[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 73.156843] audit: type=1800 audit(1544017406.202:25): pid=6724 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 73.176322] audit: type=1800 audit(1544017406.232:26): pid=6724 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 73.206442] audit: type=1800 audit(1544017406.252:27): pid=6724 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 80.073308] sshd (6862) used greatest stack depth: 53584 bytes left Warning: Permanently added '10.128.0.5' (ECDSA) to the list of known hosts. 2018/12/05 13:43:44 fuzzer started 2018/12/05 13:43:48 dialing manager at 10.128.0.26:40237 2018/12/05 13:43:49 syscalls: 1 2018/12/05 13:43:49 code coverage: enabled 2018/12/05 13:43:49 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/12/05 13:43:49 setuid sandbox: enabled 2018/12/05 13:43:49 namespace sandbox: enabled 2018/12/05 13:43:49 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/05 13:43:49 fault injection: enabled 2018/12/05 13:43:49 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/05 13:43:49 net packet injection: enabled 2018/12/05 13:43:49 net device setup: enabled 13:47:07 executing program 0: [ 295.351030] IPVS: ftp: loaded support on port[0] = 21 [ 297.842353] bridge0: port 1(bridge_slave_0) entered blocking state [ 297.848981] bridge0: port 1(bridge_slave_0) entered disabled state [ 297.858197] device bridge_slave_0 entered promiscuous mode [ 298.015311] bridge0: port 2(bridge_slave_1) entered blocking state [ 298.022064] bridge0: port 2(bridge_slave_1) entered disabled state [ 298.031131] device bridge_slave_1 entered promiscuous mode [ 298.171384] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 298.307819] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 13:47:11 executing program 1: [ 298.724599] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 298.961510] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 299.248726] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 299.256083] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 299.364462] IPVS: ftp: loaded support on port[0] = 21 [ 299.511324] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 299.518464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 300.151443] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 300.160497] team0: Port device team_slave_0 added [ 300.459333] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 300.468466] team0: Port device team_slave_1 added [ 300.760670] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 300.767910] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 300.777223] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 301.045969] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 301.053161] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 301.062345] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 301.318318] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 301.326086] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 301.335476] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 301.515799] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 301.523620] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 301.533382] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 302.875237] bridge0: port 1(bridge_slave_0) entered blocking state [ 302.882037] bridge0: port 1(bridge_slave_0) entered disabled state [ 302.890881] device bridge_slave_0 entered promiscuous mode [ 303.184818] bridge0: port 2(bridge_slave_1) entered blocking state [ 303.191350] bridge0: port 2(bridge_slave_1) entered disabled state [ 303.200308] device bridge_slave_1 entered promiscuous mode [ 303.466755] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 303.605212] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 13:47:17 executing program 2: [ 304.186870] bridge0: port 2(bridge_slave_1) entered blocking state [ 304.193569] bridge0: port 2(bridge_slave_1) entered forwarding state [ 304.200924] bridge0: port 1(bridge_slave_0) entered blocking state [ 304.207813] bridge0: port 1(bridge_slave_0) entered forwarding state [ 304.218041] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 304.312141] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 304.338095] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 304.649664] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 304.849881] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 304.857113] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 305.090337] IPVS: ftp: loaded support on port[0] = 21 [ 305.133615] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 305.140736] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 305.824242] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 305.833310] team0: Port device team_slave_0 added [ 306.141106] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 306.149972] team0: Port device team_slave_1 added [ 306.463347] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 306.470613] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 306.480231] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 306.737110] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 306.744323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 306.753936] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 307.051239] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 307.059309] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 307.069326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 307.367648] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 307.375590] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 307.386242] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 310.034387] bridge0: port 1(bridge_slave_0) entered blocking state [ 310.040989] bridge0: port 1(bridge_slave_0) entered disabled state [ 310.050319] device bridge_slave_0 entered promiscuous mode [ 310.316575] bridge0: port 2(bridge_slave_1) entered blocking state [ 310.323206] bridge0: port 2(bridge_slave_1) entered disabled state [ 310.332258] device bridge_slave_1 entered promiscuous mode [ 310.664906] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 310.866327] bridge0: port 2(bridge_slave_1) entered blocking state [ 310.873043] bridge0: port 2(bridge_slave_1) entered forwarding state [ 310.880201] bridge0: port 1(bridge_slave_0) entered blocking state [ 310.886926] bridge0: port 1(bridge_slave_0) entered forwarding state [ 310.896712] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 310.957730] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 311.542573] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 311.641319] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 311.988350] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 312.260761] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 312.268033] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 13:47:25 executing program 3: [ 312.514196] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 312.521274] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 313.439516] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 313.448348] team0: Port device team_slave_0 added [ 313.722248] IPVS: ftp: loaded support on port[0] = 21 [ 313.882724] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 313.891525] team0: Port device team_slave_1 added [ 314.237145] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 314.244366] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 314.253865] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 314.552585] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 314.559711] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 314.569048] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 314.852875] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 314.860966] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 314.870437] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 315.232310] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 315.240055] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 315.249979] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 316.634943] 8021q: adding VLAN 0 to HW filter on device bond0 [ 318.025746] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 319.154118] bridge0: port 2(bridge_slave_1) entered blocking state [ 319.160738] bridge0: port 2(bridge_slave_1) entered forwarding state [ 319.168131] bridge0: port 1(bridge_slave_0) entered blocking state [ 319.174822] bridge0: port 1(bridge_slave_0) entered forwarding state [ 319.184822] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 319.271002] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 319.278417] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 319.286838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 319.717970] bridge0: port 1(bridge_slave_0) entered blocking state [ 319.724630] bridge0: port 1(bridge_slave_0) entered disabled state [ 319.733363] device bridge_slave_0 entered promiscuous mode [ 320.022281] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 320.070433] bridge0: port 2(bridge_slave_1) entered blocking state [ 320.079437] bridge0: port 2(bridge_slave_1) entered disabled state [ 320.088707] device bridge_slave_1 entered promiscuous mode [ 320.347033] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 320.613496] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 320.689032] 8021q: adding VLAN 0 to HW filter on device team0 [ 321.639628] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 322.079188] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 322.435956] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 322.443411] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 322.788985] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 322.798136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 13:47:36 executing program 4: [ 323.611847] ip (7469) used greatest stack depth: 53520 bytes left [ 323.904908] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 323.914002] team0: Port device team_slave_0 added [ 324.270283] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 324.279917] team0: Port device team_slave_1 added [ 324.742474] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 324.749616] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 324.759055] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 324.802925] IPVS: ftp: loaded support on port[0] = 21 [ 325.085139] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 325.092388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 325.102035] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 325.263824] 8021q: adding VLAN 0 to HW filter on device bond0 [ 325.479353] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 325.487117] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 325.496328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 325.846867] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 325.854967] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 325.864544] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 326.758066] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 328.428385] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 328.434922] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 328.443680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 13:47:42 executing program 0: 13:47:42 executing program 0: socketpair$unix(0x1, 0x7, 0x0, &(0x7f0000000140)) openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x400, 0x0) clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@remote, 0x800, 0x0, 0xff}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x88d9, @loopback={0x0, 0x3}}, 0x1c) 13:47:43 executing program 0: r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x37) capset(&(0x7f00000001c0)={0x20080522}, &(0x7f0000000200)) socket$inet6(0xa, 0x200000000080003, 0x80000000001f) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x200201, 0x0) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f0000000040)) [ 330.266072] 8021q: adding VLAN 0 to HW filter on device team0 [ 330.530190] bridge0: port 2(bridge_slave_1) entered blocking state [ 330.536942] bridge0: port 2(bridge_slave_1) entered forwarding state [ 330.544406] bridge0: port 1(bridge_slave_0) entered blocking state [ 330.550976] bridge0: port 1(bridge_slave_0) entered forwarding state [ 330.560292] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready 13:47:43 executing program 0: pselect6(0x40, &(0x7f0000000000), &(0x7f00000000c0)={0x0, 0x3}, &(0x7f0000000100), &(0x7f0000000040)={0x0, 0x989680}, &(0x7f0000000200)={&(0x7f0000000240), 0x8}) sched_setattr(0x0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x761a}, 0x0) r0 = syz_open_dev$sndpcmc(&(0x7f0000001fee)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl$VIDIOC_QUERY_EXT_CTRL(r0, 0xc0e85667, &(0x7f0000000280)={0x40000000, 0x107, "b7cfd0b2eb16ddf2d8380e29aa53686748b869d401e587c18653876f6c816a38", 0xc0a, 0x3, 0x8001, 0x62, 0x67, 0x9, 0x1, 0xffffffffffff7fff, [0x8000, 0x6, 0x1, 0x3]}) ioctl(r0, 0x2000c2604110, &(0x7f0000000080)) [ 330.823469] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 13:47:44 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) uname(&(0x7f0000000040)=""/79) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000001040)={0x2, 0x4e23, @loopback}, 0x10) 13:47:44 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$sock_inet_SIOCGIFADDR(r0, 0x8915, &(0x7f0000000440)={"007b147f710600", {0x2, 0x400004e24, @dev={0xac, 0x14, 0x14, 0x75}}}) set_mempolicy(0x8001, &(0x7f0000000080)=0x100003, 0x4) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/hwrng\x00', 0x8000, 0x0) ioctl$KDGKBENT(r2, 0x4b46, &(0x7f0000000400)={0x9, 0x3ff, 0xfffffffffffff4bc}) ioctl$SG_GET_SG_TABLESIZE(r1, 0x227f, &(0x7f0000000380)) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00') readv(r3, &(0x7f00000013c0)=[{&(0x7f00000002c0)=""/157, 0x9d}], 0x1) ioctl$SG_SET_FORCE_PACK_ID(r3, 0x227b, &(0x7f00000000c0)=0x1) preadv(r1, &(0x7f0000000280)=[{&(0x7f0000000100)}, {&(0x7f0000000140)=""/240, 0xf0}, {&(0x7f0000001400)=""/4096, 0x1000}, {&(0x7f0000000240)=""/54, 0x36}], 0x4, 0x0) [ 331.970472] bridge0: port 1(bridge_slave_0) entered blocking state [ 331.977301] bridge0: port 1(bridge_slave_0) entered disabled state [ 331.986456] device bridge_slave_0 entered promiscuous mode 13:47:45 executing program 0: unshare(0xfffffffffffffffc) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0) ioctl$KVM_DEASSIGN_DEV_IRQ(r1, 0x4040ae75, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x100}) r4 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400) r5 = gettid() getgid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)=0x0) ioprio_get$pid(0x2, r5) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000)) tkill(0x0, 0x1004000000016) fgetxattr(r0, &(0x7f0000000280)=ANY=[@ANYBLOB='iy@\x00\x00\x00.z-k'], 0x0, 0x0) close(r3) r7 = dup2(r0, r2) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r7, 0x50, &(0x7f00000001c0)}, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_RTOINFO(r4, 0x84, 0x0, &(0x7f0000000040)={0x0, 0x3ff, 0x3bc000000000, 0x8}, &(0x7f0000000240)=0x10) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r7, 0x84, 0x66, &(0x7f0000000300)={r8, 0xeff}, &(0x7f0000000340)=0x8) dup3(r2, r1, 0x0) timer_delete(r6) getsockopt$inet_sctp_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, &(0x7f0000000080), &(0x7f00000000c0)=0x8) prctl$PR_GET_PDEATHSIG(0x2, &(0x7f0000000100)) flock(0xffffffffffffffff, 0x0) [ 332.396129] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 332.517956] bridge0: port 2(bridge_slave_1) entered blocking state [ 332.524647] bridge0: port 2(bridge_slave_1) entered disabled state [ 332.533669] device bridge_slave_1 entered promiscuous mode [ 332.574210] hrtimer: interrupt took 44716 ns [ 333.047391] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 13:47:46 executing program 0: unshare(0xfffffffffffffffc) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0) ioctl$KVM_DEASSIGN_DEV_IRQ(r1, 0x4040ae75, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x100}) r4 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400) r5 = gettid() getgid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)=0x0) ioprio_get$pid(0x2, r5) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000)) tkill(0x0, 0x1004000000016) fgetxattr(r0, &(0x7f0000000280)=ANY=[@ANYBLOB='iy@\x00\x00\x00.z-k'], 0x0, 0x0) close(r3) r7 = dup2(r0, r2) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r7, 0x50, &(0x7f00000001c0)}, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_RTOINFO(r4, 0x84, 0x0, &(0x7f0000000040)={0x0, 0x3ff, 0x3bc000000000, 0x8}, &(0x7f0000000240)=0x10) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r7, 0x84, 0x66, &(0x7f0000000300)={r8, 0xeff}, &(0x7f0000000340)=0x8) dup3(r2, r1, 0x0) timer_delete(r6) getsockopt$inet_sctp_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, &(0x7f0000000080), &(0x7f00000000c0)=0x8) prctl$PR_GET_PDEATHSIG(0x2, &(0x7f0000000100)) flock(0xffffffffffffffff, 0x0) [ 333.505244] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 334.725427] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 335.105386] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 335.466939] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 335.474224] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 335.579900] 8021q: adding VLAN 0 to HW filter on device bond0 [ 335.876535] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 335.884020] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 336.809153] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 336.818120] team0: Port device team_slave_0 added [ 336.875707] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 337.113860] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 337.123378] team0: Port device team_slave_1 added [ 337.390072] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 337.397295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 337.406739] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 337.714682] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 337.721945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 337.731038] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 337.921926] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 337.928393] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 337.936887] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 338.105412] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 338.113580] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 338.122941] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 338.337751] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 338.348345] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 338.357687] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 13:47:51 executing program 1: [ 339.062964] 8021q: adding VLAN 0 to HW filter on device team0 [ 340.801776] bridge0: port 2(bridge_slave_1) entered blocking state [ 340.808346] bridge0: port 2(bridge_slave_1) entered forwarding state [ 340.815644] bridge0: port 1(bridge_slave_0) entered blocking state [ 340.822332] bridge0: port 1(bridge_slave_0) entered forwarding state [ 340.832251] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 340.838906] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 342.581809] 8021q: adding VLAN 0 to HW filter on device bond0 [ 343.475765] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 13:47:57 executing program 0: unshare(0xfffffffffffffffc) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0) ioctl$KVM_DEASSIGN_DEV_IRQ(r1, 0x4040ae75, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x100}) r4 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400) r5 = gettid() getgid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)=0x0) ioprio_get$pid(0x2, r5) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000)) tkill(0x0, 0x1004000000016) fgetxattr(r0, &(0x7f0000000280)=ANY=[@ANYBLOB='iy@\x00\x00\x00.z-k'], 0x0, 0x0) close(r3) r7 = dup2(r0, r2) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r7, 0x50, &(0x7f00000001c0)}, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_RTOINFO(r4, 0x84, 0x0, &(0x7f0000000040)={0x0, 0x3ff, 0x3bc000000000, 0x8}, &(0x7f0000000240)=0x10) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r7, 0x84, 0x66, &(0x7f0000000300)={r8, 0xeff}, &(0x7f0000000340)=0x8) dup3(r2, r1, 0x0) timer_delete(r6) getsockopt$inet_sctp_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, &(0x7f0000000080), &(0x7f00000000c0)=0x8) prctl$PR_GET_PDEATHSIG(0x2, &(0x7f0000000100)) flock(0xffffffffffffffff, 0x0) [ 344.261213] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 344.267851] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 344.276342] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 345.243021] 8021q: adding VLAN 0 to HW filter on device team0 [ 347.942902] 8021q: adding VLAN 0 to HW filter on device bond0 [ 348.446130] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 13:48:01 executing program 3: [ 348.947240] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 348.953657] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 348.961632] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 349.262479] 8021q: adding VLAN 0 to HW filter on device team0 13:48:04 executing program 4: 13:48:04 executing program 5: unshare(0xfffffffffffffffc) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = syz_open_dev$sg(&(0x7f00000002c0)='/dev/sg#\x00', 0x0, 0x0) ioctl$KVM_DEASSIGN_DEV_IRQ(r1, 0x4040ae75, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x100}) r4 = syz_open_dev$vcsa(&(0x7f0000000380)='/dev/vcsa#\x00', 0x0, 0x400400) r5 = gettid() getgid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)=0x0) ioprio_get$pid(0x2, r5) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000000)) tkill(0x0, 0x1004000000016) fgetxattr(r0, &(0x7f0000000280)=ANY=[@ANYBLOB='iy@\x00\x00\x00.z-k'], 0x0, 0x0) close(r3) r7 = dup2(r0, r2) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r7, 0x50, &(0x7f00000001c0)}, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_RTOINFO(r4, 0x84, 0x0, &(0x7f0000000040)={0x0, 0x3ff, 0x3bc000000000, 0x8}, &(0x7f0000000240)=0x10) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r7, 0x84, 0x66, &(0x7f0000000300)={r8, 0xeff}, &(0x7f0000000340)=0x8) dup3(r2, r1, 0x0) timer_delete(r6) getsockopt$inet_sctp_SCTP_INITMSG(0xffffffffffffffff, 0x84, 0x2, &(0x7f0000000080), &(0x7f00000000c0)=0x8) prctl$PR_GET_PDEATHSIG(0x2, &(0x7f0000000100)) flock(0xffffffffffffffff, 0x0) 13:48:04 executing program 0: 13:48:04 executing program 1: 13:48:04 executing program 2: 13:48:04 executing program 3: 13:48:04 executing program 2: 13:48:04 executing program 1: 13:48:04 executing program 0: 13:48:04 executing program 3: 13:48:04 executing program 4: 13:48:05 executing program 1: 13:48:05 executing program 2: [ 352.637706] IPVS: ftp: loaded support on port[0] = 21 [ 353.918357] bridge0: port 1(bridge_slave_0) entered blocking state [ 353.924891] bridge0: port 1(bridge_slave_0) entered disabled state [ 353.933397] device bridge_slave_0 entered promiscuous mode [ 354.011538] bridge0: port 2(bridge_slave_1) entered blocking state [ 354.018060] bridge0: port 2(bridge_slave_1) entered disabled state [ 354.026482] device bridge_slave_1 entered promiscuous mode [ 354.102087] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 354.176106] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 354.405801] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 354.485259] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 354.631252] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 354.638233] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 354.859513] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 354.867723] team0: Port device team_slave_0 added [ 354.941393] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 354.949415] team0: Port device team_slave_1 added [ 355.061955] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 355.204420] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 355.289978] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 355.297546] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 355.307153] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 355.379965] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 355.387336] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 355.396842] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 356.227273] bridge0: port 2(bridge_slave_1) entered blocking state [ 356.233769] bridge0: port 2(bridge_slave_1) entered forwarding state [ 356.240633] bridge0: port 1(bridge_slave_0) entered blocking state [ 356.247230] bridge0: port 1(bridge_slave_0) entered forwarding state [ 356.255969] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 356.581990] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 359.261540] 8021q: adding VLAN 0 to HW filter on device bond0 [ 359.546842] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 359.820199] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 359.826557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 359.834809] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 360.113243] 8021q: adding VLAN 0 to HW filter on device team0 13:48:15 executing program 5: 13:48:15 executing program 3: 13:48:15 executing program 0: 13:48:15 executing program 4: 13:48:15 executing program 2: 13:48:15 executing program 1: 13:48:15 executing program 3: 13:48:15 executing program 2: 13:48:15 executing program 5: 13:48:15 executing program 1: 13:48:15 executing program 4: 13:48:15 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)={0x1, 0x9, 0x1, 0x4}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r0, &(0x7f0000000040), 0x0, 0xfffffffffffffffd}, 0x20) 13:48:15 executing program 3: r0 = socket$unix(0x1, 0x1, 0x0) bind$unix(r0, &(0x7f00000002c0)=@abs={0x1}, 0x6e) listen(r0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x80000000004) write(r1, &(0x7f000058bfe4)="29000000140005b7ff000000040860eb0100100006a40e07fff00fd57f25ffffff0100002a00f3ff09", 0x29) 13:48:15 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000008380)=[{{&(0x7f0000000000)=@in={0x2, 0x4e22, @dev}, 0x80, 0x0}}], 0x1, 0x0) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000007e00), 0x136a88c8311572c, 0x0) 13:48:15 executing program 5: sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000184000)=ANY=[@ANYBLOB="020dfff91000000000000000000000000800120000000100000000000000000006000000000000000000000000000000e000000100000000000000000000000000000000000000000000200000000000030006000800080002000080ac14ffbbf00000000000000003000500000000000200423b1d632b91c520000000000000"], 0x80}}, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmmsg(r1, &(0x7f0000000180), 0x2e565d7c36d98a1, 0x0) 13:48:15 executing program 2: prctl$PR_SET_UNALIGN(0x6, 0x3) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x2}, 0x10) ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f0000000580)=0xffffffffffffffff) ioctl$int_in(r0, 0x5452, &(0x7f0000000040)=0x19b) sendto(r0, &(0x7f0000000380)="360ead7c49f4d8802c0edf2b75c912b16072d0f757068ea1fccdfa9fdde790a541f80c660a4db9d745a67addc166592b82073046a3cb53e104c3b43ecc9bb66f622db198644c9ac7c32821e56f5f19119eea278f9661e6a81d354e7a4504ee5b165d51f9d6cf7077cca8c4f6aa6e70e69c1490df18fe429b9a12c90813f03e95ac8652b1cfe9049ed8d3afa690b74d328dc0e6cd8b9d4f5c8236c736eaf516c90e4d510aa05cc6dc8e210497fe4f93e5738aebdfc395e7bf43110913fe93731d66c0ec6907935e397ef53917881e48", 0xcf, 0x4040, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x900000020000000, &(0x7f0000000000)={0x2, 0x2, @local}, 0x10) read(r0, &(0x7f0000000480)=""/227, 0xe3) sendto$inet(r0, &(0x7f00000001c0)="a5fe9e7be7060850100792f46b647308d3e2a67328969288734cc698158a84b40408261762639ee5e5881d4fb471fcb9639d30513ab42a04f920d8c1fa0c6ed49b0028fda44d1e69121bd2ff68125d42c7beccab2998e3392614583dd729cd341292ded369a34c4c75e12e8e0f519531fc8f11e74b74f2e5ad24cd0ab65395a2307394f48438306edcbb2ad2261f7535abea9833df32f75d92d392390b4fef75c9923a1745b53c", 0xa7, 0x8801, 0x0, 0x0) 13:48:15 executing program 1: r0 = socket$inet(0x2, 0x1, 0x0) connect$inet(r0, &(0x7f00000dcff0)={0x2, 0x0, @loopback}, 0x10) ppoll(&(0x7f0000000280)=[{r0}], 0x1, &(0x7f00000002c0)={0x0, 0x1c9c380}, 0x0, 0x0) 13:48:15 executing program 0: 13:48:16 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000008380)=[{{&(0x7f0000000000)=@in={0x2, 0x4e22, @dev}, 0x80, 0x0}}], 0x1, 0x0) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000007e00), 0x136a88c8311572c, 0x0) 13:48:16 executing program 3: r0 = memfd_create(&(0x7f0000000140)="2b8b8a16114fdddf6b284699df92d53e6f4a02759b9461ac", 0x3) write$binfmt_misc(r0, &(0x7f0000000540)=ANY=[@ANYRES32], 0xfffffda2) fcntl$addseals(r0, 0x409, 0x0) 13:48:16 executing program 1: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) rt_sigtimedwait(&(0x7f00000000c0), 0x0, 0x0, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x4, 0x31, 0xffffffffffffffff, 0x0) ptrace$poke(0x1b, r0, &(0x7f0000000000), 0x0) 13:48:16 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) r1 = socket$inet_udp(0x2, 0x2, 0x0) read$FUSE(r0, 0x0, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000001ec0)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) dup2(r1, r0) tkill(r2, 0x15) 13:48:16 executing program 0: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x4005, 0x0) 13:48:16 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") seccomp(0x1, 0x0, &(0x7f0000000080)={0x2, &(0x7f0000000040)=[{0x2}, {0x6, 0x0, 0x0, 0xfffffffffffffffe}]}) memfd_create(&(0x7f00000001c0)='em1#\x00', 0x0) 13:48:16 executing program 4: unshare(0x24020400) mknod(&(0x7f0000000080)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000f8aff8)='./file0\x00', 0x0, 0x0) r0 = gettid() process_vm_writev(r0, &(0x7f0000000140)=[{&(0x7f0000000500)=""/167, 0x14f}], 0x1, &(0x7f0000000240)=[{&(0x7f00000005c0)=""/172, 0xac}], 0x23, 0x0) open(&(0x7f0000363ff8)='./file0\x00', 0x401, 0x0) 13:48:16 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) r1 = socket$inet_udp(0x2, 0x2, 0x0) read$FUSE(r0, 0x0, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000001ec0)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) dup2(r1, r0) tkill(r2, 0x15) [ 363.914676] kauditd_printk_skb: 3 callbacks suppressed [ 363.914719] audit: type=1326 audit(1544017696.962:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8569 comm="syz-executor2" exe="/root/syz-executor2" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a3ca code=0xffff0000 13:48:17 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) r1 = socket$inet_udp(0x2, 0x2, 0x0) read$FUSE(r0, 0x0, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000001ec0)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) dup2(r1, r0) tkill(r2, 0x15) 13:48:17 executing program 4: openat$vcs(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, 0x0, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f00000001c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x400, @dev, 0x3}}}, 0x48) 13:48:17 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) r1 = socket$inet_udp(0x2, 0x2, 0x0) read$FUSE(r0, 0x0, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000001ec0)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) dup2(r1, r0) tkill(r2, 0x15) 13:48:17 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x0, 0x1000085) r1 = memfd_create(&(0x7f0000000100)='\x00', 0x2) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000001c0)='\'', 0x1}], 0x1, 0x1081806) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sync() 13:48:17 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x4) write(r0, &(0x7f0000000200)="2700000014000707030e0000120f0a0011000100f5e42aeace419b879571146af045fe0012ff00", 0x27) [ 364.624812] audit: type=1326 audit(1544017697.672:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8569 comm="syz-executor2" exe="/root/syz-executor2" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a3ca code=0xffff0000 13:48:17 executing program 3: r0 = syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x0, 0x1000085) r1 = memfd_create(&(0x7f0000000100)='\x00', 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000001c0)='\'', 0x1}], 0x1, 0x0) sendfile(r0, r1, 0x0, 0x200140000) syz_genetlink_get_family_id$ipvs(0x0) sync() 13:48:17 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/igmp\x00') preadv(r0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/181, 0x482}], 0x1, 0x0) 13:48:17 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x31, 0xffffffffffffffff, 0x0) 13:48:18 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) r1 = socket$inet_udp(0x2, 0x2, 0x0) read$FUSE(r0, 0x0, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000001ec0)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) dup2(r1, r0) tkill(r2, 0x15) 13:48:18 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r0, 0x10003) accept4(r0, &(0x7f0000000100)=@alg, 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_INITMSG(r1, 0x84, 0x2, &(0x7f0000000040)={0xea9a}, 0x8) sendto$inet6(r1, &(0x7f0000000080)='X', 0x1, 0x0, 0x0, 0x0) 13:48:18 executing program 0: shmctl$IPC_INFO(0x0, 0xf, 0x0) 13:48:18 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x10000004e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20}, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f00000017c0), 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f00009ff000)=ANY=[@ANYBLOB="180000000900000000000000000800819500000000000000"], 0x0, 0x1, 0xb7, &(0x7f0000000440)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1000000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f000031aff8)={r0, r1}) ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000001640)={0xffffffffffffffff}) sendmsg$IPVS_CMD_GET_CONFIG(r3, &(0x7f0000000400)={&(0x7f0000000280), 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0x14}, 0x5580}}, 0x0) recvmmsg(r3, &(0x7f0000004540)=[{{0x0, 0x3f3, &(0x7f0000003c80), 0x0, &(0x7f0000003d00)=""/205, 0xcd}}, {{0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000040)=""/129}, {&(0x7f0000000100)=""/99}, {&(0x7f0000000180)=""/239}, {&(0x7f0000000500)=""/98}, {&(0x7f0000000580)=""/4096}], 0x0, &(0x7f0000004480)=""/178, 0xb2}}], 0x400000000000253, 0x0, 0x0) [ 365.527894] sctp: failed to load transform for md5: -2 13:48:18 executing program 0: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 13:48:18 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000001d00)='ns/user\x00') 13:48:18 executing program 3: r0 = syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x0, 0x1000085) r1 = memfd_create(&(0x7f0000000100)='\x00', 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000001c0)='\'', 0x1}], 0x1, 0x0) sendfile(r0, r1, 0x0, 0x200140000) syz_genetlink_get_family_id$ipvs(0x0) sync() 13:48:18 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) r1 = socket$inet_udp(0x2, 0x2, 0x0) read$FUSE(r0, 0x0, 0x0) gettid() timer_create(0x0, &(0x7f0000001ec0)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) dup2(r1, r0) [ 365.714364] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 13:48:18 executing program 1: socket$inet6(0xa, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000040)={0xfffffffffffffff7}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:48:19 executing program 4: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x6) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000007e00), 0x400000000000058, 0x3f00000000000000) 13:48:19 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 13:48:19 executing program 3: r0 = syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x0, 0x1000085) r1 = memfd_create(&(0x7f0000000100)='\x00', 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000001c0)='\'', 0x1}], 0x1, 0x0) sendfile(r0, r1, 0x0, 0x200140000) syz_genetlink_get_family_id$ipvs(0x0) sync() 13:48:19 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f000014f000)={0x0, 0x0, &(0x7f00000bfff0)={&(0x7f0000006440)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}}, 0xb8}}, 0x0) setsockopt$inet_msfilter(r1, 0x0, 0x23, &(0x7f0000000080)={@multicast2, @local}, 0x10) 13:48:19 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00'}) sendmsg$nl_route(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x3400b}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="e0030f000a000200aaa2aaaaaaaa0000"], 0x1}}, 0x0) 13:48:20 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000008c0)="0a0775b005", 0x5) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x167, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmmsg(r1, &(0x7f0000001280)=[{{0x0, 0x0, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x1}}], 0x1, 0x0, &(0x7f0000001380)={0x77359400}) 13:48:20 executing program 1: socket$inet6(0xa, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000040)={0xfffffffffffffff7}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 13:48:20 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) socket$inet_udp(0x2, 0x2, 0x0) read$FUSE(r0, 0x0, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000001ec0)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) tkill(r1, 0x15) 13:48:20 executing program 3: r0 = syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x0, 0x1000085) r1 = memfd_create(&(0x7f0000000100)='\x00', 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000001c0)='\'', 0x1}], 0x1, 0x0) sendfile(r0, r1, 0x0, 0x200140000) syz_genetlink_get_family_id$ipvs(0x0) sync() 13:48:20 executing program 2: 13:48:20 executing program 4: 13:48:20 executing program 0: 13:48:20 executing program 2: 13:48:20 executing program 4: 13:48:20 executing program 1: 13:48:21 executing program 3: 13:48:21 executing program 0: 13:48:21 executing program 1: 13:48:21 executing program 2: 13:48:21 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) r1 = socket$inet_udp(0x2, 0x2, 0x0) read$FUSE(r0, 0x0, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000001ec0)={0x0, 0x12}, &(0x7f00009b1ffc)) dup2(r1, r0) tkill(r2, 0x15) 13:48:21 executing program 4: 13:48:21 executing program 3: 13:48:21 executing program 0: 13:48:21 executing program 2: 13:48:21 executing program 4: 13:48:21 executing program 3: 13:48:21 executing program 1: 13:48:22 executing program 0: 13:48:22 executing program 4: 13:48:22 executing program 2: 13:48:22 executing program 3: 13:48:24 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) r1 = socket$inet_udp(0x2, 0x2, 0x0) read$FUSE(r0, 0x0, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000001ec0)={0x0, 0x12}, &(0x7f00009b1ffc)) dup2(r1, r0) tkill(r2, 0x15) 13:48:24 executing program 0: 13:48:24 executing program 4: 13:48:24 executing program 1: 13:48:24 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x2, &(0x7f0000000000)=[{0x45}, {0x20000000000006}]}, 0x10) sendmmsg(r0, &(0x7f0000003040), 0x304, 0x0) 13:48:24 executing program 3: 13:48:24 executing program 1: 13:48:25 executing program 4: 13:48:25 executing program 3: 13:48:25 executing program 0: 13:48:25 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socket$packet(0x11, 0xa, 0x300) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0) ioctl$FIDEDUPERANGE(0xffffffffffffffff, 0xc0189436, &(0x7f0000000580)=ANY=[@ANYBLOB]) 13:48:25 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r0, r3) recvmmsg(r2, &(0x7f0000000b80)=[{{&(0x7f0000000200)=@l2, 0x80, &(0x7f00000005c0), 0x0, &(0x7f0000000600)=""/84, 0x54}}, {{&(0x7f0000000680)=@l2, 0x80, &(0x7f0000000a40), 0x0, &(0x7f0000000ac0)=""/147, 0x93}}], 0x4000000000002ce, 0x0, 0x0) 13:48:27 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) r1 = socket$inet_udp(0x2, 0x2, 0x0) read$FUSE(r0, 0x0, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000001ec0)={0x0, 0x12}, &(0x7f00009b1ffc)) dup2(r1, r0) tkill(r2, 0x15) 13:48:27 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fsetxattr$security_selinux(r0, &(0x7f00000000c0)='security.selinux\x00', &(0x7f0000000100)='system_u:object_r:lirc_device_t:s0\x00', 0x23, 0x0) 13:48:27 executing program 0: openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)="00efa8c1c5b8fecc3f486c3306da26060000008f295ac8bc70070000245c06655a33261a713247851dc0d9c5e6e8b67aea37aa66c00e820346caa3b7c2f8b6a4") r1 = openat$cgroup_ro(r0, &(0x7f0000000040)="6d656d0001792f060000000000000016d442abe3fa72656e7400", 0x0, 0x0) preadv(r1, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c) mlockall(0x1) 13:48:27 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fcntl$lock(r0, 0x7, &(0x7f00000000c0)={0x0, 0x1}) 13:48:27 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket(0x10, 0x20000000000003, 0x0) sendmsg$nl_generic(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x14, 0x1a, 0x201}, 0x14}}, 0x0) 13:48:27 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000802, &(0x7f0000001040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) shutdown(r0, 0x0) r1 = dup2(r0, r0) ppoll(&(0x7f0000000340)=[{r1}], 0x1, 0x0, 0x0, 0x0) shutdown(r0, 0x1) 13:48:28 executing program 2: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, &(0x7f0000002900)}}], 0x1, 0x0, &(0x7f0000003280)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockname(r0, &(0x7f00000000c0)=@sco, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) socket(0x0, 0x0, 0x0) pipe2(0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000ec0)='IPVS\x00') sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, 0x0, 0x0) bind$inet6(r1, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) listen(r1, 0x37) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) set_thread_area(0x0) close(r0) accept4(r1, 0x0, &(0x7f0000000000), 0x0) recvmmsg(r0, &(0x7f0000008d80)=[{{&(0x7f0000004b80)=@nl, 0xfe64, &(0x7f00000003c0)=[{&(0x7f00000002c0)=""/212}], 0x0, &(0x7f0000006140)=""/105, 0x69}}], 0x8000000000003bf, 0x2, 0x0) 13:48:28 executing program 4: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x859, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) getgid() ioctl$sock_inet_SIOCGARP(r0, 0x8954, &(0x7f0000000140)={{0x2, 0x0, @remote}, {}, 0x0, {0x2, 0x0, @multicast1}, 'syz_tun\x00'}) 13:48:28 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCFLSH(r0, 0x80045432, 0x70affb) 13:48:28 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000802, &(0x7f0000001040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) shutdown(r0, 0x0) r1 = dup2(r0, r0) ppoll(&(0x7f0000000340)=[{r1}], 0x1, 0x0, 0x0, 0x0) shutdown(r0, 0x1) 13:48:28 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x2000004, 0x31, 0xffffffffffffffff, 0x0) ioctl$KVM_DEASSIGN_DEV_IRQ(r1, 0x4040ae75, &(0x7f0000000040)) 13:48:28 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f000051cff6)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000100)) 13:48:31 executing program 3: 13:48:31 executing program 0: 13:48:31 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) r1 = socket$inet_udp(0x2, 0x2, 0x0) read$FUSE(r0, 0x0, 0x0) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) dup2(r1, r0) tkill(r2, 0x15) 13:48:31 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000802, &(0x7f0000001040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) shutdown(r0, 0x0) r1 = dup2(r0, r0) ppoll(&(0x7f0000000340)=[{r1}], 0x1, 0x0, 0x0, 0x0) shutdown(r0, 0x1) 13:48:31 executing program 4: 13:48:31 executing program 2: 13:48:31 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000802, &(0x7f0000001040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) shutdown(r0, 0x0) r1 = dup2(r0, r0) ppoll(&(0x7f0000000340)=[{r1}], 0x1, 0x0, 0x0, 0x0) shutdown(r0, 0x1) 13:48:31 executing program 2: 13:48:31 executing program 4: 13:48:31 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000ac0)="6e65742f6970365f666c6f776c6162656c006ec03114893458edc1c9d8dc4b0d8dae982640d0e6bb51d7ff596e1c92de0eaa319198e91f0a4d43697c2bcd77f017365af160acf33bd66432ebe50c0e8bdaf7fc39feff34ef27a1397193227f4733c145e66536c6c275112520e72b3097843b5cdac480c3b1384ebf592505f88589fcd2d7") sendfile(r0, r0, &(0x7f00000000c0)=0x202, 0x5a) 13:48:31 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/uinput\x00', 0x0, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x20000000008912, &(0x7f0000000080)="0a5c2d0240316285717070") ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000080)={{}, 'syz1\x00'}) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) [ 378.790016] input: syz1 as /devices/virtual/input/input5 13:48:31 executing program 4: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000c86f88)={0x2, 0x70, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f00001bf000/0x1000)=nil, 0x1000, 0x0, 0x6011, r0, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x200000002, 0x70, 0x0, 0x108000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f0000000080)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x2}}, 0x0, 0x0, r0, 0xb) dup2(r1, r2) creat(0x0, 0x0) [ 378.887861] input: syz1 as /devices/virtual/input/input6 13:48:32 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000ac0)="6e65742f6970365f666c6f776c6162656c006ec03114893458edc1c9d8dc4b0d8dae982640d0e6bb51d7ff596e1c92de0eaa319198e91f0a4d43697c2bcd77f017365af160acf33bd66432ebe50c0e8bdaf7fc39feff34ef27a1397193227f4733c145e66536c6c275112520e72b3097843b5cdac480c3b1384ebf592505f88589fcd2d7") readv(r0, &(0x7f0000000040)=[{&(0x7f0000000000)=""/13, 0xd}, {&(0x7f0000000100)=""/143, 0x8f}], 0x2) 13:48:32 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000100)="6e65742f6970365f666c6f776c6162656c006ec03114893458edc1c9d8dc4b0d8dae982640d0e6bb51d7ff596e1c92de0eaa319198e91f0a4d43697c2bcd77f017365af160acf33bd66432ebe50c0e8bdaf7fc39feff34ef27a1397193227f4733c145e66536c6c275112520e72b3097843b5cdac480c3b1384ebf592505f88589fcd2d7") sendfile(r0, r0, &(0x7f00000000c0)=0x202, 0x5a) 13:48:34 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) r1 = socket$inet_udp(0x2, 0x2, 0x0) read$FUSE(r0, 0x0, 0x0) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) dup2(r1, r0) tkill(r2, 0x15) 13:48:34 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000802, &(0x7f0000001040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) shutdown(r0, 0x0) r1 = dup2(r0, r0) ppoll(&(0x7f0000000340)=[{r1}], 0x1, 0x0, 0x0, 0x0) 13:48:34 executing program 3: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setitimer(0x2, &(0x7f0000000100)={{0x77359400}}, 0x0) 13:48:34 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/uinput\x00', 0x0, 0x0) syz_open_dev$mice(0x0, 0x0, 0x0) ioctl$UI_SET_LEDBIT(r0, 0x40045569, 0x0) 13:48:34 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/rt6_stats\x00') preadv(r0, &(0x7f00000015c0)=[{&(0x7f0000000100)=""/205, 0xcd}], 0x1, 0x0) 13:48:34 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000280)={0x4c, 0x0, &(0x7f0000000180)=[@decrefs, @reply={0x40406301, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 381.498612] binder: 8908:8913 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 381.506780] binder: 8908:8913 got reply transaction with no transaction stack [ 381.514460] binder: 8908:8913 transaction failed 29201/-71, size 0-0 line 2741 13:48:34 executing program 2: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_SET_PROPBIT(r0, 0x4004556e, 0x13) [ 381.593254] binder: undelivered TRANSACTION_ERROR: 29201 13:48:34 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000180)='oom_score_adj\x00') lseek(r0, 0x0, 0x4) 13:48:34 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000005d00)={0x0, {0x0, 0x0, 0x5, 0x0, 0x0, 0x3}}) 13:48:34 executing program 4: 13:48:35 executing program 0: 13:48:35 executing program 2: 13:48:37 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) r1 = socket$inet_udp(0x2, 0x2, 0x0) read$FUSE(r0, 0x0, 0x0) r2 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) dup2(r1, r0) tkill(r2, 0x15) 13:48:37 executing program 3: 13:48:37 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r2 = memfd_create(&(0x7f00000002c0)='[\'posix_acl_access\x00', 0x0) pwritev(r2, &(0x7f0000000240)=[{&(0x7f0000000440)=',', 0x1}], 0x1, 0x4081806) sendfile(r1, r2, 0x0, 0x20020102000007) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000001400)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r4 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) r5 = openat$cgroup_procs(r4, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r5, &(0x7f0000000100), 0x12) 13:48:37 executing program 0: r0 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/thread-self/attr/current\x00', 0x2, 0x0) write$apparmor_current(r0, 0x0, 0x0) 13:48:37 executing program 2: 13:48:37 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000802, &(0x7f0000001040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) shutdown(r0, 0x0) ppoll(&(0x7f0000000340)=[{}], 0x1, 0x0, 0x0, 0x0) shutdown(r0, 0x1) 13:48:37 executing program 3: 13:48:37 executing program 2: 13:48:37 executing program 0: 13:48:38 executing program 3: 13:48:38 executing program 2: 13:48:38 executing program 3: r0 = socket$unix(0x1, 0x3, 0x0) connect$unix(r0, &(0x7f00000000c0)=@abs={0x1}, 0x6e) 13:48:40 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) r1 = socket$inet_udp(0x2, 0x2, 0x0) read$FUSE(r0, 0x0, 0x0) timer_create(0x0, &(0x7f0000001ec0)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) dup2(r1, r0) tkill(0x0, 0x15) 13:48:40 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c1f023c126285719070") r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0x2, 0x7}]}}}]}, 0x3c}}, 0x0) 13:48:40 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="0a5c1f023c126285719070") sendmsg$nl_route(r0, &(0x7f0000001cc0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_TXQLEN={0x8}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) 13:48:40 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c1f023c126285719070") r1 = socket$inet6(0xa, 0x80803, 0x2) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x2}, 0x1c) write$binfmt_elf32(r1, 0x0, 0x0) 13:48:40 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000802, &(0x7f0000001040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) r1 = dup2(r0, r0) ppoll(&(0x7f0000000340)=[{r1}], 0x1, 0x0, 0x0, 0x0) shutdown(r0, 0x1) 13:48:40 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) sendto$inet6(r1, 0x0, 0x0, 0x20000004, &(0x7f000031e000)={0xa, 0x4e22}, 0x1c) [ 387.864992] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 387.917412] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 13:48:41 executing program 4: r0 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x0, 0x182) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff) ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x0) [ 388.084480] (unnamed net_device) (uninitialized): option active_slave: mode dependency failed, not supported in mode balance-rr(0) 13:48:41 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) r1 = dup2(r0, r0) ppoll(&(0x7f0000000340)=[{r1}], 0x1, 0x0, 0x0, 0x0) shutdown(r0, 0x1) 13:48:41 executing program 3: 13:48:41 executing program 2: 13:48:41 executing program 4: 13:48:41 executing program 0: 13:48:42 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, 0x0, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000001ec0)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) dup2(0xffffffffffffffff, r0) tkill(r1, 0x15) 13:48:42 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) r1 = dup2(r0, r0) ppoll(&(0x7f0000000340)=[{r1}], 0x1, 0x0, 0x0, 0x0) shutdown(r0, 0x1) 13:48:42 executing program 3: 13:48:42 executing program 2: 13:48:42 executing program 4: 13:48:42 executing program 0: 13:48:42 executing program 3: 13:48:42 executing program 0: 13:48:42 executing program 4: 13:48:42 executing program 2: 13:48:42 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) r1 = dup2(r0, r0) ppoll(&(0x7f0000000340)=[{r1}], 0x1, 0x0, 0x0, 0x0) shutdown(r0, 0x1) 13:48:42 executing program 3: 13:48:43 executing program 0: 13:48:43 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) read$FUSE(r0, 0x0, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000001ec0)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) dup2(r1, r0) tkill(r2, 0x15) 13:48:43 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r0, 0x0, 0x0, 0x20000802, &(0x7f0000001040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) r1 = dup2(r0, r0) ppoll(&(0x7f0000000340)=[{r1}], 0x1, 0x0, 0x0, 0x0) shutdown(r0, 0x1) 13:48:43 executing program 3: 13:48:43 executing program 2: 13:48:43 executing program 4: 13:48:43 executing program 0: 13:48:43 executing program 4: 13:48:43 executing program 2: 13:48:43 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r0, 0x0, 0x0, 0x20000802, &(0x7f0000001040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) r1 = dup2(r0, r0) ppoll(&(0x7f0000000340)=[{r1}], 0x1, 0x0, 0x0, 0x0) shutdown(r0, 0x1) 13:48:43 executing program 3: 13:48:43 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) r0 = socket$inet_udp(0x2, 0x2, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000001ec0)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) dup2(r0, 0xffffffffffffffff) tkill(r1, 0x15) 13:48:43 executing program 4: 13:48:43 executing program 0: 13:48:43 executing program 2: 13:48:44 executing program 3: 13:48:44 executing program 4: 13:48:44 executing program 5: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) r1 = socket$inet_udp(0x2, 0x2, 0x0) read$FUSE(r0, 0x0, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000001ec0)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) dup2(r1, r0) tkill(r2, 0x15) 13:48:44 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r0, 0x0, 0x0, 0x20000802, &(0x7f0000001040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) r1 = dup2(r0, r0) ppoll(&(0x7f0000000340)=[{r1}], 0x1, 0x0, 0x0, 0x0) shutdown(r0, 0x1) 13:48:44 executing program 0: 13:48:44 executing program 3: 13:48:44 executing program 2: 13:48:44 executing program 4: 13:48:44 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-serpent-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) 13:48:44 executing program 2: r0 = socket$kcm(0xa, 0x122000000003, 0x11) setsockopt$sock_attach_bpf(r0, 0x29, 0x24, &(0x7f00000000c0), 0x4) 13:48:44 executing program 5: mkdirat(0xffffffffffffff9c, 0x0, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) r1 = socket$inet_udp(0x2, 0x2, 0x0) read$FUSE(r0, 0x0, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000001ec0)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) dup2(r1, r0) tkill(r2, 0x15) 13:48:44 executing program 1: bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x20000802, &(0x7f0000001040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ppoll(&(0x7f0000000340)=[{r0}], 0x1, 0x0, 0x0, 0x0) shutdown(0xffffffffffffffff, 0x1) 13:48:44 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x19, &(0x7f0000000180)=0x2, 0x4) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000003, &(0x7f0000000080)={0xa, 0x100000004e22, 0x0, @loopback}, 0x1c) write(r0, &(0x7f0000000000)='G', 0x1) [ 392.115039] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 13:48:45 executing program 4: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={0x0, &(0x7f0000000380)=""/199, 0x100000, 0xc7, 0x1}, 0x20) 13:48:45 executing program 2: r0 = socket$kcm(0xa, 0x122000000003, 0x11) sendmsg$kcm(r0, &(0x7f0000000140)={&(0x7f0000000040)=@nl=@unspec={0x0, 0x2b00, 0x0, 0x80fe}, 0x80, 0x0}, 0x0) 13:48:45 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet(0x10, 0x2, 0xc) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000040)={0x1, 'vcan0\x00', 0x3}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000200)={{{@in6=@loopback, @in=@dev}}, {{@in6=@mcast2}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000000000)=0xe8) sendmsg(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000000907041dfffd946fa2830020200a0009000100008b2f8ddb1baba20400ff7e28000000110affffba010000000009b356da5a80d18be24c8546c8243929db2406b20cd37ed01cc0", 0x4c}], 0x1}, 0x0) 13:48:45 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) r1 = socket$inet_udp(0x2, 0x2, 0x0) read$FUSE(r0, 0x0, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000001ec0)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) dup2(r1, r0) tkill(r2, 0x15) 13:48:45 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000080)={0x0}, &(0x7f00000000c0)=0xc) sched_setparam(r2, &(0x7f0000000140)=0x20) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r3 = mq_open(&(0x7f0000000000)=' \x00', 0x0, 0x0, 0x0) mq_notify(r3, 0x0) 13:48:45 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = dup2(r0, r0) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x1) [ 392.751111] netlink: 20 bytes leftover after parsing attributes in process `syz-executor0'. 13:48:45 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000802, &(0x7f0000001040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) r1 = dup2(r0, r0) recvmsg(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600)=[{&(0x7f0000000200)=""/117, 0x75}], 0x1}, 0x2) shutdown(r0, 0x1) [ 392.860238] netlink: 20 bytes leftover after parsing attributes in process `syz-executor0'. 13:48:46 executing program 3: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000280)="ba150a891d3740030009000000c15dea0e940f48f2f23e1c39255577ae7b9b1e5815276d6554a030d67f13125fff16f85f4d3755d039cd53073f36756cbcdf670205ef088fb554d5a74ccc9b24d835769e0411c07d9a4f2057d56c8c30d36a3f52964d85b8227dbe424b691c55f48c16ede9013789a9f914ca2d6a472e13bc7f59b06699ae", 0x85}], 0x1, 0x2) 13:48:46 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) r1 = socket$inet_udp(0x2, 0x2, 0x0) read$FUSE(r0, 0x0, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000001ec0)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) dup2(r1, r0) tkill(r2, 0x15) 13:48:46 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet(0x10, 0x2, 0xc) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000040)={0x1, 'vcan0\x00', 0x3}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000200)={{{@in6=@loopback, @in=@dev}}, {{@in6=@mcast2}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000000000)=0xe8) sendmsg(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000000907041dfffd946fa2830020200a0009000100008b2f8ddb1baba20400ff7e28000000110affffba010000000009b356da5a80d18be24c8546c8243929db2406b20cd37ed01cc0", 0x4c}], 0x1}, 0x0) 13:48:46 executing program 1: r0 = socket$inet(0x2, 0x0, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000802, &(0x7f0000001040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) r1 = dup2(r0, r0) ppoll(&(0x7f0000000340)=[{r1}], 0x1, 0x0, 0x0, 0x0) shutdown(r0, 0x1) 13:48:46 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000080)='./bus\x00', 0x0) write$P9_RXATTRCREATE(r1, &(0x7f00000001c0)={0x7}, 0x10179) creat(&(0x7f00000002c0)='./bus\x00', 0x0) r2 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) r3 = creat(&(0x7f0000000180)='./file0\x00', 0x0) write$P9_RMKNOD(r1, &(0x7f0000000300)={0x7}, 0xfe2b) write$P9_RREMOVE(r3, &(0x7f0000000280)={0x7}, 0xff7f) syncfs(r1) ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, &(0x7f00000000c0)={0x0, r3}) 13:48:46 executing program 4: add_key(0x0, 0x0, 0x0, 0x93ddebbeddc9150d, 0x0) [ 393.467190] netlink: 20 bytes leftover after parsing attributes in process `syz-executor0'. 13:48:46 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) r1 = socket$inet_udp(0x2, 0x2, 0x0) read$FUSE(r0, 0x0, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000001ec0)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) dup2(r1, r0) tkill(r2, 0x15) 13:48:46 executing program 4: r0 = syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x0) memfd_create(0x0, 0x0) bind(0xffffffffffffffff, 0x0, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff) ioctl$BLKROSET(r0, 0x125d, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) 13:48:46 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet(0x10, 0x2, 0xc) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000040)={0x1, 'vcan0\x00', 0x3}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000200)={{{@in6=@loopback, @in=@dev}}, {{@in6=@mcast2}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000000000)=0xe8) sendmsg(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000000907041dfffd946fa2830020200a0009000100008b2f8ddb1baba20400ff7e28000000110affffba010000000009b356da5a80d18be24c8546c8243929db2406b20cd37ed01cc0", 0x4c}], 0x1}, 0x0) 13:48:46 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mknod$loop(&(0x7f0000000040)='./control\x00', 0x40000000006000, 0x0) r1 = inotify_init1(0x0) inotify_add_watch(r1, &(0x7f00007a7000)='./control\x00', 0xa4000960) open(&(0x7f0000000000)='./control\x00', 0x0, 0x0) [ 393.948671] netlink: 20 bytes leftover after parsing attributes in process `syz-executor0'. 13:48:47 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) read$FUSE(r0, 0x0, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000001ec0)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) dup2(r1, r0) tkill(r2, 0x15) 13:48:47 executing program 3: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uhid\x00', 0x2000000000804, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f00000002c0)=""/133, 0x85}], 0x1) 13:48:47 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x8, 0x0, &(0x7f0000000500)=[@release], 0x0, 0x0, 0x0}) 13:48:47 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet(0x10, 0x2, 0xc) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000040)={0x1, 'vcan0\x00', 0x3}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000200)={{{@in6=@loopback, @in=@dev}}, {{@in6=@mcast2}, 0x0, @in6=@ipv4={[], [], @multicast2}}}, &(0x7f0000000000)=0xe8) sendmsg(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000000907041dfffd946fa2830020200a0009000100008b2f8ddb1baba20400ff7e28000000110affffba010000000009b356da5a80d18be24c8546c8243929db2406b20cd37ed01cc0", 0x4c}], 0x1}, 0x0) 13:48:47 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mknod$loop(&(0x7f0000000040)='./control\x00', 0x40000000006000, 0x0) r1 = inotify_init1(0x0) inotify_add_watch(r1, &(0x7f00007a7000)='./control\x00', 0xa4000960) open(&(0x7f0000000000)='./control\x00', 0x0, 0x0) [ 394.396242] binder: 9189:9191 Release 1 refcount change on invalid ref 0 ret -22 [ 394.419646] netlink: 20 bytes leftover after parsing attributes in process `syz-executor0'. 13:48:47 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000802, &(0x7f0000001040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) r1 = dup2(r0, r0) ppoll(&(0x7f0000000340)=[{r1}], 0x1, 0x0, 0x0, 0x0) shutdown(r0, 0x1) 13:48:47 executing program 3: write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0x100000000000000f, 0x0, 0x0) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000bc0)=ANY=[], 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x4003ff) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000240)='threaded\x00', 0xf96d) unshare(0x40000000) connect$inet(0xffffffffffffffff, 0x0, 0x0) socket$packet(0x11, 0x0, 0x300) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f00000002c0)='./bus\x00', 0x0) ftruncate(0xffffffffffffffff, 0x8200) r0 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r1, &(0x7f0000007e00), 0x136a88c8311572c, 0x0) r2 = openat$uhid(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/uhid\x00', 0x2, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x0, 0x0) write$UHID_SET_REPORT_REPLY(r2, &(0x7f00000011c0), 0xc) [ 394.482948] binder_alloc: binder_alloc_mmap_handler: 9189 20001000-20004000 already mapped failed -16 13:48:47 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd'}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) r1 = socket$inet_udp(0x2, 0x2, 0x0) read$FUSE(r0, 0x0, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000001ec0)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) dup2(r1, r0) tkill(r2, 0x15) [ 394.559284] binder: BINDER_SET_CONTEXT_MGR already set [ 394.564737] binder: 9189:9191 ioctl 40046207 0 returned -16 [ 394.633297] binder_alloc: 9189: binder_alloc_buf, no vma [ 394.639010] binder: 9189:9201 transaction failed 29189/-3, size 24-8 line 2973 [ 394.679888] binder: undelivered TRANSACTION_ERROR: 29189 [ 394.686022] binder: send failed reply for transaction 3 to 9189:9191 [ 394.692931] binder: undelivered TRANSACTION_COMPLETE [ 394.698092] binder: undelivered TRANSACTION_ERROR: 29189 13:48:47 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet(0x10, 0x2, 0xc) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000040)={0x1, 'vcan0\x00', 0x3}, 0x18) sendmsg(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000000907041dfffd946fa2830020200a0009000100008b2f8ddb1baba20400ff7e28000000110affffba010000000009b356da5a80d18be24c8546c8243929db2406b20cd37ed01cc0", 0x4c}], 0x1}, 0x0) [ 394.750692] IPVS: ftp: loaded support on port[0] = 21 13:48:47 executing program 4: mknod$loop(&(0x7f0000000040)='./control\x00', 0x40000000006000, 0x0) open(&(0x7f0000000000)='./control\x00', 0x803, 0x0) 13:48:48 executing program 2: 13:48:48 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000802, &(0x7f0000001040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) r1 = dup2(r0, r0) ppoll(&(0x7f0000000340)=[{r1}], 0x1, 0x0, 0x0, 0x0) shutdown(r0, 0x1) [ 394.955642] netlink: 20 bytes leftover after parsing attributes in process `syz-executor0'. 13:48:48 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet(0x10, 0x2, 0xc) sendmsg(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000000907041dfffd946fa2830020200a0009000100008b2f8ddb1baba20400ff7e28000000110affffba010000000009b356da5a80d18be24c8546c8243929db2406b20cd37ed01cc0", 0x4c}], 0x1}, 0x0) 13:48:48 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) r1 = socket$inet_udp(0x2, 0x2, 0x0) read$FUSE(r0, 0x0, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000001ec0)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) dup2(r1, r0) tkill(r2, 0x15) [ 395.285013] netlink: 20 bytes leftover after parsing attributes in process `syz-executor0'. [ 395.295412] IPVS: ftp: loaded support on port[0] = 21 13:48:48 executing program 4: 13:48:48 executing program 2: 13:48:48 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000802, &(0x7f0000001040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) r1 = dup2(r0, r0) ppoll(&(0x7f0000000340)=[{r1}], 0x1, 0x0, 0x0, 0x0) shutdown(r0, 0x1) 13:48:48 executing program 3: 13:48:48 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) r1 = socket$inet_udp(0x2, 0x2, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000001ec0)={0x0, 0x12}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) dup2(r1, r0) tkill(r2, 0x15) 13:48:48 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000000907041dfffd946fa2830020200a0009000100008b2f8ddb1baba20400ff7e28000000110affffba010000000009b356da5a80d18be24c8546c8243929db2406b20cd37ed01cc0", 0x4c}], 0x1}, 0x0) 13:48:49 executing program 2: 13:48:49 executing program 4: 13:48:49 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x20000802, &(0x7f0000001040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) r1 = dup2(r0, r0) ppoll(&(0x7f0000000340)=[{r1}], 0x1, 0x0, 0x0, 0x0) shutdown(r0, 0x1) 13:48:49 executing program 3: 13:48:49 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c) r1 = socket$inet(0x10, 0x2, 0xc) sendmsg(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000000907041dfffd946fa2830020200a0009000100008b2f8ddb1baba20400ff7e28000000110affffba010000000009b356da5a80d18be24c8546c8243929db2406b20cd37ed01cc0", 0x4c}], 0x1}, 0x0) 13:48:49 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) r1 = socket$inet_udp(0x2, 0x2, 0x0) read$FUSE(r0, 0x0, 0x0) r2 = gettid() timer_create(0x0, 0x0, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) dup2(r1, r0) tkill(r2, 0x15) 13:48:49 executing program 4: [ 396.453534] netlink: 20 bytes leftover after parsing attributes in process `syz-executor0'. 13:48:49 executing program 2: 13:48:49 executing program 3: 13:48:49 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c) r1 = socket$inet(0x10, 0x2, 0xc) sendmsg(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000000907041dfffd946fa2830020200a0009000100008b2f8ddb1baba20400ff7e28000000110affffba010000000009b356da5a80d18be24c8546c8243929db2406b20cd37ed01cc0", 0x4c}], 0x1}, 0x0) 13:48:49 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) r1 = socket$inet_udp(0x2, 0x2, 0x0) read$FUSE(r0, 0x0, 0x0) r2 = gettid() timer_create(0x0, 0x0, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) dup2(r1, r0) tkill(r2, 0x15) 13:48:50 executing program 4: 13:48:50 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x20000802, &(0x7f0000001040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) r1 = dup2(r0, r0) ppoll(&(0x7f0000000340)=[{r1}], 0x1, 0x0, 0x0, 0x0) shutdown(r0, 0x1) [ 396.963407] netlink: 20 bytes leftover after parsing attributes in process `syz-executor0'. 13:48:50 executing program 2: 13:48:50 executing program 3: 13:48:50 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c) r1 = socket$inet(0x10, 0x2, 0xc) sendmsg(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000000907041dfffd946fa2830020200a0009000100008b2f8ddb1baba20400ff7e28000000110affffba010000000009b356da5a80d18be24c8546c8243929db2406b20cd37ed01cc0", 0x4c}], 0x1}, 0x0) [ 397.424274] netlink: 20 bytes leftover after parsing attributes in process `syz-executor0'. 13:48:50 executing program 4: 13:48:50 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x20000802, &(0x7f0000001040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) r1 = dup2(r0, r0) ppoll(&(0x7f0000000340)=[{r1}], 0x1, 0x0, 0x0, 0x0) shutdown(r0, 0x1) 13:48:50 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) r1 = socket$inet_udp(0x2, 0x2, 0x0) read$FUSE(r0, 0x0, 0x0) r2 = gettid() timer_create(0x0, 0x0, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) dup2(r1, r0) tkill(r2, 0x15) 13:48:50 executing program 2: 13:48:50 executing program 3: 13:48:50 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$inet(0x10, 0x2, 0xc) sendmsg(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000000907041dfffd946fa2830020200a0009000100008b2f8ddb1baba20400ff7e28000000110affffba010000000009b356da5a80d18be24c8546c8243929db2406b20cd37ed01cc0", 0x4c}], 0x1}, 0x0) 13:48:51 executing program 4: 13:48:51 executing program 2: [ 398.132886] netlink: 20 bytes leftover after parsing attributes in process `syz-executor0'. 13:48:51 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) r1 = socket$inet_udp(0x2, 0x2, 0x0) read$FUSE(r0, 0x0, 0x0) r2 = gettid() timer_create(0x0, &(0x7f0000001ec0), &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) dup2(r1, r0) tkill(r2, 0x15) 13:48:51 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000802, &(0x7f0000001040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) r1 = dup2(r0, r0) ppoll(&(0x7f0000000340)=[{r1}], 0x1, 0x0, 0x0, 0x0) shutdown(r0, 0x1) 13:48:51 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSTI(r0, 0x5412, 0xfffffffffffff2de) 13:48:51 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 13:48:51 executing program 0: ioctl(0xffffffffffffffff, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r0 = socket$inet(0x10, 0x2, 0xc) sendmsg(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000000907041dfffd946fa2830020200a0009000100008b2f8ddb1baba20400ff7e28000000110affffba010000000009b356da5a80d18be24c8546c8243929db2406b20cd37ed01cc0", 0x4c}], 0x1}, 0x0) 13:48:51 executing program 3: setitimer(0x1, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) [ 398.695923] binder: 9315:9317 got transaction with invalid offset (0, min 0 max 24) or object. [ 398.705129] binder: 9315:9317 transaction failed 29201/-22, size 24-8 line 3036 [ 398.705388] netlink: 20 bytes leftover after parsing attributes in process `syz-executor0'. 13:48:51 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000802, &(0x7f0000001040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) r1 = dup2(r0, r0) ppoll(&(0x7f0000000340)=[{r1}], 0x1, 0x0, 0x0, 0x0) shutdown(r0, 0x1) [ 398.774980] syz-executor3 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 398.804435] binder_alloc: binder_alloc_mmap_handler: 9315 20001000-20004000 already mapped failed -16 [ 398.841240] binder: BINDER_SET_CONTEXT_MGR already set [ 398.846918] binder: 9315:9317 ioctl 40046207 0 returned -16 [ 398.903197] binder_alloc: 9315: binder_alloc_buf, no vma [ 398.908768] binder: 9315:9326 transaction failed 29189/-3, size 24-8 line 2973 13:48:52 executing program 0: ioctl(0xffffffffffffffff, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r0 = socket$inet(0x10, 0x2, 0xc) sendmsg(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000000907041dfffd946fa2830020200a0009000100008b2f8ddb1baba20400ff7e28000000110affffba010000000009b356da5a80d18be24c8546c8243929db2406b20cd37ed01cc0", 0x4c}], 0x1}, 0x0) 13:48:52 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x2000020000000c) sendmsg$IPVS_CMD_SET_DEST(r0, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="280029bd7000fcdbdf2506000000080005000400000014000200080002004e20000008000600000000000800050001000000"], 0x1}, 0x1, 0x0, 0x0, 0x4000000}, 0x80) write$UHID_CREATE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 'syz0\x00', 'syz0\x00', 'syz0\x00', &(0x7f0000000140)=""/241, 0xf1}, 0x120) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000001800)) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='ip6tnl0\x00', 0x10) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4) connect$inet(r1, &(0x7f0000000200)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x4000000000001a8, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x400100) 13:48:52 executing program 3: r0 = socket(0x200000000000011, 0x4000000000080002, 0xdd86) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f00000001c0)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @dev}, 0x14) write(r0, 0x0, 0x0) [ 399.106662] netlink: 20 bytes leftover after parsing attributes in process `syz-executor0'. 13:48:52 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000802, &(0x7f0000001040)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) r1 = dup2(r0, r0) ppoll(&(0x7f0000000340)=[{r1}], 0x1, 0x0, 0x0, 0x0) shutdown(r0, 0x1) 13:48:52 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) [ 399.492575] binder: 9341:9345 ioctl c0306201 0 returned -14 [ 399.567825] binder: BINDER_SET_CONTEXT_MGR already set [ 399.573444] binder: 9341:9346 ioctl 40046207 0 returned -16 [ 399.610086] ================================================================== [ 399.617535] BUG: KMSAN: uninit-value in vti6_tnl_xmit+0x521/0x2960 [ 399.623908] CPU: 0 PID: 9340 Comm: syz-executor3 Not tainted 4.20.0-rc3+ #106 [ 399.631189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 399.640574] Call Trace: [ 399.643230] dump_stack+0x32d/0x480 [ 399.646890] ? vti6_tnl_xmit+0x521/0x2960 [ 399.651093] kmsan_report+0x12d/0x290 [ 399.654953] __msan_warning+0x76/0xc0 [ 399.658818] vti6_tnl_xmit+0x521/0x2960 [ 399.662841] ? __msan_poison_alloca+0x1e0/0x270 [ 399.667609] ? validate_xmit_xfrm+0x99/0x14e0 [ 399.672151] ? __msan_poison_alloca+0x1e0/0x270 [ 399.676898] ? vti6_dev_uninit+0x670/0x670 [ 399.681161] dev_hard_start_xmit+0x6dc/0xde0 [ 399.685660] __dev_queue_xmit+0x2d9e/0x3e00 [ 399.690067] dev_queue_xmit+0x4b/0x60 [ 399.693921] ? __netdev_pick_tx+0x14c0/0x14c0 [ 399.698450] packet_sendmsg+0x84b3/0x9180 [ 399.702636] ? kmsan_memcpy_memmove_metadata+0x1a9/0xf70 [ 399.708121] ? kmsan_memcpy_metadata+0xb/0x10 [ 399.712646] ? sock_write_iter+0x102/0x4f0 [ 399.716931] ? __se_sys_write+0x17a/0x370 [ 399.721138] ? do_syscall_64+0xcd/0x110 [ 399.725165] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 399.730593] ? drop_futex_key_refs+0x212/0x340 [ 399.735245] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 399.740737] ? compat_packet_setsockopt+0x360/0x360 [ 399.745789] sock_write_iter+0x3f4/0x4f0 [ 399.749929] ? sock_read_iter+0x4e0/0x4e0 [ 399.754118] __vfs_write+0x888/0xb80 [ 399.757913] vfs_write+0x4b4/0x900 [ 399.761528] __se_sys_write+0x17a/0x370 [ 399.765594] __x64_sys_write+0x4a/0x70 [ 399.769523] do_syscall_64+0xcd/0x110 [ 399.773377] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 399.778609] RIP: 0033:0x457569 [ 399.781870] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 399.800822] RSP: 002b:00007f708f7d1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 399.808591] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 399.815920] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 399.823235] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 399.830525] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f708f7d26d4 [ 399.837849] R13: 00000000004c2bb4 R14: 00000000004d9440 R15: 00000000ffffffff [ 399.845158] [ 399.846788] Uninit was created at: [ 399.850411] kmsan_internal_poison_shadow+0x92/0x150 [ 399.855551] kmsan_kmalloc+0xa1/0x100 [ 399.859388] kmsan_slab_alloc+0xe/0x10 [ 399.863319] __kmalloc_node_track_caller+0x1017/0x1360 [ 399.868617] __alloc_skb+0x42b/0xeb0 [ 399.872370] alloc_skb_with_frags+0x1c9/0xa80 [ 399.876935] sock_alloc_send_pskb+0xde3/0x13f0 [ 399.881537] packet_sendmsg+0x6698/0x9180 [ 399.885716] sock_write_iter+0x3f4/0x4f0 [ 399.889862] __vfs_write+0x888/0xb80 [ 399.893607] vfs_write+0x4b4/0x900 [ 399.897175] __se_sys_write+0x17a/0x370 [ 399.901208] __x64_sys_write+0x4a/0x70 [ 399.905125] do_syscall_64+0xcd/0x110 [ 399.908954] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 399.914159] ================================================================== [ 399.921533] Disabling lock debugging due to kernel taint [ 399.927007] Kernel panic - not syncing: panic_on_warn set ... [ 399.932953] CPU: 0 PID: 9340 Comm: syz-executor3 Tainted: G B 4.20.0-rc3+ #106 [ 399.941631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 399.951031] Call Trace: [ 399.953663] dump_stack+0x32d/0x480 [ 399.957350] panic+0x5db/0xbb8 [ 399.960671] kmsan_report+0x290/0x290 [ 399.964517] __msan_warning+0x76/0xc0 [ 399.968376] vti6_tnl_xmit+0x521/0x2960 [ 399.972381] ? __msan_poison_alloca+0x1e0/0x270 [ 399.977102] ? validate_xmit_xfrm+0x99/0x14e0 [ 399.981659] ? __msan_poison_alloca+0x1e0/0x270 [ 399.986382] ? vti6_dev_uninit+0x670/0x670 [ 399.990653] dev_hard_start_xmit+0x6dc/0xde0 [ 399.995145] __dev_queue_xmit+0x2d9e/0x3e00 [ 399.999569] dev_queue_xmit+0x4b/0x60 [ 400.003404] ? __netdev_pick_tx+0x14c0/0x14c0 [ 400.007943] packet_sendmsg+0x84b3/0x9180 [ 400.012125] ? kmsan_memcpy_memmove_metadata+0x1a9/0xf70 [ 400.017623] ? kmsan_memcpy_metadata+0xb/0x10 [ 400.022145] ? sock_write_iter+0x102/0x4f0 [ 400.026408] ? __se_sys_write+0x17a/0x370 [ 400.030599] ? do_syscall_64+0xcd/0x110 [ 400.034626] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 400.040052] ? drop_futex_key_refs+0x212/0x340 [ 400.044708] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 400.050274] ? compat_packet_setsockopt+0x360/0x360 [ 400.055348] sock_write_iter+0x3f4/0x4f0 [ 400.059470] ? sock_read_iter+0x4e0/0x4e0 [ 400.063645] __vfs_write+0x888/0xb80 [ 400.067678] vfs_write+0x4b4/0x900 [ 400.071295] __se_sys_write+0x17a/0x370 [ 400.075327] __x64_sys_write+0x4a/0x70 [ 400.079251] do_syscall_64+0xcd/0x110 [ 400.083093] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 400.088322] RIP: 0033:0x457569 [ 400.091551] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 400.110516] RSP: 002b:00007f708f7d1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 400.118297] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 400.125587] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 400.132880] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 400.140190] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f708f7d26d4 [ 400.147486] R13: 00000000004c2bb4 R14: 00000000004d9440 R15: 00000000ffffffff [ 400.155954] Kernel Offset: disabled [ 400.159596] Rebooting in 86400 seconds..