568]  ? find_held_lock+0x35/0x120
[ 2055.276831][T22568]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[ 2055.282388][T22568]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2055.288650][T22568]  ? lock_downgrade+0xbe0/0xbe0
[ 2055.293514][T22568]  ? kasan_check_read+0x11/0x20
[ 2055.298387][T22568]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2055.304389][T22568]  ? rcu_read_unlock_special+0x380/0x380
[ 2055.310054][T22568]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[ 2055.315626][T22568]  __memcg_kmem_charge_memcg+0x7c/0x130
[ 2055.321190][T22568]  ? memcg_kmem_put_cache+0xb0/0xb0
[ 2055.326389][T22568]  ? lock_release+0xc40/0xc40
[ 2055.326407][T22568]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2055.326420][T22568]  ? check_preemption_disabled+0x48/0x290
[ 2055.326438][T22568]  __memcg_kmem_charge+0x136/0x300
[ 2055.326457][T22568]  __alloc_pages_nodemask+0x7b8/0xdc0
[ 2055.326471][T22568]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2055.326489][T22568]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[ 2055.326507][T22568]  ? copy_page_range+0x14a6/0x2730
[ 2055.326528][T22568]  ? __lock_is_held+0xb6/0x140
[ 2055.326541][T22568]  ? copy_page_range+0xa4a/0x2730
[ 2055.326560][T22568]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 2055.326593][T22568]  alloc_pages_current+0x107/0x210
[ 2055.326614][T22568]  pte_alloc_one+0x1b/0x1a0
[ 2055.326631][T22568]  __pte_alloc+0x20/0x310
[ 2055.326650][T22568]  copy_page_range+0x1844/0x2730
[ 2055.326666][T22568]  ? save_stack+0x45/0xd0
[ 2055.326687][T22568]  ? __kasan_kmalloc.constprop.0+0xcf/0xe0
[ 2055.395760][T22568]  ? pmd_alloc+0x180/0x180
[ 2055.419510][T22568]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2055.425157][T22568]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2055.431405][T22568]  ? copy_process+0x3607/0x8700
[ 2055.436262][T22568]  ? find_held_lock+0x35/0x120
[ 2055.436279][T22568]  ? copy_process+0x3607/0x8700
[ 2055.436294][T22568]  ? lock_acquire+0x1db/0x570
[ 2055.436310][T22568]  ? lock_downgrade+0xbe0/0xbe0
[ 2055.436330][T22568]  ? kmem_cache_alloc+0x341/0x710
[ 2055.436349][T22568]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 2055.436365][T22568]  ? vma_compute_subtree_gap+0x158/0x230
[ 2055.436389][T22568]  ? __vma_link_rb+0x279/0x370
[ 2055.436413][T22568]  copy_process+0x423b/0x8700
[ 2055.471864][T22568]  ? __cleanup_sighand+0x70/0x70
[ 2055.486206][T22568]  ? do_wp_page+0x7d7/0x1e80
[ 2055.486431][    C0] net_ratelimit: 26 callbacks suppressed
[ 2055.486440][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 2055.490810][T22568]  ? find_held_lock+0x35/0x120
[ 2055.496659][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 2055.502169][T22568]  ? do_wp_page+0x7d7/0x1e80
[ 2055.507130][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 2055.512642][T22568]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 2055.517398][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 2055.522944][T22568]  ? kasan_check_read+0x11/0x20
[ 2055.529393][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 2055.534884][T22568]  ? do_raw_spin_trylock+0x270/0x270
[ 2055.539853][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 2055.545440][T22568]  ? __lock_acquire+0x572/0x4a10
[ 2055.561364][T22568]  ? finish_mkwrite_fault+0x4f0/0x4f0
[ 2055.566773][T22568]  ? mark_held_locks+0x100/0x100
[ 2055.571728][T22568]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2055.577972][T22568]  ? check_preemption_disabled+0x48/0x290
[ 2055.583708][T22568]  ? debug_smp_processor_id+0x1c/0x20
[ 2055.589093][T22568]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2055.589117][T22568]  ? __handle_mm_fault+0x955/0x55a0
[ 2055.589137][T22568]  ? __might_fault+0x12b/0x1e0
[ 2055.589148][T22568]  ? find_held_lock+0x35/0x120
[ 2055.589162][T22568]  ? __might_fault+0x12b/0x1e0
[ 2055.589176][T22568]  ? lock_acquire+0x1db/0x570
[ 2055.589193][T22568]  ? lock_downgrade+0xbe0/0xbe0
[ 2055.589206][T22568]  ? lock_release+0xc40/0xc40
[ 2055.589222][T22568]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2055.589244][T22568]  _do_fork+0x1a9/0x1170
[ 2055.589267][T22568]  ? fork_idle+0x1d0/0x1d0
[ 2055.589282][T22568]  ? kasan_check_read+0x11/0x20
[ 2055.589298][T22568]  ? _copy_to_user+0xc9/0x120
[ 2055.589320][T22568]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2055.647822][T22568]  ? put_timespec64+0x115/0x1b0
[ 2055.658738][T22568]  ? nsecs_to_jiffies+0x30/0x30
[ 2055.658758][T22568]  ? do_syscall_64+0x8c/0x800
[ 2055.658770][T22568]  ? do_syscall_64+0x8c/0x800
[ 2055.658784][T22568]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2055.658799][T22568]  ? trace_hardirqs_on+0xbd/0x310
[ 2055.658813][T22568]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2055.658831][T22568]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2055.658844][T22568]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2055.658866][T22568]  __x64_sys_clone+0xbf/0x150
[ 2055.658884][T22568]  do_syscall_64+0x1a3/0x800
[ 2055.658902][T22568]  ? syscall_return_slowpath+0x5f0/0x5f0
[ 2055.658920][T22568]  ? prepare_exit_to_usermode+0x232/0x3b0
[ 2055.658945][T22568]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2055.710967][T22568]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2055.721178][T22568] RIP: 0033:0x45649a
[ 2055.721195][T22568] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00
[ 2055.721202][T22568] RSP: 002b:00007ffd98177d70 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2055.721215][T22568] RAX: ffffffffffffffda RBX: 00007ffd98177d70 RCX: 000000000045649a
[ 2055.721223][T22568] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011
[ 2055.721231][T22568] RBP: 00007ffd98177db0 R08: 0000000000000001 R09: 0000000001136940
[ 2055.721239][T22568] R10: 0000000001136c10 R11: 0000000000000246 R12: 0000000000000001
[ 2055.721251][T22568] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000003
[ 2055.721775][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2055.816539][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 2055.822403][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2055.828263][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 2055.836348][T22568] memory: usage 307128kB, limit 307200kB, failcnt 4071
[ 2055.843252][T22568] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2055.866293][T22568] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2055.873080][T13576] IPVS: ftp: loaded support on port[0] = 21
[ 2055.876710][T22568] Memory cgroup stats for /syz3: cache:56KB rss:242964KB rss_huge:210944KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:243100KB inactive_file:4KB active_file:4KB unevictable:0KB
[ 2055.926311][T22568] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor3,pid=988,uid=0
[ 2055.958986][T22568] Memory cgroup out of memory: Kill process 988 (syz-executor3) score 1107 or sacrifice child
[ 2056.017349][T22568] Killed process 988 (syz-executor3) total-vm:70532kB, anon-rss:2204kB, file-rss:33748kB, shmem-rss:0kB
21:48:48 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:48 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1000000}, 0x0)

21:48:48 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x7]}}, 0x1c)

21:48:48 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x008\xff\xff\xff\x00'}, &(0x7f0000000300)=0x54)

21:48:48 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f00000070c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd601bfc97004d8800fe800000000000000000000000000000ff02000000000000000000000000000100004b20004d9078e296071493d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0777b87a774df8021afd119b08265dc3a83e1f0187f46665cee3c8f25bae90b91aa919fc5c44a302332be654e9321bd84a76033cdc2373bd4ac2f826aea3b905242c6eef37e408d998cb19127c0b887a1c65386614a828a3eb70f5ee46c5b545a0f04cb1cc6ee149e6d92d20b18d4e1ae0833c2be6ce48ed079e2aded319aeef52ee90d40e25f36577ef235fd0ef7dcaa49539c6e18e0b129e3eef779"], 0x0)
clock_gettime(0x0, &(0x7f0000007040)={<r1=>0x0, <r2=>0x0})
socket$nl_route(0x10, 0x3, 0x0)
recvmmsg(r0, &(0x7f0000006dc0)=[{{&(0x7f0000000100)=@nl=@unspec, 0x80, &(0x7f00000002c0)=[{&(0x7f0000000180)=""/246, 0xf6}, {&(0x7f0000000280)=""/31, 0x1f}], 0x2, &(0x7f0000000300)=""/2, 0x2}, 0x3}, {{&(0x7f0000000400)=@tipc=@id, 0x80, &(0x7f0000000780)=[{&(0x7f0000000480)=""/32, 0x20}, {&(0x7f00000004c0)=""/38, 0x26}, {&(0x7f0000000500)=""/49, 0x31}, {&(0x7f0000000540)=""/4, 0x4}, {&(0x7f0000000580)=""/242, 0xf2}, {&(0x7f0000000680)=""/234, 0xea}], 0x6, &(0x7f0000000800)=""/198, 0xc6}, 0x8}, {{&(0x7f0000000900)=@alg, 0x80, &(0x7f0000002bc0)=[{&(0x7f0000000980)=""/78, 0x4e}, {&(0x7f0000000a00)=""/143, 0x8f}, {&(0x7f0000000ac0)=""/4096, 0x1000}, {&(0x7f0000001ac0)=""/210, 0xd2}, {&(0x7f0000001bc0)=""/4096, 0x1000}], 0x5, &(0x7f0000002c40)=""/252, 0xfc}, 0x100000001}, {{&(0x7f0000002d40)=@sco, 0x80, &(0x7f00000031c0)=[{&(0x7f0000002dc0)=""/28, 0x1c}, {&(0x7f0000002e00)=""/155, 0x9b}, {&(0x7f0000002ec0)=""/123, 0x7b}, {&(0x7f0000002f40)=""/138, 0x8a}, {&(0x7f0000003000)=""/15, 0xf}, {&(0x7f0000003040)=""/140, 0x8c}, {&(0x7f0000003100)=""/135, 0x87}], 0x7, &(0x7f0000003240)=""/68, 0x44}, 0xffffffff}, {{&(0x7f00000032c0)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, 0x80, &(0x7f0000005800)=[{&(0x7f0000003340)=""/56, 0x38}, {&(0x7f0000003380)=""/75, 0x4b}, {&(0x7f0000003400)=""/4096, 0x1000}, {&(0x7f00000044c0)=""/142, 0x8e}, {&(0x7f0000004580)=""/153, 0x99}, {&(0x7f0000004640)=""/4096, 0x1000}, {&(0x7f0000005640)=""/235, 0xeb}, {&(0x7f0000004400)=""/38, 0x26}, {&(0x7f0000005740)=""/133, 0x85}], 0x9, &(0x7f00000058c0)=""/91, 0x5b}, 0x6}, {{&(0x7f0000005940)=@in={0x2, 0x0, @initdev}, 0x80, &(0x7f0000004440)=[{&(0x7f00000059c0)=""/178, 0xb2}, {&(0x7f0000005a80)=""/124, 0x7c}], 0x2}, 0x101}, {{&(0x7f0000005b00)=@tipc, 0x80, &(0x7f0000005f00)=[{&(0x7f0000005b80)}, {&(0x7f0000005bc0)=""/230, 0xe6}, {&(0x7f0000005cc0)=""/216, 0xd8}, {&(0x7f0000005dc0)=""/249, 0xf9}, {&(0x7f0000005ec0)=""/13, 0xd}], 0x5, &(0x7f0000005f80)=""/144, 0x90}, 0x400}, {{&(0x7f0000006040)=@nfc, 0x80, &(0x7f0000006700)=[{&(0x7f00000060c0)=""/62, 0x3e}, {&(0x7f0000006100)=""/4, 0x4}, {&(0x7f0000006140)=""/215, 0xd7}, {&(0x7f0000006240)=""/147, 0x93}, {&(0x7f0000006300)}, {&(0x7f0000006340)=""/228, 0xe4}, {&(0x7f0000006440)=""/85, 0x55}, {&(0x7f00000064c0)=""/185, 0xb9}, {&(0x7f0000006580)=""/135, 0x87}, {&(0x7f0000006640)=""/134, 0x86}], 0xa}, 0x2}, {{&(0x7f00000067c0)=@generic, 0x80, &(0x7f0000006980)=[{&(0x7f0000006840)=""/114, 0x72}, {&(0x7f00000068c0)=""/184, 0xb8}], 0x2, &(0x7f00000069c0)=""/224, 0xe0}, 0x9}, {{&(0x7f0000006ac0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, 0x80, &(0x7f0000006cc0)=[{&(0x7f0000006b40)=""/3, 0x3}, {&(0x7f0000006b80)=""/226, 0xe2}, {&(0x7f0000006c80)=""/61, 0x3d}], 0x3, &(0x7f0000006d00)=""/180, 0xb4}, 0x1000}], 0xa, 0x20, &(0x7f0000007080)={r1, r2+30000000})
r3 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0xfb8, 0x40000)
setsockopt$inet_opts(r3, 0x0, 0x9, &(0x7f0000000080)="37b05a86a034975e6f90a9f02bb39007c078c0600eb90e490ef46bde12ef8fe9406bf45b0bdac0037b5413d845ad427e2080cfa442227f983734c65b8e4eeadfca627b7d1cc5172f644006f1dbf7b4246c19ab7521e7c7", 0x57)

21:48:48 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:48 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x2000000}, 0x0)

[ 2056.276895][T13626] IPVS: ftp: loaded support on port[0] = 21
[ 2056.307450][T13628] binder: 13615 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2056.307463][T13628] binder: 13615:13628 ioctl c018620c 20000200 returned -22
21:48:48 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x8]}}, 0x1c)

21:48:48 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:48 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x9]}}, 0x1c)

21:48:48 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(0xffffffffffffffff, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r0, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r2 = getpid()
write$FUSE_LK(r1, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r2}}}, 0x28)
ioctl$BLKTRACESTOP(r1, 0x1275, 0x0)
r3 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r3, 0x3a)
r4 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r1, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r4, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:48 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x3000000}, 0x0)

21:48:48 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:48 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(0xffffffffffffffff, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r0, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r2 = getpid()
write$FUSE_LK(r1, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r2}}}, 0x28)
ioctl$BLKTRACESTOP(r1, 0x1275, 0x0)
r3 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r3, 0x3a)
r4 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r1, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r4, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:48 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

[ 2056.707026][T13651] binder: 13646 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2056.707039][T13651] binder: 13646:13651 ioctl c018620c 20000200 returned -22
[ 2056.927549][T13659] binder: 13658 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2056.927594][T13659] binder: 13658:13659 ioctl c018620c 20000200 returned -22
[ 2057.161875][T13626] IPVS: ftp: loaded support on port[0] = 21
21:48:49 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x9d\xff\xff\xff\x00'}, &(0x7f0000000300)=0x54)

21:48:49 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0xa]}}, 0x1c)

21:48:49 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:49 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000000}, 0x0)

21:48:49 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:49 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
r1 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0xab)
ioctl$CAPI_GET_MANUFACTURER(r1, 0xc0044306, &(0x7f0000000080)=0x3f)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)

21:48:49 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0xa000000}, 0x0)

21:48:49 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:49 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

[ 2057.508733][T13675] binder: 13674 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2057.508818][T13675] binder: 13674:13675 ioctl c018620c 20000200 returned -22
[ 2057.519420][T13681] IPVS: ftp: loaded support on port[0] = 21
21:48:49 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x10]}}, 0x1c)

21:48:49 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0xe000000}, 0x0)

21:48:49 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

[ 2057.715658][T13695] binder: 13694 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2057.715690][T13695] binder: 13694:13695 ioctl c018620c 20000200 returned -22
[ 2058.025475][T13681] IPVS: ftp: loaded support on port[0] = 21
21:48:50 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x9e\xff\xff\xff\x00'}, &(0x7f0000000300)=0x54)

21:48:50 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x78]}}, 0x1c)

21:48:50 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x0)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:50 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0xf000000}, 0x0)

21:48:50 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:50 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @ipv4={[], [], @rand_addr=0xbc88bfc}}, 0x118)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd60ff7be33dd7d8997eafaf6eed9c6f1bfc97004d8800fe800000000000000000000000000000ff02000000000000000000000000000100004e20004d9078e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e5"], 0x0)

21:48:50 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:50 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0xfc]}}, 0x1c)

21:48:50 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10000000}, 0x0)

21:48:50 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x0)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

[ 2058.442474][T13715] binder: 13713 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2058.442600][T13715] binder: 13713:13715 ioctl c018620c 20000200 returned -22
[ 2058.443993][T13720] IPVS: ftp: loaded support on port[0] = 21
21:48:50 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:50 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x300]}}, 0x1c)

[ 2058.653317][T13735] binder: 13732 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2058.653382][T13735] binder: 13732:13735 ioctl c018620c 20000200 returned -22
[ 2059.095423][T13720] IPVS: ftp: loaded support on port[0] = 21
21:48:51 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x00\x80\x00'}, &(0x7f0000000300)=0x54)

21:48:51 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x60000000}, 0x0)

21:48:51 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x0)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:51 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x500]}}, 0x1c)

21:48:51 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:51 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)

21:48:51 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

[ 2059.410676][T13749] IPVS: ftp: loaded support on port[0] = 21
21:48:51 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x7c200000}, 0x0)

21:48:51 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x600]}}, 0x1c)

[ 2059.502221][T13762] binder: 13754 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2059.502234][T13762] binder: 13754:13762 ioctl c018620c 20000200 returned -22
21:48:51 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, 0x0)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:51 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:51 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x9effffff}, 0x0)

[ 2059.828666][T13779] binder: 13778 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2059.828685][T13779] binder: 13778:13779 ioctl c018620c 20000200 returned -22
[ 2060.164351][T13760] IPVS: ftp: loaded support on port[0] = 21
21:48:52 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00'}, &(0x7f0000000300)=0x54)

21:48:52 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x700]}}, 0x1c)

21:48:52 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:52 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0xf0ffffff}, 0x0)

21:48:52 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, 0x0)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:52 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x283, 0x0)
ioctl$DRM_IOCTL_GET_CAP(r1, 0xc010640c, &(0x7f0000000080)={0x4, 0x6})
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x1, &(0x7f0000000340)=ANY=[@ANYRES32=r0], 0x0)

[ 2060.745092][T13799] IPVS: ftp: loaded support on port[0] = 21
21:48:52 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:52 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, 0x0)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:52 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0xfffff000}, 0x0)

[ 2060.789056][T13802] binder: 13789 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2060.789070][T13802] binder: 13789:13802 ioctl c018620c 20000200 returned -22
21:48:52 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x900]}}, 0x1c)

21:48:52 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:52 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0xa00]}}, 0x1c)

[ 2061.119486][T13816] binder: 13813 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2061.119560][T13816] binder: 13813:13816 ioctl c018620c 20000200 returned -22
[ 2061.521643][T13799] IPVS: ftp: loaded support on port[0] = 21
[ 2061.726290][    C0] net_ratelimit: 26 callbacks suppressed
[ 2061.726299][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 2061.737821][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 2061.743687][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 2061.749498][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 2061.755349][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 2061.761202][    C0] protocol 88fb is buggy, dev hsr_slave_1
21:48:53 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:53 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0xffffff7f}, 0x0)

21:48:53 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, 0x0, 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:53 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x3f00]}}, 0x1c)

21:48:53 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00'}, &(0x7f0000000300)=0x54)

21:48:53 executing program 5:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000280)="0adc1f023c123f3188a070")
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x0, 0x0)
ioctl$int_in(r1, 0x800000c0045006, &(0x7f00000004c0)=0x100000035)
read$FUSE(r1, &(0x7f0000000500), 0x1000)
r2 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r2, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)

21:48:53 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x4000]}}, 0x1c)

[ 2061.935564][T13834] syz-executor3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2061.954137][T13839] IPVS: ftp: loaded support on port[0] = 21
[ 2061.970337][T13834] CPU: 0 PID: 13834 Comm: syz-executor3 Not tainted 5.0.0-rc1-next-20190109 #8
[ 2061.979324][T13834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2061.989459][T13834] Call Trace:
[ 2061.992760][T13834]  dump_stack+0x1db/0x2d0
[ 2061.997118][T13834]  ? dump_stack_print_info.cold+0x20/0x20
[ 2062.002840][T13834]  ? check_preemption_disabled+0x48/0x290
[ 2062.002872][T13834]  dump_header+0x1e6/0x116c
[ 2062.002893][T13834]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2062.018739][T13834]  ? perf_trace_lock+0x750/0x750
[ 2062.018756][T13834]  ? print_usage_bug+0xd0/0xd0
[ 2062.018775][T13834]  ? pagefault_out_of_memory+0x1a1/0x1a1
[ 2062.018790][T13834]  ? ___ratelimit+0x37c/0x686
[ 2062.018812][T13834]  ? mark_held_locks+0xb1/0x100
[ 2062.018832][T13834]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2062.018853][T13834]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2062.046457][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2062.049456][T13834]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2062.055332][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 2062.060999][T13834]  ? trace_hardirqs_on+0xbd/0x310
[ 2062.061030][T13834]  ? kasan_check_read+0x11/0x20
[ 2062.061043][T13834]  ? ___ratelimit+0x37c/0x686
[ 2062.061062][T13834]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2062.066471][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2062.072030][T13834]  ? do_raw_spin_trylock+0x270/0x270
[ 2062.072049][T13834]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2062.077155][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 2062.081906][T13834]  ? lock_acquire+0x1db/0x570
[ 2062.119428][T13834]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 2062.125250][T13834]  ? ___ratelimit+0xac/0x686
[ 2062.129864][T13834]  ? idr_get_free+0xee0/0xee0
[ 2062.134543][T13834]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2062.139837][T13834]  oom_kill_process.cold+0x10/0x9ca
[ 2062.139858][T13834]  ? cgroup_procs_next+0x70/0x70
[ 2062.139877][T13834]  ? _raw_spin_unlock_irq+0x5e/0x90
[ 2062.139893][T13834]  ? oom_badness+0xa50/0xa50
[ 2062.139916][T13834]  ? oom_evaluate_task+0x540/0x540
[ 2062.164920][T13834]  ? mem_cgroup_iter_break+0x30/0x30
[ 2062.170217][T13834]  ? mutex_trylock+0x2d0/0x2d0
[ 2062.175017][T13834]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2062.181281][T13834]  ? rcu_read_unlock_special+0x380/0x380
[ 2062.186925][T13834]  out_of_memory+0x885/0x1420
[ 2062.191624][T13834]  ? mem_cgroup_iter+0x4f4/0xf50
[ 2062.196616][T13834]  ? oom_killer_disable+0x340/0x340
[ 2062.201852][T13834]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[ 2062.201871][T13834]  ? lock_acquire+0x1db/0x570
[ 2062.201906][T13834]  mem_cgroup_out_of_memory+0x160/0x210
[ 2062.217925][T13834]  ? do_raw_spin_unlock+0xa0/0x330
[ 2062.223070][T13834]  ? memory_oom_group_write+0x160/0x160
[ 2062.228679][T13834]  ? do_raw_spin_trylock+0x270/0x270
[ 2062.233975][T13834]  ? _raw_spin_unlock+0x2d/0x50
[ 2062.238842][T13834]  try_charge+0x1457/0x1d00
[ 2062.238858][T13834]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[ 2062.238884][T13834]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 2062.238903][T13834]  ? lock_downgrade+0xbe0/0xbe0
[ 2062.254448][T13834]  ? kasan_check_read+0x11/0x20
[ 2062.254470][T13834]  ? rcu_read_unlock_special+0x380/0x380
[ 2062.254497][T13834]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[ 2062.275312][T13834]  ? get_mem_cgroup_from_page+0x190/0x190
[ 2062.281041][T13834]  ? rcu_read_lock_sched_held+0x110/0x130
[ 2062.286764][T13834]  mem_cgroup_try_charge+0x43a/0xdb0
[ 2062.292064][T13834]  ? mem_cgroup_protected+0xa10/0xa10
[ 2062.297503][T13834]  ? check_preemption_disabled+0x48/0x290
[ 2062.303232][T13834]  ? print_usage_bug+0xd0/0xd0
[ 2062.308008][T13834]  ? __lock_acquire+0x572/0x4a10
[ 2062.312956][T13834]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 2062.319203][T13834]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 2062.325456][T13834]  mem_cgroup_try_charge_delay+0x1f/0xa0
[ 2062.331092][T13834]  wp_page_copy+0x45a/0x1c70
[ 2062.331109][T13834]  ? __lock_acquire+0x572/0x4a10
[ 2062.331133][T13834]  ? pmd_pfn+0x1d0/0x1d0
[ 2062.331147][T13834]  ? find_held_lock+0x35/0x120
[ 2062.331164][T13834]  ? do_wp_page+0x894/0x1e80
[ 2062.331210][T13834]  ? kasan_check_read+0x11/0x20
[ 2062.331242][T13834]  ? do_raw_spin_unlock+0xa0/0x330
[ 2062.331255][T13834]  ? _vm_normal_page+0x15d/0x3d0
[ 2062.331277][T13834]  ? do_raw_spin_trylock+0x270/0x270
[ 2062.374544][T13834]  ? print_usage_bug+0xd0/0xd0
[ 2062.374570][T13834]  do_wp_page+0x89c/0x1e80
[ 2062.374598][T13834]  ? find_held_lock+0x35/0x120
[ 2062.388503][T13834]  ? finish_mkwrite_fault+0x4f0/0x4f0
[ 2062.393878][T13834]  ? __lock_acquire+0x572/0x4a10
[ 2062.398824][T13834]  ? lock_acquire+0x1db/0x570
[ 2062.403507][T13834]  ? __handle_mm_fault+0x1d80/0x55a0
[ 2062.408807][T13834]  ? kasan_check_write+0x14/0x20
[ 2062.413752][T13834]  ? do_raw_spin_lock+0x156/0x360
[ 2062.418776][T13834]  ? lock_release+0xc40/0xc40
[ 2062.423458][T13834]  ? rwlock_bug.part.0+0x90/0x90
[ 2062.428399][T13834]  ? pmd_devmap_trans_unstable+0x1d0/0x1d0
[ 2062.428414][T13834]  ? add_mm_counter_fast.part.0+0x40/0x40
[ 2062.428441][T13834]  __handle_mm_fault+0x2c8e/0x55a0
[ 2062.428469][T13834]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2062.428482][T13834]  ? check_preemption_disabled+0x48/0x290
[ 2062.428501][T13834]  ? handle_mm_fault+0x3cc/0xc80
[ 2062.428531][T13834]  ? lock_downgrade+0xbe0/0xbe0
[ 2062.456342][T13834]  ? kasan_check_read+0x11/0x20
[ 2062.456362][T13834]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2062.456380][T13834]  ? rcu_read_unlock_special+0x380/0x380
[ 2062.456398][T13834]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2062.456416][T13834]  ? check_preemption_disabled+0x48/0x290
[ 2062.456449][T13834]  handle_mm_fault+0x4ec/0xc80
[ 2062.456470][T13834]  ? __handle_mm_fault+0x55a0/0x55a0
[ 2062.456500][T13834]  __do_page_fault+0x5da/0xd60
[ 2062.456527][T13834]  do_page_fault+0xe6/0x7d8
[ 2062.494636][T13834]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2062.494659][T13834]  ? vmalloc_sync_all+0x30/0x30
[ 2062.494679][T13834]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2062.530526][T13834]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2062.536764][T13834]  ? prepare_exit_to_usermode+0x232/0x3b0
[ 2062.536781][T13834]  ? page_fault+0x8/0x30
[ 2062.536800][T13834]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2062.536818][T13834]  ? page_fault+0x8/0x30
[ 2062.536833][T13834]  page_fault+0x1e/0x30
[ 2062.536845][T13834] RIP: 0033:0x40d130
[ 2062.536862][T13834] Code: 89 f8 49 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 74 ff ff ff bf 19 d5 4b 00 31 c0 e8 08 49 ff ff 31 ff e8 41 45 ff ff 90 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 36 33 64 00
21:48:54 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x7800]}}, 0x1c)

21:48:54 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:54 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0xffffff9e}, 0x0)

[ 2062.536871][T13834] RSP: 002b:00007ffd98177b50 EFLAGS: 00010246
[ 2062.536885][T13834] RAX: 00000000063e08ea RBX: 0000000058b266f8 RCX: 0000001b2e920000
[ 2062.536894][T13834] RDX: 0000000000000000 RSI: 00000000000008ea RDI: ffffffff063e08ea
[ 2062.536912][T13834] RBP: 0000000000000003 R08: 00000000063e08ea R09: 00000000063e08ee
[ 2062.584257][T13834] R10: 00007ffd98177ce0 R11: 0000000000000246 R12: 000000000073bf00
[ 2062.584267][T13834] R13: 0000000080000000 R14: 00007f58d5ec1008 R15: 0000000000000003
[ 2062.609424][T13834] memory: usage 307200kB, limit 307200kB, failcnt 4130
21:48:54 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:54 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0xfffffff0}, 0x0)

21:48:54 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x80fe]}}, 0x1c)

[ 2062.726402][T13834] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2062.734176][T13834] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2062.809833][T13834] Memory cgroup stats for /syz3: cache:56KB rss:241828KB rss_huge:208896KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:241876KB inactive_file:4KB active_file:0KB unevictable:0KB
21:48:54 executing program 5:
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0, 0x3d5, 0x0, 0xfffffffffffffe3b}}], 0x193, 0x2, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)

[ 2062.908018][T13834] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor3,pid=2564,uid=0
[ 2062.996456][T13834] Memory cgroup out of memory: Kill process 2564 (syz-executor3) score 1107 or sacrifice child
[ 2063.022981][T13834] Killed process 2564 (syz-executor3) total-vm:70532kB, anon-rss:2204kB, file-rss:33748kB, shmem-rss:0kB
21:48:55 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, 0x0, 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:55 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

[ 2063.240040][T13876] syz-executor3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2063.263254][T13876] CPU: 1 PID: 13876 Comm: syz-executor3 Not tainted 5.0.0-rc1-next-20190109 #8
[ 2063.272211][T13876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2063.282267][T13876] Call Trace:
[ 2063.285573][T13876]  dump_stack+0x1db/0x2d0
[ 2063.289922][T13876]  ? dump_stack_print_info.cold+0x20/0x20
[ 2063.295637][T13876]  ? check_preemption_disabled+0x48/0x290
[ 2063.301369][T13876]  dump_header+0x1e6/0x116c
[ 2063.305875][T13876]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2063.311506][T13876]  ? perf_trace_lock+0x750/0x750
[ 2063.316453][T13876]  ? print_usage_bug+0xd0/0xd0
[ 2063.321228][T13876]  ? pagefault_out_of_memory+0x1a1/0x1a1
[ 2063.326863][T13876]  ? ___ratelimit+0x37c/0x686
[ 2063.331549][T13876]  ? mark_held_locks+0xb1/0x100
[ 2063.336414][T13876]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2063.342222][T13876]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2063.348025][T13876]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2063.353313][T13876]  ? trace_hardirqs_on+0xbd/0x310
[ 2063.358337][T13876]  ? kasan_check_read+0x11/0x20
[ 2063.363186][T13876]  ? ___ratelimit+0x37c/0x686
[ 2063.367860][T13876]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2063.373661][T13876]  ? do_raw_spin_trylock+0x270/0x270
[ 2063.378953][T13876]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2063.384667][T13876]  ? lock_acquire+0x1db/0x570
[ 2063.389353][T13876]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 2063.395154][T13876]  ? ___ratelimit+0xac/0x686
[ 2063.399751][T13876]  ? idr_get_free+0xee0/0xee0
[ 2063.404431][T13876]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2063.409732][T13876]  oom_kill_process.cold+0x10/0x9ca
[ 2063.414951][T13876]  ? cgroup_procs_next+0x70/0x70
[ 2063.419908][T13876]  ? _raw_spin_unlock_irq+0x5e/0x90
[ 2063.425117][T13876]  ? oom_badness+0xa50/0xa50
[ 2063.429722][T13876]  ? oom_evaluate_task+0x540/0x540
[ 2063.431411][T13839] IPVS: ftp: loaded support on port[0] = 21
[ 2063.434847][T13876]  ? mem_cgroup_iter_break+0x30/0x30
[ 2063.446002][T13876]  ? mutex_trylock+0x2d0/0x2d0
[ 2063.450772][T13876]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2063.457035][T13876]  ? rcu_read_unlock_special+0x380/0x380
[ 2063.457060][T13876]  out_of_memory+0x885/0x1420
[ 2063.457081][T13876]  ? mem_cgroup_iter+0x4f4/0xf50
[ 2063.467371][T13876]  ? oom_killer_disable+0x340/0x340
[ 2063.467390][T13876]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[ 2063.467408][T13876]  ? lock_acquire+0x1db/0x570
[ 2063.467437][T13876]  mem_cgroup_out_of_memory+0x160/0x210
[ 2063.477529][T13876]  ? do_raw_spin_unlock+0xa0/0x330
[ 2063.477547][T13876]  ? memory_oom_group_write+0x160/0x160
[ 2063.477562][T13876]  ? do_raw_spin_trylock+0x270/0x270
[ 2063.477599][T13876]  ? _raw_spin_unlock+0x2d/0x50
[ 2063.488052][T13876]  try_charge+0x1457/0x1d00
[ 2063.488067][T13876]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[ 2063.488091][T13876]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 2063.488119][T13876]  ? lock_downgrade+0xbe0/0xbe0
[ 2063.509546][T13876]  ? kasan_check_read+0x11/0x20
[ 2063.518870][T13876]  ? rcu_read_unlock_special+0x380/0x380
[ 2063.518898][T13876]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[ 2063.518925][T13876]  ? get_mem_cgroup_from_page+0x190/0x190
[ 2063.550797][T13876]  ? rcu_read_lock_sched_held+0x110/0x130
[ 2063.562199][T13876]  mem_cgroup_try_charge+0x43a/0xdb0
[ 2063.567514][T13876]  ? mem_cgroup_protected+0xa10/0xa10
[ 2063.567539][T13876]  ? check_preemption_disabled+0x48/0x290
[ 2063.567555][T13876]  ? print_usage_bug+0xd0/0xd0
[ 2063.567575][T13876]  ? __lock_acquire+0x572/0x4a10
[ 2063.588315][T13876]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 2063.594550][T13876]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 2063.594575][T13876]  mem_cgroup_try_charge_delay+0x1f/0xa0
[ 2063.606440][T13876]  wp_page_copy+0x45a/0x1c70
[ 2063.611040][T13876]  ? __lock_acquire+0x572/0x4a10
[ 2063.615999][T13876]  ? pmd_pfn+0x1d0/0x1d0
[ 2063.620243][T13876]  ? find_held_lock+0x35/0x120
[ 2063.625015][T13876]  ? do_wp_page+0x894/0x1e80
[ 2063.629626][T13876]  ? kasan_check_read+0x11/0x20
[ 2063.629643][T13876]  ? do_raw_spin_unlock+0xa0/0x330
[ 2063.629655][T13876]  ? _vm_normal_page+0x15d/0x3d0
[ 2063.629679][T13876]  ? do_raw_spin_trylock+0x270/0x270
[ 2063.629698][T13876]  ? print_usage_bug+0xd0/0xd0
[ 2063.654567][T13876]  do_wp_page+0x89c/0x1e80
[ 2063.659001][T13876]  ? find_held_lock+0x35/0x120
[ 2063.663776][T13876]  ? finish_mkwrite_fault+0x4f0/0x4f0
[ 2063.663795][T13876]  ? __lock_acquire+0x572/0x4a10
[ 2063.674088][T13876]  ? lock_acquire+0x1db/0x570
[ 2063.678784][T13876]  ? __handle_mm_fault+0x1d80/0x55a0
[ 2063.684071][T13876]  ? kasan_check_write+0x14/0x20
[ 2063.689029][T13876]  ? do_raw_spin_lock+0x156/0x360
[ 2063.689041][T13876]  ? lock_release+0xc40/0xc40
[ 2063.689073][T13876]  ? rwlock_bug.part.0+0x90/0x90
[ 2063.689089][T13876]  ? pmd_devmap_trans_unstable+0x1d0/0x1d0
[ 2063.689139][T13876]  ? add_mm_counter_fast.part.0+0x40/0x40
[ 2063.715232][T13876]  __handle_mm_fault+0x2c8e/0x55a0
[ 2063.720358][T13876]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2063.725903][T13876]  ? check_preemption_disabled+0x48/0x290
[ 2063.725924][T13876]  ? handle_mm_fault+0x3cc/0xc80
[ 2063.736598][T13876]  ? lock_downgrade+0xbe0/0xbe0
[ 2063.741457][T13876]  ? kasan_check_read+0x11/0x20
[ 2063.746323][T13876]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2063.752303][T13876]  ? rcu_read_unlock_special+0x380/0x380
[ 2063.757985][T13876]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2063.757999][T13876]  ? check_preemption_disabled+0x48/0x290
[ 2063.758023][T13876]  handle_mm_fault+0x4ec/0xc80
[ 2063.758045][T13876]  ? __handle_mm_fault+0x55a0/0x55a0
[ 2063.780015][T13876]  __do_page_fault+0x5da/0xd60
[ 2063.784789][T13876]  do_page_fault+0xe6/0x7d8
[ 2063.789297][T13876]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2063.789317][T13876]  ? vmalloc_sync_all+0x30/0x30
[ 2063.789331][T13876]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2063.789363][T13876]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2063.789401][T13876]  ? prepare_exit_to_usermode+0x232/0x3b0
[ 2063.812251][T13876]  ? page_fault+0x8/0x30
[ 2063.822198][T13876]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2063.827746][T13876]  ? page_fault+0x8/0x30
[ 2063.831987][T13876]  page_fault+0x1e/0x30
[ 2063.836136][T13876] RIP: 0033:0x40d130
[ 2063.836152][T13876] Code: 89 f8 49 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 74 ff ff ff bf 19 d5 4b 00 31 c0 e8 08 49 ff ff 31 ff e8 41 45 ff ff 90 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 36 33 64 00
[ 2063.836160][T13876] RSP: 002b:00007ffd98177b50 EFLAGS: 00010246
[ 2063.836173][T13876] RAX: 00000000cb4ee433 RBX: 00000000955c87df RCX: 0000001b2e920000
[ 2063.836183][T13876] RDX: 0000000000000000 RSI: 0000000000000433 RDI: ffffffffcb4ee433
[ 2063.836199][T13876] RBP: 000000000000000a R08: 00000000cb4ee433 R09: 00000000cb4ee437
[ 2063.859705][T13876] R10: 00007ffd98177ce0 R11: 0000000000000246 R12: 000000000073bf00
[ 2063.859722][T13876] R13: 0000000080000000 R14: 00007f58d5ec1008 R15: 000000000000000a
[ 2063.880380][T13876] memory: usage 307200kB, limit 307200kB, failcnt 4144
[ 2063.912936][T13876] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2063.920701][T13876] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2063.927851][T13876] Memory cgroup stats for /syz3: cache:56KB rss:241812KB rss_huge:208896KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:241868KB inactive_file:4KB active_file:4KB unevictable:0KB
[ 2063.955379][T13876] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor3,pid=2778,uid=0
[ 2063.970878][T13876] Memory cgroup out of memory: Kill process 2778 (syz-executor3) score 1107 or sacrifice child
[ 2063.981524][T13876] Killed process 2778 (syz-executor3) total-vm:70532kB, anon-rss:2204kB, file-rss:33748kB, shmem-rss:0kB
[ 2064.040958][T13877] binder: 13876 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2064.041032][T13877] binder: 13876:13877 ioctl c018620c 20000200 returned -22
21:48:56 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00'}, &(0x7f0000000300)=0x54)

21:48:56 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x3000000000000}, 0x0)

21:48:56 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0xc0fe]}}, 0x1c)

21:48:56 executing program 5:
r0 = socket$inet6(0xa, 0x3, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20}, 0x1c)
recvmmsg(r0, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
r1 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x2, 0x101000)
socket(0xa, 0x800, 0xfffffffffffffff9)
ioctl$BLKBSZSET(r1, 0x40081271, &(0x7f0000000080)=0xffffffff)
syz_emit_ethernet(0xa, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)
socket(0x3, 0x806, 0x4dfe)

21:48:56 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:48:56 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, 0x0, 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:56 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x0}, 0x0)

[ 2064.299499][T13897] IPVS: ftp: loaded support on port[0] = 21
[ 2064.339167][T13892] binder: 13891 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
21:48:56 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0xfc00]}}, 0x1c)

21:48:56 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40030000000000}, 0x0)

[ 2064.339221][T13892] binder: 13891:13892 ioctl c018620c 20000200 returned -22
[ 2064.427040][T13891] syz-executor3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000
21:48:56 executing program 5:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x2, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000080)={<r1=>0x0})
ioctl$DRM_IOCTL_RM_CTX(r0, 0xc0086421, &(0x7f00000000c0)={r1, 0x3})
r2 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20, 0x3}, 0x1c)
recvmmsg(r2, &(0x7f0000004480)=[{{0x0, 0x0, 0x0}}], 0x193, 0x103, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000340)={@local, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "1bfc97", 0x4d, 0x88, 0x0, @dev, @mcast2, {[], @udp={0x0, 0x4e20, 0x4d, 0x0, [], "e29607149378d33e1db1c73936c77aa3f7fac33b042bd368236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69cc3712c37ed0"}}}}}}, 0x0)

[ 2064.498418][T13891] CPU: 0 PID: 13891 Comm: syz-executor3 Not tainted 5.0.0-rc1-next-20190109 #8
[ 2064.507372][T13891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2064.517428][T13891] Call Trace:
[ 2064.520731][T13891]  dump_stack+0x1db/0x2d0
[ 2064.525074][T13891]  ? dump_stack_print_info.cold+0x20/0x20
[ 2064.530796][T13891]  ? check_preemption_disabled+0x48/0x290
[ 2064.536536][T13891]  dump_header+0x1e6/0x116c
[ 2064.541073][T13891]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2064.546727][T13891]  ? perf_trace_lock+0x750/0x750
[ 2064.551671][T13891]  ? print_usage_bug+0xd0/0xd0
[ 2064.556442][T13891]  ? pagefault_out_of_memory+0x1a1/0x1a1
[ 2064.562089][T13891]  ? ___ratelimit+0x37c/0x686
[ 2064.562111][T13891]  ? mark_held_locks+0xb1/0x100
[ 2064.562139][T13891]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2064.577436][T13891]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2064.583244][T13891]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2064.588543][T13891]  ? trace_hardirqs_on+0xbd/0x310
[ 2064.593635][T13891]  ? kasan_check_read+0x11/0x20
21:48:56 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0xfe80]}}, 0x1c)

[ 2064.598485][T13891]  ? ___ratelimit+0x37c/0x686
[ 2064.598502][T13891]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2064.598517][T13891]  ? do_raw_spin_trylock+0x270/0x270
[ 2064.598533][T13891]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2064.598548][T13891]  ? lock_acquire+0x1db/0x570
[ 2064.598572][T13891]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 2064.598601][T13891]  ? ___ratelimit+0xac/0x686
[ 2064.609057][T13891]  ? idr_get_free+0xee0/0xee0
[ 2064.609081][T13891]  ? lockdep_hardirqs_on+0x415/0x5d0
21:48:56 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0xf0ffffffffffff}, 0x0)

[ 2064.609109][T13891]  oom_kill_process.cold+0x10/0x9ca
[ 2064.609130][T13891]  ? cgroup_procs_next+0x70/0x70
[ 2064.609150][T13891]  ? _raw_spin_unlock_irq+0x5e/0x90
[ 2064.609167][T13891]  ? oom_badness+0xa50/0xa50
[ 2064.609190][T13891]  ? oom_evaluate_task+0x540/0x540
[ 2064.609209][T13891]  ? mem_cgroup_iter_break+0x30/0x30
[ 2064.609223][T13891]  ? mutex_trylock+0x2d0/0x2d0
[ 2064.609238][T13891]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2064.609269][T13891]  ? rcu_read_unlock_special+0x380/0x380
[ 2064.630723][T13891]  out_of_memory+0x885/0x1420
[ 2064.630743][T13891]  ? mem_cgroup_iter+0x4f4/0xf50
[ 2064.630765][T13891]  ? oom_killer_disable+0x340/0x340
[ 2064.630783][T13891]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[ 2064.630800][T13891]  ? lock_acquire+0x1db/0x570
[ 2064.630834][T13891]  mem_cgroup_out_of_memory+0x160/0x210
[ 2064.655466][T13891]  ? do_raw_spin_unlock+0xa0/0x330
[ 2064.665231][T13891]  ? memory_oom_group_write+0x160/0x160
[ 2064.686568][T13891]  ? do_raw_spin_trylock+0x270/0x270
[ 2064.686607][T13891]  ? _raw_spin_unlock+0x2d/0x50
[ 2064.686634][T13891]  try_charge+0x1457/0x1d00
[ 2064.686661][T13891]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 2064.686675][T13891]  ? find_held_lock+0x35/0x120
[ 2064.686691][T13891]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[ 2064.686710][T13891]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2064.686729][T13891]  ? lock_downgrade+0xbe0/0xbe0
[ 2064.686744][T13891]  ? kasan_check_read+0x11/0x20
[ 2064.686760][T13891]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2064.686778][T13891]  ? rcu_read_unlock_special+0x380/0x380
[ 2064.686802][T13891]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[ 2064.686822][T13891]  __memcg_kmem_charge_memcg+0x7c/0x130
[ 2064.686837][T13891]  ? memcg_kmem_put_cache+0xb0/0xb0
[ 2064.686849][T13891]  ? lock_release+0xc40/0xc40
[ 2064.686875][T13891]  __memcg_kmem_charge+0x136/0x300
[ 2064.686895][T13891]  __alloc_pages_nodemask+0x7b8/0xdc0
[ 2064.686918][T13891]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[ 2064.686930][T13891]  ? rcu_pm_notify+0xd0/0xd0
[ 2064.686958][T13891]  ? rcu_read_lock_sched_held+0x110/0x130
[ 2064.686977][T13891]  ? kmem_cache_alloc_node+0x347/0x710
[ 2064.775402][T13891]  ? print_usage_bug+0xd0/0xd0
[ 2064.828884][T13891]  copy_process+0x847/0x8700
[ 2064.828909][T13891]  ? print_usage_bug+0xd0/0xd0
[ 2064.828930][T13891]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2064.828946][T13891]  ? check_preemption_disabled+0x48/0x290
[ 2064.828969][T13891]  ? __lock_acquire+0x572/0x4a10
[ 2064.828982][T13891]  ? mark_held_locks+0x100/0x100
[ 2064.829010][T13891]  ? __cleanup_sighand+0x70/0x70
[ 2064.829028][T13891]  ? mark_held_locks+0x100/0x100
[ 2064.829043][T13891]  ? find_held_lock+0x35/0x120
[ 2064.829060][T13891]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2064.829073][T13891]  ? check_preemption_disabled+0x48/0x290
[ 2064.829092][T13891]  ? debug_smp_processor_id+0x1c/0x20
[ 2064.829107][T13891]  ? perf_trace_lock_acquire+0x138/0x7d0
[ 2064.829135][T13891]  ? delayacct_end+0xc9/0x100
[ 2064.922948][T13891]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2064.929197][T13891]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2064.934832][T13891]  ? perf_trace_lock+0x750/0x750
[ 2064.939772][T13891]  ? perf_trace_lock_acquire+0x138/0x7d0
[ 2064.945420][T13891]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2064.951052][T13891]  ? find_held_lock+0x35/0x120
[ 2064.955820][T13891]  ? print_usage_bug+0xd0/0xd0
[ 2064.960601][T13891]  ? psi_memstall_leave+0x1f8/0x280
[ 2064.965813][T13891]  ? find_held_lock+0x35/0x120
[ 2064.965835][T13891]  ? __lock_acquire+0x572/0x4a10
[ 2064.965855][T13891]  ? _raw_spin_unlock_irq+0x28/0x90
[ 2064.965870][T13891]  ? _raw_spin_unlock_irq+0x28/0x90
[ 2064.965892][T13891]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2064.991225][T13891]  ? trace_hardirqs_on+0xbd/0x310
[ 2064.996281][T13891]  ? mark_held_locks+0x100/0x100
[ 2065.001220][T13891]  ? check_preemption_disabled+0x48/0x290
[ 2065.006951][T13891]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2065.013197][T13891]  ? check_preemption_disabled+0x48/0x290
[ 2065.018924][T13891]  ? debug_smp_processor_id+0x1c/0x20
[ 2065.024337][T13891]  ? perf_trace_lock_acquire+0x138/0x7d0
[ 2065.029986][T13891]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2065.035639][T13891]  ? perf_trace_lock+0x750/0x750
[ 2065.040577][T13891]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2065.040617][T13891]  ? try_to_free_pages+0xb70/0xb70
[ 2065.040635][T13891]  ? percpu_ref_put_many+0x129/0x270
[ 2065.040658][T13891]  ? blkcg_maybe_throttle_current+0x75e/0x13c0
[ 2065.051038][T13891]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2065.051064][T13891]  _do_fork+0x1a9/0x1170
[ 2065.051086][T13891]  ? fork_idle+0x1d0/0x1d0
[ 2065.068728][T13891]  ? trace_hardirqs_off+0xb8/0x310
[ 2065.068752][T13891]  ? get_mctgt_type_thp.isra.0+0x4c0/0x4c0
[ 2065.077386][T13891]  ? prepare_exit_to_usermode+0x32e/0x3b0
[ 2065.077403][T13891]  ? do_syscall_64+0x8c/0x800
[ 2065.077417][T13891]  ? do_syscall_64+0x8c/0x800
[ 2065.077434][T13891]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2065.077450][T13891]  ? trace_hardirqs_on+0xbd/0x310
[ 2065.077469][T13891]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2065.077485][T13891]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2065.077509][T13891]  __x64_sys_clone+0xbf/0x150
[ 2065.077529][T13891]  do_syscall_64+0x1a3/0x800
[ 2065.077549][T13891]  ? syscall_return_slowpath+0x5f0/0x5f0
[ 2065.077570][T13891]  ? prepare_exit_to_usermode+0x232/0x3b0
[ 2065.113792][T13891]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2065.113822][T13891]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2065.113836][T13891] RIP: 0033:0x45a899
[ 2065.113859][T13891] Code: ff 48 85 f6 0f 84 97 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 6e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75
[ 2065.181219][T13891] RSP: 002b:00007ffd98177ae8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038
[ 2065.181235][T13891] RAX: ffffffffffffffda RBX: 00007f58d409f700 RCX: 000000000045a899
[ 2065.181245][T13891] RDX: 00007f58d409f9d0 RSI: 00007f58d409edb0 RDI: 00000000003d0f00
[ 2065.181255][T13891] RBP: 00007ffd98177cf0 R08: 00007f58d409f700 R09: 00007f58d409f700
[ 2065.181280][T13891] R10: 00007f58d409f9d0 R11: 0000000000000202 R12: 0000000000000000
[ 2065.181290][T13891] R13: 00007ffd98177b9f R14: 00007f58d409f9c0 R15: 000000000073bfac
[ 2065.219441][T13891] memory: usage 307160kB, limit 307200kB, failcnt 4172
[ 2065.238021][T13891] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2065.245490][T13891] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2065.252408][T13891] Memory cgroup stats for /syz3: cache:56KB rss:241792KB rss_huge:208896KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:241876KB inactive_file:0KB active_file:0KB unevictable:0KB
[ 2065.274047][T13891] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor3,pid=3360,uid=0
[ 2065.290212][T13891] Memory cgroup out of memory: Kill process 3360 (syz-executor3) score 1107 or sacrifice child
[ 2065.300714][T13891] Killed process 3360 (syz-executor3) total-vm:70532kB, anon-rss:2204kB, file-rss:33748kB, shmem-rss:0kB
[ 2065.518224][T13897] IPVS: ftp: loaded support on port[0] = 21
21:48:57 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00'}, &(0x7f0000000300)=0x54)

21:48:57 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0xfec0]}}, 0x1c)

21:48:57 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0x2)

21:48:57 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x100000000000000}, 0x0)

21:48:57 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x0, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:57 executing program 5:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, 0x0, 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

[ 2065.879900][T13930] binder: 13929 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2065.879965][T13930] binder: 13929:13930 ioctl c018620c 20000200 returned -22
[ 2065.915149][T13942] binder: 13933 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
21:48:57 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x200000000000000}, 0x0)

21:48:57 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0x3)

[ 2065.915163][T13942] binder: 13933:13942 ioctl c018620c 20000200 returned -22
[ 2065.940626][T13943] IPVS: ftp: loaded support on port[0] = 21
21:48:57 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x0, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:57 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0xff00]}}, 0x1c)

21:48:57 executing program 5:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, 0x0, 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:58 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0x4)

[ 2066.181809][T13943] binder: 13955 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2066.181943][T13956] binder: 13955:13956 ioctl c018620c 20000200 returned -22
[ 2066.237847][T13957] binder: 13953 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2066.237922][T13957] binder: 13953:13957 ioctl c018620c 20000200 returned -22
[ 2066.644397][T13943] IPVS: ftp: loaded support on port[0] = 21
21:48:58 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00'}, &(0x7f0000000300)=0x54)

21:48:58 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x300000000000000}, 0x0)

21:48:58 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x100000]}}, 0x1c)

21:48:58 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x0, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:58 executing program 5:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
signalfd4(r0, &(0x7f0000000140)={0x2}, 0x8, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:58 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0x8)

[ 2067.064992][T13978] binder: 13977 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2067.065008][T13978] binder: 13977:13978 ioctl c018620c 20000200 returned -22
21:48:59 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0xa)

21:48:59 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x400000000000000}, 0x0)

[ 2067.152895][T13976] binder: 13972 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2067.152926][T13976] binder: 13972:13976 ioctl c018620c 20000200 returned -22
21:48:59 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(0xffffffffffffffff, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r2 = getpid()
write$FUSE_LK(r1, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r2}}}, 0x28)
ioctl$BLKTRACESTOP(r1, 0x1275, 0x0)
r3 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r3, 0x3a)
r4 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r1, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r4, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:48:59 executing program 5:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00'}, &(0x7f0000000300)=0x54)

[ 2067.215044][T13983] IPVS: ftp: loaded support on port[0] = 21
21:48:59 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x1000000]}}, 0x1c)

21:48:59 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(0xffffffffffffffff, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r2 = getpid()
write$FUSE_LK(r1, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r2}}}, 0x28)
ioctl$BLKTRACESTOP(r1, 0x1275, 0x0)
r3 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r3, 0x3a)
r4 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r1, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r4, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

[ 2067.505314][T14001] IPVS: ftp: loaded support on port[0] = 21
[ 2067.608703][T14010] binder: 14006 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2067.608716][T14010] binder: 14006:14010 ioctl c018620c 20000200 returned -22
[ 2067.862891][T14004] syz-executor5 invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[ 2067.874610][T14004] CPU: 0 PID: 14004 Comm: syz-executor5 Not tainted 5.0.0-rc1-next-20190109 #8
[ 2067.883566][T14004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2067.893657][T14004] Call Trace:
[ 2067.896966][T14004]  dump_stack+0x1db/0x2d0
[ 2067.901310][T14004]  ? dump_stack_print_info.cold+0x20/0x20
[ 2067.907037][T14004]  ? check_preemption_disabled+0x48/0x290
[ 2067.912784][T14004]  dump_header+0x1e6/0x116c
[ 2067.917299][T14004]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2067.922938][T14004]  ? perf_trace_lock+0x750/0x750
[ 2067.927881][T14004]  ? print_usage_bug+0xd0/0xd0
[ 2067.932664][T14004]  ? pagefault_out_of_memory+0x1a1/0x1a1
[ 2067.938308][T14004]  ? ___ratelimit+0x37c/0x686
[ 2067.943004][T14004]  ? mark_held_locks+0xb1/0x100
[ 2067.947871][T14004]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2067.953692][T14004]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2067.959508][T14004]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2067.964806][T14004]  ? trace_hardirqs_on+0xbd/0x310
[ 2067.969839][T14004]  ? kasan_check_read+0x11/0x20
[ 2067.974694][T14004]  ? ___ratelimit+0x37c/0x686
[ 2067.979379][T14004]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2067.985191][T14004]  ? do_raw_spin_trylock+0x270/0x270
[ 2067.990491][T14004]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2067.996216][T14004]  ? lock_acquire+0x1db/0x570
[ 2068.000911][T14004]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 2068.006722][T14004]  ? ___ratelimit+0xac/0x686
[ 2068.011314][T14004]  ? idr_get_free+0xee0/0xee0
[ 2068.016004][T14004]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2068.021312][T14004]  oom_kill_process.cold+0x10/0x9ca
[ 2068.026523][T14004]  ? cgroup_procs_next+0x70/0x70
[ 2068.031474][T14004]  ? _raw_spin_unlock_irq+0x5e/0x90
[ 2068.036687][T14004]  ? oom_badness+0xa50/0xa50
[ 2068.041286][T14004]  ? oom_evaluate_task+0x540/0x540
[ 2068.046407][T14004]  ? mem_cgroup_iter_break+0x30/0x30
[ 2068.051703][T14004]  ? mutex_trylock+0x2d0/0x2d0
[ 2068.056478][T14004]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2068.062751][T14004]  ? rcu_read_unlock_special+0x380/0x380
[ 2068.068414][T14004]  out_of_memory+0x885/0x1420
[ 2068.073107][T14004]  ? mem_cgroup_iter+0x4f4/0xf50
[ 2068.078061][T14004]  ? oom_killer_disable+0x340/0x340
[ 2068.083263][T14004]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[ 2068.089079][T14004]  ? lock_acquire+0x1db/0x570
[ 2068.093783][T14004]  mem_cgroup_out_of_memory+0x160/0x210
[ 2068.099344][T14004]  ? do_raw_spin_unlock+0xa0/0x330
[ 2068.104472][T14004]  ? memory_oom_group_write+0x160/0x160
[ 2068.110031][T14004]  ? do_raw_spin_trylock+0x270/0x270
[ 2068.115340][T14004]  ? _raw_spin_unlock+0x2d/0x50
[ 2068.120205][T14004]  try_charge+0x1457/0x1d00
[ 2068.124712][T14004]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[ 2068.130275][T14004]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 2068.135832][T14004]  ? lock_downgrade+0xbe0/0xbe0
[ 2068.140706][T14004]  ? kasan_check_read+0x11/0x20
[ 2068.145566][T14004]  ? rcu_read_unlock_special+0x380/0x380
[ 2068.151240][T14004]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[ 2068.156825][T14004]  ? get_mem_cgroup_from_page+0x190/0x190
[ 2068.162587][T14004]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2068.168243][T14004]  ? print_usage_bug+0xd0/0xd0
[ 2068.173019][T14004]  mem_cgroup_try_charge+0x43a/0xdb0
[ 2068.178315][T14004]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2068.184601][T14004]  ? mem_cgroup_protected+0xa10/0xa10
[ 2068.190018][T14004]  ? shmem_getattr+0x2c0/0x2c0
[ 2068.194831][T14004]  ? __lock_acquire+0x572/0x4a10
[ 2068.199816][T14004]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2068.205111][T14004]  ? print_usage_bug+0xd0/0xd0
[ 2068.209895][T14004]  mem_cgroup_try_charge_delay+0x1f/0xa0
[ 2068.215538][T14004]  shmem_getpage_gfp+0xa85/0x4b70
[ 2068.220607][T14004]  ? shmem_add_to_page_cache+0x19a0/0x19a0
[ 2068.226438][T14004]  ? lock_acquire+0x1db/0x570
[ 2068.231122][T14004]  ? alloc_set_pte+0x134a/0x1df0
[ 2068.236074][T14004]  ? kasan_check_write+0x14/0x20
[ 2068.241020][T14004]  ? do_raw_spin_lock+0x156/0x360
[ 2068.246046][T14004]  ? lock_release+0xc40/0xc40
[ 2068.250727][T14004]  ? rwlock_bug.part.0+0x90/0x90
[ 2068.255675][T14004]  ? pmd_devmap_trans_unstable+0x1d0/0x1d0
[ 2068.261494][T14004]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2068.267138][T14004]  ? reacquire_held_locks+0xfb/0x520
[ 2068.272427][T14004]  ? alloc_set_pte+0x134a/0x1df0
[ 2068.277371][T14004]  ? find_held_lock+0x60/0x120
[ 2068.282139][T14004]  ? filemap_map_pages+0xe29/0x1cc0
[ 2068.286294][    C1] net_ratelimit: 26 callbacks suppressed
[ 2068.286304][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2068.287619][T14004]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2068.293301][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 2068.298947][T14004]  ? lock_downgrade+0xbe0/0xbe0
[ 2068.298963][T14004]  ? kasan_check_read+0x11/0x20
[ 2068.298980][T14004]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2068.298996][T14004]  ? rcu_read_unlock_special+0x380/0x380
[ 2068.299025][T14004]  ? filemap_map_pages+0xe50/0x1cc0
[ 2068.299058][T14004]  ? find_get_entries_tag+0x13d0/0x13d0
[ 2068.305412][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2068.310980][T14004]  ? follow_page_pte+0x3f4/0x1a50
[ 2068.311005][T14004]  shmem_fault+0x25a/0x950
[ 2068.311031][T14004]  ? shmem_read_mapping_page_gfp+0x200/0x200
[ 2068.311052][T14004]  ? __handle_mm_fault+0x42e1/0x55a0
[ 2068.315958][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 2068.320734][T14004]  ? find_held_lock+0x35/0x120
[ 2068.320753][T14004]  ? __handle_mm_fault+0x42e1/0x55a0
[ 2068.320772][T14004]  __do_fault+0x176/0x7b0
[ 2068.320791][T14004]  ? do_page_mkwrite+0x740/0x740
[ 2068.320812][T14004]  ? do_raw_spin_unlock+0xa0/0x330
[ 2068.327012][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2068.332429][T14004]  ? do_raw_spin_trylock+0x270/0x270
[ 2068.337773][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 2068.343202][T14004]  ? add_mm_counter_fast.part.0+0x40/0x40
[ 2068.422713][T14004]  __handle_mm_fault+0x370a/0x55a0
[ 2068.427850][T14004]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2068.433401][T14004]  ? check_preemption_disabled+0x48/0x290
[ 2068.439132][T14004]  ? handle_mm_fault+0x3cc/0xc80
[ 2068.444094][T14004]  ? lock_downgrade+0xbe0/0xbe0
[ 2068.448947][T14004]  ? kasan_check_read+0x11/0x20
[ 2068.453808][T14004]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2068.459800][T14004]  ? rcu_read_unlock_special+0x380/0x380
[ 2068.465439][T14004]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2068.471690][T14004]  ? check_preemption_disabled+0x48/0x290
[ 2068.477460][T14004]  handle_mm_fault+0x4ec/0xc80
[ 2068.482243][T14004]  ? __handle_mm_fault+0x55a0/0x55a0
[ 2068.487543][T14004]  ? __get_user_pages+0x1771/0x1e10
[ 2068.492761][T14004]  __get_user_pages+0x8f7/0x1e10
[ 2068.497726][T14004]  ? follow_page_mask+0x1f40/0x1f40
[ 2068.502937][T14004]  ? lock_acquire+0x1db/0x570
[ 2068.507635][T14004]  ? ___might_sleep+0x1e7/0x310
[ 2068.512495][T14004]  ? lock_release+0xc40/0xc40
[ 2068.517173][T14004]  ? find_held_lock+0x35/0x120
[ 2068.521947][T14004]  ? vm_mmap_pgoff+0x21a/0x2b0
[ 2068.526723][T14004]  populate_vma_page_range+0x2bc/0x3b0
[ 2068.532197][T14004]  ? memset+0x32/0x40
[ 2068.536199][T14004]  ? follow_page+0x430/0x430
[ 2068.540798][T14004]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2068.547038][T14004]  ? vmacache_update+0x114/0x140
[ 2068.551989][T14004]  __mm_populate+0x27e/0x4c0
[ 2068.556601][T14004]  ? populate_vma_page_range+0x3b0/0x3b0
[ 2068.562252][T14004]  ? down_read_killable+0x150/0x150
[ 2068.567468][T14004]  ? security_mmap_file+0x1a7/0x1e0
[ 2068.572685][T14004]  vm_mmap_pgoff+0x277/0x2b0
[ 2068.577291][T14004]  ? vma_is_stack_for_current+0xd0/0xd0
[ 2068.582852][T14004]  ? kasan_check_read+0x11/0x20
[ 2068.587709][T14004]  ? _copy_to_user+0xc9/0x120
[ 2068.592399][T14004]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2068.598661][T14004]  ksys_mmap_pgoff+0x102/0x650
[ 2068.603446][T14004]  ? find_mergeable_anon_vma+0xd0/0xd0
[ 2068.608926][T14004]  ? trace_hardirqs_on+0xbd/0x310
[ 2068.613959][T14004]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2068.620213][T14004]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2068.626299][T14004]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2068.632117][T14004]  __x64_sys_mmap+0xe9/0x1b0
[ 2068.636725][T14004]  do_syscall_64+0x1a3/0x800
[ 2068.641332][T14004]  ? syscall_return_slowpath+0x5f0/0x5f0
[ 2068.646976][T14004]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2068.652708][T14004]  ? __switch_to_asm+0x34/0x70
[ 2068.657493][T14004]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2068.663064][T14004]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2068.663987][T13983] IPVS: ftp: loaded support on port[0] = 21
[ 2068.668958][T14004] RIP: 0033:0x457ec9
[ 2068.668975][T14004] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2068.668984][T14004] RSP: 002b:00007f37b7f01c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 2068.668998][T14004] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9
[ 2068.669006][T14004] RDX: 0000000000000003 RSI: 0000000000b36000 RDI: 0000000020000000
[ 2068.669015][T14004] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000
[ 2068.669024][T14004] R10: 0000000000008031 R11: 0000000000000246 R12: 00007f37b7f026d4
[ 2068.669033][T14004] R13: 00000000004c3b56 R14: 00000000004d6910 R15: 00000000ffffffff
[ 2068.669403][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 2068.739138][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 2068.758849][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 2068.764660][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 2068.772929][T14004] memory: usage 307196kB, limit 307200kB, failcnt 4267
[ 2068.781414][T14004] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2068.789223][T14004] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2068.796382][T14004] Memory cgroup stats for /syz5: cache:3244KB rss:257408KB rss_huge:231424KB shmem:3188KB mapped_file:3168KB dirty:0KB writeback:0KB swap:0KB inactive_anon:3344KB active_anon:257532KB inactive_file:0KB active_file:0KB unevictable:0KB
[ 2068.819277][T14004] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor5,pid=14000,uid=0
[ 2068.834968][T14004] Memory cgroup out of memory: Kill process 14000 (syz-executor5) score 1107 or sacrifice child
[ 2068.845848][T14004] Killed process 14000 (syz-executor5) total-vm:70532kB, anon-rss:112kB, file-rss:32768kB, shmem-rss:3164kB
[ 2068.859015][ T1042] oom_reaper: reaped process 14000 (syz-executor5), now anon-rss:0kB, file-rss:32708kB, shmem-rss:3360kB
21:49:01 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00'}, &(0x7f0000000300)=0x54)

21:49:01 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0xe)

21:49:01 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x2000000]}}, 0x1c)

21:49:01 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x800000000000000}, 0x0)

21:49:01 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:49:01 executing program 5:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00'}, &(0x7f0000000300)=0x54)

21:49:01 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0xf)

[ 2069.155607][T14018] IPVS: ftp: loaded support on port[0] = 21
[ 2069.174238][T14028] IPVS: ftp: loaded support on port[0] = 21
21:49:01 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x3000000]}}, 0x1c)

21:49:01 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0xa00000000000000}, 0x0)

[ 2069.278039][T14018] binder: 14021 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2069.286780][T14029] binder: 14021:14029 ioctl c018620c 20000200 returned -22
21:49:01 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0x10)

21:49:01 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:49:01 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x4000000]}}, 0x1c)

[ 2069.649588][T14051] binder: 14048 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2069.649614][T14051] binder: 14048:14051 ioctl c018620c 20000200 returned -22
[ 2069.672628][T14024] syz-executor5 invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[ 2069.726702][T14024] CPU: 1 PID: 14024 Comm: syz-executor5 Not tainted 5.0.0-rc1-next-20190109 #8
[ 2069.735716][T14024] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2069.745854][T14024] Call Trace:
[ 2069.749162][T14024]  dump_stack+0x1db/0x2d0
[ 2069.753512][T14024]  ? dump_stack_print_info.cold+0x20/0x20
[ 2069.759236][T14024]  ? check_preemption_disabled+0x48/0x290
[ 2069.759266][T14024]  dump_header+0x1e6/0x116c
[ 2069.759285][T14024]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2069.759299][T14024]  ? perf_trace_lock+0x750/0x750
[ 2069.759319][T14024]  ? print_usage_bug+0xd0/0xd0
[ 2069.775197][T14024]  ? pagefault_out_of_memory+0x1a1/0x1a1
[ 2069.775218][T14024]  ? ___ratelimit+0x37c/0x686
[ 2069.775242][T14024]  ? mark_held_locks+0xb1/0x100
[ 2069.800047][T14024]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2069.805862][T14024]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2069.811682][T14024]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2069.816973][T14024]  ? trace_hardirqs_on+0xbd/0x310
[ 2069.816993][T14024]  ? kasan_check_read+0x11/0x20
[ 2069.817013][T14024]  ? ___ratelimit+0x37c/0x686
[ 2069.826873][T14024]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2069.826889][T14024]  ? do_raw_spin_trylock+0x270/0x270
[ 2069.826903][T14024]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2069.826916][T14024]  ? lock_acquire+0x1db/0x570
[ 2069.826943][T14024]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 2069.826961][T14024]  ? ___ratelimit+0xac/0x686
[ 2069.863432][T14024]  ? idr_get_free+0xee0/0xee0
[ 2069.863459][T14024]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2069.873447][T14024]  oom_kill_process.cold+0x10/0x9ca
[ 2069.878685][T14024]  ? cgroup_procs_next+0x70/0x70
[ 2069.883643][T14024]  ? _raw_spin_unlock_irq+0x5e/0x90
[ 2069.888863][T14024]  ? oom_badness+0xa50/0xa50
[ 2069.893476][T14024]  ? oom_evaluate_task+0x540/0x540
[ 2069.898606][T14024]  ? mem_cgroup_iter_break+0x30/0x30
[ 2069.898629][T14024]  ? mutex_trylock+0x2d0/0x2d0
[ 2069.898644][T14024]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2069.898675][T14024]  ? rcu_read_unlock_special+0x380/0x380
[ 2069.898707][T14024]  out_of_memory+0x885/0x1420
[ 2069.920631][T14024]  ? mem_cgroup_iter+0x4f4/0xf50
[ 2069.920657][T14024]  ? oom_killer_disable+0x340/0x340
[ 2069.920676][T14024]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[ 2069.920694][T14024]  ? lock_acquire+0x1db/0x570
[ 2069.920723][T14024]  mem_cgroup_out_of_memory+0x160/0x210
[ 2069.930342][T14024]  ? do_raw_spin_unlock+0xa0/0x330
[ 2069.930363][T14024]  ? memory_oom_group_write+0x160/0x160
[ 2069.930375][T14024]  ? do_raw_spin_trylock+0x270/0x270
[ 2069.930404][T14024]  ? _raw_spin_unlock+0x2d/0x50
[ 2069.930424][T14024]  try_charge+0x1457/0x1d00
[ 2069.930447][T14024]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[ 2069.941460][T14024]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 2069.941476][T14024]  ? lock_downgrade+0xbe0/0xbe0
[ 2069.941500][T14024]  ? kasan_check_read+0x11/0x20
[ 2069.951713][T14024]  ? rcu_read_unlock_special+0x380/0x380
[ 2069.951743][T14024]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[ 2069.951762][T14024]  ? get_mem_cgroup_from_page+0x190/0x190
[ 2069.962406][T14024]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2069.962424][T14024]  ? print_usage_bug+0xd0/0xd0
[ 2069.962447][T14024]  mem_cgroup_try_charge+0x43a/0xdb0
[ 2069.972588][T14024]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2069.972631][T14024]  ? mem_cgroup_protected+0xa10/0xa10
[ 2069.982676][T14024]  ? shmem_getattr+0x2c0/0x2c0
[ 2069.982697][T14024]  ? __lock_acquire+0x572/0x4a10
[ 2069.982717][T14024]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2069.993085][T14024]  ? print_usage_bug+0xd0/0xd0
[ 2069.993125][T14024]  mem_cgroup_try_charge_delay+0x1f/0xa0
[ 2069.993147][T14024]  shmem_getpage_gfp+0xa85/0x4b70
[ 2070.003636][T14024]  ? shmem_add_to_page_cache+0x19a0/0x19a0
[ 2070.003664][T14024]  ? lock_acquire+0x1db/0x570
[ 2070.014903][T14024]  ? alloc_set_pte+0x134a/0x1df0
[ 2070.014928][T14024]  ? kasan_check_write+0x14/0x20
[ 2070.014952][T14024]  ? do_raw_spin_lock+0x156/0x360
[ 2070.025311][T14024]  ? lock_release+0xc40/0xc40
[ 2070.025331][T14024]  ? rwlock_bug.part.0+0x90/0x90
[ 2070.025353][T14024]  ? pmd_devmap_trans_unstable+0x1d0/0x1d0
[ 2070.036863][T14024]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2070.036885][T14024]  ? reacquire_held_locks+0xfb/0x520
[ 2070.036902][T14024]  ? alloc_set_pte+0x134a/0x1df0
[ 2070.036920][T14024]  ? find_held_lock+0x60/0x120
[ 2070.036946][T14024]  ? filemap_map_pages+0xe29/0x1cc0
[ 2070.047064][T14024]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2070.047086][T14024]  ? lock_downgrade+0xbe0/0xbe0
[ 2070.047103][T14024]  ? kasan_check_read+0x11/0x20
[ 2070.047129][T14024]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2070.047148][T14024]  ? rcu_read_unlock_special+0x380/0x380
[ 2070.047179][T14024]  ? filemap_map_pages+0xe50/0x1cc0
[ 2070.057386][T14024]  ? find_get_entries_tag+0x13d0/0x13d0
[ 2070.057402][T14024]  ? follow_page_pte+0x3f4/0x1a50
[ 2070.057427][T14024]  shmem_fault+0x25a/0x950
[ 2070.057452][T14024]  ? shmem_read_mapping_page_gfp+0x200/0x200
[ 2070.057473][T14024]  ? __handle_mm_fault+0x42e1/0x55a0
[ 2070.067850][T14024]  ? find_held_lock+0x35/0x120
[ 2070.067870][T14024]  ? __handle_mm_fault+0x42e1/0x55a0
[ 2070.067891][T14024]  __do_fault+0x176/0x7b0
[ 2070.067911][T14024]  ? do_page_mkwrite+0x740/0x740
[ 2070.067928][T14024]  ? do_raw_spin_unlock+0xa0/0x330
[ 2070.067949][T14024]  ? do_raw_spin_trylock+0x270/0x270
[ 2070.078777][T14024]  ? add_mm_counter_fast.part.0+0x40/0x40
[ 2070.078803][T14024]  __handle_mm_fault+0x370a/0x55a0
[ 2070.078830][T14024]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2070.078845][T14024]  ? check_preemption_disabled+0x48/0x290
[ 2070.078865][T14024]  ? handle_mm_fault+0x3cc/0xc80
[ 2070.088471][T14024]  ? lock_downgrade+0xbe0/0xbe0
[ 2070.088490][T14024]  ? kasan_check_read+0x11/0x20
[ 2070.088507][T14024]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2070.088533][T14024]  ? rcu_read_unlock_special+0x380/0x380
[ 2070.098478][T14024]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2070.098495][T14024]  ? check_preemption_disabled+0x48/0x290
[ 2070.098520][T14024]  handle_mm_fault+0x4ec/0xc80
[ 2070.098540][T14024]  ? __handle_mm_fault+0x55a0/0x55a0
[ 2070.098561][T14024]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 2070.108171][T14024]  __get_user_pages+0x8f7/0x1e10
[ 2070.108200][T14024]  ? follow_page_mask+0x1f40/0x1f40
[ 2070.108228][T14024]  ? lock_acquire+0x1db/0x570
[ 2070.108247][T14024]  ? ___might_sleep+0x1e7/0x310
[ 2070.108267][T14024]  ? lock_release+0xc40/0xc40
[ 2070.119684][T14024]  ? find_held_lock+0x35/0x120
[ 2070.119706][T14024]  ? vm_mmap_pgoff+0x21a/0x2b0
[ 2070.119727][T14024]  populate_vma_page_range+0x2bc/0x3b0
[ 2070.119746][T14024]  ? memset+0x32/0x40
[ 2070.119762][T14024]  ? follow_page+0x430/0x430
[ 2070.119786][T14024]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2070.129977][T14024]  ? vmacache_update+0x114/0x140
[ 2070.130001][T14024]  __mm_populate+0x27e/0x4c0
[ 2070.130022][T14024]  ? populate_vma_page_range+0x3b0/0x3b0
[ 2070.130038][T14024]  ? down_read_killable+0x150/0x150
[ 2070.130056][T14024]  ? security_mmap_file+0x1a7/0x1e0
[ 2070.130081][T14024]  vm_mmap_pgoff+0x277/0x2b0
[ 2070.140052][T14024]  ? vma_is_stack_for_current+0xd0/0xd0
[ 2070.140071][T14024]  ? kasan_check_read+0x11/0x20
[ 2070.140087][T14024]  ? _copy_to_user+0xc9/0x120
[ 2070.140106][T14024]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2070.140137][T14024]  ksys_mmap_pgoff+0x102/0x650
[ 2070.140159][T14024]  ? find_mergeable_anon_vma+0xd0/0xd0
[ 2070.151237][T14024]  ? trace_hardirqs_on+0xbd/0x310
[ 2070.151254][T14024]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2070.151275][T14024]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2070.151295][T14024]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2070.162159][T14024]  __x64_sys_mmap+0xe9/0x1b0
[ 2070.162184][T14024]  do_syscall_64+0x1a3/0x800
[ 2070.162206][T14024]  ? syscall_return_slowpath+0x5f0/0x5f0
[ 2070.173038][T14024]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2070.173057][T14024]  ? __switch_to_asm+0x34/0x70
[ 2070.173079][T14024]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2070.183690][T14024]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2070.183705][T14024] RIP: 0033:0x457ec9
[ 2070.183721][T14024] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2070.183738][T14024] RSP: 002b:00007f37b7f01c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 2070.194176][T14024] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9
[ 2070.194186][T14024] RDX: 0000000000000003 RSI: 0000000000b36000 RDI: 0000000020000000
[ 2070.194195][T14024] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000
[ 2070.194203][T14024] R10: 0000000000008031 R11: 0000000000000246 R12: 00007f37b7f026d4
[ 2070.194219][T14024] R13: 00000000004c3b56 R14: 00000000004d6910 R15: 00000000ffffffff
[ 2070.350389][T14031] IPVS: ftp: loaded support on port[0] = 21
[ 2070.370967][T14024] memory: usage 307200kB, limit 307200kB, failcnt 4281
[ 2070.570869][T14024] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2070.578564][T14024] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2070.585588][T14024] Memory cgroup stats for /syz5: cache:3220KB rss:257408KB rss_huge:231424KB shmem:3172KB mapped_file:3036KB dirty:0KB writeback:0KB swap:0KB inactive_anon:3228KB active_anon:257532KB inactive_file:0KB active_file:0KB unevictable:0KB
[ 2070.627530][T14024] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor5,pid=14017,uid=0
[ 2070.668446][T14024] Memory cgroup out of memory: Kill process 14017 (syz-executor5) score 1107 or sacrifice child
[ 2070.686464][T14024] Killed process 14017 (syz-executor5) total-vm:70532kB, anon-rss:112kB, file-rss:32768kB, shmem-rss:3164kB
[ 2070.707963][ T1042] oom_reaper: reaped process 14017 (syz-executor5), now anon-rss:0kB, file-rss:32708kB, shmem-rss:3164kB
21:49:06 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0x60)

21:49:06 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0xe00000000000000}, 0x0)

21:49:06 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x5000000]}}, 0x1c)

21:49:06 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:49:06 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x11\x00'}, &(0x7f0000000300)=0x54)

21:49:06 executing program 5:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00'}, &(0x7f0000000300)=0x54)

21:49:06 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0xf0)

[ 2074.274379][T14061] IPVS: ftp: loaded support on port[0] = 21
21:49:06 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x6000000]}}, 0x1c)

21:49:06 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0xf00000000000000}, 0x0)

[ 2074.324390][T14073] binder: 14063 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2074.324403][T14073] binder: 14063:14073 ioctl c018620c 20000200 returned -22
[ 2074.352995][T14074] IPVS: ftp: loaded support on port[0] = 21
21:49:06 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x0, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:49:06 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0x300)

21:49:06 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1000000000000000}, 0x0)

21:49:06 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x7000000]}}, 0x1c)

[ 2074.526322][    C1] net_ratelimit: 26 callbacks suppressed
[ 2074.526331][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2074.537884][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 2074.543755][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2074.549572][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 2074.555457][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2074.561293][    C1] protocol 88fb is buggy, dev hsr_slave_1
21:49:06 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0xa00)

[ 2074.705011][T14097] binder: 14087 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2074.705025][T14097] binder: 14087:14097 ioctl c018620c 20000200 returned -22
21:49:06 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x0, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:49:06 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x6000000000000000}, 0x0)

[ 2074.857824][T14071] syz-executor5 invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[ 2074.926257][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 2074.932090][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 2074.932174][T14071] CPU: 1 PID: 14071 Comm: syz-executor5 Not tainted 5.0.0-rc1-next-20190109 #8
[ 2074.946766][T14071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2074.956819][T14071] Call Trace:
[ 2074.960139][T14071]  dump_stack+0x1db/0x2d0
[ 2074.964478][T14071]  ? dump_stack_print_info.cold+0x20/0x20
[ 2074.970206][T14071]  ? check_preemption_disabled+0x48/0x290
[ 2074.975945][T14071]  dump_header+0x1e6/0x116c
[ 2074.980454][T14071]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2074.986122][T14071]  ? perf_trace_lock+0x750/0x750
[ 2074.991065][T14071]  ? print_usage_bug+0xd0/0xd0
[ 2074.995847][T14071]  ? pagefault_out_of_memory+0x1a1/0x1a1
[ 2075.001511][T14071]  ? ___ratelimit+0x37c/0x686
[ 2075.006228][T14071]  ? mark_held_locks+0xb1/0x100
[ 2075.006302][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 2075.011088][T14071]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2075.016901][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 2075.022589][T14071]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2075.034086][T14071]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2075.039380][T14071]  ? trace_hardirqs_on+0xbd/0x310
[ 2075.044407][T14071]  ? kasan_check_read+0x11/0x20
[ 2075.049261][T14071]  ? ___ratelimit+0x37c/0x686
[ 2075.053942][T14071]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2075.059755][T14071]  ? do_raw_spin_trylock+0x270/0x270
[ 2075.065051][T14071]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2075.070773][T14071]  ? lock_acquire+0x1db/0x570
[ 2075.075467][T14071]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 2075.081282][T14071]  ? ___ratelimit+0xac/0x686
[ 2075.085876][T14071]  ? idr_get_free+0xee0/0xee0
[ 2075.090559][T14071]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2075.095875][T14071]  oom_kill_process.cold+0x10/0x9ca
[ 2075.101086][T14071]  ? cgroup_procs_next+0x70/0x70
[ 2075.106041][T14071]  ? _raw_spin_unlock_irq+0x5e/0x90
[ 2075.111259][T14071]  ? oom_badness+0xa50/0xa50
[ 2075.115857][T14071]  ? oom_evaluate_task+0x540/0x540
[ 2075.120974][T14071]  ? mem_cgroup_iter_break+0x30/0x30
[ 2075.126256][T14071]  ? mutex_trylock+0x2d0/0x2d0
[ 2075.131036][T14071]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2075.137311][T14071]  ? rcu_read_unlock_special+0x380/0x380
[ 2075.142956][T14071]  out_of_memory+0x885/0x1420
[ 2075.147651][T14071]  ? mem_cgroup_iter+0x4f4/0xf50
[ 2075.147674][T14071]  ? oom_killer_disable+0x340/0x340
[ 2075.147694][T14071]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[ 2075.147711][T14071]  ? lock_acquire+0x1db/0x570
[ 2075.147742][T14071]  mem_cgroup_out_of_memory+0x160/0x210
[ 2075.147759][T14071]  ? do_raw_spin_unlock+0xa0/0x330
[ 2075.147777][T14071]  ? memory_oom_group_write+0x160/0x160
[ 2075.147798][T14071]  ? do_raw_spin_trylock+0x270/0x270
[ 2075.189800][T14071]  ? _raw_spin_unlock+0x2d/0x50
[ 2075.194659][T14071]  try_charge+0x1457/0x1d00
[ 2075.199198][T14071]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[ 2075.204776][T14071]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 2075.210320][T14071]  ? lock_downgrade+0xbe0/0xbe0
[ 2075.215175][T14071]  ? kasan_check_read+0x11/0x20
[ 2075.220046][T14071]  ? rcu_read_unlock_special+0x380/0x380
[ 2075.225694][T14071]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[ 2075.231250][T14071]  ? get_mem_cgroup_from_page+0x190/0x190
[ 2075.236989][T14071]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2075.242629][T14071]  ? print_usage_bug+0xd0/0xd0
[ 2075.247405][T14071]  mem_cgroup_try_charge+0x43a/0xdb0
[ 2075.250333][T14104] binder: 14103 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2075.250415][T14104] binder: 14103:14104 ioctl c018620c 20000200 returned -22
[ 2075.252706][T14071]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2075.252724][T14071]  ? mem_cgroup_protected+0xa10/0xa10
[ 2075.252745][T14071]  ? shmem_getattr+0x2c0/0x2c0
[ 2075.252762][T14071]  ? __lock_acquire+0x572/0x4a10
[ 2075.252783][T14071]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2075.268541][T14071]  ? print_usage_bug+0xd0/0xd0
[ 2075.280135][T14071]  mem_cgroup_try_charge_delay+0x1f/0xa0
[ 2075.280158][T14071]  shmem_getpage_gfp+0xa85/0x4b70
[ 2075.280201][T14071]  ? shmem_add_to_page_cache+0x19a0/0x19a0
[ 2075.280226][T14071]  ? lock_acquire+0x1db/0x570
[ 2075.321854][T14071]  ? alloc_set_pte+0x134a/0x1df0
[ 2075.326800][T14071]  ? kasan_check_write+0x14/0x20
[ 2075.331747][T14071]  ? do_raw_spin_lock+0x156/0x360
[ 2075.336775][T14071]  ? lock_release+0xc40/0xc40
[ 2075.341457][T14071]  ? rwlock_bug.part.0+0x90/0x90
[ 2075.346404][T14071]  ? pmd_devmap_trans_unstable+0x1d0/0x1d0
[ 2075.352218][T14071]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2075.357863][T14071]  ? reacquire_held_locks+0xfb/0x520
[ 2075.363153][T14071]  ? alloc_set_pte+0x134a/0x1df0
[ 2075.368105][T14071]  ? find_held_lock+0x60/0x120
[ 2075.372888][T14071]  ? filemap_map_pages+0xe29/0x1cc0
[ 2075.378089][T14071]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2075.378111][T14071]  ? lock_downgrade+0xbe0/0xbe0
[ 2075.378135][T14071]  ? kasan_check_read+0x11/0x20
[ 2075.378153][T14071]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2075.378174][T14071]  ? rcu_read_unlock_special+0x380/0x380
[ 2075.378204][T14071]  ? filemap_map_pages+0xe50/0x1cc0
[ 2075.410947][T14071]  ? find_get_entries_tag+0x13d0/0x13d0
[ 2075.416492][T14071]  ? follow_page_pte+0x3f4/0x1a50
[ 2075.421532][T14071]  shmem_fault+0x25a/0x950
[ 2075.425959][T14071]  ? shmem_read_mapping_page_gfp+0x200/0x200
[ 2075.431940][T14071]  ? __handle_mm_fault+0x42e1/0x55a0
[ 2075.431957][T14071]  ? find_held_lock+0x35/0x120
[ 2075.431976][T14071]  ? __handle_mm_fault+0x42e1/0x55a0
[ 2075.431998][T14071]  __do_fault+0x176/0x7b0
[ 2075.432018][T14071]  ? do_page_mkwrite+0x740/0x740
[ 2075.432039][T14071]  ? do_raw_spin_unlock+0xa0/0x330
[ 2075.461666][T14071]  ? do_raw_spin_trylock+0x270/0x270
[ 2075.466956][T14071]  ? add_mm_counter_fast.part.0+0x40/0x40
[ 2075.472691][T14071]  __handle_mm_fault+0x370a/0x55a0
[ 2075.477817][T14071]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2075.483365][T14071]  ? check_preemption_disabled+0x48/0x290
[ 2075.489088][T14071]  ? handle_mm_fault+0x3cc/0xc80
[ 2075.494056][T14071]  ? lock_downgrade+0xbe0/0xbe0
[ 2075.498911][T14071]  ? kasan_check_read+0x11/0x20
[ 2075.503769][T14071]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2075.509761][T14071]  ? rcu_read_unlock_special+0x380/0x380
[ 2075.515401][T14071]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2075.521640][T14071]  ? check_preemption_disabled+0x48/0x290
[ 2075.527363][T14071]  handle_mm_fault+0x4ec/0xc80
[ 2075.527385][T14071]  ? __handle_mm_fault+0x55a0/0x55a0
[ 2075.527404][T14071]  ? __get_user_pages+0x295/0x1e10
[ 2075.527427][T14071]  __get_user_pages+0x8f7/0x1e10
[ 2075.527467][T14071]  ? follow_page_mask+0x1f40/0x1f40
[ 2075.552704][T14071]  ? lock_acquire+0x1db/0x570
[ 2075.557405][T14071]  ? ___might_sleep+0x1e7/0x310
[ 2075.562260][T14071]  ? lock_release+0xc40/0xc40
[ 2075.566937][T14071]  ? find_held_lock+0x35/0x120
[ 2075.571710][T14071]  ? vm_mmap_pgoff+0x21a/0x2b0
[ 2075.576483][T14071]  populate_vma_page_range+0x2bc/0x3b0
[ 2075.581951][T14071]  ? memset+0x32/0x40
[ 2075.585941][T14071]  ? follow_page+0x430/0x430
[ 2075.590537][T14071]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2075.596781][T14071]  ? vmacache_update+0x114/0x140
[ 2075.601755][T14071]  __mm_populate+0x27e/0x4c0
[ 2075.606358][T14071]  ? populate_vma_page_range+0x3b0/0x3b0
[ 2075.606377][T14071]  ? down_read_killable+0x150/0x150
[ 2075.606396][T14071]  ? security_mmap_file+0x1a7/0x1e0
[ 2075.606423][T14071]  vm_mmap_pgoff+0x277/0x2b0
[ 2075.606448][T14071]  ? vma_is_stack_for_current+0xd0/0xd0
[ 2075.606463][T14071]  ? kasan_check_read+0x11/0x20
[ 2075.606479][T14071]  ? _copy_to_user+0xc9/0x120
[ 2075.606499][T14071]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2075.632606][T14071]  ksys_mmap_pgoff+0x102/0x650
[ 2075.632641][T14071]  ? find_mergeable_anon_vma+0xd0/0xd0
[ 2075.658549][T14071]  ? trace_hardirqs_on+0xbd/0x310
[ 2075.663574][T14071]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2075.669836][T14071]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2075.675909][T14071]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2075.681734][T14071]  __x64_sys_mmap+0xe9/0x1b0
[ 2075.686363][T14071]  do_syscall_64+0x1a3/0x800
[ 2075.690963][T14071]  ? syscall_return_slowpath+0x5f0/0x5f0
[ 2075.696615][T14071]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2075.702336][T14071]  ? __switch_to_asm+0x34/0x70
[ 2075.707106][T14071]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2075.712679][T14071]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2075.718567][T14071] RIP: 0033:0x457ec9
[ 2075.722485][T14071] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2075.742085][T14071] RSP: 002b:00007f37b7f01c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 2075.750496][T14071] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9
[ 2075.750506][T14071] RDX: 0000000000000003 RSI: 0000000000b36000 RDI: 0000000020000000
[ 2075.750529][T14071] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000
[ 2075.750538][T14071] R10: 0000000000008031 R11: 0000000000000246 R12: 00007f37b7f026d4
[ 2075.750546][T14071] R13: 00000000004c3b56 R14: 00000000004d6910 R15: 00000000ffffffff
[ 2075.808235][T14071] memory: usage 307200kB, limit 307200kB, failcnt 4296
[ 2075.815361][T14071] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2075.824385][T14071] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2075.852502][T14071] Memory cgroup stats for /syz5: cache:3172KB rss:257408KB rss_huge:231424KB shmem:3144KB mapped_file:3036KB dirty:0KB writeback:0KB swap:0KB inactive_anon:3236KB active_anon:257532KB inactive_file:0KB active_file:0KB unevictable:0KB
[ 2075.886763][T14074] IPVS: ftp: loaded support on port[0] = 21
[ 2075.901289][T14071] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor5,pid=14060,uid=0
[ 2075.936808][T14071] Memory cgroup out of memory: Kill process 14060 (syz-executor5) score 1107 or sacrifice child
[ 2075.960893][T14071] Killed process 14060 (syz-executor5) total-vm:70532kB, anon-rss:112kB, file-rss:32768kB, shmem-rss:3164kB
[ 2075.988766][ T1042] oom_reaper: reaped process 14060 (syz-executor5), now anon-rss:0kB, file-rss:32772kB, shmem-rss:3164kB
[ 2076.002794][T14108] syz-executor3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000
[ 2076.016966][T14108] CPU: 1 PID: 14108 Comm: syz-executor3 Not tainted 5.0.0-rc1-next-20190109 #8
[ 2076.025903][T14108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2076.035958][T14108] Call Trace:
[ 2076.039257][T14108]  dump_stack+0x1db/0x2d0
[ 2076.043609][T14108]  ? dump_stack_print_info.cold+0x20/0x20
[ 2076.049348][T14108]  ? check_preemption_disabled+0x48/0x290
[ 2076.055132][T14108]  dump_header+0x1e6/0x116c
[ 2076.059673][T14108]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2076.065313][T14108]  ? perf_trace_lock+0x750/0x750
[ 2076.070256][T14108]  ? print_usage_bug+0xd0/0xd0
[ 2076.075040][T14108]  ? pagefault_out_of_memory+0x1a1/0x1a1
[ 2076.080676][T14108]  ? ___ratelimit+0x37c/0x686
[ 2076.085359][T14108]  ? mark_held_locks+0xb1/0x100
[ 2076.090212][T14108]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2076.096019][T14108]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2076.101838][T14108]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2076.107146][T14108]  ? trace_hardirqs_on+0xbd/0x310
[ 2076.112190][T14108]  ? kasan_check_read+0x11/0x20
[ 2076.117056][T14108]  ? ___ratelimit+0x37c/0x686
[ 2076.121735][T14108]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2076.127557][T14108]  ? do_raw_spin_trylock+0x270/0x270
[ 2076.132865][T14108]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2076.138580][T14108]  ? lock_acquire+0x1db/0x570
[ 2076.143281][T14108]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 2076.149091][T14108]  ? ___ratelimit+0xac/0x686
[ 2076.153689][T14108]  ? idr_get_free+0xee0/0xee0
[ 2076.158370][T14108]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2076.163668][T14108]  oom_kill_process.cold+0x10/0x9ca
[ 2076.168873][T14108]  ? cgroup_procs_next+0x70/0x70
[ 2076.173822][T14108]  ? _raw_spin_unlock_irq+0x5e/0x90
[ 2076.179025][T14108]  ? oom_badness+0xa50/0xa50
[ 2076.183650][T14108]  ? oom_evaluate_task+0x540/0x540
[ 2076.188771][T14108]  ? mem_cgroup_iter_break+0x30/0x30
[ 2076.194057][T14108]  ? mutex_trylock+0x2d0/0x2d0
[ 2076.198840][T14108]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2076.205100][T14108]  ? rcu_read_unlock_special+0x380/0x380
[ 2076.210766][T14108]  out_of_memory+0x885/0x1420
[ 2076.215450][T14108]  ? mem_cgroup_iter+0x4f4/0xf50
[ 2076.220395][T14108]  ? oom_killer_disable+0x340/0x340
[ 2076.225606][T14108]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[ 2076.231421][T14108]  ? lock_acquire+0x1db/0x570
[ 2076.236177][T14108]  mem_cgroup_out_of_memory+0x160/0x210
[ 2076.241728][T14108]  ? do_raw_spin_unlock+0xa0/0x330
[ 2076.246864][T14108]  ? memory_oom_group_write+0x160/0x160
[ 2076.252412][T14108]  ? do_raw_spin_trylock+0x270/0x270
[ 2076.257710][T14108]  ? _raw_spin_unlock+0x2d/0x50
[ 2076.262566][T14108]  try_charge+0x1457/0x1d00
[ 2076.262606][T14108]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 2076.272646][T14108]  ? find_held_lock+0x35/0x120
[ 2076.277418][T14108]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[ 2076.282974][T14108]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2076.289222][T14108]  ? lock_downgrade+0xbe0/0xbe0
[ 2076.294104][T14108]  ? kasan_check_read+0x11/0x20
[ 2076.298968][T14108]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2076.304965][T14108]  ? rcu_read_unlock_special+0x380/0x380
[ 2076.310618][T14108]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[ 2076.316175][T14108]  __memcg_kmem_charge_memcg+0x7c/0x130
[ 2076.321727][T14108]  ? memcg_kmem_put_cache+0xb0/0xb0
[ 2076.326925][T14108]  ? lock_release+0xc40/0xc40
[ 2076.331636][T14108]  __memcg_kmem_charge+0x136/0x300
[ 2076.336762][T14108]  __alloc_pages_nodemask+0x7b8/0xdc0
[ 2076.342151][T14108]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[ 2076.348413][T14108]  ? rcu_pm_notify+0xd0/0xd0
[ 2076.353023][T14108]  ? rcu_read_lock_sched_held+0x110/0x130
[ 2076.358744][T14108]  ? kmem_cache_alloc_node+0x347/0x710
[ 2076.364198][T14108]  ? pci_mmcfg_check_reserved+0x170/0x170
[ 2076.369934][T14108]  copy_process+0x847/0x8700
[ 2076.369966][T14108]  ? ___might_sleep+0x1e7/0x310
[ 2076.369984][T14108]  ? arch_local_save_flags+0x50/0x50
[ 2076.370001][T14108]  ? __schedule+0x1e60/0x1e60
[ 2076.370019][T14108]  ? do_raw_spin_trylock+0x270/0x270
[ 2076.370048][T14108]  ? __cleanup_sighand+0x70/0x70
[ 2076.399614][T14108]  ? futex_wait_queue_me+0x539/0x810
[ 2076.404903][T14108]  ? refill_pi_state_cache.part.0+0x310/0x310
[ 2076.410971][T14108]  ? __sanitizer_cov_trace_cmp4+0x16/0x20
[ 2076.416714][T14108]  ? handle_futex_death+0x230/0x230
[ 2076.421915][T14108]  ? fixup_owner+0x250/0x250
[ 2076.426517][T14108]  ? __sanitizer_cov_trace_switch+0x49/0x80
[ 2076.432436][T14108]  ? drop_futex_key_refs.isra.0+0x6f/0xf0
[ 2076.438180][T14108]  ? futex_wait+0x6e6/0xa40
[ 2076.442708][T14108]  ? print_usage_bug+0xd0/0xd0
[ 2076.447473][T14108]  ? futex_wait_setup+0x430/0x430
[ 2076.452501][T14108]  ? drop_futex_key_refs.isra.0+0x6f/0xf0
[ 2076.458225][T14108]  ? __lock_acquire+0x572/0x4a10
[ 2076.463180][T14108]  ? mark_held_locks+0x100/0x100
[ 2076.468148][T14108]  ? __save_stack_trace+0x8a/0xf0
[ 2076.468168][T14108]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2076.468184][T14108]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2076.468199][T14108]  ? check_preemption_disabled+0x48/0x290
[ 2076.468220][T14108]  ? debug_smp_processor_id+0x1c/0x20
[ 2076.468239][T14108]  ? perf_trace_lock_acquire+0x138/0x7d0
[ 2076.502405][T14108]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2076.508046][T14108]  ? exit_robust_list+0x290/0x290
[ 2076.513074][T14108]  ? __might_fault+0x12b/0x1e0
[ 2076.517840][T14108]  ? find_held_lock+0x35/0x120
[ 2076.522608][T14108]  ? __might_fault+0x12b/0x1e0
[ 2076.527398][T14108]  ? lock_acquire+0x1db/0x570
[ 2076.532077][T14108]  ? lock_downgrade+0xbe0/0xbe0
[ 2076.536927][T14108]  ? lock_release+0xc40/0xc40
[ 2076.536946][T14108]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2076.536969][T14108]  _do_fork+0x1a9/0x1170
[ 2076.536994][T14108]  ? fork_idle+0x1d0/0x1d0
[ 2076.537013][T14108]  ? kasan_check_read+0x11/0x20
[ 2076.537031][T14108]  ? _copy_to_user+0xc9/0x120
[ 2076.537052][T14108]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2076.537075][T14108]  ? put_timespec64+0x115/0x1b0
[ 2076.576719][T14108]  ? nsecs_to_jiffies+0x30/0x30
[ 2076.581578][T14108]  ? do_syscall_64+0x8c/0x800
[ 2076.586267][T14108]  ? do_syscall_64+0x8c/0x800
[ 2076.590960][T14108]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2076.596246][T14108]  ? trace_hardirqs_on+0xbd/0x310
[ 2076.596277][T14108]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2076.596312][T14108]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2076.596328][T14108]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2076.596343][T14108]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2076.596368][T14108]  __x64_sys_clone+0xbf/0x150
[ 2076.596390][T14108]  do_syscall_64+0x1a3/0x800
[ 2076.596411][T14108]  ? syscall_return_slowpath+0x5f0/0x5f0
[ 2076.640587][T14108]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2076.646333][T14108]  ? __switch_to_asm+0x34/0x70
[ 2076.651105][T14108]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2076.656711][T14108]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2076.662610][T14108] RIP: 0033:0x457ec9
[ 2076.666506][T14108] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2076.686100][T14108] RSP: 002b:00007f58d409ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038
[ 2076.694520][T14108] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000457ec9
[ 2076.702490][T14108] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000002102001ffc
[ 2076.710458][T14108] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000
[ 2076.718430][T14108] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f58d409f6d4
[ 2076.726414][T14108] R13: 00000000004be2a0 R14: 00000000004ce600 R15: 00000000ffffffff
[ 2076.740749][T14108] memory: usage 307200kB, limit 307200kB, failcnt 4234
[ 2076.747765][T14108] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2076.747775][T14108] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2076.747788][T14108] Memory cgroup stats for /syz3: cache:56KB rss:240648KB rss_huge:206848KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:240624KB inactive_file:4KB active_file:4KB unevictable:0KB
[ 2076.762336][T14108] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor3,pid=3844,uid=0
[ 2076.799071][T14108] Memory cgroup out of memory: Kill process 3844 (syz-executor3) score 1107 or sacrifice child
[ 2076.809634][T14108] Killed process 3844 (syz-executor3) total-vm:70532kB, anon-rss:2204kB, file-rss:33748kB, shmem-rss:0kB
[ 2076.823251][ T1042] oom_reaper: reaped process 3844 (syz-executor3), now anon-rss:0kB, file-rss:32788kB, shmem-rss:0kB
21:49:08 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1d\x00'}, &(0x7f0000000300)=0x54)

21:49:08 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0xe00)

21:49:08 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x7c20000000000000}, 0x0)

21:49:08 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x8000000]}}, 0x1c)

21:49:08 executing program 5:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, 0x0)
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:49:08 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x0, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:49:09 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0xf00)

[ 2077.080290][T14119] binder: 14118 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2077.080406][T14119] binder: 14118:14119 ioctl c018620c 20000200 returned -22
21:49:09 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x0, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:49:09 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x9effffff00000000}, 0x0)

21:49:09 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x9000000]}}, 0x1c)

[ 2077.125441][T14125] IPVS: ftp: loaded support on port[0] = 21
[ 2077.132660][T14128] binder: 14122 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2077.132672][T14128] binder: 14122:14128 ioctl c018620c 20000200 returned -22
21:49:09 executing program 5:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x8000000]}}, 0x1c)

21:49:09 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0x1b8c)

[ 2077.469921][T14151] binder: 14150 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2077.469984][T14151] binder: 14150:14151 ioctl c018620c 20000200 returned -22
[ 2077.782133][T14125] IPVS: ftp: loaded support on port[0] = 21
21:49:09 executing program 5:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x0, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:49:09 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0xf0ffffff00000000}, 0x0)

21:49:09 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0xa000000]}}, 0x1c)

21:49:09 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x1e\x00'}, &(0x7f0000000300)=0x54)

21:49:09 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0x6000)

21:49:09 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x0, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:49:10 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0xffffff7f00000000}, 0x0)

21:49:10 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x10000000]}}, 0x1c)

21:49:10 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0x8c1b)

[ 2078.108492][T14157] syz-executor3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2078.173089][T14170] IPVS: ftp: loaded support on port[0] = 21
[ 2078.193651][T14157] CPU: 0 PID: 14157 Comm: syz-executor3 Not tainted 5.0.0-rc1-next-20190109 #8
[ 2078.202590][T14157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2078.212663][T14157] Call Trace:
[ 2078.215958][T14157]  dump_stack+0x1db/0x2d0
[ 2078.220290][T14157]  ? dump_stack_print_info.cold+0x20/0x20
[ 2078.226009][T14157]  ? check_preemption_disabled+0x48/0x290
[ 2078.231745][T14157]  dump_header+0x1e6/0x116c
[ 2078.236265][T14157]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2078.241907][T14157]  ? perf_trace_lock+0x750/0x750
[ 2078.246851][T14157]  ? print_usage_bug+0xd0/0xd0
[ 2078.251647][T14157]  ? pagefault_out_of_memory+0x1a1/0x1a1
[ 2078.257299][T14157]  ? ___ratelimit+0x37c/0x686
[ 2078.261985][T14157]  ? mark_held_locks+0xb1/0x100
[ 2078.266847][T14157]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2078.272666][T14157]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2078.278475][T14157]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2078.283764][T14157]  ? trace_hardirqs_on+0xbd/0x310
[ 2078.288807][T14157]  ? kasan_check_read+0x11/0x20
[ 2078.293657][T14157]  ? ___ratelimit+0x37c/0x686
[ 2078.298336][T14157]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2078.304177][T14157]  ? do_raw_spin_trylock+0x270/0x270
[ 2078.309465][T14157]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2078.315186][T14157]  ? lock_acquire+0x1db/0x570
[ 2078.319882][T14157]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 2078.325696][T14157]  ? ___ratelimit+0xac/0x686
[ 2078.330292][T14157]  ? idr_get_free+0xee0/0xee0
[ 2078.335001][T14157]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2078.340301][T14157]  oom_kill_process.cold+0x10/0x9ca
[ 2078.345694][T14157]  ? cgroup_procs_next+0x70/0x70
[ 2078.345730][T14157]  ? _raw_spin_unlock_irq+0x5e/0x90
[ 2078.345751][T14157]  ? oom_badness+0xa50/0xa50
[ 2078.360440][T14157]  ? oom_evaluate_task+0x540/0x540
[ 2078.365559][T14157]  ? mem_cgroup_iter_break+0x30/0x30
[ 2078.370870][T14157]  ? mutex_trylock+0x2d0/0x2d0
[ 2078.375659][T14157]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2078.381918][T14157]  ? rcu_read_unlock_special+0x380/0x380
[ 2078.387562][T14157]  out_of_memory+0x885/0x1420
[ 2078.392251][T14157]  ? mem_cgroup_iter+0x4f4/0xf50
[ 2078.397213][T14157]  ? oom_killer_disable+0x340/0x340
[ 2078.402421][T14157]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[ 2078.408231][T14157]  ? lock_acquire+0x1db/0x570
[ 2078.412941][T14157]  mem_cgroup_out_of_memory+0x160/0x210
[ 2078.418487][T14157]  ? do_raw_spin_unlock+0xa0/0x330
[ 2078.423614][T14157]  ? memory_oom_group_write+0x160/0x160
[ 2078.429191][T14157]  ? do_raw_spin_trylock+0x270/0x270
[ 2078.429222][T14157]  ? _raw_spin_unlock+0x2d/0x50
[ 2078.429242][T14157]  try_charge+0x1457/0x1d00
[ 2078.429257][T14157]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[ 2078.429282][T14157]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 2078.429295][T14157]  ? lock_downgrade+0xbe0/0xbe0
[ 2078.429312][T14157]  ? kasan_check_read+0x11/0x20
[ 2078.429333][T14157]  ? rcu_read_unlock_special+0x380/0x380
[ 2078.429367][T14157]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[ 2078.471897][T14167] binder: 14158 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2078.471972][T14167] binder: 14158:14167 ioctl c018620c 20000200 returned -22
[ 2078.475886][T14157]  ? get_mem_cgroup_from_page+0x190/0x190
[ 2078.475911][T14157]  ? rcu_read_lock_sched_held+0x110/0x130
[ 2078.475932][T14157]  mem_cgroup_try_charge+0x43a/0xdb0
[ 2078.475954][T14157]  ? mem_cgroup_protected+0xa10/0xa10
[ 2078.513782][T14157]  ? check_preemption_disabled+0x48/0x290
[ 2078.519505][T14157]  ? print_usage_bug+0xd0/0xd0
21:49:10 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x10000120]}}, 0x1c)

21:49:10 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x20010010]}}, 0x1c)

[ 2078.524280][T14157]  ? __lock_acquire+0x572/0x4a10
[ 2078.524296][T14157]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 2078.524311][T14157]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 2078.524336][T14157]  mem_cgroup_try_charge_delay+0x1f/0xa0
[ 2078.524357][T14157]  wp_page_copy+0x45a/0x1c70
[ 2078.551937][T14157]  ? swp_swapcount+0x540/0x540
[ 2078.556703][T14157]  ? __lock_acquire+0x572/0x4a10
[ 2078.561658][T14157]  ? pmd_pfn+0x1d0/0x1d0
[ 2078.565904][T14157]  ? find_held_lock+0x35/0x120
21:49:10 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x3f000000]}}, 0x1c)

[ 2078.570673][T14157]  ? do_wp_page+0x894/0x1e80
[ 2078.575277][T14157]  ? kasan_check_read+0x11/0x20
[ 2078.580157][T14157]  ? do_raw_spin_unlock+0xa0/0x330
[ 2078.585270][T14157]  ? do_raw_spin_trylock+0x270/0x270
[ 2078.590575][T14157]  ? print_usage_bug+0xd0/0xd0
[ 2078.595371][T14157]  do_wp_page+0x89c/0x1e80
[ 2078.599793][T14157]  ? find_held_lock+0x35/0x120
[ 2078.604568][T14157]  ? finish_mkwrite_fault+0x4f0/0x4f0
[ 2078.610058][T14157]  ? lock_acquire+0x1db/0x570
[ 2078.614745][T14157]  ? __handle_mm_fault+0x1d80/0x55a0
[ 2078.620043][T14157]  ? kasan_check_write+0x14/0x20
[ 2078.624986][T14157]  ? do_raw_spin_lock+0x156/0x360
[ 2078.630005][T14157]  ? lock_release+0xc40/0xc40
[ 2078.630023][T14157]  ? rwlock_bug.part.0+0x90/0x90
[ 2078.630041][T14157]  ? pmd_devmap_trans_unstable+0x1d0/0x1d0
[ 2078.630055][T14157]  ? add_mm_counter_fast.part.0+0x40/0x40
[ 2078.630083][T14157]  __handle_mm_fault+0x2c8e/0x55a0
[ 2078.630110][T14157]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2078.630124][T14157]  ? check_preemption_disabled+0x48/0x290
[ 2078.630142][T14157]  ? handle_mm_fault+0x3cc/0xc80
[ 2078.630172][T14157]  ? lock_downgrade+0xbe0/0xbe0
[ 2078.630187][T14157]  ? kasan_check_read+0x11/0x20
[ 2078.630203][T14157]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2078.630220][T14157]  ? rcu_read_unlock_special+0x380/0x380
[ 2078.630236][T14157]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2078.630250][T14157]  ? check_preemption_disabled+0x48/0x290
[ 2078.630272][T14157]  handle_mm_fault+0x4ec/0xc80
[ 2078.630291][T14157]  ? __handle_mm_fault+0x55a0/0x55a0
[ 2078.630320][T14157]  __do_page_fault+0x5da/0xd60
[ 2078.630347][T14157]  do_page_fault+0xe6/0x7d8
[ 2078.630363][T14157]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2078.630380][T14157]  ? vmalloc_sync_all+0x30/0x30
[ 2078.630394][T14157]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2078.630418][T14157]  ? prepare_exit_to_usermode+0x232/0x3b0
[ 2078.672843][T14157]  ? page_fault+0x8/0x30
[ 2078.672865][T14157]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2078.672883][T14157]  ? page_fault+0x8/0x30
[ 2078.672898][T14157]  page_fault+0x1e/0x30
[ 2078.672911][T14157] RIP: 0033:0x40af34
[ 2078.672941][T14157] Code: 3d 90 f1 2f 00 00 48 89 ea 48 89 de 4c 89 f7 0f 85 e1 00 00 00 e8 4c 26 00 00 8b 05 d6 d0 32 00 48 8b 15 5f 55 64 00 83 c0 01 <89> 05 c6 d0 32 00 89 02 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f
[ 2078.672955][T14157] RSP: 002b:00007ffd98177bb0 EFLAGS: 00010202
[ 2078.795261][T14157] RAX: 0000000000000001 RBX: 0000001b2d920014 RCX: 0000001b2e920000
[ 2078.803225][T14157] RDX: 0000001b2d920000 RSI: 0000000000000237 RDI: fffffffff68dc237
[ 2078.811192][T14157] RBP: 0000001b2d920018 R08: 00000000f68dc237 R09: 00000000f68dc23b
[ 2078.819158][T14157] R10: 00007ffd98177ce0 R11: 0000000000000246 R12: 0000001b2d92001c
[ 2078.827120][T14157] R13: 00000000001fb58f R14: 000000000073bf00 R15: 000000000073bf0c
[ 2078.876477][T14157] memory: usage 307200kB, limit 307200kB, failcnt 4261
[ 2078.883515][T14157] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
21:49:10 executing program 5:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1d\x00'}, &(0x7f0000000300)=0x54)

[ 2078.919396][T14157] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2078.932404][T14179] IPVS: ftp: loaded support on port[0] = 21
21:49:10 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0xf000)

21:49:10 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x40000000]}}, 0x1c)

[ 2078.956344][T14157] Memory cgroup stats for /syz3: cache:56KB rss:240536KB rss_huge:206848KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:240572KB inactive_file:4KB active_file:0KB unevictable:0KB
[ 2079.019629][T14196] IPVS: ftp: loaded support on port[0] = 21
[ 2079.075317][T14157] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor3,pid=4699,uid=0
[ 2079.133020][T14157] Memory cgroup out of memory: Kill process 4699 (syz-executor3) score 1107 or sacrifice child
[ 2079.177693][T14157] Killed process 4699 (syz-executor3) total-vm:70532kB, anon-rss:2204kB, file-rss:33748kB, shmem-rss:0kB
[ 2079.268292][T14202] syz-executor5 invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[ 2079.307486][T14202] CPU: 0 PID: 14202 Comm: syz-executor5 Not tainted 5.0.0-rc1-next-20190109 #8
[ 2079.316428][T14202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2079.321412][T14169] binder: 14157 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2079.321458][T14169] binder: 14157:14169 ioctl c018620c 20000200 returned -22
[ 2079.326478][T14202] Call Trace:
[ 2079.326506][T14202]  dump_stack+0x1db/0x2d0
[ 2079.326528][T14202]  ? dump_stack_print_info.cold+0x20/0x20
[ 2079.326543][T14202]  ? check_preemption_disabled+0x48/0x290
[ 2079.326590][T14202]  dump_header+0x1e6/0x116c
[ 2079.326628][T14202]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2079.326644][T14202]  ? perf_trace_lock+0x750/0x750
[ 2079.326660][T14202]  ? print_usage_bug+0xd0/0xd0
[ 2079.326688][T14202]  ? pagefault_out_of_memory+0x1a1/0x1a1
[ 2079.386824][T14202]  ? ___ratelimit+0x37c/0x686
[ 2079.391510][T14202]  ? mark_held_locks+0xb1/0x100
[ 2079.396362][T14202]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2079.402165][T14202]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2079.407973][T14202]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2079.413277][T14202]  ? trace_hardirqs_on+0xbd/0x310
[ 2079.418299][T14202]  ? kasan_check_read+0x11/0x20
[ 2079.423148][T14202]  ? ___ratelimit+0x37c/0x686
[ 2079.427839][T14202]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2079.433657][T14202]  ? do_raw_spin_trylock+0x270/0x270
[ 2079.438943][T14202]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2079.444657][T14202]  ? lock_acquire+0x1db/0x570
[ 2079.449340][T14202]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 2079.455143][T14202]  ? ___ratelimit+0xac/0x686
[ 2079.459733][T14202]  ? idr_get_free+0xee0/0xee0
[ 2079.464405][T14202]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2079.469700][T14202]  oom_kill_process.cold+0x10/0x9ca
[ 2079.474900][T14202]  ? cgroup_procs_next+0x70/0x70
[ 2079.479841][T14202]  ? _raw_spin_unlock_irq+0x5e/0x90
[ 2079.485038][T14202]  ? oom_badness+0xa50/0xa50
[ 2079.489648][T14202]  ? oom_evaluate_task+0x540/0x540
[ 2079.494780][T14202]  ? mem_cgroup_iter_break+0x30/0x30
[ 2079.500064][T14202]  ? mutex_trylock+0x2d0/0x2d0
[ 2079.504827][T14202]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2079.511078][T14202]  ? rcu_read_unlock_special+0x380/0x380
[ 2079.516774][T14202]  out_of_memory+0x885/0x1420
[ 2079.521455][T14202]  ? mem_cgroup_iter+0x4f4/0xf50
[ 2079.526393][T14202]  ? oom_killer_disable+0x340/0x340
[ 2079.531592][T14202]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[ 2079.537410][T14202]  ? lock_acquire+0x1db/0x570
[ 2079.542097][T14202]  mem_cgroup_out_of_memory+0x160/0x210
[ 2079.547677][T14202]  ? do_raw_spin_unlock+0xa0/0x330
[ 2079.552786][T14202]  ? memory_oom_group_write+0x160/0x160
[ 2079.558331][T14202]  ? do_raw_spin_trylock+0x270/0x270
[ 2079.563642][T14202]  ? _raw_spin_unlock+0x2d/0x50
[ 2079.568495][T14202]  try_charge+0x1457/0x1d00
[ 2079.573024][T14202]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[ 2079.578618][T14202]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 2079.584159][T14202]  ? lock_downgrade+0xbe0/0xbe0
[ 2079.589019][T14202]  ? kasan_check_read+0x11/0x20
[ 2079.593886][T14202]  ? rcu_read_unlock_special+0x380/0x380
[ 2079.599531][T14202]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[ 2079.605077][T14202]  ? get_mem_cgroup_from_page+0x190/0x190
[ 2079.610817][T14202]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2079.616459][T14202]  ? print_usage_bug+0xd0/0xd0
[ 2079.621223][T14202]  mem_cgroup_try_charge+0x43a/0xdb0
[ 2079.626514][T14202]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2079.632751][T14202]  ? mem_cgroup_protected+0xa10/0xa10
[ 2079.638122][T14202]  ? shmem_getattr+0x2c0/0x2c0
[ 2079.642886][T14202]  ? __lock_acquire+0x572/0x4a10
[ 2079.647817][T14202]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2079.653119][T14202]  ? print_usage_bug+0xd0/0xd0
[ 2079.657927][T14202]  mem_cgroup_try_charge_delay+0x1f/0xa0
[ 2079.663561][T14202]  shmem_getpage_gfp+0xa85/0x4b70
[ 2079.668629][T14202]  ? shmem_add_to_page_cache+0x19a0/0x19a0
[ 2079.674445][T14202]  ? lock_acquire+0x1db/0x570
[ 2079.679134][T14202]  ? alloc_set_pte+0x134a/0x1df0
[ 2079.684089][T14202]  ? kasan_check_write+0x14/0x20
[ 2079.689038][T14202]  ? do_raw_spin_lock+0x156/0x360
[ 2079.694057][T14202]  ? lock_release+0xc40/0xc40
[ 2079.698731][T14202]  ? rwlock_bug.part.0+0x90/0x90
[ 2079.703664][T14202]  ? pmd_devmap_trans_unstable+0x1d0/0x1d0
[ 2079.709469][T14202]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2079.715105][T14202]  ? reacquire_held_locks+0xfb/0x520
[ 2079.720384][T14202]  ? alloc_set_pte+0x134a/0x1df0
[ 2079.725321][T14202]  ? find_held_lock+0x60/0x120
[ 2079.730082][T14202]  ? filemap_map_pages+0xe29/0x1cc0
[ 2079.735277][T14202]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2079.741545][T14202]  ? lock_downgrade+0xbe0/0xbe0
[ 2079.746401][T14202]  ? kasan_check_read+0x11/0x20
[ 2079.751265][T14202]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2079.757249][T14202]  ? rcu_read_unlock_special+0x380/0x380
[ 2079.762891][T14202]  ? filemap_map_pages+0xe50/0x1cc0
[ 2079.768104][T14202]  ? find_get_entries_tag+0x13d0/0x13d0
[ 2079.773673][T14202]  ? follow_page_pte+0x3f4/0x1a50
[ 2079.778704][T14202]  shmem_fault+0x25a/0x950
[ 2079.783130][T14202]  ? shmem_read_mapping_page_gfp+0x200/0x200
[ 2079.789112][T14202]  ? __handle_mm_fault+0x42e1/0x55a0
[ 2079.794393][T14202]  ? find_held_lock+0x35/0x120
[ 2079.799182][T14202]  ? __handle_mm_fault+0x42e1/0x55a0
[ 2079.804479][T14202]  __do_fault+0x176/0x7b0
[ 2079.808814][T14202]  ? do_page_mkwrite+0x740/0x740
[ 2079.813751][T14202]  ? do_raw_spin_unlock+0xa0/0x330
[ 2079.818863][T14202]  ? do_raw_spin_trylock+0x270/0x270
[ 2079.824150][T14202]  ? add_mm_counter_fast.part.0+0x40/0x40
[ 2079.829880][T14202]  __handle_mm_fault+0x370a/0x55a0
[ 2079.835024][T14202]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2079.840569][T14202]  ? check_preemption_disabled+0x48/0x290
[ 2079.846297][T14202]  ? handle_mm_fault+0x3cc/0xc80
[ 2079.851251][T14202]  ? lock_downgrade+0xbe0/0xbe0
[ 2079.856113][T14202]  ? kasan_check_read+0x11/0x20
[ 2079.860978][T14202]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2079.866958][T14202]  ? rcu_read_unlock_special+0x380/0x380
[ 2079.872585][T14202]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2079.878831][T14202]  ? check_preemption_disabled+0x48/0x290
[ 2079.884558][T14202]  handle_mm_fault+0x4ec/0xc80
[ 2079.889335][T14202]  ? __handle_mm_fault+0x55a0/0x55a0
[ 2079.894650][T14202]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 2079.900375][T14202]  __get_user_pages+0x8f7/0x1e10
[ 2079.905342][T14202]  ? follow_page_mask+0x1f40/0x1f40
[ 2079.910560][T14202]  ? lock_acquire+0x1db/0x570
[ 2079.915252][T14202]  ? ___might_sleep+0x1e7/0x310
[ 2079.920107][T14202]  ? lock_release+0xc40/0xc40
[ 2079.924787][T14202]  ? find_held_lock+0x35/0x120
[ 2079.929552][T14202]  ? vm_mmap_pgoff+0x21a/0x2b0
[ 2079.934318][T14202]  populate_vma_page_range+0x2bc/0x3b0
[ 2079.939776][T14202]  ? memset+0x32/0x40
[ 2079.943762][T14202]  ? follow_page+0x430/0x430
[ 2079.948363][T14202]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2079.954596][T14202]  ? vmacache_update+0x114/0x140
[ 2079.959558][T14202]  __mm_populate+0x27e/0x4c0
[ 2079.964149][T14202]  ? populate_vma_page_range+0x3b0/0x3b0
[ 2079.969778][T14202]  ? down_read_killable+0x150/0x150
[ 2079.974993][T14202]  ? security_mmap_file+0x1a7/0x1e0
[ 2079.980230][T14202]  vm_mmap_pgoff+0x277/0x2b0
[ 2079.984871][T14202]  ? vma_is_stack_for_current+0xd0/0xd0
[ 2079.990447][T14202]  ? kasan_check_read+0x11/0x20
[ 2079.995294][T14202]  ? _copy_to_user+0xc9/0x120
[ 2079.999976][T14202]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2080.006220][T14202]  ksys_mmap_pgoff+0x102/0x650
[ 2080.010988][T14202]  ? find_mergeable_anon_vma+0xd0/0xd0
[ 2080.016448][T14202]  ? trace_hardirqs_on+0xbd/0x310
[ 2080.021484][T14202]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2080.027725][T14202]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2080.033803][T14202]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2080.039626][T14202]  __x64_sys_mmap+0xe9/0x1b0
[ 2080.044226][T14202]  do_syscall_64+0x1a3/0x800
[ 2080.048818][T14202]  ? syscall_return_slowpath+0x5f0/0x5f0
[ 2080.054449][T14202]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2080.060168][T14202]  ? __switch_to_asm+0x34/0x70
[ 2080.064981][T14202]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2080.070552][T14202]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2080.076436][T14202] RIP: 0033:0x457ec9
[ 2080.080342][T14202] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2080.099952][T14202] RSP: 002b:00007f37b7f01c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 2080.108356][T14202] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9
[ 2080.116320][T14202] RDX: 0000000000000003 RSI: 0000000000b36000 RDI: 0000000020000000
[ 2080.124300][T14202] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000
[ 2080.132271][T14202] R10: 0000000000008031 R11: 0000000000000246 R12: 00007f37b7f026d4
[ 2080.140249][T14202] R13: 00000000004c3b56 R14: 00000000004d6910 R15: 00000000ffffffff
[ 2080.176487][T14202] memory: usage 307200kB, limit 307200kB, failcnt 4336
[ 2080.185242][T14202] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2080.344611][T14202] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2080.352134][T14202] Memory cgroup stats for /syz5: cache:728KB rss:259628KB rss_huge:233472KB shmem:704KB mapped_file:660KB dirty:0KB writeback:0KB swap:0KB inactive_anon:868KB active_anon:259692KB inactive_file:4KB active_file:0KB unevictable:0KB
[ 2080.375249][T14202] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor5,pid=3584,uid=0
[ 2080.391047][T14202] Memory cgroup out of memory: Kill process 3584 (syz-executor5) score 1107 or sacrifice child
[ 2080.401930][T14202] Killed process 3584 (syz-executor5) total-vm:70400kB, anon-rss:2204kB, file-rss:33780kB, shmem-rss:0kB
[ 2080.579196][T14202] syz-executor5 invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[ 2080.607241][T14202] CPU: 1 PID: 14202 Comm: syz-executor5 Not tainted 5.0.0-rc1-next-20190109 #8
[ 2080.616180][T14202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2080.626234][T14202] Call Trace:
[ 2080.629564][T14202]  dump_stack+0x1db/0x2d0
[ 2080.633909][T14202]  ? dump_stack_print_info.cold+0x20/0x20
[ 2080.639646][T14202]  ? check_preemption_disabled+0x48/0x290
[ 2080.645385][T14202]  dump_header+0x1e6/0x116c
[ 2080.649898][T14202]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2080.655536][T14202]  ? perf_trace_lock+0x750/0x750
[ 2080.660520][T14202]  ? print_usage_bug+0xd0/0xd0
[ 2080.665294][T14202]  ? pagefault_out_of_memory+0x1a1/0x1a1
[ 2080.670931][T14202]  ? ___ratelimit+0x37c/0x686
[ 2080.675641][T14202]  ? mark_held_locks+0xb1/0x100
[ 2080.680500][T14202]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2080.686311][T14202]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2080.692116][T14202]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2080.697414][T14202]  ? trace_hardirqs_on+0xbd/0x310
[ 2080.702440][T14202]  ? kasan_check_read+0x11/0x20
[ 2080.707294][T14202]  ? ___ratelimit+0x37c/0x686
[ 2080.711987][T14202]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2080.717832][T14202]  ? do_raw_spin_trylock+0x270/0x270
[ 2080.723128][T14202]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2080.728852][T14202]  ? lock_acquire+0x1db/0x570
[ 2080.733540][T14202]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 2080.739345][T14202]  ? ___ratelimit+0xac/0x686
[ 2080.743951][T14202]  ? idr_get_free+0xee0/0xee0
[ 2080.748635][T14202]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2080.753949][T14202]  oom_kill_process.cold+0x10/0x9ca
[ 2080.759154][T14202]  ? cgroup_procs_next+0x70/0x70
[ 2080.764095][T14202]  ? _raw_spin_unlock_irq+0x5e/0x90
[ 2080.769305][T14202]  ? oom_badness+0xa50/0xa50
[ 2080.773900][T14202]  ? oom_evaluate_task+0x540/0x540
[ 2080.779009][T14202]  ? mem_cgroup_iter_break+0x30/0x30
[ 2080.784293][T14202]  ? mutex_trylock+0x2d0/0x2d0
[ 2080.789055][T14202]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2080.795309][T14202]  ? rcu_read_unlock_special+0x380/0x380
[ 2080.800953][T14202]  out_of_memory+0x885/0x1420
[ 2080.805642][T14202]  ? mem_cgroup_iter+0x4f4/0xf50
[ 2080.810589][T14202]  ? oom_killer_disable+0x340/0x340
[ 2080.815798][T14202]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[ 2080.821632][T14202]  ? lock_acquire+0x1db/0x570
[ 2080.826342][T14202]  mem_cgroup_out_of_memory+0x160/0x210
[ 2080.831889][T14202]  ? do_raw_spin_unlock+0xa0/0x330
[ 2080.837000][T14202]  ? memory_oom_group_write+0x160/0x160
[ 2080.842556][T14202]  ? do_raw_spin_trylock+0x270/0x270
[ 2080.847886][T14202]  ? _raw_spin_unlock+0x2d/0x50
[ 2080.852742][T14202]  try_charge+0x1457/0x1d00
[ 2080.857246][T14202]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[ 2080.862830][T14202]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 2080.868375][T14202]  ? lock_downgrade+0xbe0/0xbe0
[ 2080.873223][T14202]  ? kasan_check_read+0x11/0x20
[ 2080.878078][T14202]  ? rcu_read_unlock_special+0x380/0x380
[ 2080.883726][T14202]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[ 2080.889274][T14202]  ? get_mem_cgroup_from_page+0x190/0x190
[ 2080.894998][T14202]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2080.900666][T14202]  mem_cgroup_try_charge+0x43a/0xdb0
[ 2080.905956][T14202]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2080.912201][T14202]  ? mem_cgroup_protected+0xa10/0xa10
[ 2080.917575][T14202]  ? shmem_getattr+0x2c0/0x2c0
[ 2080.922348][T14202]  ? __lock_acquire+0x572/0x4a10
[ 2080.927377][T14202]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2080.932663][T14202]  ? trace_hardirqs_on+0xbd/0x310
[ 2080.937687][T14202]  ? kasan_check_read+0x11/0x20
[ 2080.942539][T14202]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2080.948368][T14202]  mem_cgroup_try_charge_delay+0x1f/0xa0
[ 2080.954007][T14202]  shmem_getpage_gfp+0xa85/0x4b70
[ 2080.959076][T14202]  ? shmem_add_to_page_cache+0x19a0/0x19a0
[ 2080.964882][T14202]  ? check_preemption_disabled+0x48/0x290
[ 2080.970616][T14202]  ? __lock_is_held+0xb6/0x140
[ 2080.975393][T14202]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2080.981037][T14202]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2080.986667][T14202]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2080.992940][T14202]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2080.999196][T14202]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2081.004838][T14202]  ? __lock_is_held+0xb6/0x140
[ 2081.009616][T14202]  ? filemap_map_pages+0xe29/0x1cc0
[ 2081.014829][T14202]  ? find_held_lock+0x35/0x120
[ 2081.019595][T14202]  ? filemap_map_pages+0xe29/0x1cc0
[ 2081.024818][T14202]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2081.031071][T14202]  ? lock_downgrade+0xbe0/0xbe0
[ 2081.035923][T14202]  ? kasan_check_read+0x11/0x20
[ 2081.040778][T14202]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2081.046766][T14202]  ? rcu_read_unlock_special+0x380/0x380
[ 2081.052416][T14202]  ? filemap_map_pages+0xe50/0x1cc0
[ 2081.057660][T14202]  ? find_get_entries_tag+0x13d0/0x13d0
[ 2081.063240][T14202]  ? follow_page_pte+0x3f4/0x1a50
[ 2081.068277][T14202]  shmem_fault+0x25a/0x950
[ 2081.072706][T14202]  ? shmem_read_mapping_page_gfp+0x200/0x200
[ 2081.078690][T14202]  ? __lock_acquire+0x572/0x4a10
[ 2081.083662][T14202]  ? _raw_spin_unlock+0x2d/0x50
[ 2081.088529][T14202]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2081.094777][T14202]  __do_fault+0x176/0x7b0
[ 2081.099109][T14202]  ? mark_held_locks+0x100/0x100
[ 2081.104057][T14202]  ? do_page_mkwrite+0x740/0x740
[ 2081.108992][T14202]  ? pmd_val+0x85/0x100
[ 2081.113164][T14202]  ? add_mm_counter_fast.part.0+0x40/0x40
[ 2081.118881][T14202]  ? pmd_val+0x85/0x100
[ 2081.123041][T14202]  ? add_mm_counter_fast.part.0+0x40/0x40
[ 2081.128769][T14202]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2081.135031][T14202]  __handle_mm_fault+0x370a/0x55a0
[ 2081.140214][T14202]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2081.145760][T14202]  ? check_preemption_disabled+0x48/0x290
[ 2081.151503][T14202]  ? handle_mm_fault+0x3cc/0xc80
[ 2081.156458][T14202]  ? lock_downgrade+0xbe0/0xbe0
[ 2081.161311][T14202]  ? kasan_check_read+0x11/0x20
[ 2081.166195][T14202]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2081.172215][T14202]  ? rcu_read_unlock_special+0x380/0x380
[ 2081.177848][T14202]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2081.184086][T14202]  ? check_preemption_disabled+0x48/0x290
[ 2081.189833][T14202]  handle_mm_fault+0x4ec/0xc80
[ 2081.194613][T14202]  ? __handle_mm_fault+0x55a0/0x55a0
[ 2081.199915][T14202]  __get_user_pages+0x8f7/0x1e10
[ 2081.204870][T14202]  ? follow_page_mask+0x1f40/0x1f40
[ 2081.210083][T14202]  ? lock_acquire+0x1db/0x570
[ 2081.214939][T14202]  ? ___might_sleep+0x1e7/0x310
[ 2081.219797][T14202]  ? lock_release+0xc40/0xc40
[ 2081.224475][T14202]  ? find_held_lock+0x35/0x120
[ 2081.229258][T14202]  ? vm_mmap_pgoff+0x21a/0x2b0
[ 2081.234067][T14202]  populate_vma_page_range+0x2bc/0x3b0
[ 2081.239530][T14202]  ? memset+0x32/0x40
[ 2081.243563][T14202]  ? follow_page+0x430/0x430
[ 2081.248162][T14202]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2081.254415][T14202]  ? vmacache_update+0x114/0x140
[ 2081.259358][T14202]  __mm_populate+0x27e/0x4c0
[ 2081.263962][T14202]  ? populate_vma_page_range+0x3b0/0x3b0
[ 2081.269625][T14202]  ? down_read_killable+0x150/0x150
[ 2081.274832][T14202]  ? security_mmap_file+0x1a7/0x1e0
[ 2081.280059][T14202]  vm_mmap_pgoff+0x277/0x2b0
[ 2081.284660][T14202]  ? vma_is_stack_for_current+0xd0/0xd0
[ 2081.290230][T14202]  ? kasan_check_read+0x11/0x20
[ 2081.295086][T14202]  ? _copy_to_user+0xc9/0x120
[ 2081.299789][T14202]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2081.306049][T14202]  ksys_mmap_pgoff+0x102/0x650
[ 2081.310839][T14202]  ? find_mergeable_anon_vma+0xd0/0xd0
[ 2081.316300][T14202]  ? trace_hardirqs_on+0xbd/0x310
[ 2081.321326][T14202]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2081.327583][T14202]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2081.333660][T14202]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2081.339471][T14202]  __x64_sys_mmap+0xe9/0x1b0
[ 2081.344069][T14202]  do_syscall_64+0x1a3/0x800
[ 2081.348669][T14202]  ? syscall_return_slowpath+0x5f0/0x5f0
[ 2081.354307][T14202]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2081.360032][T14202]  ? __switch_to_asm+0x34/0x70
[ 2081.364807][T14202]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2081.370367][T14202]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2081.376259][T14202] RIP: 0033:0x457ec9
[ 2081.380157][T14202] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2081.399769][T14202] RSP: 002b:00007f37b7f01c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 2081.408182][T14202] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9
[ 2081.416153][T14202] RDX: 0000000000000003 RSI: 0000000000b36000 RDI: 0000000020000000
[ 2081.424130][T14202] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000
[ 2081.432098][T14202] R10: 0000000000008031 R11: 0000000000000246 R12: 00007f37b7f026d4
[ 2081.440070][T14202] R13: 00000000004c3b56 R14: 00000000004d6910 R15: 00000000ffffffff
[ 2081.448403][    C1] net_ratelimit: 26 callbacks suppressed
[ 2081.448435][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2081.456690][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 2081.459876][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 2081.465539][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 2081.471377][    C1] protocol 88fb is buggy, dev hsr_slave_0
21:49:13 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01*\x00'}, &(0x7f0000000300)=0x54)

21:49:13 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0xfffffffffffff000}, 0x0)

21:49:13 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x78000000]}}, 0x1c)

21:49:13 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0x30000)

21:49:13 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x0, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

[ 2081.477165][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 2081.482760][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 2081.488480][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 2081.494272][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2081.499971][    C0] protocol 88fb is buggy, dev hsr_slave_0
21:49:13 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0x34000)

21:49:13 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0xfc000000]}}, 0x1c)

21:49:13 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x0}, 0x0)

[ 2081.588798][T14214] IPVS: ftp: loaded support on port[0] = 21
[ 2081.666758][T14202] memory: usage 307188kB, limit 307200kB, failcnt 4355
21:49:13 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0x400300)

[ 2081.722002][T14202] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2081.759641][T14202] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2081.795709][T14202] Memory cgroup stats for /syz5: cache:3104KB rss:257424KB rss_huge:231424KB shmem:3080KB mapped_file:3036KB dirty:0KB writeback:0KB swap:0KB inactive_anon:3200KB active_anon:257524KB inactive_file:0KB active_file:0KB unevictable:0KB
[ 2081.836380][T14202] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor5,pid=14194,uid=0
[ 2081.899191][T14202] Memory cgroup out of memory: Kill process 14194 (syz-executor5) score 1107 or sacrifice child
[ 2081.925364][T14202] Killed process 14194 (syz-executor5) total-vm:70532kB, anon-rss:112kB, file-rss:32768kB, shmem-rss:3164kB
[ 2081.955710][ T1042] oom_reaper: reaped process 14194 (syz-executor5), now anon-rss:0kB, file-rss:32772kB, shmem-rss:3164kB
[ 2081.977405][T14211] syz-executor3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2082.006399][T14211] CPU: 1 PID: 14211 Comm: syz-executor3 Not tainted 5.0.0-rc1-next-20190109 #8
[ 2082.015360][T14211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2082.025420][T14211] Call Trace:
[ 2082.028717][T14211]  dump_stack+0x1db/0x2d0
[ 2082.033075][T14211]  ? dump_stack_print_info.cold+0x20/0x20
[ 2082.038803][T14211]  ? check_preemption_disabled+0x48/0x290
[ 2082.044540][T14211]  dump_header+0x1e6/0x116c
[ 2082.049057][T14211]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2082.054799][T14211]  ? perf_trace_lock+0x750/0x750
[ 2082.059753][T14211]  ? print_usage_bug+0xd0/0xd0
[ 2082.064530][T14211]  ? pagefault_out_of_memory+0x1a1/0x1a1
[ 2082.070185][T14211]  ? ___ratelimit+0x37c/0x686
[ 2082.074900][T14211]  ? mark_held_locks+0xb1/0x100
[ 2082.079761][T14211]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2082.085572][T14211]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2082.091394][T14211]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2082.096700][T14211]  ? trace_hardirqs_on+0xbd/0x310
[ 2082.101731][T14211]  ? kasan_check_read+0x11/0x20
[ 2082.106584][T14211]  ? ___ratelimit+0x37c/0x686
[ 2082.111279][T14211]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2082.117091][T14211]  ? do_raw_spin_trylock+0x270/0x270
[ 2082.122395][T14211]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2082.128118][T14211]  ? lock_acquire+0x1db/0x570
[ 2082.132849][T14211]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 2082.138675][T14211]  ? ___ratelimit+0xac/0x686
[ 2082.143290][T14211]  ? idr_get_free+0xee0/0xee0
[ 2082.147971][T14211]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2082.153303][T14211]  oom_kill_process.cold+0x10/0x9ca
[ 2082.158510][T14211]  ? cgroup_procs_next+0x70/0x70
[ 2082.163461][T14211]  ? _raw_spin_unlock_irq+0x5e/0x90
[ 2082.168673][T14211]  ? oom_badness+0xa50/0xa50
[ 2082.173286][T14211]  ? oom_evaluate_task+0x540/0x540
[ 2082.178405][T14211]  ? mem_cgroup_iter_break+0x30/0x30
[ 2082.183696][T14211]  ? mutex_trylock+0x2d0/0x2d0
[ 2082.188462][T14211]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2082.188494][T14211]  ? rcu_read_unlock_special+0x380/0x380
[ 2082.188520][T14211]  out_of_memory+0x885/0x1420
[ 2082.188539][T14211]  ? mem_cgroup_iter+0x4f4/0xf50
[ 2082.209964][T14211]  ? oom_killer_disable+0x340/0x340
[ 2082.209984][T14211]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[ 2082.210001][T14211]  ? lock_acquire+0x1db/0x570
[ 2082.210030][T14211]  mem_cgroup_out_of_memory+0x160/0x210
[ 2082.221019][T14211]  ? do_raw_spin_unlock+0xa0/0x330
[ 2082.221035][T14211]  ? memory_oom_group_write+0x160/0x160
[ 2082.221048][T14211]  ? do_raw_spin_trylock+0x270/0x270
[ 2082.221074][T14211]  ? _raw_spin_unlock+0x2d/0x50
[ 2082.221092][T14211]  try_charge+0x1457/0x1d00
[ 2082.221105][T14211]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[ 2082.221133][T14211]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 2082.252074][T14211]  ? lock_downgrade+0xbe0/0xbe0
[ 2082.252090][T14211]  ? kasan_check_read+0x11/0x20
[ 2082.252113][T14211]  ? rcu_read_unlock_special+0x380/0x380
[ 2082.252148][T14211]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[ 2082.252168][T14211]  ? get_mem_cgroup_from_page+0x190/0x190
[ 2082.267723][T14211]  ? rcu_read_lock_sched_held+0x110/0x130
[ 2082.282997][T14211]  mem_cgroup_try_charge+0x43a/0xdb0
[ 2082.283020][T14211]  ? mem_cgroup_protected+0xa10/0xa10
[ 2082.283043][T14211]  ? check_preemption_disabled+0x48/0x290
[ 2082.283063][T14211]  ? print_usage_bug+0xd0/0xd0
[ 2082.305278][T14211]  ? __lock_acquire+0x572/0x4a10
[ 2082.305294][T14211]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 2082.305308][T14211]  ? __sanitizer_cov_trace_const_cmp2+0x18/0x20
[ 2082.305332][T14211]  mem_cgroup_try_charge_delay+0x1f/0xa0
[ 2082.305358][T14211]  wp_page_copy+0x45a/0x1c70
[ 2082.332385][T14211]  ? __lock_acquire+0x572/0x4a10
[ 2082.332440][T14211]  ? pmd_pfn+0x1d0/0x1d0
[ 2082.332470][T14211]  ? find_held_lock+0x35/0x120
[ 2082.332486][T14211]  ? do_wp_page+0x894/0x1e80
[ 2082.332515][T14211]  ? kasan_check_read+0x11/0x20
[ 2082.372542][T14211]  ? do_raw_spin_unlock+0xa0/0x330
[ 2082.377654][T14211]  ? _vm_normal_page+0x15d/0x3d0
[ 2082.382622][T14211]  ? do_raw_spin_trylock+0x270/0x270
[ 2082.387912][T14211]  ? print_usage_bug+0xd0/0xd0
[ 2082.391657][T14221] IPVS: ftp: loaded support on port[0] = 21
[ 2082.392683][T14211]  do_wp_page+0x89c/0x1e80
[ 2082.392698][T14211]  ? find_held_lock+0x35/0x120
[ 2082.392721][T14211]  ? finish_mkwrite_fault+0x4f0/0x4f0
[ 2082.392741][T14211]  ? __lock_acquire+0x572/0x4a10
[ 2082.413180][T14211]  ? lock_acquire+0x1db/0x570
[ 2082.413197][T14211]  ? __handle_mm_fault+0x1d80/0x55a0
[ 2082.413218][T14211]  ? kasan_check_write+0x14/0x20
[ 2082.413240][T14211]  ? do_raw_spin_lock+0x156/0x360
[ 2082.438039][T14211]  ? lock_release+0xc40/0xc40
[ 2082.442734][T14211]  ? rwlock_bug.part.0+0x90/0x90
[ 2082.447683][T14211]  ? pmd_devmap_trans_unstable+0x1d0/0x1d0
[ 2082.453486][T14211]  ? add_mm_counter_fast.part.0+0x40/0x40
[ 2082.459217][T14211]  __handle_mm_fault+0x2c8e/0x55a0
[ 2082.464343][T14211]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2082.469890][T14211]  ? check_preemption_disabled+0x48/0x290
[ 2082.475623][T14211]  ? handle_mm_fault+0x3cc/0xc80
[ 2082.480582][T14211]  ? lock_downgrade+0xbe0/0xbe0
[ 2082.480598][T14211]  ? kasan_check_read+0x11/0x20
[ 2082.480635][T14211]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2082.480656][T14211]  ? rcu_read_unlock_special+0x380/0x380
[ 2082.496294][T14211]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2082.496310][T14211]  ? check_preemption_disabled+0x48/0x290
[ 2082.496333][T14211]  handle_mm_fault+0x4ec/0xc80
[ 2082.496353][T14211]  ? __handle_mm_fault+0x55a0/0x55a0
[ 2082.496382][T14211]  __do_page_fault+0x5da/0xd60
[ 2082.496408][T14211]  do_page_fault+0xe6/0x7d8
[ 2082.518717][T14211]  ? trace_hardirqs_on_caller+0xc0/0x310
[ 2082.518738][T14211]  ? vmalloc_sync_all+0x30/0x30
[ 2082.518752][T14211]  ? __bpf_trace_preemptirq_template+0x30/0x30
[ 2082.518769][T14211]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2082.518791][T14211]  ? prepare_exit_to_usermode+0x232/0x3b0
[ 2082.533291][T14211]  ? page_fault+0x8/0x30
[ 2082.533311][T14211]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2082.533328][T14211]  ? page_fault+0x8/0x30
[ 2082.533343][T14211]  page_fault+0x1e/0x30
[ 2082.533361][T14211] RIP: 0033:0x40d130
[ 2082.575850][T14211] Code: 89 f8 49 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 74 ff ff ff bf 19 d5 4b 00 31 c0 e8 08 49 ff ff 31 ff e8 41 45 ff ff 90 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 36 33 64 00
21:49:13 executing program 5:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1d\x00'}, &(0x7f0000000300)=0x54)

21:49:13 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:49:13 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0xfe800000]}}, 0x1c)

[ 2082.575860][T14211] RSP: 002b:00007ffd98177b50 EFLAGS: 00010246
[ 2082.575874][T14211] RAX: 00000000cb4ee433 RBX: 00000000955c87df RCX: 0000001b2e920000
[ 2082.575884][T14211] RDX: 0000000000000000 RSI: 0000000000000433 RDI: ffffffffcb4ee433
[ 2082.575893][T14211] RBP: 000000000000000a R08: 00000000cb4ee433 R09: 00000000cb4ee437
[ 2082.575903][T14211] R10: 00007ffd98177ce0 R11: 0000000000000246 R12: 000000000073bf00
[ 2082.575920][T14211] R13: 0000000080000000 R14: 00007f58d5ec1008 R15: 000000000000000a
[ 2082.735890][T14247] IPVS: ftp: loaded support on port[0] = 21
[ 2082.756395][T14211] memory: usage 307200kB, limit 307200kB, failcnt 4271
[ 2082.781085][T14211] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2082.885035][T14211] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2082.901515][T14211] Memory cgroup stats for /syz3: cache:56KB rss:240368KB rss_huge:206848KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:240556KB inactive_file:0KB active_file:4KB unevictable:0KB
[ 2082.931553][T14211] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor3,pid=4923,uid=0
[ 2082.954783][T14211] Memory cgroup out of memory: Kill process 4923 (syz-executor3) score 1107 or sacrifice child
[ 2082.966142][T14211] Killed process 4923 (syz-executor3) total-vm:70532kB, anon-rss:2204kB, file-rss:33748kB, shmem-rss:0kB
[ 2083.065669][T14249] syz-executor5 invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[ 2083.086489][T14249] CPU: 0 PID: 14249 Comm: syz-executor5 Not tainted 5.0.0-rc1-next-20190109 #8
[ 2083.095425][T14249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2083.104381][T14218] binder: 14211 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2083.104425][T14218] binder: 14211:14218 ioctl c018620c 20000200 returned -22
[ 2083.105497][T14249] Call Trace:
[ 2083.105522][T14249]  dump_stack+0x1db/0x2d0
[ 2083.105543][T14249]  ? dump_stack_print_info.cold+0x20/0x20
[ 2083.105558][T14249]  ? check_preemption_disabled+0x48/0x290
[ 2083.105612][T14249]  dump_header+0x1e6/0x116c
[ 2083.105637][T14249]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2083.105652][T14249]  ? perf_trace_lock+0x750/0x750
[ 2083.105674][T14249]  ? print_usage_bug+0xd0/0xd0
[ 2083.140423][T14249]  ? pagefault_out_of_memory+0x1a1/0x1a1
[ 2083.140440][T14249]  ? ___ratelimit+0x37c/0x686
[ 2083.140463][T14249]  ? mark_held_locks+0xb1/0x100
[ 2083.140484][T14249]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2083.140516][T14249]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2083.140533][T14249]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2083.140552][T14249]  ? trace_hardirqs_on+0xbd/0x310
[ 2083.140569][T14249]  ? kasan_check_read+0x11/0x20
[ 2083.140587][T14249]  ? ___ratelimit+0x37c/0x686
[ 2083.160446][T14249]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2083.160461][T14249]  ? do_raw_spin_trylock+0x270/0x270
[ 2083.160477][T14249]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2083.160490][T14249]  ? lock_acquire+0x1db/0x570
[ 2083.160514][T14249]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 2083.160534][T14249]  ? ___ratelimit+0xac/0x686
[ 2083.239351][T14249]  ? idr_get_free+0xee0/0xee0
[ 2083.244045][T14249]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2083.249346][T14249]  oom_kill_process.cold+0x10/0x9ca
[ 2083.254552][T14249]  ? cgroup_procs_next+0x70/0x70
[ 2083.259496][T14249]  ? _raw_spin_unlock_irq+0x5e/0x90
[ 2083.264700][T14249]  ? oom_badness+0xa50/0xa50
[ 2083.269333][T14249]  ? oom_evaluate_task+0x540/0x540
[ 2083.274446][T14249]  ? mem_cgroup_iter_break+0x30/0x30
[ 2083.279730][T14249]  ? mutex_trylock+0x2d0/0x2d0
[ 2083.284499][T14249]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2083.290756][T14249]  ? rcu_read_unlock_special+0x380/0x380
[ 2083.296408][T14249]  out_of_memory+0x885/0x1420
[ 2083.301094][T14249]  ? mem_cgroup_iter+0x4f4/0xf50
[ 2083.306042][T14249]  ? oom_killer_disable+0x340/0x340
[ 2083.311248][T14249]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[ 2083.317056][T14249]  ? lock_acquire+0x1db/0x570
[ 2083.321753][T14249]  mem_cgroup_out_of_memory+0x160/0x210
[ 2083.327302][T14249]  ? do_raw_spin_unlock+0xa0/0x330
[ 2083.332425][T14249]  ? memory_oom_group_write+0x160/0x160
[ 2083.337978][T14249]  ? do_raw_spin_trylock+0x270/0x270
[ 2083.343283][T14249]  ? _raw_spin_unlock+0x2d/0x50
[ 2083.348144][T14249]  try_charge+0x1457/0x1d00
[ 2083.352659][T14249]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[ 2083.358221][T14249]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 2083.363760][T14249]  ? lock_downgrade+0xbe0/0xbe0
[ 2083.368615][T14249]  ? kasan_check_read+0x11/0x20
[ 2083.373473][T14249]  ? rcu_read_unlock_special+0x380/0x380
[ 2083.379128][T14249]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[ 2083.384669][T14249]  ? get_mem_cgroup_from_page+0x190/0x190
[ 2083.390373][T14249]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2083.395987][T14249]  ? print_usage_bug+0xd0/0xd0
[ 2083.400754][T14249]  mem_cgroup_try_charge+0x43a/0xdb0
[ 2083.406034][T14249]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2083.412255][T14249]  ? mem_cgroup_protected+0xa10/0xa10
[ 2083.417638][T14249]  ? shmem_getattr+0x2c0/0x2c0
[ 2083.422426][T14249]  ? __lock_acquire+0x572/0x4a10
[ 2083.427373][T14249]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2083.432654][T14249]  ? print_usage_bug+0xd0/0xd0
[ 2083.437429][T14249]  mem_cgroup_try_charge_delay+0x1f/0xa0
[ 2083.443062][T14249]  shmem_getpage_gfp+0xa85/0x4b70
[ 2083.448108][T14249]  ? shmem_add_to_page_cache+0x19a0/0x19a0
[ 2083.453910][T14249]  ? lock_acquire+0x1db/0x570
[ 2083.458582][T14249]  ? alloc_set_pte+0x134a/0x1df0
[ 2083.463545][T14249]  ? kasan_check_write+0x14/0x20
[ 2083.468479][T14249]  ? do_raw_spin_lock+0x156/0x360
[ 2083.473491][T14249]  ? lock_release+0xc40/0xc40
[ 2083.478188][T14249]  ? rwlock_bug.part.0+0x90/0x90
[ 2083.483137][T14249]  ? pmd_devmap_trans_unstable+0x1d0/0x1d0
[ 2083.488935][T14249]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2083.494561][T14249]  ? reacquire_held_locks+0xfb/0x520
[ 2083.499835][T14249]  ? alloc_set_pte+0x134a/0x1df0
[ 2083.504767][T14249]  ? find_held_lock+0x60/0x120
[ 2083.509517][T14249]  ? filemap_map_pages+0xe29/0x1cc0
[ 2083.514699][T14249]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2083.520935][T14249]  ? lock_downgrade+0xbe0/0xbe0
[ 2083.525808][T14249]  ? kasan_check_read+0x11/0x20
[ 2083.530656][T14249]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2083.536650][T14249]  ? rcu_read_unlock_special+0x380/0x380
[ 2083.542298][T14249]  ? filemap_map_pages+0xe50/0x1cc0
[ 2083.547868][T14249]  ? find_get_entries_tag+0x13d0/0x13d0
[ 2083.553405][T14249]  ? follow_page_pte+0x3f4/0x1a50
[ 2083.558440][T14249]  shmem_fault+0x25a/0x950
[ 2083.562883][T14249]  ? shmem_read_mapping_page_gfp+0x200/0x200
[ 2083.568861][T14249]  ? __handle_mm_fault+0x42e1/0x55a0
[ 2083.574142][T14249]  ? find_held_lock+0x35/0x120
[ 2083.578896][T14249]  ? __handle_mm_fault+0x42e1/0x55a0
[ 2083.584187][T14249]  __do_fault+0x176/0x7b0
[ 2083.588514][T14249]  ? do_page_mkwrite+0x740/0x740
[ 2083.593441][T14249]  ? do_raw_spin_unlock+0xa0/0x330
[ 2083.598542][T14249]  ? do_raw_spin_trylock+0x270/0x270
[ 2083.603834][T14249]  ? add_mm_counter_fast.part.0+0x40/0x40
[ 2083.609554][T14249]  __handle_mm_fault+0x370a/0x55a0
[ 2083.614661][T14249]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2083.620211][T14249]  ? check_preemption_disabled+0x48/0x290
[ 2083.625920][T14249]  ? handle_mm_fault+0x3cc/0xc80
[ 2083.630847][T14249]  ? lock_downgrade+0xbe0/0xbe0
[ 2083.635687][T14249]  ? kasan_check_read+0x11/0x20
[ 2083.640525][T14249]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2083.646520][T14249]  ? rcu_read_unlock_special+0x380/0x380
[ 2083.652158][T14249]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2083.658404][T14249]  ? check_preemption_disabled+0x48/0x290
[ 2083.664119][T14249]  handle_mm_fault+0x4ec/0xc80
[ 2083.668897][T14249]  ? __handle_mm_fault+0x55a0/0x55a0
[ 2083.674171][T14249]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 2083.679880][T14249]  __get_user_pages+0x8f7/0x1e10
[ 2083.684816][T14249]  ? follow_page_mask+0x1f40/0x1f40
[ 2083.689995][T14249]  ? lock_acquire+0x1db/0x570
[ 2083.694653][T14249]  ? ___might_sleep+0x1e7/0x310
[ 2083.699499][T14249]  ? lock_release+0xc40/0xc40
[ 2083.704161][T14249]  ? find_held_lock+0x35/0x120
[ 2083.708951][T14249]  ? vm_mmap_pgoff+0x21a/0x2b0
[ 2083.713744][T14249]  populate_vma_page_range+0x2bc/0x3b0
[ 2083.719208][T14249]  ? memset+0x32/0x40
[ 2083.723214][T14249]  ? follow_page+0x430/0x430
[ 2083.727795][T14249]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2083.734029][T14249]  ? vmacache_update+0x114/0x140
[ 2083.738972][T14249]  __mm_populate+0x27e/0x4c0
[ 2083.743569][T14249]  ? populate_vma_page_range+0x3b0/0x3b0
[ 2083.749181][T14249]  ? down_read_killable+0x150/0x150
[ 2083.754359][T14249]  ? security_mmap_file+0x1a7/0x1e0
[ 2083.759590][T14249]  vm_mmap_pgoff+0x277/0x2b0
[ 2083.764198][T14249]  ? vma_is_stack_for_current+0xd0/0xd0
[ 2083.769736][T14249]  ? kasan_check_read+0x11/0x20
[ 2083.774581][T14249]  ? _copy_to_user+0xc9/0x120
[ 2083.779262][T14249]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2083.785507][T14249]  ksys_mmap_pgoff+0x102/0x650
[ 2083.790255][T14249]  ? find_mergeable_anon_vma+0xd0/0xd0
[ 2083.795694][T14249]  ? trace_hardirqs_on+0xbd/0x310
[ 2083.800713][T14249]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2083.806979][T14249]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2083.813069][T14249]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2083.818916][T14249]  __x64_sys_mmap+0xe9/0x1b0
[ 2083.823502][T14249]  do_syscall_64+0x1a3/0x800
[ 2083.828085][T14249]  ? syscall_return_slowpath+0x5f0/0x5f0
[ 2083.833713][T14249]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2083.839424][T14249]  ? __switch_to_asm+0x34/0x70
[ 2083.844196][T14249]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2083.849728][T14249]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2083.855598][T14249] RIP: 0033:0x457ec9
[ 2083.859527][T14249] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2083.879139][T14249] RSP: 002b:00007f37b7f01c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 2083.887561][T14249] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9
[ 2083.895523][T14249] RDX: 0000000000000003 RSI: 0000000000b36000 RDI: 0000000020000000
[ 2083.903470][T14249] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000
[ 2083.911421][T14249] R10: 0000000000008031 R11: 0000000000000246 R12: 00007f37b7f026d4
[ 2083.919380][T14249] R13: 00000000004c3b56 R14: 00000000004d6910 R15: 00000000ffffffff
[ 2083.931553][T14249] memory: usage 307200kB, limit 307200kB, failcnt 4401
[ 2083.938855][T14249] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2083.946541][T14249] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2083.953514][T14214] Memory cgroup stats for /syz5:
[ 2083.953536][T14249]  cache:2984KB rss:257424KB rss_huge:231424KB shmem:3088KB mapped_file:3168KB dirty:0KB writeback:0KB swap:0KB inactive_anon:3108KB active_anon:257512KB inactive_file:0KB active_file:0KB unevictable:0KB
[ 2083.978638][T14249] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor5,pid=14127,uid=0
[ 2083.994131][T14249] Memory cgroup out of memory: Kill process 14127 (syz-executor5) score 1107 or sacrifice child
[ 2084.004804][T14249] Killed process 14127 (syz-executor5) total-vm:70532kB, anon-rss:2212kB, file-rss:33764kB, shmem-rss:0kB
[ 2084.066892][T14249] syz-executor5 invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[ 2084.078357][T14249] CPU: 0 PID: 14249 Comm: syz-executor5 Not tainted 5.0.0-rc1-next-20190109 #8
[ 2084.087292][T14249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2084.097341][T14249] Call Trace:
[ 2084.097365][T14249]  dump_stack+0x1db/0x2d0
[ 2084.097388][T14249]  ? dump_stack_print_info.cold+0x20/0x20
[ 2084.097404][T14249]  ? check_preemption_disabled+0x48/0x290
[ 2084.097436][T14249]  dump_header+0x1e6/0x116c
[ 2084.097458][T14249]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2084.105044][T14249]  ? perf_trace_lock+0x750/0x750
[ 2084.105081][T14249]  ? print_usage_bug+0xd0/0xd0
[ 2084.105117][T14249]  ? pagefault_out_of_memory+0x1a1/0x1a1
[ 2084.141903][T14249]  ? ___ratelimit+0x37c/0x686
[ 2084.141928][T14249]  ? mark_held_locks+0xb1/0x100
[ 2084.141964][T14249]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2084.157251][T14249]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2084.163059][T14249]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2084.168344][T14249]  ? trace_hardirqs_on+0xbd/0x310
[ 2084.173368][T14249]  ? kasan_check_read+0x11/0x20
[ 2084.178216][T14249]  ? ___ratelimit+0x37c/0x686
[ 2084.182899][T14249]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2084.188704][T14249]  ? do_raw_spin_trylock+0x270/0x270
[ 2084.193989][T14249]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2084.199706][T14249]  ? lock_acquire+0x1db/0x570
[ 2084.204391][T14249]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 2084.210195][T14249]  ? ___ratelimit+0xac/0x686
[ 2084.214792][T14249]  ? idr_get_free+0xee0/0xee0
[ 2084.219472][T14249]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2084.224787][T14249]  oom_kill_process.cold+0x10/0x9ca
[ 2084.229993][T14249]  ? cgroup_procs_next+0x70/0x70
[ 2084.234934][T14249]  ? _raw_spin_unlock_irq+0x5e/0x90
[ 2084.240135][T14249]  ? oom_badness+0xa50/0xa50
[ 2084.244734][T14249]  ? oom_evaluate_task+0x540/0x540
[ 2084.249846][T14249]  ? mem_cgroup_iter_break+0x30/0x30
[ 2084.255128][T14249]  ? mutex_trylock+0x2d0/0x2d0
[ 2084.259911][T14249]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2084.266167][T14249]  ? rcu_read_unlock_special+0x380/0x380
[ 2084.271817][T14249]  out_of_memory+0x885/0x1420
[ 2084.276501][T14249]  ? mem_cgroup_iter+0x4f4/0xf50
[ 2084.281452][T14249]  ? oom_killer_disable+0x340/0x340
[ 2084.286763][T14249]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[ 2084.292567][T14249]  ? lock_acquire+0x1db/0x570
[ 2084.297250][T14249]  mem_cgroup_out_of_memory+0x160/0x210
[ 2084.302788][T14249]  ? do_raw_spin_unlock+0xa0/0x330
[ 2084.307897][T14249]  ? memory_oom_group_write+0x160/0x160
[ 2084.313444][T14249]  ? do_raw_spin_trylock+0x270/0x270
[ 2084.318730][T14249]  ? _raw_spin_unlock+0x2d/0x50
[ 2084.323563][T14249]  try_charge+0x1457/0x1d00
[ 2084.328055][T14249]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[ 2084.333621][T14249]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 2084.339161][T14249]  ? lock_downgrade+0xbe0/0xbe0
[ 2084.344155][T14249]  ? kasan_check_read+0x11/0x20
[ 2084.349000][T14249]  ? rcu_read_unlock_special+0x380/0x380
[ 2084.354645][T14249]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[ 2084.360173][T14249]  ? get_mem_cgroup_from_page+0x190/0x190
[ 2084.365872][T14249]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2084.371500][T14249]  ? print_usage_bug+0xd0/0xd0
[ 2084.376262][T14249]  mem_cgroup_try_charge+0x43a/0xdb0
[ 2084.381543][T14249]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2084.387774][T14249]  ? mem_cgroup_protected+0xa10/0xa10
[ 2084.393164][T14249]  ? shmem_getattr+0x2c0/0x2c0
[ 2084.397918][T14249]  ? __lock_acquire+0x572/0x4a10
[ 2084.402846][T14249]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2084.408153][T14249]  ? print_usage_bug+0xd0/0xd0
[ 2084.412936][T14249]  mem_cgroup_try_charge_delay+0x1f/0xa0
[ 2084.418562][T14249]  shmem_getpage_gfp+0xa85/0x4b70
[ 2084.423587][T14249]  ? shmem_add_to_page_cache+0x19a0/0x19a0
[ 2084.429409][T14249]  ? lock_acquire+0x1db/0x570
[ 2084.434078][T14249]  ? alloc_set_pte+0x134a/0x1df0
[ 2084.439000][T14249]  ? kasan_check_write+0x14/0x20
[ 2084.443918][T14249]  ? do_raw_spin_lock+0x156/0x360
[ 2084.448948][T14249]  ? lock_release+0xc40/0xc40
[ 2084.453641][T14249]  ? rwlock_bug.part.0+0x90/0x90
[ 2084.458585][T14249]  ? pmd_devmap_trans_unstable+0x1d0/0x1d0
[ 2084.464393][T14249]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2084.470052][T14249]  ? reacquire_held_locks+0xfb/0x520
[ 2084.475328][T14249]  ? alloc_set_pte+0x134a/0x1df0
[ 2084.480246][T14249]  ? find_held_lock+0x60/0x120
[ 2084.484990][T14249]  ? filemap_map_pages+0xe29/0x1cc0
[ 2084.490199][T14249]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2084.496440][T14249]  ? lock_downgrade+0xbe0/0xbe0
[ 2084.501274][T14249]  ? kasan_check_read+0x11/0x20
[ 2084.506108][T14249]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2084.512085][T14249]  ? rcu_read_unlock_special+0x380/0x380
[ 2084.517714][T14249]  ? filemap_map_pages+0xe50/0x1cc0
[ 2084.522903][T14249]  ? find_get_entries_tag+0x13d0/0x13d0
[ 2084.528436][T14249]  ? follow_page_pte+0x3f4/0x1a50
[ 2084.533472][T14249]  shmem_fault+0x25a/0x950
[ 2084.537885][T14249]  ? shmem_read_mapping_page_gfp+0x200/0x200
[ 2084.543850][T14249]  ? __handle_mm_fault+0x42e1/0x55a0
[ 2084.549125][T14249]  ? find_held_lock+0x35/0x120
[ 2084.553896][T14249]  ? __handle_mm_fault+0x42e1/0x55a0
[ 2084.559175][T14249]  __do_fault+0x176/0x7b0
[ 2084.563487][T14249]  ? do_page_mkwrite+0x740/0x740
[ 2084.568443][T14249]  ? do_raw_spin_unlock+0xa0/0x330
[ 2084.573572][T14249]  ? do_raw_spin_trylock+0x270/0x270
[ 2084.578861][T14249]  ? add_mm_counter_fast.part.0+0x40/0x40
[ 2084.584567][T14249]  __handle_mm_fault+0x370a/0x55a0
[ 2084.589685][T14249]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2084.595236][T14249]  ? check_preemption_disabled+0x48/0x290
[ 2084.600970][T14249]  ? handle_mm_fault+0x3cc/0xc80
[ 2084.605900][T14249]  ? lock_downgrade+0xbe0/0xbe0
[ 2084.610741][T14249]  ? kasan_check_read+0x11/0x20
[ 2084.615582][T14249]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2084.621550][T14249]  ? rcu_read_unlock_special+0x380/0x380
[ 2084.627175][T14249]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2084.633416][T14249]  ? check_preemption_disabled+0x48/0x290
[ 2084.639145][T14249]  handle_mm_fault+0x4ec/0xc80
[ 2084.643895][T14249]  ? __handle_mm_fault+0x55a0/0x55a0
[ 2084.649175][T14249]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 2084.654885][T14249]  __get_user_pages+0x8f7/0x1e10
[ 2084.659810][T14249]  ? follow_page_mask+0x1f40/0x1f40
[ 2084.664992][T14249]  ? lock_acquire+0x1db/0x570
[ 2084.669664][T14249]  ? ___might_sleep+0x1e7/0x310
[ 2084.674508][T14249]  ? lock_release+0xc40/0xc40
[ 2084.679164][T14249]  ? find_held_lock+0x35/0x120
[ 2084.683907][T14249]  ? vm_mmap_pgoff+0x21a/0x2b0
[ 2084.688674][T14249]  populate_vma_page_range+0x2bc/0x3b0
[ 2084.694128][T14249]  ? memset+0x32/0x40
[ 2084.698108][T14249]  ? follow_page+0x430/0x430
[ 2084.702693][T14249]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2084.708922][T14249]  ? vmacache_update+0x114/0x140
[ 2084.713870][T14249]  __mm_populate+0x27e/0x4c0
[ 2084.718454][T14249]  ? populate_vma_page_range+0x3b0/0x3b0
[ 2084.724061][T14249]  ? down_read_killable+0x150/0x150
[ 2084.729253][T14249]  ? security_mmap_file+0x1a7/0x1e0
[ 2084.734447][T14249]  vm_mmap_pgoff+0x277/0x2b0
[ 2084.739023][T14249]  ? vma_is_stack_for_current+0xd0/0xd0
[ 2084.744548][T14249]  ? kasan_check_read+0x11/0x20
[ 2084.749386][T14249]  ? _copy_to_user+0xc9/0x120
[ 2084.754058][T14249]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2084.760279][T14249]  ksys_mmap_pgoff+0x102/0x650
[ 2084.765023][T14249]  ? find_mergeable_anon_vma+0xd0/0xd0
[ 2084.770483][T14249]  ? trace_hardirqs_on+0xbd/0x310
[ 2084.775519][T14249]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2084.781755][T14249]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2084.787810][T14249]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2084.793616][T14249]  __x64_sys_mmap+0xe9/0x1b0
[ 2084.798218][T14249]  do_syscall_64+0x1a3/0x800
[ 2084.802817][T14249]  ? syscall_return_slowpath+0x5f0/0x5f0
[ 2084.808475][T14249]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2084.814196][T14249]  ? __switch_to_asm+0x34/0x70
[ 2084.818955][T14249]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2084.824496][T14249]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2084.830364][T14249] RIP: 0033:0x457ec9
[ 2084.834236][T14249] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2084.853828][T14249] RSP: 002b:00007f37b7f01c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 2084.862257][T14249] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9
[ 2084.870236][T14249] RDX: 0000000000000003 RSI: 0000000000b36000 RDI: 0000000020000000
[ 2084.878211][T14249] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000
[ 2084.886183][T14249] R10: 0000000000008031 R11: 0000000000000246 R12: 00007f37b7f026d4
[ 2084.894159][T14249] R13: 00000000004c3b56 R14: 00000000004d6910 R15: 00000000ffffffff
[ 2084.902760][T14249] memory: usage 307196kB, limit 307200kB, failcnt 4412
[ 2084.909782][T14249] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2084.917363][T14249] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2084.924206][T14214] Memory cgroup stats for 
[ 2084.924217][T14249] /syz5: cache:5228KB rss:255268KB rss_huge:229376KB shmem:5332KB mapped_file:5280KB dirty:0KB writeback:0KB swap:0KB inactive_anon:5376KB active_anon:255364KB inactive_file:0KB active_file:0KB unevictable:0KB
[ 2084.949069][T14249] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor5,pid=14246,uid=0
[ 2084.949126][T14249] Memory cgroup out of memory: Kill process 14246 (syz-executor5) score 1114 or sacrifice child
[ 2084.949217][T14249] Killed process 14246 (syz-executor5) total-vm:70532kB, anon-rss:112kB, file-rss:32768kB, shmem-rss:5276kB
[ 2084.950805][ T1042] oom_reaper: reaped process 14246 (syz-executor5), now anon-rss:0kB, file-rss:32708kB, shmem-rss:5276kB
21:49:19 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x00\x00\x00\x010\x00'}, &(0x7f0000000300)=0x54)

21:49:19 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0xf0ffff)

21:49:19 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0xfec00000]}}, 0x1c)

21:49:19 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x0, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:49:19 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:49:19 executing program 5:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1d\x00'}, &(0x7f0000000300)=0x54)

21:49:19 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0x1000000)

[ 2087.563958][T14260] IPVS: ftp: loaded support on port[0] = 21
[ 2087.601020][T14262] IPVS: ftp: loaded support on port[0] = 21
21:49:19 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0xff000000]}}, 0x1c)

21:49:19 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x0}, 0x0)

[ 2087.640156][T14269] binder: 14255 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2087.640169][T14269] binder: 14255:14269 ioctl c018620c 20000200 returned -22
[ 2087.649077][    C1] net_ratelimit: 26 callbacks suppressed
[ 2087.649087][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2087.649166][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 2087.726303][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2087.732258][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 2087.738150][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2087.743927][    C1] protocol 88fb is buggy, dev hsr_slave_1
21:49:19 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0x2000000)

21:49:19 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:49:19 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x10000000000000]}}, 0x1c)

[ 2088.046349][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 2088.052283][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 2088.058271][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 2088.064072][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 2088.204995][T14266] syz-executor5 invoked oom-killer: gfp_mask=0x6200ca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[ 2088.233860][T14266] CPU: 0 PID: 14266 Comm: syz-executor5 Not tainted 5.0.0-rc1-next-20190109 #8
[ 2088.242831][T14266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2088.252881][T14266] Call Trace:
[ 2088.256197][T14266]  dump_stack+0x1db/0x2d0
[ 2088.260560][T14266]  ? dump_stack_print_info.cold+0x20/0x20
[ 2088.266281][T14266]  ? check_preemption_disabled+0x48/0x290
[ 2088.272020][T14266]  dump_header+0x1e6/0x116c
[ 2088.276530][T14266]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2088.282176][T14266]  ? perf_trace_lock+0x750/0x750
[ 2088.287128][T14266]  ? print_usage_bug+0xd0/0xd0
[ 2088.291901][T14266]  ? pagefault_out_of_memory+0x1a1/0x1a1
[ 2088.297546][T14266]  ? ___ratelimit+0x37c/0x686
[ 2088.302228][T14266]  ? mark_held_locks+0xb1/0x100
[ 2088.307092][T14266]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2088.312932][T14266]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2088.318771][T14266]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2088.324060][T14266]  ? trace_hardirqs_on+0xbd/0x310
[ 2088.329101][T14266]  ? kasan_check_read+0x11/0x20
[ 2088.333957][T14266]  ? ___ratelimit+0x37c/0x686
[ 2088.338653][T14266]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2088.344667][T14266]  ? do_raw_spin_trylock+0x270/0x270
[ 2088.349973][T14266]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2088.355694][T14266]  ? lock_acquire+0x1db/0x570
[ 2088.360380][T14266]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 2088.366185][T14266]  ? ___ratelimit+0xac/0x686
[ 2088.370780][T14266]  ? idr_get_free+0xee0/0xee0
[ 2088.375458][T14266]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2088.380772][T14266]  oom_kill_process.cold+0x10/0x9ca
[ 2088.385979][T14266]  ? cgroup_procs_next+0x70/0x70
[ 2088.391066][T14266]  ? _raw_spin_unlock_irq+0x5e/0x90
[ 2088.396295][T14266]  ? oom_badness+0xa50/0xa50
[ 2088.400892][T14266]  ? oom_evaluate_task+0x540/0x540
[ 2088.406020][T14266]  ? mem_cgroup_iter_break+0x30/0x30
[ 2088.411307][T14266]  ? mutex_trylock+0x2d0/0x2d0
[ 2088.416069][T14266]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2088.422341][T14266]  ? rcu_read_unlock_special+0x380/0x380
[ 2088.427984][T14266]  out_of_memory+0x885/0x1420
[ 2088.432672][T14266]  ? mem_cgroup_iter+0x4f4/0xf50
[ 2088.437636][T14266]  ? oom_killer_disable+0x340/0x340
[ 2088.442840][T14266]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[ 2088.448660][T14266]  ? lock_acquire+0x1db/0x570
[ 2088.453350][T14266]  mem_cgroup_out_of_memory+0x160/0x210
[ 2088.458895][T14266]  ? do_raw_spin_unlock+0xa0/0x330
[ 2088.464006][T14266]  ? memory_oom_group_write+0x160/0x160
[ 2088.469547][T14266]  ? do_raw_spin_trylock+0x270/0x270
[ 2088.474860][T14266]  ? _raw_spin_unlock+0x2d/0x50
[ 2088.479733][T14266]  try_charge+0x1457/0x1d00
[ 2088.484237][T14266]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[ 2088.489794][T14266]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 2088.495340][T14266]  ? lock_downgrade+0xbe0/0xbe0
[ 2088.500221][T14266]  ? kasan_check_read+0x11/0x20
[ 2088.505096][T14266]  ? rcu_read_unlock_special+0x380/0x380
[ 2088.510740][T14266]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[ 2088.516291][T14266]  ? get_mem_cgroup_from_page+0x190/0x190
[ 2088.522017][T14266]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2088.527655][T14266]  ? print_usage_bug+0xd0/0xd0
[ 2088.532425][T14266]  mem_cgroup_try_charge+0x43a/0xdb0
[ 2088.537714][T14266]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2088.543958][T14266]  ? mem_cgroup_protected+0xa10/0xa10
[ 2088.549336][T14266]  ? shmem_getattr+0x2c0/0x2c0
[ 2088.554103][T14266]  ? __lock_acquire+0x572/0x4a10
[ 2088.559038][T14266]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2088.564327][T14266]  ? print_usage_bug+0xd0/0xd0
[ 2088.569107][T14266]  mem_cgroup_try_charge_delay+0x1f/0xa0
[ 2088.574779][T14266]  shmem_getpage_gfp+0xa85/0x4b70
[ 2088.579830][T14266]  ? shmem_add_to_page_cache+0x19a0/0x19a0
[ 2088.585695][T14266]  ? lock_acquire+0x1db/0x570
[ 2088.590422][T14266]  ? alloc_set_pte+0x134a/0x1df0
[ 2088.595372][T14266]  ? kasan_check_write+0x14/0x20
[ 2088.600315][T14266]  ? do_raw_spin_lock+0x156/0x360
[ 2088.605339][T14266]  ? lock_release+0xc40/0xc40
[ 2088.610016][T14266]  ? rwlock_bug.part.0+0x90/0x90
[ 2088.614961][T14266]  ? pmd_devmap_trans_unstable+0x1d0/0x1d0
[ 2088.620774][T14266]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2088.626417][T14266]  ? reacquire_held_locks+0xfb/0x520
[ 2088.631701][T14266]  ? alloc_set_pte+0x134a/0x1df0
[ 2088.636658][T14266]  ? find_held_lock+0x60/0x120
[ 2088.641453][T14266]  ? filemap_map_pages+0xe29/0x1cc0
[ 2088.646712][T14266]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2088.652987][T14266]  ? lock_downgrade+0xbe0/0xbe0
[ 2088.657839][T14266]  ? kasan_check_read+0x11/0x20
[ 2088.662703][T14266]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2088.668700][T14266]  ? rcu_read_unlock_special+0x380/0x380
[ 2088.674343][T14266]  ? filemap_map_pages+0xe50/0x1cc0
[ 2088.679559][T14266]  ? find_get_entries_tag+0x13d0/0x13d0
[ 2088.685099][T14266]  ? follow_page_pte+0x3f4/0x1a50
[ 2088.690134][T14266]  shmem_fault+0x25a/0x950
[ 2088.694566][T14266]  ? shmem_read_mapping_page_gfp+0x200/0x200
[ 2088.700598][T14266]  ? __handle_mm_fault+0x42e1/0x55a0
[ 2088.705916][T14266]  ? find_held_lock+0x35/0x120
[ 2088.710681][T14266]  ? __handle_mm_fault+0x42e1/0x55a0
[ 2088.716006][T14266]  __do_fault+0x176/0x7b0
[ 2088.720344][T14266]  ? do_page_mkwrite+0x740/0x740
[ 2088.725285][T14266]  ? do_raw_spin_unlock+0xa0/0x330
[ 2088.730396][T14266]  ? do_raw_spin_trylock+0x270/0x270
[ 2088.735686][T14266]  ? add_mm_counter_fast.part.0+0x40/0x40
[ 2088.741418][T14266]  __handle_mm_fault+0x370a/0x55a0
[ 2088.746546][T14266]  ? vmf_insert_mixed_mkwrite+0x40/0x40
[ 2088.752089][T14266]  ? check_preemption_disabled+0x48/0x290
[ 2088.757809][T14266]  ? handle_mm_fault+0x3cc/0xc80
[ 2088.762769][T14266]  ? lock_downgrade+0xbe0/0xbe0
[ 2088.767633][T14266]  ? kasan_check_read+0x11/0x20
[ 2088.772481][T14266]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2088.778493][T14266]  ? rcu_read_unlock_special+0x380/0x380
[ 2088.784130][T14266]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2088.790374][T14266]  ? check_preemption_disabled+0x48/0x290
[ 2088.796106][T14266]  handle_mm_fault+0x4ec/0xc80
[ 2088.800876][T14266]  ? __handle_mm_fault+0x55a0/0x55a0
[ 2088.806165][T14266]  ? __sanitizer_cov_trace_cmp8+0x18/0x20
[ 2088.811899][T14266]  __get_user_pages+0x8f7/0x1e10
[ 2088.816855][T14266]  ? follow_page_mask+0x1f40/0x1f40
[ 2088.822063][T14266]  ? lock_acquire+0x1db/0x570
[ 2088.826746][T14266]  ? ___might_sleep+0x1e7/0x310
[ 2088.831601][T14266]  ? lock_release+0xc40/0xc40
[ 2088.836289][T14266]  ? find_held_lock+0x35/0x120
[ 2088.841056][T14266]  ? vm_mmap_pgoff+0x21a/0x2b0
[ 2088.845829][T14266]  populate_vma_page_range+0x2bc/0x3b0
[ 2088.851288][T14266]  ? memset+0x32/0x40
[ 2088.855274][T14266]  ? follow_page+0x430/0x430
[ 2088.859862][T14266]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2088.866104][T14266]  ? vmacache_update+0x114/0x140
[ 2088.871051][T14266]  __mm_populate+0x27e/0x4c0
[ 2088.875661][T14266]  ? populate_vma_page_range+0x3b0/0x3b0
[ 2088.881302][T14266]  ? down_read_killable+0x150/0x150
[ 2088.886505][T14266]  ? security_mmap_file+0x1a7/0x1e0
[ 2088.891718][T14266]  vm_mmap_pgoff+0x277/0x2b0
[ 2088.896316][T14266]  ? vma_is_stack_for_current+0xd0/0xd0
[ 2088.901862][T14266]  ? kasan_check_read+0x11/0x20
[ 2088.906712][T14266]  ? _copy_to_user+0xc9/0x120
[ 2088.911395][T14266]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2088.917657][T14266]  ksys_mmap_pgoff+0x102/0x650
[ 2088.922429][T14266]  ? find_mergeable_anon_vma+0xd0/0xd0
[ 2088.927893][T14266]  ? trace_hardirqs_on+0xbd/0x310
[ 2088.932916][T14266]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2088.939162][T14266]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2088.945233][T14266]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2088.951041][T14266]  __x64_sys_mmap+0xe9/0x1b0
[ 2088.955662][T14266]  do_syscall_64+0x1a3/0x800
[ 2088.960260][T14266]  ? syscall_return_slowpath+0x5f0/0x5f0
[ 2088.965896][T14266]  ? prepare_exit_to_usermode+0x3b0/0x3b0
[ 2088.971638][T14266]  ? __switch_to_asm+0x34/0x70
[ 2088.976425][T14266]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2088.981983][T14266]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2088.987876][T14266] RIP: 0033:0x457ec9
[ 2088.991775][T14266] Code: 6d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[ 2089.011376][T14266] RSP: 002b:00007f37b7f01c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 2089.019791][T14266] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457ec9
[ 2089.027760][T14266] RDX: 0000000000000003 RSI: 0000000000b36000 RDI: 0000000020000000
[ 2089.035728][T14266] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000
[ 2089.043695][T14266] R10: 0000000000008031 R11: 0000000000000246 R12: 00007f37b7f026d4
[ 2089.051670][T14266] R13: 00000000004c3b56 R14: 00000000004d6910 R15: 00000000ffffffff
[ 2089.182797][T14266] memory: usage 307200kB, limit 307200kB, failcnt 4425
[ 2089.206250][T14266] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2089.209719][T14262] IPVS: ftp: loaded support on port[0] = 21
[ 2089.214102][T14266] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2089.243877][T14266] Memory cgroup stats for /syz5: cache:5292KB rss:255268KB rss_huge:229376KB shmem:5260KB mapped_file:5148KB dirty:0KB writeback:0KB swap:0KB inactive_anon:5392KB active_anon:255364KB inactive_file:0KB active_file:0KB unevictable:0KB
[ 2089.291405][T14266] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz5,mems_allowed=0-1,oom_memcg=/syz5,task_memcg=/syz5,task=syz-executor5,pid=14258,uid=0
[ 2089.316247][T14266] Memory cgroup out of memory: Kill process 14258 (syz-executor5) score 1114 or sacrifice child
[ 2089.353541][T14266] Killed process 14258 (syz-executor5) total-vm:70532kB, anon-rss:112kB, file-rss:32768kB, shmem-rss:5276kB
[ 2089.375579][ T1042] oom_reaper: reaped process 14258 (syz-executor5), now anon-rss:0kB, file-rss:32772kB, shmem-rss:5276kB
21:49:21 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:49:21 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x0, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:49:21 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0x3000000)

21:49:21 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x100000000000000]}}, 0x1c)

21:49:21 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff8\x00'}, &(0x7f0000000300)=0x54)

21:49:21 executing program 5:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x0, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:49:21 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0x4000000)

21:49:21 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x0}, 0x0)

[ 2089.652862][T14294] binder: 14293 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2089.652936][T14294] binder: 14293:14294 ioctl c018620c 20000200 returned -22
[ 2089.691163][T14306] IPVS: ftp: loaded support on port[0] = 21
21:49:21 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x200000000000000]}}, 0x1c)

[ 2089.742573][T14305] binder: 14299 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2089.742694][T14305] binder: 14299:14305 ioctl c018620c 20000200 returned -22
[ 2089.811971][T14299] syz-executor3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000
21:49:21 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:49:21 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0x8000000)

[ 2089.854553][T14299] CPU: 0 PID: 14299 Comm: syz-executor3 Not tainted 5.0.0-rc1-next-20190109 #8
[ 2089.863507][T14299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2089.873595][T14299] Call Trace:
[ 2089.876916][T14299]  dump_stack+0x1db/0x2d0
[ 2089.881249][T14299]  ? dump_stack_print_info.cold+0x20/0x20
[ 2089.886989][T14299]  ? check_preemption_disabled+0x48/0x290
[ 2089.892739][T14299]  dump_header+0x1e6/0x116c
[ 2089.897251][T14299]  ? add_lock_to_list.isra.0+0x450/0x450
21:49:21 executing program 5:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x0, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

[ 2089.902889][T14299]  ? perf_trace_lock+0x750/0x750
[ 2089.907828][T14299]  ? print_usage_bug+0xd0/0xd0
[ 2089.912623][T14299]  ? pagefault_out_of_memory+0x1a1/0x1a1
[ 2089.918264][T14299]  ? ___ratelimit+0x37c/0x686
[ 2089.918288][T14299]  ? mark_held_locks+0xb1/0x100
[ 2089.918307][T14299]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2089.918329][T14299]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2089.939528][T14299]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2089.944833][T14299]  ? trace_hardirqs_on+0xbd/0x310
[ 2089.949865][T14299]  ? kasan_check_read+0x11/0x20
[ 2089.954715][T14299]  ? ___ratelimit+0x37c/0x686
[ 2089.959395][T14299]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2089.965219][T14299]  ? do_raw_spin_trylock+0x270/0x270
[ 2089.970507][T14299]  ? trace_hardirqs_on_caller+0x310/0x310
[ 2089.976229][T14299]  ? lock_acquire+0x1db/0x570
[ 2089.980922][T14299]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 2089.986756][T14299]  ? ___ratelimit+0xac/0x686
[ 2089.986773][T14299]  ? idr_get_free+0xee0/0xee0
[ 2089.986789][T14299]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2089.986822][T14299]  oom_kill_process.cold+0x10/0x9ca
[ 2090.006520][T14299]  ? cgroup_procs_next+0x70/0x70
[ 2090.011469][T14299]  ? _raw_spin_unlock_irq+0x5e/0x90
[ 2090.016670][T14299]  ? oom_badness+0xa50/0xa50
[ 2090.021288][T14299]  ? oom_evaluate_task+0x540/0x540
[ 2090.026415][T14299]  ? mem_cgroup_iter_break+0x30/0x30
[ 2090.028392][T14322] binder: 14320 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2090.028404][T14322] binder: 14320:14322 ioctl c018620c 20000200 returned -22
[ 2090.031714][T14299]  ? mutex_trylock+0x2d0/0x2d0
21:49:22 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0xa000000)

[ 2090.031730][T14299]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2090.031760][T14299]  ? rcu_read_unlock_special+0x380/0x380
[ 2090.031785][T14299]  out_of_memory+0x885/0x1420
[ 2090.031817][T14299]  ? mem_cgroup_iter+0x4f4/0xf50
[ 2090.031839][T14299]  ? oom_killer_disable+0x340/0x340
[ 2090.031856][T14299]  ? mem_cgroup_unmark_under_oom+0x8d/0xb0
[ 2090.031877][T14299]  ? lock_acquire+0x1db/0x570
[ 2090.058650][T14299]  mem_cgroup_out_of_memory+0x160/0x210
[ 2090.058666][T14299]  ? do_raw_spin_unlock+0xa0/0x330
[ 2090.058689][T14299]  ? memory_oom_group_write+0x160/0x160
[ 2090.105698][T14299]  ? do_raw_spin_trylock+0x270/0x270
[ 2090.110991][T14299]  ? _raw_spin_unlock+0x2d/0x50
[ 2090.115843][T14299]  try_charge+0x1457/0x1d00
[ 2090.120364][T14299]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 2090.125916][T14299]  ? find_held_lock+0x35/0x120
[ 2090.130702][T14299]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[ 2090.136250][T14299]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2090.136271][T14299]  ? lock_downgrade+0xbe0/0xbe0
[ 2090.136294][T14299]  ? kasan_check_read+0x11/0x20
[ 2090.152187][T14299]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2090.158173][T14299]  ? rcu_read_unlock_special+0x380/0x380
[ 2090.163819][T14299]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[ 2090.169397][T14299]  __memcg_kmem_charge_memcg+0x7c/0x130
[ 2090.174956][T14299]  ? memcg_kmem_put_cache+0xb0/0xb0
[ 2090.180165][T14299]  ? lock_release+0xc40/0xc40
[ 2090.184850][T14299]  __memcg_kmem_charge+0x136/0x300
[ 2090.184876][T14299]  __alloc_pages_nodemask+0x7b8/0xdc0
[ 2090.195341][T14299]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[ 2090.201056][T14299]  ? rcu_pm_notify+0xd0/0xd0
[ 2090.205699][T14299]  ? rcu_read_lock_sched_held+0x110/0x130
[ 2090.211454][T14299]  ? kmem_cache_alloc_node+0x347/0x710
[ 2090.216910][T14299]  ? print_usage_bug+0xd0/0xd0
[ 2090.221688][T14299]  copy_process+0x847/0x8700
[ 2090.226293][T14299]  ? print_usage_bug+0xd0/0xd0
[ 2090.231062][T14299]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2090.237302][T14299]  ? check_preemption_disabled+0x48/0x290
[ 2090.243028][T14299]  ? __lock_acquire+0x572/0x4a10
[ 2090.243041][T14299]  ? mark_held_locks+0x100/0x100
[ 2090.243082][T14299]  ? __cleanup_sighand+0x70/0x70
[ 2090.257856][T14299]  ? mark_held_locks+0x100/0x100
[ 2090.262791][T14299]  ? find_held_lock+0x35/0x120
[ 2090.267564][T14299]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2090.273823][T14299]  ? check_preemption_disabled+0x48/0x290
[ 2090.279552][T14299]  ? debug_smp_processor_id+0x1c/0x20
[ 2090.284928][T14299]  ? perf_trace_lock_acquire+0x138/0x7d0
[ 2090.290590][T14299]  ? delayacct_end+0xc9/0x100
[ 2090.290613][T14299]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2090.290639][T14299]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2090.307130][T14299]  ? perf_trace_lock+0x750/0x750
[ 2090.312073][T14299]  ? perf_trace_lock_acquire+0x138/0x7d0
[ 2090.317718][T14299]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2090.323346][T14299]  ? find_held_lock+0x35/0x120
[ 2090.323363][T14299]  ? print_usage_bug+0xd0/0xd0
[ 2090.323386][T14299]  ? psi_memstall_leave+0x1f8/0x280
[ 2090.338054][T14299]  ? find_held_lock+0x35/0x120
[ 2090.342822][T14299]  ? __lock_acquire+0x572/0x4a10
[ 2090.342842][T14299]  ? _raw_spin_unlock_irq+0x28/0x90
[ 2090.342862][T14299]  ? _raw_spin_unlock_irq+0x28/0x90
[ 2090.358673][T14299]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2090.363961][T14299]  ? trace_hardirqs_on+0xbd/0x310
[ 2090.369007][T14299]  ? mark_held_locks+0x100/0x100
[ 2090.373954][T14299]  ? check_preemption_disabled+0x48/0x290
[ 2090.379685][T14299]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2090.385928][T14299]  ? check_preemption_disabled+0x48/0x290
[ 2090.391660][T14299]  ? debug_smp_processor_id+0x1c/0x20
[ 2090.397026][T14299]  ? perf_trace_lock_acquire+0x138/0x7d0
[ 2090.397049][T14299]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2090.397063][T14299]  ? perf_trace_lock+0x750/0x750
[ 2090.397076][T14299]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2090.397099][T14299]  ? try_to_free_pages+0xb70/0xb70
[ 2090.423649][T14299]  ? percpu_ref_put_many+0x129/0x270
[ 2090.428951][T14299]  ? blkcg_maybe_throttle_current+0x75e/0x13c0
[ 2090.435104][T14299]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2090.435128][T14299]  _do_fork+0x1a9/0x1170
[ 2090.435152][T14299]  ? fork_idle+0x1d0/0x1d0
[ 2090.450027][T14299]  ? trace_hardirqs_off+0xb8/0x310
[ 2090.455132][T14299]  ? get_mctgt_type_thp.isra.0+0x4c0/0x4c0
[ 2090.460943][T14299]  ? prepare_exit_to_usermode+0x32e/0x3b0
[ 2090.466672][T14299]  ? do_syscall_64+0x8c/0x800
[ 2090.471346][T14299]  ? do_syscall_64+0x8c/0x800
[ 2090.471363][T14299]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2090.471383][T14299]  ? trace_hardirqs_on+0xbd/0x310
[ 2090.486352][T14299]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2090.492432][T14299]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2090.498271][T14299]  __x64_sys_clone+0xbf/0x150
[ 2090.502956][T14299]  do_syscall_64+0x1a3/0x800
[ 2090.507551][T14299]  ? syscall_return_slowpath+0x5f0/0x5f0
[ 2090.507569][T14299]  ? prepare_exit_to_usermode+0x232/0x3b0
[ 2090.507588][T14299]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 2090.507626][T14299]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 2090.507645][T14299] RIP: 0033:0x45a899
[ 2090.530384][T14299] Code: ff 48 85 f6 0f 84 97 8d fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c 6e 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75
[ 2090.553888][T14299] RSP: 002b:00007ffd98177ae8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038
[ 2090.553906][T14299] RAX: ffffffffffffffda RBX: 00007f58d409f700 RCX: 000000000045a899
[ 2090.553914][T14299] RDX: 00007f58d409f9d0 RSI: 00007f58d409edb0 RDI: 00000000003d0f00
[ 2090.553922][T14299] RBP: 00007ffd98177cf0 R08: 00007f58d409f700 R09: 00007f58d409f700
[ 2090.553930][T14299] R10: 00007f58d409f9d0 R11: 0000000000000202 R12: 0000000000000000
[ 2090.553937][T14299] R13: 00007ffd98177b9f R14: 00007f58d409f9c0 R15: 000000000073bfac
[ 2090.626691][T14299] memory: usage 307152kB, limit 307200kB, failcnt 4288
[ 2090.635801][T14299] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2090.663387][T14299] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2090.822913][T14299] Memory cgroup stats for /syz3: cache:56KB rss:240496KB rss_huge:206848KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:240568KB inactive_file:0KB active_file:0KB unevictable:0KB
[ 2090.853290][T14299] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor3,pid=5099,uid=0
[ 2090.881841][T14306] IPVS: ftp: loaded support on port[0] = 21
[ 2090.899428][T14299] Memory cgroup out of memory: Kill process 5099 (syz-executor3) score 1107 or sacrifice child
[ 2090.919442][T14299] Killed process 5099 (syz-executor3) total-vm:70532kB, anon-rss:2204kB, file-rss:33748kB, shmem-rss:0kB
21:49:22 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x0, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:49:22 executing program 5:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x0, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:49:22 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0xe000000)

[ 2090.941395][ T1042] oom_reaper: reaped process 5099 (syz-executor3), now anon-rss:0kB, file-rss:32788kB, shmem-rss:0kB
[ 2091.114838][T14335] binder: 14333 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2091.114904][T14335] binder: 14333:14335 ioctl c018620c 20000200 returned -22
[ 2091.154375][T14340] binder: 14339 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2091.154405][T14340] binder: 14339:14340 ioctl c018620c 20000200 returned -22
21:49:23 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00'}, &(0x7f0000000300)=0x54)

21:49:23 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x300000000000000]}}, 0x1c)

21:49:23 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0xf000000)

21:49:23 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:49:23 executing program 5:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x0, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})

21:49:23 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x0, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

[ 2091.437783][T14361] binder: 14351 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2091.437797][T14361] binder: 14351:14361 ioctl c018620c 20000200 returned -22
[ 2091.458174][T14360] IPVS: ftp: loaded support on port[0] = 21
[ 2091.466680][T14355] binder: 14354 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
21:49:23 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0x10000000)

21:49:23 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x400000000000000]}}, 0x1c)

21:49:23 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x0}, 0x0)

[ 2091.466715][T14355] binder: 14354:14355 ioctl c018620c 20000200 returned -22
21:49:23 executing program 5:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x0, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)

21:49:23 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0x60000000)

21:49:23 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x0}, 0x0)

[ 2092.104274][T14360] IPVS: ftp: loaded support on port[0] = 21
21:49:24 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02L\x00'}, &(0x7f0000000300)=0x54)

21:49:24 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x0, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:49:24 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x500000000000000]}}, 0x1c)

21:49:24 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0x8c1b0000)

21:49:24 executing program 5:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x0, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))

21:49:24 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:49:24 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0x9effffff)

[ 2092.474962][T14399] IPVS: ftp: loaded support on port[0] = 21
21:49:24 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x600000000000000]}}, 0x1c)

21:49:24 executing program 5:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x0, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)

[ 2092.519285][T14395] binder: 14389 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2092.519336][T14395] binder: 14389:14395 ioctl c018620c 20000200 returned -22
21:49:24 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x0, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:49:24 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:49:24 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x700000000000000]}}, 0x1c)

[ 2092.734811][T14417] binder: 14412 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2092.734824][T14417] binder: 14412:14417 ioctl c018620c 20000200 returned -22
[ 2093.029251][T14399] IPVS: ftp: loaded support on port[0] = 21
21:49:25 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00b\x00'}, &(0x7f0000000300)=0x54)

21:49:25 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0xf0ffffff)

21:49:25 executing program 5:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x0, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)

21:49:25 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:49:25 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x0, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:49:25 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x800000000000000]}}, 0x1c)

21:49:25 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:49:25 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0xfffff000)

[ 2093.362857][T14436] IPVS: ftp: loaded support on port[0] = 21
[ 2093.372274][T14431] binder: 14428 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2093.372288][T14431] binder: 14428:14431 ioctl c018620c 20000200 returned -22
21:49:25 executing program 5:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x0, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
getpgrp(0xffffffffffffffff)

21:49:25 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x900000000000000]}}, 0x1c)

21:49:25 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x0, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:49:25 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x0}, 0x0)

[ 2093.702227][T14459] binder: 14450:14459 ioctl c018620c 20000200 returned -22
[ 2093.886339][    C1] net_ratelimit: 26 callbacks suppressed
[ 2093.886350][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2093.897888][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 2093.941734][T14436] IPVS: ftp: loaded support on port[0] = 21
[ 2093.966315][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2093.972145][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 2093.977992][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2093.983751][    C1] protocol 88fb is buggy, dev hsr_slave_1
21:49:26 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00c\x00'}, &(0x7f0000000300)=0x54)

21:49:26 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0xffffff7f)

21:49:26 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x0, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:49:26 executing program 5:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x0, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)

21:49:26 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0xa00000000000000]}}, 0x1c)

21:49:26 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:49:26 executing program 5:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x0, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)

21:49:26 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:49:26 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0xffffff9e)

21:49:26 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x1000000000000000]}}, 0x1c)

[ 2094.330687][T14478] binder: 14471:14478 ioctl c018620c 20000200 returned -22
[ 2094.331069][T14477] IPVS: ftp: loaded support on port[0] = 21
21:49:26 executing program 5:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x0, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)

21:49:26 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0xfffffff0)

[ 2094.686435][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 2094.692274][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 2094.698171][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 2094.703967][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 2094.991704][T14477] IPVS: ftp: loaded support on port[0] = 21
21:49:27 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x00\xff\xff\xfep\x00'}, &(0x7f0000000300)=0x54)

21:49:27 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x0, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:49:27 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x2001001000000000]}}, 0x1c)

21:49:27 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:49:27 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0x3000000000000)

21:49:27 executing program 5:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x0, 0x1ff, 0x101, 0x2, 0x5, 0x1})
dup2(0xffffffffffffffff, 0xffffffffffffffff)
getpid()

21:49:27 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:49:27 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x3f00000000000000]}}, 0x1c)

21:49:27 executing program 5:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x0, 0x1ff, 0x101, 0x2, 0x5, 0x1})
dup2(0xffffffffffffffff, 0xffffffffffffffff)
getpid()

21:49:27 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0x40030000000000)

[ 2095.427597][T14515] binder_ioctl_get_node_info_for_ref: 2 callbacks suppressed
[ 2095.427618][T14515] binder: 14509 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2095.427638][T14515] binder: 14509:14515 ioctl c018620c 20000200 returned -22
[ 2095.436234][T14514] IPVS: ftp: loaded support on port[0] = 21
21:49:27 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:49:27 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x0}, 0x0)

[ 2095.789176][T14537] binder: 14531 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2095.789188][T14537] binder: 14531:14537 ioctl c018620c 20000200 returned -22
[ 2096.072103][T14514] IPVS: ftp: loaded support on port[0] = 21
21:49:28 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00q\x00'}, &(0x7f0000000300)=0x54)

21:49:28 executing program 5:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x0, 0x1ff, 0x101, 0x2, 0x5, 0x1})
dup2(0xffffffffffffffff, 0xffffffffffffffff)

21:49:28 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x4000000000000000]}}, 0x1c)

21:49:28 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:49:28 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0xf0ffffffffffff)

21:49:28 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:49:28 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0x100000000000000)

21:49:28 executing program 5:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x0, 0x1ff, 0x101, 0x2, 0x5, 0x1})
dup2(0xffffffffffffffff, 0xffffffffffffffff)

21:49:28 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:49:28 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x0}, 0x0)

[ 2096.412829][T14553] IPVS: ftp: loaded support on port[0] = 21
[ 2096.433839][T14555] binder: 14546 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2096.433852][T14555] binder: 14546:14555 ioctl c018620c 20000200 returned -22
21:49:28 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x7800000000000000]}}, 0x1c)

21:49:28 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0x200000000000000)

[ 2096.886976][T14574] binder: 14571 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2096.886990][T14574] binder: 14571:14574 ioctl c018620c 20000200 returned -22
[ 2097.103063][T14553] IPVS: ftp: loaded support on port[0] = 21
21:49:29 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x88\x00'}, &(0x7f0000000300)=0x54)

21:49:29 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:49:29 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0xfc00000000000000]}}, 0x1c)

21:49:29 executing program 5:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x0, 0x1ff, 0x101, 0x2, 0x5, 0x1})

21:49:29 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0x300000000000000)

21:49:29 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:49:29 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0x400000000000000)

21:49:29 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:49:29 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x0}, 0x0)

[ 2097.554602][T14589] IPVS: ftp: loaded support on port[0] = 21
21:49:29 executing program 5:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)

21:49:29 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0xfe80000000000000]}}, 0x1c)

21:49:29 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0x800000000000000)

[ 2097.932443][T14613] binder: 14604 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2097.932455][T14613] binder: 14604:14613 ioctl c018620c 20000200 returned -22
[ 2098.227514][T14589] IPVS: ftp: loaded support on port[0] = 21
21:49:30 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x98\x00'}, &(0x7f0000000300)=0x54)

21:49:30 executing program 5:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)

21:49:30 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0xa00000000000000)

21:49:30 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:49:30 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0xfec0000000000000]}}, 0x1c)

21:49:30 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:49:30 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0xe00000000000000)

21:49:30 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:49:30 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0xff00000000000000]}}, 0x1c)

[ 2098.579322][T14623] binder: 14622 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2098.579409][T14623] binder: 14622:14623 ioctl c018620c 20000200 returned -22
21:49:30 executing program 5:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)

[ 2098.643401][T14630] IPVS: ftp: loaded support on port[0] = 21
21:49:30 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:49:30 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0xf00000000000000)

[ 2099.174494][T14630] IPVS: ftp: loaded support on port[0] = 21
21:49:31 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x9c\x00'}, &(0x7f0000000300)=0x54)

21:49:31 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
getpid()
write$FUSE_LK(r2, 0x0, 0x0)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r3 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r3, 0x3a)
r4 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r4, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:49:31 executing program 5:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)

21:49:31 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0xffffffff00000000]}}, 0x1c)

21:49:31 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:49:31 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0x1000000000000000)

21:49:31 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:49:31 executing program 5:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)

21:49:31 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0x6000000000000000)

[ 2099.559857][T14664] binder: 14655 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2099.559930][T14664] binder: 14655:14664 ioctl c018620c 20000200 returned -22
[ 2099.576867][T14668] IPVS: ftp: loaded support on port[0] = 21
21:49:31 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
getpid()
write$FUSE_LK(r2, 0x0, 0x0)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r3 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r3, 0x3a)
r4 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r4, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:49:31 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x0, 0x2]}}, 0x1c)

21:49:31 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x0}, 0x0)

[ 2099.909364][T14691] binder: 14682 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2099.909378][T14691] binder: 14682:14691 ioctl c018620c 20000200 returned -22
[ 2100.126313][    C1] net_ratelimit: 26 callbacks suppressed
[ 2100.126322][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2100.137860][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 2100.177354][T14668] IPVS: ftp: loaded support on port[0] = 21
[ 2100.206359][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2100.212211][    C1] protocol 88fb is buggy, dev hsr_slave_1
[ 2100.218148][    C1] protocol 88fb is buggy, dev hsr_slave_0
[ 2100.224000][    C1] protocol 88fb is buggy, dev hsr_slave_1
21:49:32 executing program 1:
unshare(0x40000000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket$pptp(0x18, 0x1, 0x2)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\x9d\x00'}, &(0x7f0000000300)=0x54)

21:49:32 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0x8c1b000000000000)

21:49:32 executing program 5:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)

21:49:32 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x0, 0x3]}}, 0x1c)

21:49:32 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:49:32 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
getpid()
write$FUSE_LK(r2, 0x0, 0x0)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r3 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r3, 0x3a)
r4 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r4, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:49:32 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x1c, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}, [@nested={0x8, 0x2, [@generic='P']}]}, 0x1c}, 0x1, 0x0, 0x0, 0x0}, 0x0)

21:49:32 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0x9effffff00000000)

21:49:32 executing program 3:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
signalfd4(r0, 0x0, 0x0, 0x80800)
shmctl$IPC_STAT(0x0, 0x2, &(0x7f0000000080)=""/19)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000000)={0x40, 0x0, 0x301f, 0x1ff, 0x101, 0x2, 0x5, 0x1})
r2 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r3 = getpid()
write$FUSE_LK(r2, &(0x7f0000000040)={0x28, 0x0, 0x0, {{0x2, 0x100000001, 0x2, r3}}}, 0x28)
ioctl$BLKTRACESTOP(r2, 0x1275, 0x0)
r4 = getpgrp(0xffffffffffffffff)
tgkill(0x0, r4, 0x3a)
r5 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSMRU1(r2, 0x40047452, &(0x7f00000001c0))
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r5, 0xc018620c, &(0x7f0000000200)={0xfffffffffffffe2a, 0x60000000, 0x0, 0xffffffffffffffba, 0x0, 0x0})
pwritev(0xffffffffffffffff, &(0x7f0000000180)=[{&(0x7f0000000080)='4', 0x1}], 0x1, 0x0)

21:49:32 executing program 0:
r0 = socket$inet6(0xa, 0x80003, 0x5)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1_to_bridge\x00', <r1=>0x0})
setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f0000000040)={@mcast2, r1}, 0xfe6a)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x0, 0x0, @empty={[0x0, 0x4]}}, 0x1c)

21:49:32 executing program 5:
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x20100, 0x0)

[ 2100.634581][T14708] IPVS: ftp: loaded support on port[0] = 21
[ 2100.655041][T14710] binder: 14704 BINDER_GET_NODE_INFO_FOR_REF: only handle may be non-zero.
[ 2100.655053][T14710] binder: 14704:14710 ioctl c018620c 20000200 returned -22
21:49:32 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x14, 0x38, 0x829, 0x0, 0x0, {0x2802, 0x1000000, 0x2}}, 0x14}}, 0xf0ffffff00000000)

[ 2100.936326][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 2100.942190][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 2100.948161][    C0] protocol 88fb is buggy, dev hsr_slave_0
[ 2100.953968][    C0] protocol 88fb is buggy, dev hsr_slave_1
[ 2101.246599][ T1048] kasan: CONFIG_KASAN_INLINE enabled
[ 2101.252416][ T1048] kasan: GPF could be caused by NULL-ptr deref or user memory access
[ 2101.260840][ T1048] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[ 2101.267788][ T1048] CPU: 0 PID: 1048 Comm: khugepaged Not tainted 5.0.0-rc1-next-20190109 #8
[ 2101.276370][ T1048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 2101.286463][ T1048] RIP: 0010:try_charge+0x12a8/0x1d00
[ 2101.291745][ T1048] Code: c0 e8 dc bf fe ff 4c 89 f2 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 c6 04 02 00 49 8d bc 24 40 05 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 20 0a 00 00 4c 89 f2 4d 8b a4 24 40 05 00 00 48
[ 2101.311345][ T1048] RSP: 0018:ffff8880a785f3e0 EFLAGS: 00010202
[ 2101.317410][ T1048] RAX: dffffc0000000000 RBX: ffff888058900b80 RCX: 1ffff11014f0be6a
[ 2101.325408][ T1048] RDX: 00000000000000a8 RSI: 0000000000000000 RDI: 0000000000000540
[ 2101.333367][ T1048] RBP: ffff8880a785f5e8 R08: 1ffff11015cc5b8f R09: ffffed1015cc5b90
[ 2101.341329][ T1048] R10: ffffed1015cc5b8f R11: ffff8880ae62dc7b R12: 0000000000000000
[ 2101.349336][ T1048] R13: ffff8880a785f5c0 R14: ffff8880a785f580 R15: 0000000000000000
[ 2101.357325][ T1048] FS:  0000000000000000(0000) GS:ffff8880ae600000(0000) knlGS:0000000000000000
[ 2101.366261][ T1048] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2101.372895][ T1048] CR2: 00007f6be5c85db8 CR3: 000000004d57b000 CR4: 00000000001426f0
[ 2101.380867][ T1048] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2101.383715][T14709] IPVS: ftp: loaded support on port[0] = 21
[ 2101.388842][ T1048] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2101.388848][ T1048] Call Trace:
[ 2101.388870][ T1048]  ? get_mem_cgroup_from_mm+0x1cd/0x420
[ 2101.388889][ T1048]  ? mem_cgroup_oom_trylock+0x1a0/0x1a0
[ 2101.388902][ T1048]  ? lock_downgrade+0xbe0/0xbe0
[ 2101.388916][ T1048]  ? kasan_check_read+0x11/0x20
[ 2101.388932][ T1048]  ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170
[ 2101.388947][ T1048]  ? rcu_read_unlock_special+0x380/0x380
[ 2101.388966][ T1048]  ? get_mem_cgroup_from_mm+0x1ea/0x420
[ 2101.388985][ T1048]  ? get_mem_cgroup_from_page+0x190/0x190
[ 2101.449631][ T1048]  ? high_work_func+0x20/0x20
[ 2101.454321][ T1048]  ? rcu_read_lock_sched_held+0x110/0x130
[ 2101.460046][ T1048]  ? __alloc_pages_nodemask+0xaca/0xdc0
[ 2101.465601][ T1048]  mem_cgroup_try_charge+0x43a/0xdb0
[ 2101.470907][ T1048]  ? __alloc_pages_slowpath+0x2c60/0x2c60
[ 2101.476646][ T1048]  ? mem_cgroup_protected+0xa10/0xa10
[ 2101.482064][ T1048]  ? prep_transhuge_page+0x74/0x160
[ 2101.487273][ T1048]  ? maybe_pmd_mkwrite+0x100/0x100
[ 2101.492394][ T1048]  ? up_read+0x212/0x2b0
[ 2101.496653][ T1048]  ? perf_trace_lock_acquire+0x138/0x7d0
[ 2101.502285][ T1048]  ? up_read_non_owner+0x100/0x100
[ 2101.507400][ T1048]  ? check_preemption_disabled+0x48/0x290
[ 2101.513130][ T1048]  collapse_huge_page+0x17d/0x2280
[ 2101.518249][ T1048]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2101.523884][ T1048]  ? perf_trace_lock+0x750/0x750
[ 2101.528825][ T1048]  ? print_usage_bug+0xd0/0xd0
[ 2101.533592][ T1048]  ? prepare_to_wait_event+0x1fa/0xa20
[ 2101.539074][ T1048]  ? __collapse_huge_page_swapin+0x1570/0x1570
[ 2101.545234][ T1048]  ? khugepaged_scan_pmd+0x1637/0x1f00
[ 2101.550697][ T1048]  ? lock_acquire+0x1db/0x570
[ 2101.555382][ T1048]  ? kasan_check_read+0x11/0x20
[ 2101.560233][ T1048]  ? do_raw_spin_unlock+0xa0/0x330
[ 2101.565346][ T1048]  ? _vm_normal_page+0x15d/0x3d0
[ 2101.570284][ T1048]  ? do_raw_spin_trylock+0x270/0x270
[ 2101.575569][ T1048]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2101.581376][ T1048]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2101.587651][ T1048]  ? khugepaged_find_target_node+0x142/0x180
[ 2101.593650][ T1048]  khugepaged_scan_pmd+0x165f/0x1f00
[ 2101.598946][ T1048]  ? collapse_huge_page+0x2280/0x2280
[ 2101.604316][ T1048]  ? perf_trace_lock_acquire+0x138/0x7d0
[ 2101.609963][ T1048]  ? mark_held_locks+0xb1/0x100
[ 2101.614858][ T1048]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2101.620489][ T1048]  ? add_lock_to_list.isra.0+0x450/0x450
[ 2101.626117][ T1048]  ? lock_acquire+0x1db/0x570
[ 2101.630811][ T1048]  ? __lock_is_held+0xb6/0x140
[ 2101.635583][ T1048]  ? ___might_sleep+0x1e7/0x310
[ 2101.640438][ T1048]  ? khugepaged+0x83c/0x18a0
[ 2101.645055][ T1048]  ? arch_local_save_flags+0x50/0x50
[ 2101.650368][ T1048]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[ 2101.656604][ T1048]  ? is_vma_temporary_stack+0x74/0x90
[ 2101.662019][ T1048]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[ 2101.668274][ T1048]  khugepaged+0xcfe/0x18a0
[ 2101.672700][ T1048]  ? khugepaged_scan_pmd+0x1f00/0x1f00
[ 2101.678184][ T1048]  ? find_held_lock+0x35/0x120
[ 2101.682964][ T1048]  ? __kthread_parkme+0xc3/0x1b0
[ 2101.687904][ T1048]  ? lock_acquire+0x1db/0x570
[ 2101.692577][ T1048]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2101.698383][ T1048]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 2101.704185][ T1048]  ? lockdep_hardirqs_on+0x415/0x5d0
[ 2101.709463][ T1048]  ? trace_hardirqs_on+0xbd/0x310
[ 2101.714501][ T1048]  ? trace_hardirqs_off_caller+0x300/0x300
[ 2101.720306][ T1048]  ? schedule+0x108/0x350
[ 2101.724646][ T1048]  ? do_raw_spin_trylock+0x270/0x270
[ 2101.729934][ T1048]  ? _raw_spin_unlock_irqrestore+0xa4/0xe0
[ 2101.735736][ T1048]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[ 2101.741972][ T1048]  ? __kthread_parkme+0xfb/0x1b0
[ 2101.746917][ T1048]  kthread+0x357/0x430
[ 2101.750989][ T1048]  ? khugepaged_scan_pmd+0x1f00/0x1f00
[ 2101.756444][ T1048]  ? kthread_stop+0x920/0x920
[ 2101.761125][ T1048]  ret_from_fork+0x3a/0x50
[ 2101.765565][ T1048] Modules linked in:
[ 2101.778259][ T1048] ---[ end trace 46fc27bb7baba15f ]---
[ 2101.783807][ T1048] RIP: 0010:try_charge+0x12a8/0x1d00
[ 2101.793032][ T1048] Code: c0 e8 dc bf fe ff 4c 89 f2 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 c6 04 02 00 49 8d bc 24 40 05 00 00 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 20 0a 00 00 4c 89 f2 4d 8b a4 24 40 05 00 00 48
[ 2101.817475][ T1048] RSP: 0018:ffff8880a785f3e0 EFLAGS: 00010202
[ 2101.823590][ T1048] RAX: dffffc0000000000 RBX: ffff888058900b80 RCX: 1ffff11014f0be6a
[ 2101.834984][ T1048] RDX: 00000000000000a8 RSI: 0000000000000000 RDI: 0000000000000540
[ 2101.844875][ T1048] RBP: ffff8880a785f5e8 R08: 1ffff11015cc5b8f R09: ffffed1015cc5b90
[ 2101.856102][ T1048] R10: ffffed1015cc5b8f R11: ffff8880ae62dc7b R12: 0000000000000000
[ 2101.865963][ T1048] R13: ffff8880a785f5c0 R14: ffff8880a785f580 R15: 0000000000000000
[ 2101.878651][ T1048] FS:  0000000000000000(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000
[ 2101.889814][ T1048] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2101.898355][ T1048] CR2: 00007f6be5c64db8 CR3: 00000000a4600000 CR4: 00000000001426e0
[ 2101.907317][ T1048] DR0: 000000000000b8c4 DR1: 0000000000000000 DR2: 0000000000000000
[ 2101.915276][ T1048] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2101.924855][ T1048] Kernel panic - not syncing: Fatal exception
[ 2101.932040][ T1048] Kernel Offset: disabled
[ 2101.936363][ T1048] Rebooting in 86400 seconds..