[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 26.452175] kauditd_printk_skb: 7 callbacks suppressed [ 26.452186] audit: type=1800 audit(1539793652.191:29): pid=5203 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 26.485697] audit: type=1800 audit(1539793652.201:30): pid=5203 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.15' (ECDSA) to the list of known hosts. 2018/10/17 16:27:55 fuzzer started 2018/10/17 16:27:57 dialing manager at 10.128.0.26:37173 2018/10/17 16:27:57 syscalls: 1 2018/10/17 16:27:57 code coverage: enabled 2018/10/17 16:27:57 comparison tracing: enabled 2018/10/17 16:27:57 setuid sandbox: enabled 2018/10/17 16:27:57 namespace sandbox: enabled 2018/10/17 16:27:57 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/17 16:27:57 fault injection: enabled 2018/10/17 16:27:57 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/17 16:27:57 net packed injection: enabled 2018/10/17 16:27:57 net device setup: enabled 16:29:51 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$nl_crypto(0x10, 0x3, 0x15) r1 = socket(0xa, 0x3, 0x8) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000180)={"6272696467653000000100"}) syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000400)={0x0, @in6={{0xa, 0x0, 0x3ff, @mcast1}}}, 0x84) dup3(r1, r0, 0x80000) sendmsg$inet_sctp(r1, &(0x7f0000000740)={&(0x7f0000000000)=@in={0x2, 0x4e22, @local}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000540)="ded53cbe5fd594b188b1378f4c63ff1268fa9574088c5d11039445ffd96b42fd62e8d4da334357a8b7485a5137aace9366cf36174800403ab3c257735b357a982e8c7de7c3764afb", 0x48}], 0x1, &(0x7f0000000600), 0x0, 0x20008010}, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000003c0)={@loopback, 0x7, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x20) getxattr(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)=@known='security.apparmor\x00', &(0x7f0000000240)=""/30, 0x1e) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000640)={{{@in, @in6=@mcast1, 0x4e22, 0x0, 0x4e21, 0x0, 0x0, 0x80}, {0xb4, 0xffffffff, 0x0, 0x0, 0x0, 0x400, 0x0, 0x9}, {0x0, 0x0, 0x7}, 0x0, 0x6e6bb5, 0x1}, {{@in6=@mcast2, 0x4d6, 0x3c}, 0x0, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0xc723, 0x0, 0x20}}, 0xe8) getsockopt$inet_pktinfo(0xffffffffffffff9c, 0x0, 0x8, &(0x7f0000003a40)={0x0, @broadcast, @loopback}, &(0x7f0000003a80)=0xc) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/nat_icmp_send\x00', 0x2, 0x0) syzkaller login: [ 166.317181] IPVS: ftp: loaded support on port[0] = 21 16:29:52 executing program 1: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000f80)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) [ 166.563754] IPVS: ftp: loaded support on port[0] = 21 16:29:52 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000001080)={0x2, 0x4e20, @local}, 0x10) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000010c0)=0x19ff, 0x4) sendmmsg(r0, &(0x7f0000005d40)=[{{0x0, 0x0, &(0x7f0000004000), 0x0, &(0x7f0000004040)=[{0x10, 0x1, 0x7f}], 0x10}}], 0x1, 0x40801) setsockopt$packet_drop_memb(0xffffffffffffffff, 0x107, 0x2, &(0x7f0000006340)={0x0, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x10) [ 166.832492] IPVS: ftp: loaded support on port[0] = 21 16:29:52 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0xe6) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'veth0_to_team\x00', 0x0}) sendmmsg(r0, &(0x7f0000008780)=[{{&(0x7f0000000080)=@hci={0x1f, r1}, 0x80, &(0x7f00000002c0), 0x0, &(0x7f00000004c0)=[{0x10}], 0x10, 0x4}, 0x23bb}], 0x1, 0x0) [ 167.312360] IPVS: ftp: loaded support on port[0] = 21 16:29:53 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, &(0x7f0000000500)="0f0866b8ed008ec066ba4000b000eed2a807000000410f01cab98e0b0000b862000000ba000000000f30b90b0800000f320fc72a8f2a60128f00000000003000000fc7aa00100000", 0x48}], 0x1, 0x0, &(0x7f0000000080), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000002c0)=[@text64={0x40, &(0x7f00000001c0)="650fc75c276766b882000f00d0c4423d3c56eef22ede9a002000000f01cf0f3042802100660f38802afb0f23d4", 0x2d}], 0x1, 0xffffffffffffffff, &(0x7f0000000040), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, &(0x7f0000000300)="450f09660f72d1ed0f01cfc443f909dca8c74424000d010000c7442402bc330000ff2c2466460f388044830f3e67420ff1ad0055000048b841000000000000000f23d80f21f835400000700f23f8470f01ca470f07", 0x55}], 0xed, 0x0, &(0x7f0000000180), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 167.891960] IPVS: ftp: loaded support on port[0] = 21 [ 168.078700] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.109715] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.125066] device bridge_slave_0 entered promiscuous mode 16:29:53 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(hmac(sha256-generic))\x00'}, 0x58) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="506ef3bc3bd5cd07447e13c07d2fe6cd28c61c377a9218f0377481275070008a9979cf202dc1b728b78d08f5b9a707aa060a2a6db18ee97641038d2e3b6d1d5050dd77bf608c1641f9f4220bafc779316ec719c666129ab72060e31a462b7d233ba51dec620de4f791465b3e1baebf1cc94f24341923d31c", 0x78) [ 168.316338] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.323573] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.352319] device bridge_slave_1 entered promiscuous mode [ 168.449064] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.462319] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.479069] device bridge_slave_0 entered promiscuous mode [ 168.482196] IPVS: ftp: loaded support on port[0] = 21 [ 168.498792] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 168.621612] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.632387] bridge0: port 2(bridge_slave_1) entered disabled state [ 168.640124] device bridge_slave_1 entered promiscuous mode [ 168.662112] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 168.758001] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 168.829646] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 168.952040] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.966873] bridge0: port 1(bridge_slave_0) entered disabled state [ 168.976682] device bridge_slave_0 entered promiscuous mode [ 169.092209] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 169.106880] bridge0: port 2(bridge_slave_1) entered blocking state [ 169.113342] bridge0: port 2(bridge_slave_1) entered disabled state [ 169.129166] device bridge_slave_1 entered promiscuous mode [ 169.262128] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 169.284690] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 169.295431] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 169.394616] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 169.414228] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 169.530785] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 169.546542] bridge0: port 1(bridge_slave_0) entered blocking state [ 169.557800] bridge0: port 1(bridge_slave_0) entered disabled state [ 169.575352] device bridge_slave_0 entered promiscuous mode [ 169.584317] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 169.592844] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 169.612177] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 169.694525] bridge0: port 2(bridge_slave_1) entered blocking state [ 169.702440] bridge0: port 2(bridge_slave_1) entered disabled state [ 169.724835] device bridge_slave_1 entered promiscuous mode [ 169.738493] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 169.754956] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 169.886255] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 169.909785] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 169.924643] team0: Port device team_slave_0 added [ 169.941203] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 169.971847] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 170.076273] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 170.091125] team0: Port device team_slave_1 added [ 170.116006] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 170.134579] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 170.143112] team0: Port device team_slave_0 added [ 170.218091] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 170.246965] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 170.264641] team0: Port device team_slave_1 added [ 170.281439] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.295660] bridge0: port 1(bridge_slave_0) entered disabled state [ 170.313976] device bridge_slave_0 entered promiscuous mode [ 170.354554] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 170.364490] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 170.392453] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 170.449969] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 170.461931] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 170.472424] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 170.486620] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 170.503979] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 170.520819] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 170.538524] bridge0: port 2(bridge_slave_1) entered blocking state [ 170.545663] bridge0: port 2(bridge_slave_1) entered disabled state [ 170.559830] device bridge_slave_1 entered promiscuous mode [ 170.567043] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 170.580930] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 170.593209] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 170.627757] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 170.645035] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 170.653895] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 170.661823] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 170.686133] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 170.704476] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 170.725225] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 170.736492] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 170.759865] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 170.798815] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 170.815095] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 170.829483] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 170.846522] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 170.854041] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 170.878327] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 170.907855] bridge0: port 1(bridge_slave_0) entered blocking state [ 170.934374] bridge0: port 1(bridge_slave_0) entered disabled state [ 170.941863] device bridge_slave_0 entered promiscuous mode [ 171.039388] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 171.064722] team0: Port device team_slave_0 added [ 171.076029] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.082485] bridge0: port 2(bridge_slave_1) entered disabled state [ 171.104803] device bridge_slave_1 entered promiscuous mode [ 171.188253] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 171.220507] team0: Port device team_slave_1 added [ 171.241422] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 171.261970] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 171.289031] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 171.317621] team0: Port device team_slave_0 added [ 171.356481] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 171.376237] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 171.401554] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 171.479464] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 171.486678] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 171.500793] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 171.521342] team0: Port device team_slave_1 added [ 171.531703] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 171.554576] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 171.562544] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 171.588859] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 171.609676] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 171.646719] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 171.662109] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 171.679944] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 171.729064] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 171.739938] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 171.750666] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 171.800516] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 171.815116] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 171.823100] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 171.869961] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 171.882282] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 171.917921] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 171.944855] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 171.968731] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 172.004709] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 172.024596] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 172.052575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 172.115984] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.122519] bridge0: port 2(bridge_slave_1) entered forwarding state [ 172.129624] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.136078] bridge0: port 1(bridge_slave_0) entered forwarding state [ 172.159959] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 172.170632] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 172.179965] team0: Port device team_slave_0 added [ 172.197309] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 172.227374] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 172.238885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 172.351702] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 172.374654] team0: Port device team_slave_1 added [ 172.444089] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 172.504391] bridge0: port 2(bridge_slave_1) entered blocking state [ 172.510801] bridge0: port 2(bridge_slave_1) entered forwarding state [ 172.517520] bridge0: port 1(bridge_slave_0) entered blocking state [ 172.523921] bridge0: port 1(bridge_slave_0) entered forwarding state [ 172.543270] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 172.552921] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 172.573822] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 172.583001] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 172.694230] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 172.701108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 172.722937] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 172.755924] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 172.763359] team0: Port device team_slave_0 added [ 172.845216] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 172.852704] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 172.864836] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 172.908794] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 172.924751] team0: Port device team_slave_1 added [ 172.971520] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 172.997987] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 173.014482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 173.040896] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 173.154450] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 173.257363] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 173.268772] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 173.294453] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 173.394385] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 173.401559] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 173.413439] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 173.427552] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.433992] bridge0: port 2(bridge_slave_1) entered forwarding state [ 173.440666] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.447083] bridge0: port 1(bridge_slave_0) entered forwarding state [ 173.455213] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 173.475471] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 173.490381] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 173.828167] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.834616] bridge0: port 2(bridge_slave_1) entered forwarding state [ 173.841530] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.847964] bridge0: port 1(bridge_slave_0) entered forwarding state [ 173.863955] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 174.444753] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.451175] bridge0: port 2(bridge_slave_1) entered forwarding state [ 174.457897] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.464318] bridge0: port 1(bridge_slave_0) entered forwarding state [ 174.473297] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 174.544306] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 174.551593] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 174.742174] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.748608] bridge0: port 2(bridge_slave_1) entered forwarding state [ 174.755340] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.761715] bridge0: port 1(bridge_slave_0) entered forwarding state [ 174.778975] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 175.610126] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 177.521954] 8021q: adding VLAN 0 to HW filter on device bond0 [ 177.951617] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 177.975520] 8021q: adding VLAN 0 to HW filter on device bond0 [ 178.306482] 8021q: adding VLAN 0 to HW filter on device bond0 [ 178.444651] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 178.456532] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 178.464623] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 178.486661] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 178.716932] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 178.907824] 8021q: adding VLAN 0 to HW filter on device team0 [ 178.961563] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 178.974120] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 178.984679] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 179.195118] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 179.201420] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 179.214480] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 179.350820] 8021q: adding VLAN 0 to HW filter on device bond0 [ 179.374362] 8021q: adding VLAN 0 to HW filter on device bond0 [ 179.472791] 8021q: adding VLAN 0 to HW filter on device team0 [ 179.714148] 8021q: adding VLAN 0 to HW filter on device team0 [ 179.796644] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 179.850199] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 179.888409] 8021q: adding VLAN 0 to HW filter on device bond0 [ 180.236495] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 180.249752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 180.260290] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 180.289782] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 180.328814] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 180.337985] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 180.361174] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 180.673044] 8021q: adding VLAN 0 to HW filter on device team0 [ 180.744954] 8021q: adding VLAN 0 to HW filter on device team0 [ 180.868623] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 180.893814] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 180.900940] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 181.270639] 8021q: adding VLAN 0 to HW filter on device team0 16:30:07 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000040)=0x7, 0x4) read(r0, &(0x7f0000000080)=""/116, 0x12) 16:30:08 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000300)="6e65742f6970365f666c6f776c6162656c0096126ada45462dcf66fa6617b8e421f0ce71dd359c247db4079e68aa2caa5a9ccf86128ce17c8b729b1309b0fdf33a") getsockopt$IP_VS_SO_GET_VERSION(r0, 0x0, 0x480, &(0x7f0000000000), &(0x7f0000000040)=0x40) sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={&(0x7f0000000080)=@can, 0x80, &(0x7f0000000540), 0x0, &(0x7f00000001c0)=ANY=[]}, 0x0) socketpair$unix(0x1, 0x4000001, 0x0, &(0x7f0000000140)) preadv(r0, &(0x7f00000017c0), 0x1fe, 0x400000000000) [ 182.568900] hrtimer: interrupt took 34978 ns 16:30:08 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='\x00\x00\x00\x00\x00') r2 = openat$cgroup_ro(r1, &(0x7f0000000200)="6d656d0001792e737761532e63757272656e7400", 0x0, 0x0) sendfile(0xffffffffffffffff, r2, &(0x7f0000000000)=0xfffffffffffffffc, 0x0) [ 182.602317] bridge0: port 2(bridge_slave_1) entered disabled state [ 182.613369] bridge0: port 1(bridge_slave_0) entered disabled state 16:30:08 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$nl_crypto(0x10, 0x3, 0x15) r1 = socket(0xa, 0x3, 0x8) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000180)={"6272696467653000000100"}) syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000400)={0x0, @in6={{0xa, 0x0, 0x3ff, @mcast1}}}, 0x84) dup3(r1, r0, 0x80000) sendmsg$inet_sctp(r1, &(0x7f0000000740)={&(0x7f0000000000)=@in={0x2, 0x4e22, @local}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000540)="ded53cbe5fd594b188b1378f4c63ff1268fa9574088c5d11039445ffd96b42fd62e8d4da334357a8b7485a5137aace9366cf36174800403ab3c257735b357a982e8c7de7c3764afb", 0x48}], 0x1, &(0x7f0000000600), 0x0, 0x20008010}, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000003c0)={@loopback, 0x7, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x20) getxattr(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)=@known='security.apparmor\x00', &(0x7f0000000240)=""/30, 0x1e) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000640)={{{@in, @in6=@mcast1, 0x4e22, 0x0, 0x4e21, 0x0, 0x0, 0x80}, {0xb4, 0xffffffff, 0x0, 0x0, 0x0, 0x400, 0x0, 0x9}, {0x0, 0x0, 0x7}, 0x0, 0x6e6bb5, 0x1}, {{@in6=@mcast2, 0x4d6, 0x3c}, 0x0, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0xc723, 0x0, 0x20}}, 0xe8) getsockopt$inet_pktinfo(0xffffffffffffff9c, 0x0, 0x8, &(0x7f0000003a40)={0x0, @broadcast, @loopback}, &(0x7f0000003a80)=0xc) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/nat_icmp_send\x00', 0x2, 0x0) 16:30:08 executing program 1: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080), 0xc, &(0x7f0000000680)={&(0x7f0000000240)=ANY=[@ANYBLOB="240000002a000901000000000000000000000000100000000400000008000000440113fb4b8322f9de95793da4c266fe3414c90bf9f075d4f957885d9f25606afb79ef135284198cb137dac63a0a97fbdfe57603f8dd1f9396d7c9f7d9808e08ceb8e7f7760a35cb4d8d467a2aead48854117a883fddddeee07aa2ded96938", @ANYRES32=0x0], 0x2}}, 0x0) r0 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x492492492492805, 0x0) [ 182.751172] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 16:30:08 executing program 2: r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="070000000010"]) 16:30:08 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f00000000c0)='\x00', 0x1) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10) 16:30:08 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000540)={&(0x7f0000000000), 0xc, &(0x7f0000000500)={&(0x7f0000000080)=@newlink={0x20, 0x10, 0xf31}, 0x20}}, 0x0) 16:30:09 executing program 1: mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x2000007, 0x6031, 0xffffffffffffffff, 0x0) fcntl$getflags(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mremap(&(0x7f00008da000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000cd5000/0x4000)=nil) [ 183.556193] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 16:30:09 executing program 3: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f00000001c0)=@srh, 0x8) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x6, &(0x7f0000000780), 0x0) getresuid(&(0x7f0000002980), &(0x7f00000029c0), &(0x7f0000002a00)) getresgid(&(0x7f0000002a40), &(0x7f0000002a80), &(0x7f0000002ac0)) getpid() getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000002b00), &(0x7f0000002b40)=0xc) ioctl$IOC_PR_PREEMPT_ABORT(0xffffffffffffffff, 0x401870cc, &(0x7f00000001c0)) perf_event_open(&(0x7f00000002c0)={0x0, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 16:30:09 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_inet_SIOCSIFPFLAGS(r0, 0x8934, &(0x7f0000000100)={'nr0\x00', 0xccc}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='\x00\x00\x00\x00\x00') r4 = openat$cgroup_ro(r3, &(0x7f0000000200)="6d656d0001792e737761532e63757272656e7400", 0x0, 0x0) sendfile(0xffffffffffffffff, r4, &(0x7f0000000000)=0xfffffffffffffffc, 0x9) close(r2) io_setup(0x7, &(0x7f0000000240)) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r5) mkdir(&(0x7f0000000240)='./control\x00', 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./control\x00', 0x0, 0x0) r6 = open(&(0x7f00000001c0)='./control\x00', 0x0, 0x0) unlinkat(r6, &(0x7f0000000180)='./file0\x00', 0x200) 16:30:09 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(hmac(sha256-generic))\x00'}, 0x58) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="f224bc258592944f19f5d04abc9f894b9362f5eecbdfff4344018c96965b9107e9dd529953241da8edc5b9e4e94a8b87d251d3ea128a7c12903cd66c7956e8ceb9b4ddad9d6acfc8e877b4069282ee7c4098f0e3f3315e90b2d21695111a6752baec05084848d2a52c2432c7d052c1d81363bdb4bb4b6955990dab063fdbf078799026c6d9c0520f9f80eb6b86e6a43f30b14856ea5f0a399f4fc5b6b8957d5ad3579838b5abe91bbf09de6223c73d51b59c7ec7cb2c045e4c289074ea469842a73c41197331286f4aa1db6c4d8576c1da0b2ed17b1e509d7b43d16a3f65920fd02e6e09f8d75a152a9d3c7dced678b6e1a8b6584964a589", 0xf8) 16:30:09 executing program 1: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000040), 0xc, &(0x7f0000000080)={&(0x7f0000000000)={0x14, 0x15}, 0x14}}, 0x0) read(r0, &(0x7f0000000200)=""/250, 0x4ba09e13) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000000), 0x0) 16:30:09 executing program 4: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000000400)="e83779d80efa45bb7f48bebc95870bd0cd39bd2830ee47afe7b33fc778bde252c50d2e", 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x1) r2 = dup2(r1, r0) perf_event_open(&(0x7f0000000280)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0xffffffff}, 0x0, 0x0, 0xffffffffffffff9c, 0x1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000000c0)={0x0, 0x0, 0x0, "7175657565310000000000000000313b0000000000000000000000000000000000000000060000000000ccbf7ddd00"}) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5334, &(0x7f00000001c0)={0xf48b, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}], 0xffffff76) mmap(&(0x7f0000011000/0x6000)=nil, 0x6000, 0x0, 0x32, 0xffffffffffffffff, 0x0) ioctl$SNDRV_CTL_IOCTL_PVERSION(r2, 0x80045500, &(0x7f0000000180)) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000380)=[{}], 0x1) 16:30:09 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(0xffffffffffffffff, 0x891b, &(0x7f0000000100)={'irlan0\x00', {0x2, 0x0, @dev}}) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x38, 0x10, 0xf0b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, @gre={{0x8, 0x1, 'gre\x00'}, {0xc, 0x2, [@IFLA_GRE_LOCAL={0x8, 0x2, @rand_addr=0x3f000000}]}}}]}, 0x38}}, 0x0) 16:30:09 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$sock_SIOCGSKNS(0xffffffffffffffff, 0x894c, &(0x7f0000000580)) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000140)=0x75, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000340)='bbr\x00', 0xfeb5) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x1000}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x100) [ 183.821280] netlink: 'syz-executor5': attribute type 2 has an invalid length. 16:30:09 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x6, 0x0) alarm(0xdb2) socket$vsock_stream(0x28, 0x1, 0x0) [ 183.902030] netlink: 'syz-executor5': attribute type 2 has an invalid length. 16:30:09 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) recvmmsg(r0, &(0x7f0000000500)=[{{0x0, 0x0, &(0x7f0000000080)}}], 0x1, 0x40002000, &(0x7f00000005c0)) 16:30:09 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(0xffffffffffffffff, 0x891b, &(0x7f0000000100)={'irlan0\x00', {0x2, 0x0, @dev}}) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x38, 0x10, 0xf0b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, @gre={{0x8, 0x1, 'gre\x00'}, {0xc, 0x2, [@IFLA_GRE_LOCAL={0x8, 0x2, @rand_addr=0x3f000000}]}}}]}, 0x38}}, 0x0) 16:30:09 executing program 0: r0 = socket$packet(0x11, 0x4000000000000003, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bond0\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000080)={r1, 0x3, 0x6}, 0x10) 16:30:09 executing program 4: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$nl_crypto(0x10, 0x3, 0x15) r1 = socket(0xa, 0x3, 0x8) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x89a1, &(0x7f0000000180)={"6272696467653000000100"}) syz_open_dev$sndctrl(&(0x7f00000000c0)='/dev/snd/controlC#\x00', 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f0000000400)={0x0, @in6={{0xa, 0x0, 0x3ff, @mcast1}}}, 0x84) dup3(r1, r0, 0x80000) sendmsg$inet_sctp(r1, &(0x7f0000000740)={&(0x7f0000000000)=@in={0x2, 0x4e22, @local}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000540)="ded53cbe5fd594b188b1378f4c63ff1268fa9574088c5d11039445ffd96b42fd62e8d4da334357a8b7485a5137aace9366cf36174800403ab3c257735b357a982e8c7de7c3764afb", 0x48}], 0x1, &(0x7f0000000600), 0x0, 0x20008010}, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000003c0)={@loopback, 0x7, 0x0, 0x0, 0x0, 0x0, 0x1000}, 0x20) getxattr(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)=@known='security.apparmor\x00', &(0x7f0000000240)=""/30, 0x1e) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000640)={{{@in, @in6=@mcast1, 0x4e22, 0x0, 0x4e21, 0x0, 0x0, 0x80}, {0xb4, 0xffffffff, 0x0, 0x0, 0x0, 0x400, 0x0, 0x9}, {0x0, 0x0, 0x7}, 0x0, 0x6e6bb5, 0x1}, {{@in6=@mcast2, 0x4d6, 0x3c}, 0x0, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0xc723, 0x0, 0x20}}, 0xe8) getsockopt$inet_pktinfo(0xffffffffffffff9c, 0x0, 0x8, &(0x7f0000003a40)={0x0, @broadcast, @loopback}, &(0x7f0000003a80)=0xc) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/nat_icmp_send\x00', 0x2, 0x0) [ 184.086744] netlink: 'syz-executor5': attribute type 2 has an invalid length. [ 184.165373] device bond_slave_0 entered promiscuous mode [ 184.171165] device bond_slave_1 entered promiscuous mode [ 184.244612] device bond_slave_0 left promiscuous mode [ 184.250065] device bond_slave_1 left promiscuous mode 16:30:10 executing program 3: tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) 16:30:10 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(0xffffffffffffffff, 0x891b, &(0x7f0000000100)={'irlan0\x00', {0x2, 0x0, @dev}}) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x38, 0x10, 0xf0b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, @gre={{0x8, 0x1, 'gre\x00'}, {0xc, 0x2, [@IFLA_GRE_LOCAL={0x8, 0x2, @rand_addr=0x3f000000}]}}}]}, 0x38}}, 0x0) 16:30:10 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r1) mkdir(&(0x7f0000000240)='./control\x00', 0x0) rmdir(&(0x7f0000000080)='./control\x00') 16:30:10 executing program 4: ioctl$TCGETA(0xffffffffffffffff, 0x5405, &(0x7f0000000200)) syz_open_dev$mice(&(0x7f0000000100)='/dev/input/mice\x00', 0x0, 0x200800) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_create(0x7, &(0x7f0000000000)={0x0, 0x0, 0x0, @thr={&(0x7f0000000040), &(0x7f0000000140)}}, &(0x7f0000044000)) sync_file_range(0xffffffffffffffff, 0x1, 0x2, 0x5) syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0) r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x20000000) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, &(0x7f00004d4000)=@nl=@proc, &(0x7f0000000000)=0x80, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, &(0x7f00000000c0)}) setsockopt$inet6_int(r2, 0x29, 0x0, &(0x7f0000000040)=0x100000000001f, 0x87) sendmmsg(r2, &(0x7f0000003d40)=[{{&(0x7f0000001b00)=@l2={0x1f, 0x0, {0x1100, 0x0, 0x0, 0x0, 0xffffff80}}, 0x80, &(0x7f0000001d00), 0x0, &(0x7f0000001d40)}}, {{&(0x7f0000002300)=@nl, 0x80, &(0x7f0000003740), 0x0, &(0x7f00000037c0)}}], 0x4000000000001eb, 0x0) r3 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ashmem\x00', 0x0, 0x0) lseek(r3, 0x0, 0x0) 16:30:10 executing program 0: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x0, 0xc812, r0, 0x0) futex(&(0x7f0000000080), 0x85, 0x0, &(0x7f0000000040), &(0x7f0000000140), 0x0) timer_create(0x7, &(0x7f00000000c0)={0x0, 0x6, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)) 16:30:10 executing program 3: pipe(&(0x7f00000007c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) socket$inet6(0xa, 0x0, 0x0) epoll_pwait(r1, &(0x7f0000000080), 0x0, 0x0, &(0x7f0000000100), 0x8) tee(0xffffffffffffffff, r1, 0x0, 0x0) read(r0, &(0x7f0000000200)=""/250, 0x4ba09e13) [ 184.466025] netlink: 'syz-executor5': attribute type 2 has an invalid length. 16:30:10 executing program 2: mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x2000007, 0x6031, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mremap(&(0x7f00008da000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000cd5000/0x4000)=nil) 16:30:10 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) alarm(0xdb2) 16:30:10 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCGIFNETMASK(0xffffffffffffffff, 0x891b, &(0x7f0000000100)={'irlan0\x00', {0x2, 0x0, @dev}}) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x38, 0x10, 0xf0b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, @gre={{0x8, 0x1, 'gre\x00'}, {0xc, 0x2, [@IFLA_GRE_LOCAL={0x8, 0x2, @rand_addr=0x3f000000}]}}}]}, 0x38}}, 0x0) 16:30:10 executing program 1: mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x2000007, 0x6031, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000000cc0)) perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mremap(&(0x7f00008da000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000cd5000/0x4000)=nil) [ 184.779487] netlink: 'syz-executor5': attribute type 2 has an invalid length. 16:30:10 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='dctcp\x00', 0x6) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2}, 0x1c) sendto$inet6(r0, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) socket$packet(0x11, 0x0, 0x300) syz_genetlink_get_family_id$ipvs(&(0x7f0000000440)='IPVS\x00') setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000300)='tls\x00', 0x4) 16:30:10 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$inet(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bond0\x00', 0x0}) bind$packet(r0, &(0x7f0000000080)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @random="cd5f3a8d822a"}, 0x14) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000000)=0x2, 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) 16:30:10 executing program 1: mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xffffffffffffffff, 0x31, 0xffffffffffffffff, 0x0) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) pread64(r0, &(0x7f0000002640)=""/207, 0xfffffede, 0x0) munlockall() 16:30:10 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x38, 0x10, 0xf0b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, @gre={{0x8, 0x1, 'gre\x00'}, {0xc, 0x2, [@IFLA_GRE_LOCAL={0x8, 0x2, @rand_addr=0x3f000000}]}}}]}, 0x38}}, 0x0) [ 185.042047] netlink: 'syz-executor5': attribute type 2 has an invalid length. 16:30:10 executing program 3: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c3d023c126285718070") r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000240)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10) sendto$inet(r1, &(0x7f0000000280), 0x0, 0x4008000, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) sendto$inet(r1, &(0x7f00000000c0), 0x357, 0x0, &(0x7f000057bff0)={0x2, 0x0, @multicast1}, 0x10) 16:30:10 executing program 5: sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x38, 0x10, 0xf0b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, @gre={{0x8, 0x1, 'gre\x00'}, {0xc, 0x2, [@IFLA_GRE_LOCAL={0x8, 0x2, @rand_addr=0x3f000000}]}}}]}, 0x38}}, 0x0) 16:30:10 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) unshare(0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000080), 0x4) getsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, &(0x7f00000000c0), &(0x7f0000000180)=0x4) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000a80)={{{@in6=@ipv4={[], [], @multicast2}, @in=@dev}}, {{@in6=@local}, 0x0, @in=@multicast1}}, &(0x7f0000000400)=0xe8) ioctl$sock_SIOCGSKNS(0xffffffffffffffff, 0x894c, &(0x7f0000000580)) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000140)=0x75, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r2 = socket$inet6(0xa, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000300), 0xfd90, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @multicast2}}, 0x1c) sendto$inet6(r2, &(0x7f00000001c0), 0x0, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote}, 0x1c) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000340)='bbr\x00', 0xfeb5) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x1000}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x100) 16:30:10 executing program 4: ioctl$TCGETA(0xffffffffffffffff, 0x5405, &(0x7f0000000200)) syz_open_dev$mice(&(0x7f0000000100)='/dev/input/mice\x00', 0x0, 0x200800) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_create(0x7, &(0x7f0000000000)={0x0, 0x0, 0x0, @thr={&(0x7f0000000040), &(0x7f0000000140)}}, &(0x7f0000044000)) sync_file_range(0xffffffffffffffff, 0x1, 0x2, 0x5) syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0) r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x20000000) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, &(0x7f00004d4000)=@nl=@proc, &(0x7f0000000000)=0x80, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, &(0x7f00000000c0)}) setsockopt$inet6_int(r2, 0x29, 0x0, &(0x7f0000000040)=0x100000000001f, 0x87) sendmmsg(r2, &(0x7f0000003d40)=[{{&(0x7f0000001b00)=@l2={0x1f, 0x0, {0x1100, 0x0, 0x0, 0x0, 0xffffff80}}, 0x80, &(0x7f0000001d00), 0x0, &(0x7f0000001d40)}}, {{&(0x7f0000002300)=@nl, 0x80, &(0x7f0000003740), 0x0, &(0x7f00000037c0)}}], 0x4000000000001eb, 0x0) r3 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ashmem\x00', 0x0, 0x0) lseek(r3, 0x0, 0x0) 16:30:11 executing program 5: socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x38, 0x10, 0xf0b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, @gre={{0x8, 0x1, 'gre\x00'}, {0xc, 0x2, [@IFLA_GRE_LOCAL={0x8, 0x2, @rand_addr=0x3f000000}]}}}]}, 0x38}}, 0x0) [ 185.241641] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 16:30:11 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x38, 0x10, 0x0, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, @gre={{0x8, 0x1, 'gre\x00'}, {0xc, 0x2, [@IFLA_GRE_LOCAL={0x8, 0x2, @rand_addr=0x3f000000}]}}}]}, 0x38}}, 0x0) 16:30:11 executing program 3: r0 = socket$inet6(0xa, 0x803, 0x7) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = socket$inet6(0xa, 0x8000000080003, 0xff) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x3}, 0x1c) sendmmsg(r1, &(0x7f0000001300)=[{{0x0, 0x304, &(0x7f0000001180), 0x240, &(0x7f00000011c0)}}], 0x249, 0x0) 16:30:11 executing program 2: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000340)='/dev/rfkill\x00', 0x0, 0x0) read$FUSE(r1, &(0x7f0000000540), 0x1000) 16:30:11 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x38, 0x10, 0x0, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, @gre={{0x8, 0x1, 'gre\x00'}, {0xc, 0x2, [@IFLA_GRE_LOCAL={0x8, 0x2, @rand_addr=0x3f000000}]}}}]}, 0x38}}, 0x0) 16:30:11 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000a80)={{{@in6=@ipv4={[], [], @multicast2}, @in=@dev}}, {{@in6=@local}, 0x0, @in=@multicast1}}, &(0x7f0000000400)=0xe8) ioctl$sock_SIOCGSKNS(0xffffffffffffffff, 0x894c, &(0x7f0000000580)) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000140)=0x75, 0x4) setsockopt$sock_void(r0, 0x1, 0x24, 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x1000}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x100) 16:30:11 executing program 1: mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x2000007, 0x6031, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCRTMSG(0xffffffffffffffff, 0x890d, &(0x7f0000000ac0)={0x0, {0x2, 0x0, @local}, {0x2, 0x0, @rand_addr}, {0x2, 0x0, @remote}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000a80)='syzkaller1\x00'}) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mremap(&(0x7f00008da000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000cd5000/0x4000)=nil) 16:30:11 executing program 2: mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x2000007, 0x6031, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mremap(&(0x7f00008da000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000cd5000/0x4000)=nil) 16:30:11 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x38, 0x10, 0x0, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, @gre={{0x8, 0x1, 'gre\x00'}, {0xc, 0x2, [@IFLA_GRE_LOCAL={0x8, 0x2, @rand_addr=0x3f000000}]}}}]}, 0x38}}, 0x0) 16:30:11 executing program 1: 16:30:12 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) unshare(0x0) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000080), 0x4) getsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, &(0x7f00000000c0), &(0x7f0000000180)=0x4) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000a80)={{{@in6=@ipv4={[], [], @multicast2}, @in=@dev}}, {{@in6=@local}, 0x0, @in=@multicast1}}, &(0x7f0000000400)=0xe8) ioctl$sock_SIOCGSKNS(0xffffffffffffffff, 0x894c, &(0x7f0000000580)) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000140)=0x75, 0x4) r1 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r2 = socket$inet6(0xa, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000300), 0xfd90, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @multicast2}}, 0x1c) sendto$inet6(r2, &(0x7f00000001c0), 0x0, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote}, 0x1c) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000340)='bbr\x00', 0xfeb5) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x1000}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x100) 16:30:12 executing program 4: ioctl$TCGETA(0xffffffffffffffff, 0x5405, &(0x7f0000000200)) syz_open_dev$mice(&(0x7f0000000100)='/dev/input/mice\x00', 0x0, 0x200800) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_create(0x7, &(0x7f0000000000)={0x0, 0x0, 0x0, @thr={&(0x7f0000000040), &(0x7f0000000140)}}, &(0x7f0000044000)) sync_file_range(0xffffffffffffffff, 0x1, 0x2, 0x5) syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0) r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x20000000) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, &(0x7f00004d4000)=@nl=@proc, &(0x7f0000000000)=0x80, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, &(0x7f00000000c0)}) setsockopt$inet6_int(r2, 0x29, 0x0, &(0x7f0000000040)=0x100000000001f, 0x87) sendmmsg(r2, &(0x7f0000003d40)=[{{&(0x7f0000001b00)=@l2={0x1f, 0x0, {0x1100, 0x0, 0x0, 0x0, 0xffffff80}}, 0x80, &(0x7f0000001d00), 0x0, &(0x7f0000001d40)}}, {{&(0x7f0000002300)=@nl, 0x80, &(0x7f0000003740), 0x0, &(0x7f00000037c0)}}], 0x4000000000001eb, 0x0) r3 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ashmem\x00', 0x0, 0x0) lseek(r3, 0x0, 0x0) 16:30:12 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x20, 0x10, 0xf0b}, 0x20}}, 0x0) 16:30:12 executing program 2: 16:30:12 executing program 1: 16:30:12 executing program 2: 16:30:12 executing program 1: 16:30:12 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='scalable\x00', 0x9) sendto$inet(r0, &(0x7f0000a88f88), 0xd7d4fc7f68bab851, 0x2000c000, &(0x7f0000e68000)={0x2, 0x0, @local}, 0x10) 16:30:12 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x20, 0x10, 0xf0b}, 0x20}}, 0x0) 16:30:12 executing program 2: 16:30:12 executing program 1: 16:30:12 executing program 1: 16:30:12 executing program 0: 16:30:12 executing program 4: ioctl$TCGETA(0xffffffffffffffff, 0x5405, &(0x7f0000000200)) syz_open_dev$mice(&(0x7f0000000100)='/dev/input/mice\x00', 0x0, 0x200800) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_create(0x7, &(0x7f0000000000)={0x0, 0x0, 0x0, @thr={&(0x7f0000000040), &(0x7f0000000140)}}, &(0x7f0000044000)) sync_file_range(0xffffffffffffffff, 0x1, 0x2, 0x5) syz_open_dev$sndpcmp(&(0x7f0000000040)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0) r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x20000000) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000419000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, &(0x7f00004d4000)=@nl=@proc, &(0x7f0000000000)=0x80, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080), 0x0, 0x0, &(0x7f00000000c0)}) setsockopt$inet6_int(r2, 0x29, 0x0, &(0x7f0000000040)=0x100000000001f, 0x87) sendmmsg(r2, &(0x7f0000003d40)=[{{&(0x7f0000001b00)=@l2={0x1f, 0x0, {0x1100, 0x0, 0x0, 0x0, 0xffffff80}}, 0x80, &(0x7f0000001d00), 0x0, &(0x7f0000001d40)}}, {{&(0x7f0000002300)=@nl, 0x80, &(0x7f0000003740), 0x0, &(0x7f00000037c0)}}], 0x4000000000001eb, 0x0) r3 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ashmem\x00', 0x0, 0x0) lseek(r3, 0x0, 0x0) 16:30:12 executing program 2: 16:30:12 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x20, 0x10, 0xf0b}, 0x20}}, 0x0) 16:30:12 executing program 3: 16:30:12 executing program 1: 16:30:12 executing program 0: 16:30:13 executing program 2: 16:30:13 executing program 3: 16:30:13 executing program 1: 16:30:13 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0xf0b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x10, 0x12, @gre={{0x8, 0x1, 'gre\x00'}, {0x4}}}]}, 0x30}}, 0x0) 16:30:13 executing program 0: 16:30:13 executing program 3: 16:30:13 executing program 4: 16:30:13 executing program 2: 16:30:13 executing program 1: 16:30:13 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0xf0b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x10, 0x12, @gre={{0x8, 0x1, 'gre\x00'}, {0x4}}}]}, 0x30}}, 0x0) 16:30:13 executing program 0: 16:30:13 executing program 3: 16:30:13 executing program 0: 16:30:13 executing program 1: 16:30:13 executing program 2: 16:30:13 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0xf0b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x10, 0x12, @gre={{0x8, 0x1, 'gre\x00'}, {0x4}}}]}, 0x30}}, 0x0) 16:30:13 executing program 3: 16:30:14 executing program 4: 16:30:14 executing program 2: 16:30:14 executing program 0: 16:30:14 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x38, 0x10, 0xf0b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, @gre={{0x8, 0x1, 'gre\x00'}, {0xc, 0x2, [@IFLA_GRE_LOCAL={0x8, 0x2, @rand_addr}]}}}]}, 0x38}}, 0x0) 16:30:14 executing program 1: 16:30:14 executing program 4: 16:30:14 executing program 0: 16:30:14 executing program 3: 16:30:14 executing program 2: 16:30:14 executing program 1: [ 188.448944] netlink: 'syz-executor5': attribute type 2 has an invalid length. 16:30:14 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x38, 0x10, 0xf0b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, @gre={{0x8, 0x1, 'gre\x00'}, {0xc, 0x2, [@IFLA_GRE_LOCAL={0x8, 0x2, @rand_addr}]}}}]}, 0x38}}, 0x0) 16:30:14 executing program 0: 16:30:14 executing program 1: 16:30:14 executing program 4: 16:30:14 executing program 3: 16:30:14 executing program 2: 16:30:14 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x7) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000003c0)={0x0}, &(0x7f00000004c0)=0xc) perf_event_open(&(0x7f0000000440)={0x3, 0x70, 0x91, 0x1, 0xd0, 0x4, 0x0, 0x0, 0x0, 0xa, 0x8000, 0x0, 0x1000, 0xfb, 0x6, 0xfffffffffffffff8, 0x8, 0x7fff, 0x8, 0xfffffffffffffffe, 0x0, 0x3, 0x1, 0x1254, 0xe1, 0x7e00000000000000, 0x9, 0x3ff, 0x6caa, 0x3, 0x7f, 0x0, 0x5, 0x5, 0x0, 0x8, 0x4, 0x9a7f, 0x0, 0x7dc, 0x1, @perf_bp={&(0x7f0000000380), 0x8}, 0x20000, 0xfc, 0x0, 0x3, 0x7, 0x6, 0x5}, r1, 0x7, 0xffffffffffffffff, 0x9) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000800)=ANY=[], &(0x7f00000002c0)) r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) renameat(r3, &(0x7f0000000140)='./file0\x00', r2, &(0x7f0000000240)='./file1\x00') clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000040), 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(&(0x7f0000000240)=ANY=[], &(0x7f0000000180)='./file0\x00', &(0x7f0000000280)='nfs\x00', 0x0, &(0x7f0000000000)) openat$vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vsock\x00', 0x280100, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f00000001c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e24, 0x0, @mcast2}, {0xa, 0x4e23, 0x7, @empty, 0x2}, 0xffffffffffffffff, 0x4de8a597}}, 0x48) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r3, 0x84, 0x6c, &(0x7f0000000340)=ANY=[@ANYBLOB="4266be653b3e36f999195f5078930a6c4aac6add58e8a37d2777d8d510d6a93e67c9ebe8ca00"], &(0x7f0000000400)=0x1) socket$nl_xfrm(0x10, 0x3, 0x6) 16:30:14 executing program 0: r0 = timerfd_create(0x0, 0x0) fcntl$getownex(r0, 0x10, &(0x7f0000000440)) socketpair(0x4, 0x6, 0x2, &(0x7f0000000480)) r1 = syz_open_procfs(0x0, &(0x7f0000000180)='fdinfo/3\x00') pread64(r1, &(0x7f00000011c0)=""/4096, 0x1000, 0x800000000000000) clock_gettime(0x0, &(0x7f00000004c0)) connect$netlink(0xffffffffffffffff, &(0x7f0000000580), 0xc) timerfd_settime(r0, 0x0, &(0x7f0000000500)={{}, {0x0, 0x1c9c380}}, &(0x7f0000000540)) pwrite64(0xffffffffffffffff, &(0x7f00000005c0)="1eee244869a261605036e6cf2086af471a339654abc535138a9f261c5804", 0x1e, 0x0) [ 188.702487] netlink: 'syz-executor5': attribute type 2 has an invalid length. 16:30:14 executing program 4: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x2c}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/dev\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) 16:30:14 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x38, 0x10, 0xf0b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, @gre={{0x8, 0x1, 'gre\x00'}, {0xc, 0x2, [@IFLA_GRE_LOCAL={0x8, 0x2, @rand_addr}]}}}]}, 0x38}}, 0x0) 16:30:14 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000003c0)={{}, {0x0, 0x0, 0xf}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x28}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:30:14 executing program 1: [ 188.863014] netlink: 'syz-executor5': attribute type 2 has an invalid length. 16:30:14 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x7) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000003c0)={0x0}, &(0x7f00000004c0)=0xc) perf_event_open(&(0x7f0000000440)={0x3, 0x70, 0x91, 0x1, 0xd0, 0x4, 0x0, 0x0, 0x0, 0xa, 0x8000, 0x0, 0x1000, 0xfb, 0x6, 0xfffffffffffffff8, 0x8, 0x7fff, 0x8, 0xfffffffffffffffe, 0x0, 0x3, 0x1, 0x1254, 0xe1, 0x7e00000000000000, 0x9, 0x3ff, 0x6caa, 0x3, 0x7f, 0x0, 0x5, 0x5, 0x0, 0x8, 0x4, 0x9a7f, 0x0, 0x7dc, 0x1, @perf_bp={&(0x7f0000000380), 0x8}, 0x20000, 0xfc, 0x0, 0x3, 0x7, 0x6, 0x5}, r1, 0x7, 0xffffffffffffffff, 0x9) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000800)=ANY=[], &(0x7f00000002c0)) r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) renameat(r3, &(0x7f0000000140)='./file0\x00', r2, &(0x7f0000000240)='./file1\x00') clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000040), 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(&(0x7f0000000240)=ANY=[], &(0x7f0000000180)='./file0\x00', &(0x7f0000000280)='nfs\x00', 0x0, &(0x7f0000000000)) openat$vsock(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vsock\x00', 0x280100, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f00000001c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e24, 0x0, @mcast2}, {0xa, 0x4e23, 0x7, @empty, 0x2}, 0xffffffffffffffff, 0x4de8a597}}, 0x48) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r3, 0x84, 0x6c, &(0x7f0000000340)=ANY=[@ANYBLOB="4266be653b3e36f999195f5078930a6c4aac6add58e8a37d2777d8d510d6a93e67c9ebe8ca00"], &(0x7f0000000400)=0x1) socket$nl_xfrm(0x10, 0x3, 0x6) 16:30:14 executing program 1: 16:30:14 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) readv(r0, &(0x7f0000000300)=[{&(0x7f00000003c0)=""/178, 0xb2}], 0x1) readv(r0, &(0x7f0000000840)=[{&(0x7f0000000340)=""/112, 0x70}], 0x1) 16:30:14 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000140)=0x76, 0xb4) setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f0000000440)=0x7, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000200)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0x0, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @loopback}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000280), 0x4) sendto$inet(r0, &(0x7f0000000500)="45f42c984255c88cd2085e76954da99769595865282b9fd8b8d705246e2c695a8b1eeb45b719b4fd99f0366c126a82f2ed2a6cd834f87cf88f2f747957842cc47fc0eb29e140203494ac3080d80e63d85430469eaa14b46ac2c1a1b11f4f73cb56b7881a1388ff712f34b706c9b19486e69db98762e5ca0454", 0x79, 0x0, &(0x7f0000000600)={0x2, 0x800000000000000, @dev={0xac, 0x14, 0x14, 0x1c}}, 0x10) write$binfmt_aout(r0, &(0x7f0000000640)=ANY=[@ANYBLOB="07011f05b3030000e200000002000000cf0300000000008000001a000000000094c6824c77c51eb0d5a1b9185544f4d7d5a5d5396f5f2e722ca821a9700cd57298004e511a5aadcc2f38ca9a26b9998acf8248a97709e4c115ce4c0d7b58f8b489fd4d2327d1cd2e6cf5b4aa539835bffa2bb8cd39bb8a37615bcc28cc233a86920b33b32bc63c8d894abf332cb9a8c7ae79cfd7fea93c222471de2444b4f997f0671e80bf82f2adcfc72d38986da4aba2f04d424fe65f6a79c90c690630e2abbe1bc46c7dcb4bdbd54a99000000000000000000001000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001bfedde35aa969890000000000000000000000000000000000000000000000150000000300000000000000000000080000000000000000000200000000000000000000000000000022ac00000000000000cb4a6a860000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008ee413e7eb9a2c586d3fdf19b9"], 0x353) sendto$inet(r0, &(0x7f0000004ac0)="7e1256e0f56ef3025d64703bdb90f623f690483a96b4f11f8a8513a8bc2211d96aec1a19bc9d5733607eabedfc6b101edd91175086da764fe27472c9b1eea3c70b66a7e42357ba8240d0dafb8e085173b4413ff0be30dad97f52c8b2c52e88321625ac82c3287ac7c86487becc9512caf8cf7a6a376367555448a35d45c8e85794f10c61fd5b818eb349bbac8fcc490772ea5033dcd0e442f69f86bb58a063318818a1fa7f9d37b97e5362638969a3147b7e1015f2c23db355438401105048568c90a1bcafab9b8d0e47921c8e8f50d1383f1cfdd8062dd0a12a66b630c783fde23dfc50984f653c7ab43097e2de95a8c1442b152a65c60bcb2230a6e24f5ca4c3935a88fdd44e1462f9d4379fb2170c34147037b6db8969e5b8dbb4587a7382f52bb041622980045e87b92e0a1254a5b1859a6c79805d0a4319a2d8f50a51cfd3f7e03a4e55bf94f808273439c2f166173a90a972512d79132df312fdf44d1f65fd635c2d9d9efcfa8314afad49cfbe11c156ef17eaa721dc286cf9866b223f4feb3d776d1a2440d0a6ff48d8e4f533ccdbde910d5781a39969d386d04495de464792464b7eb5acb499dd3491389b40733c49e83661f45c563ad8ee130442b2db38bfde99e22ef27683e2ad68dea1f398abf2ceb5b2cc298c74748939f2fc8b6e3a8c6518c9c3462976f365351d168b6768bdc4e276b1a1f37e4a035fb9057e0b1f1e91f6bc3c0968e8a443a8676c050f3da4afa3cccffbed16f945352d8c41b20ce86595f8d2eec7b276c8a50fbc658f78a82dd6fdcbf22d9ae8e18dba0211f462ca04f64edadf108dbc9755f1f49fd071c6d509c0f762514503d4f6377370796e1b861766538ade8368cfa3f31844b0ad38fa111fbd29820d2bd0d1be223aab2cda138d6e1e07a088156865968a00d1663cc452e36a06b4426fb1377bac019a74bf02e8c7dac2737364628e22b74a2085385077265835ff7c4ca363196bb26520bf0d11b128bcc0def9a48425cf3b8256a3f6410038823b1ae12775503635e4a40def2a37417f724820035682f96e76bf6e6936fd0bb9e5b0314c06984f9ea309633d61193030f555e1d36c02ce81fc1b3511543370914cece9b493f0bef995b0fa535a3e59de437f3387d485fec481ce0ac16cc3c974192d68a78f290c9ea38cc9407c3b3a46a65d31cbc02362c4562078f46abc5aa60141339fe6b295b7332bfac3aa58d55a5b267da2870d43a885e9a5d161a1cf3843b938c04917750d7061ef9a2491231bb03c3b36e22564d4c046985494eb79612143610b73b6655ef7b1a08a1a1178620fdc76a87429e2c33b2a1d32531641edf067866156dc421c4783e266ed152252b8132bfaec32d87d74bc0fd7f7b8d205e42dd87f10a6651e26bfcd1010654008283a63b90c6a840211c3361a47abdadbe945cef147eb613fb60806b9e7ecaac053c3e4c285a1d8c3dbecf19a9e5676876acd44f5d8aeb4aababbf9cef48226e6152e99529335e457a4887faf062667e552b8096c79d1116cff0e34228b2f09f2ea0d939ec4a5b474076050abb72edd2dc4f0609185c6a16ee375b26eb1a6c5c28ea584dc0653b8a5f4d8da9d907954c271546bb2cf134ff5b56d4f3bc9349097ebb982ddd0067d0585188ec598f08351b5991dc9f1e53759368a4b8fa36eca8aeedddab7fc675636cfbd87aa4b1174caa712b16ce0e7995b3256b13498a7a0207158362a546e21f2c9807ef385aa3ea45fe4e4fdb80e6d83a94ed09d4616c0728dfa963d169ba7368463831ff47a6cf54a98eb9a35b86c1e77d1c51fe2216d4e4e4da85c14fe3581c5ef587de04021a93c9f6748dcf1543ee39afa034bc61236666472c81aa7e937005db13bce2c046101f6560fa3c96ac8fcb278a9e748a6da2d73bb5fee7340872c6d776b1f97e8efa21c5999361344577d6a9db2c5e85ed282a6c4cd9453479e89188706a2213812ae785a18ccc54c4e56ee2c35dce9579742a4dc4038ced8d0c4bf2fbcfe92a9aac554601106dca420914e580b01d2362aaee765ddec53a98e79af7eb54bfd14cccb227cc169921e8a62c9813102206cd0f024b5387a23901f45d72713d668e0e4daa9198042ca7b9154b81aa384a9c6efe09b1bc7231de22dca42a36489bf77e1b5ee0609f47cf99ee725ee9e316cdc7bd2c1415fc4187ca74994031935240f5db6d5afff39561a7d05a75546920392d9bd6899537ab46ec8fbf272f2bb1dcbf7643ee4836f7fc510f6ce6ec2a10f342c9b64b0627a28cc7c8c32cdbf55c2238f1ffb65034b50b2f68f32265e57c9573cb387dfde3b0fd61f446f043c083b6fc9a0c69b9d7b49fe025a83e67b88c8084d4148cbed4db01df1d6d69e335b44ceaa504b105612493bd7def9e2baeb088594b758f224b6bb51ab81e1fa103ade00fa1a0f79eaa38ec18d042b1d305c11bfa3724ffe8314223713633c6711aa56e3dd255cd7854cc919458c9413f0486700cc9d5c87e986bfcf01a9e37eb39308fa7c89fe650cac5b7619b815d246d2534966bf90a502704ab3c95c6ecf39afa636848e842e21475d73aefdfbc99cc0d64481b6ec00036d5a49e4fd849adaf0d1a8f2bea1665262e8381817cb90b8087c9059f2fa7cfa1f16b64a747aee633c0d057fc586ffe51be647444d5152b0e1c31172dcc858790180d178e5e8af079f797294db1acfbbcf8f4db9ba3f724f031b72d52d138fb5446580ff5f0cbeb5a88d2a0a4397586eb7b87919a34e80857b021efc1d0babfec952d1674456650152d4f828b010f22938fb13ce151f94c0f898b182a1dfdc0d3eeb2c4ba58b32c05294236e1bcc68cb4960708e018f7243fa02ee2581019d1053259ade05bc501183f111c520fe6d8ec62be0615002ef7f86c932a863eedc526055e9f0c836cb1d44e71f15893c510f958ed51593dd9fd25a1b7627a943bda844d77cb886250ea005a1ba1e2bd06c42cee9eb9e9d18271f83b6c0898ed968896f4515025bba2f1977805e4547f803717618b59e7062181fd01989d74006e6c3fe978e91d8506a87d4f121c7478cc791d01cfdd61f3b2e420a32522ffd756e4a6f3e5848ac2c312e6dce12d6141197fe350a7677cecece5fc4dcb9c56ef3fad2978434054b700ed5489e913df8820ef64f7c49619a6bb4bccba910abaf90ef2e380e1a573e1a5b9cfb686152493c7d58573ced87cf8c07ba895ae265b7e6bab57b66524764a0c2ce87c9ac3e719257af5a8efd79d7e7773c1a0885c81e1323244917d661434b12295e86c44db7ddd880e022e2ed1ce667272f038a916487c06531cda13852faef4a283df99b8381c90a725e1c094d99165607056d587bb3baf3029eeb94811bcbba287d334987f4e514e4e55ecd182d01026dc1e61ed6edfb73bc2ae2110d409cc8c6069e185c6f272d2171458b8ca2ed2b5e1972d8b3479034eb1a01fb5bba151f13b22411d163c7d032a7566f133de439abfd2805d0910cb614ec55eaf1bc320b6dc95b7e4c6ed915b9dec882579e20ef9959116e0651fc107720f42f494a7354353e3decc67f4bbebe86c7d596b06a5eb76e3e8f66d8f2c2bdd73c4d938d41af47b36425fc0f55726df580f595e4263ed0a5c6ca4a1c9121022bf642cf3ce9c911123036d9103c5b1f5ce6ec81d70b0bc11009652d94eb166b0d6d88794ea6b9bc5272a65ecc530ac6a25ba3c7c43dea4c17627b9c21911c2f0c3c22c69dab994718ca8d57e841811ee2ff3c96709a52845b2697376346466aced52704e34b45e98cd6705a27fd9102913f75efad12f6e43c2e485c19176c049e2accb19a42f2cc18389ea8208a5e1ed7b89e1382da99d5d43cb3ea39ed361548aab22943565cb9094370fed40283ceca8ac54d0adc0225f6a19c853331d7ad4770a1d2c225f5e0ba2058facde2cc2d74f7146a778c7d86886d3a6134cabbfc16ce7402c8dfd72dca4453a1fdd627cc344f0a1c62ed068c0178d319f7e2edf6a2fbcc66a3ba6edd61e3be4d5913e09d4b8c90ad84f9b47321bee0c6c83f756a3ab42407dd730774236252a2aaec425359943c1581092f139eb8298d1882ce7118e9bf448a92c4b3f955d30df4d0ecab2c8514093edac5a2cde0e9a17a0c8a98f5444287a99af9d949a9dd7410e427684cbcf10d6c0b7a49731e3bf81b8d2f5ea3c9926fdff73b33ddd7b2c9252489ca21a87765c7f149f83971b35163138cfc096b3abadf3d0317081ec3a7d04ed11c7416c3e02b45c31ea0271a5df948beadb1dc9706e9d3a209c40efe0bac605349f3d3fc43c0ee830e5392d3a08a02cee62f6f52cf8096a030ab9a3f9e2905fd635385e2b1e7018ad556cf15e4adb3eb14221e40c74e6e5ad0e880c541f30c9cccbf24536a879353c7eed0e90f496a8a00927bd5da21d82ff2", 0xc35, 0x0, &(0x7f0000000180)={0x2, 0x0, @broadcast}, 0x10) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x1000}], 0x1, &(0x7f00000002c0)=""/20, 0x14}, 0x100) [ 189.079613] *** Guest State *** [ 189.098647] CR0: actual=0x000000008005003f, shadow=0x000000008005001f, gh_mask=fffffffffffffff7 16:30:14 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mincore(&(0x7f00006ca000/0x3000)=nil, 0xffffffffffffff3f, &(0x7f0000c91000)=""/34) 16:30:14 executing program 1: r0 = socket$inet6(0xa, 0x1000002000000802, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@mcast2, 0x0, 0x2}, 0x20) [ 189.125044] CR4: actual=0x0000000000002068, shadow=0x0000000000000028, gh_mask=ffffffffffffe871 16:30:14 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000000380)=@file={0x1, './file0\x00'}, 0xe) connect$unix(r0, &(0x7f0000000200)=@file={0x1, './file0/file0\x00'}, 0x40) [ 189.153220] CR3 = 0x0000000000000000 [ 189.162127] PDPTR0 = 0x0000000000000000 PDPTR1 = 0x0000000000000000 [ 189.177013] PDPTR2 = 0x0000000000000000 PDPTR3 = 0x0000000000000000 16:30:15 executing program 1: r0 = socket$can_raw(0x1d, 0x3, 0x1) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f000000e600)={&(0x7f00000002c0)=ANY=[]}}, 0x0) setsockopt(r0, 0x65, 0x5, &(0x7f0000000000), 0x4) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) sendmsg$can_raw(r0, &(0x7f0000000280)={&(0x7f0000000080)={0x1d, r1}, 0x10, &(0x7f00000000c0)={&(0x7f0000000200)=@canfd={{}, 0x0, 0x0, 0x0, 0x0, "17997985f4ca8858cfc361359e1fe5e39b29730f564d3781b13a04fd4e21fe3e5303e9687284c6d02e27ac1ad547c761a225596b69c7e0caed1ebedbbe275c05"}, 0x48}}, 0x0) [ 189.212464] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 189.239324] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 189.265930] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 189.276471] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:30:15 executing program 5: clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) wait4(0x0, &(0x7f0000000100), 0x80000000, &(0x7f0000000400)) 16:30:15 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={&(0x7f0000000080), 0xc, &(0x7f0000000180)={&(0x7f00000000c0)=@ipv6_newrule={0x3c, 0x20, 0x831, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x16}, [@FRA_SRC={0x14, 0x2, @mcast2}, @FIB_RULE_POLICY=@FRA_FWMASK={0x8}]}, 0x3c}}, 0x0) [ 189.322074] DS: sel=0x000f, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 189.377396] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 189.386315] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 189.409291] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 189.418300] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 189.443370] GDTR: limit=0x00000000, base=0x0000000000000000 [ 189.457755] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 189.492569] IDTR: limit=0x00000000, base=0x0000000000000000 [ 189.501550] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 189.512464] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 189.521147] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 189.529784] Interruptibility = 00000000 ActivityState = 00000000 [ 189.536394] *** Host State *** [ 189.539766] RIP = 0xffffffff81212b2e RSP = 0xffff8801906df3d0 [ 189.546060] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 189.552473] FSBase=0000000000000000 GSBase=ffff8801dae00000 TRBase=fffffe0000034000 [ 189.560399] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 189.566868] CR0=0000000080050033 CR3=00000001c39d9000 CR4=00000000001426f0 [ 189.573974] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0 [ 189.580651] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 189.586782] *** Control State *** [ 189.590239] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000c2 [ 189.597086] EntryControls=0000d1ff ExitControls=002fefff [ 189.602549] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 189.609579] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 189.616314] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 189.622893] reason=80000021 qualification=0000000000000000 [ 189.629316] IDTVectoring: info=00000000 errcode=00000000 [ 189.634802] TSC Offset = 0xffffff983a36a468 [ 189.639125] EPT pointer = 0x00000001b82e401e [ 189.693971] *** Guest State *** [ 189.697484] CR0: actual=0x000000008005003f, shadow=0x000000008005001f, gh_mask=fffffffffffffff7 [ 189.708240] CR4: actual=0x0000000000002068, shadow=0x0000000000000028, gh_mask=ffffffffffffe871 [ 189.717197] CR3 = 0x0000000000000000 [ 189.720939] PDPTR0 = 0x0000000000000000 PDPTR1 = 0x0000000000000000 [ 189.727505] PDPTR2 = 0x0000000000000000 PDPTR3 = 0x0000000000000000 [ 189.734060] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 189.740025] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 189.746076] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 189.752753] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 189.760903] DS: sel=0x000f, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 189.769001] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 189.777036] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 189.785071] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 189.793059] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 189.801089] GDTR: limit=0x00000000, base=0x0000000000000000 [ 189.809676] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 189.817706] IDTR: limit=0x00000000, base=0x0000000000000000 [ 189.825738] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 189.833763] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 189.840190] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 189.847711] Interruptibility = 00000000 ActivityState = 00000000 [ 189.853994] *** Host State *** [ 189.857184] RIP = 0xffffffff81212b2e RSP = 0xffff88018a80f3d0 [ 189.863179] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 189.869674] FSBase=0000000000000000 GSBase=ffff8801daf00000 TRBase=fffffe0000034000 [ 189.877521] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 189.883397] CR0=0000000080050033 CR3=00000001c39d9000 CR4=00000000001426e0 [ 189.890503] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff87c013a0 [ 189.897217] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 189.903259] *** Control State *** [ 189.906760] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000c2 [ 189.913435] EntryControls=0000d1ff ExitControls=002fefff [ 189.918954] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 189.925951] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 189.932622] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 16:30:15 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000003c0)={{}, {0x0, 0x0, 0xf}, {}, {}, {}, {}, {}, {}, {}, {}, 0x8005001f, 0x0, 0x0, 0x28}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:30:15 executing program 2: clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, &(0x7f00000004c0), 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000280)=0x100000001, 0x4) clone(0x1fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000240), 0xffffffffffffffff) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0xfdf2) setsockopt$inet6_IPV6_ADDRFORM(r1, 0x29, 0x1, &(0x7f0000000000), 0x4) getsockopt$ARPT_SO_GET_INFO(r1, 0x0, 0x60, &(0x7f0000000100)={'filter\x00'}, &(0x7f0000000040)=0x44) 16:30:15 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'sit0\x00', 0x0}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000240)={&(0x7f0000000140), 0xc, &(0x7f0000000200)={&(0x7f0000000040)=@ipv6_newaddr={0x40, 0x14, 0x109, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r1}, [@IFA_CACHEINFO={0x14, 0x6, {0x0, 0x4}}, @IFA_ADDRESS={0x14, 0x1, @local}]}, 0xff12}}, 0x0) 16:30:15 executing program 5: creat(&(0x7f0000000100)='./file0\x00', 0x0) perf_event_open(&(0x7f000000a000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xa00000400, 0xffffbffeffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(&(0x7f00000002c0)=ANY=[], &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='nfs\x00', 0x0, &(0x7f000000a000)) 16:30:15 executing program 1: r0 = socket$inet6(0xa, 0x803, 0x5) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x22, 0x901}, 0x14}}, 0x0) r1 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r1, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x492492492492805, 0x0) 16:30:15 executing program 0: syz_emit_ethernet(0x1, &(0x7f00000006c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0d86dd696e3aca01de2b01ff010000000000000000000000000001ff0100000000000000000000000000010c0e04070810060000000000000000000000000000000001fe80000000000000000000000000000b00000000000000000000fffffffffffffe8000000000000000000000000000bbff02000000000000000000000000000100000000000000000000ffff7f000001000000000000000000000000000000000c20880b002f0000000400022be2aa3b27391237abbeea8cab581550189085772ebd25373fc9e21d0944ea78875d20a47db44eb54f4f8e13ef5382f3f47ab36f5204ac05000800e42e00013fbee135c580fcebf16aac0f0cd59b523eb90de9b58611a7e64f6c19fb3ce1992786412c6fb8817330cc1322e37a5668004c28809d6269a7dc35de6463b499480cad98860195f5eb766df4c34b93e9fe0999ad652539774cfcd11d6328a9c61f90343dd25d53fdc6fd64801fa19075cd48c825e472c635080086dd0fff00017b8165953c309cfb1deefa852c6db426e06e1374bc729bd48f2f7a4e8c35d19fab9166e8797b0576eff84be6cf3b0dd05843ef650c63b3093e65b585a0105d95b0a616e1832c6f11f20a080088be00000003110402ff0100000000000004080022eb000000032f067cff02000000000000030004801f08006558000000023016e2c50dbb506785b7e8f1762f2bd99b371faf0f63cd258993d31ed415a441b0a2ee087094"], &(0x7f0000000300)={0x1, 0x2, [0xd17, 0x51c, 0xba2, 0xd14]}) [ 189.939296] reason=80000021 qualification=0000000000000000 [ 189.945726] IDTVectoring: info=00000000 errcode=00000000 [ 189.951192] TSC Offset = 0xffffff983a36a468 [ 189.955622] EPT pointer = 0x00000001b82e401e [ 190.020118] ================================================================== [ 190.027695] BUG: KASAN: slab-out-of-bounds in fscache_alloc_cookie+0x7ad/0x880 [ 190.035072] Read of size 4 at addr ffff8801c5380014 by task syz-executor5/7346 [ 190.042427] [ 190.044075] CPU: 1 PID: 7346 Comm: syz-executor5 Not tainted 4.19.0-rc8+ #190 [ 190.051355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 190.051365] Call Trace: [ 190.051391] dump_stack+0x1c4/0x2b4 [ 190.051417] ? dump_stack_print_info.cold.2+0x52/0x52 [ 190.072317] ? printk+0xa7/0xcf [ 190.075607] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 190.080375] print_address_description.cold.8+0x9/0x1ff [ 190.085751] kasan_report.cold.9+0x242/0x309 [ 190.090171] ? fscache_alloc_cookie+0x7ad/0x880 [ 190.094848] __asan_report_load4_noabort+0x14/0x20 [ 190.099781] fscache_alloc_cookie+0x7ad/0x880 [ 190.104289] ? fscache_cookie_init_once+0x80/0x80 [ 190.109140] ? rpcauth_cache_shrink_scan+0x180/0x180 [ 190.114256] ? __kmalloc_track_caller+0x14a/0x750 [ 190.119105] ? kstrdup+0x39/0x70 [ 190.122475] ? nfs_alloc_client+0x383/0x760 [ 190.126797] ? nfs_get_client+0x8e8/0x14d0 [ 190.131036] ? nfs_init_server+0x357/0x1010 [ 190.135360] ? nfs_create_server+0x86/0x5f0 [ 190.139683] ? nfs_fs_mount+0x17f8/0x2f1c [ 190.143834] ? mount_fs+0xae/0x31d [ 190.147376] ? vfs_kern_mount.part.35+0xdc/0x4f0 [ 190.152134] ? do_mount+0x581/0x31f0 [ 190.155857] ? __ia32_compat_sys_mount+0x5d5/0x860 [ 190.160793] ? do_fast_syscall_32+0x34d/0xfb2 [ 190.165297] ? entry_SYSENTER_compat+0x70/0x7f [ 190.169892] __fscache_acquire_cookie+0x230/0xb60 [ 190.174756] ? fscache_cookie_put+0x880/0x880 [ 190.179258] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 190.184802] ? check_preemption_disabled+0x48/0x200 [ 190.189828] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 190.195367] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 190.200651] ? rcu_pm_notify+0xc0/0xc0 [ 190.204546] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 190.210096] nfs_fscache_get_client_cookie+0x463/0x600 [ 190.215384] ? nfs_readpage_from_fscache_complete+0x200/0x200 [ 190.221288] nfs_alloc_client+0x563/0x760 [ 190.225440] ? register_nfs_version+0x280/0x280 [ 190.230119] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 190.234718] nfs_get_client+0x8e8/0x14d0 [ 190.238781] ? kmem_cache_alloc_trace+0x152/0x750 [ 190.243633] ? mount_fs+0xae/0x31d [ 190.247202] ? __lockdep_init_map+0x105/0x590 [ 190.251724] ? nfs_put_client+0x30/0x30 [ 190.255702] ? nfs_alloc_server+0x5ca/0x730 [ 190.260029] ? nfs_wait_client_init_complete+0x210/0x210 [ 190.265487] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 190.271031] ? check_preemption_disabled+0x48/0x200 [ 190.276053] ? check_preemption_disabled+0x48/0x200 [ 190.281071] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 190.286264] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 190.291809] nfs_init_server+0x357/0x1010 [ 190.295965] ? nfs_clone_server+0x920/0x920 [ 190.300292] ? nfs_alloc_fattr+0x48/0x1d0 [ 190.304444] ? rcu_read_lock_sched_held+0x108/0x120 [ 190.309480] nfs_create_server+0x86/0x5f0 [ 190.313641] nfs_try_mount+0x180/0xa80 [ 190.317541] ? lock_downgrade+0x900/0x900 [ 190.321699] ? nfs_request_mount.constprop.18+0x920/0x920 [ 190.327259] ? kasan_check_read+0x11/0x20 [ 190.331416] ? do_raw_spin_unlock+0xa7/0x2f0 [ 190.335829] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 190.340413] ? kasan_check_write+0x14/0x20 [ 190.344651] ? do_raw_spin_lock+0xc1/0x200 [ 190.348897] ? _raw_spin_unlock+0x2c/0x50 [ 190.353053] ? find_nfs_version+0x138/0x190 [ 190.357388] nfs_fs_mount+0x17f8/0x2f1c [ 190.361390] ? nfs_show_options+0x250/0x250 [ 190.365723] ? nfs_clone_super+0x420/0x420 [ 190.369957] ? nfs_parse_mount_options+0x2660/0x2660 [ 190.375069] ? lock_downgrade+0x900/0x900 [ 190.379226] mount_fs+0xae/0x31d [ 190.382608] vfs_kern_mount.part.35+0xdc/0x4f0 [ 190.387202] ? may_umount+0xb0/0xb0 [ 190.390834] ? _raw_read_unlock+0x2c/0x50 [ 190.394989] ? __get_fs_type+0x97/0xc0 [ 190.398883] do_mount+0x581/0x31f0 [ 190.402436] ? trace_hardirqs_off+0x310/0x310 [ 190.406959] ? copy_mount_string+0x40/0x40 [ 190.411201] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 190.415971] ? retint_kernel+0x2d/0x2d [ 190.419871] ? copy_mount_options+0x1f3/0x380 [ 190.424371] ? copy_mount_options+0x1f9/0x380 [ 190.428869] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 190.434406] ? copy_mount_options+0x288/0x380 [ 190.438915] __ia32_compat_sys_mount+0x5d5/0x860 [ 190.443688] do_fast_syscall_32+0x34d/0xfb2 [ 190.448022] ? do_int80_syscall_32+0x890/0x890 [ 190.452611] ? entry_SYSENTER_compat+0x68/0x7f [ 190.457203] ? trace_hardirqs_off_caller+0xbb/0x310 [ 190.462225] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 190.467072] ? trace_hardirqs_on_caller+0x310/0x310 [ 190.472091] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 190.477112] ? recalc_sigpending_tsk+0x180/0x180 [ 190.481869] ? kasan_check_write+0x14/0x20 [ 190.486116] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 190.490969] entry_SYSENTER_compat+0x70/0x7f [ 190.495377] RIP: 0023:0xf7f59ca9 [ 190.498746] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 190.517657] RSP: 002b:00000000f5f550cc EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 190.525382] RAX: ffffffffffffffda RBX: 00000000200002c0 RCX: 0000000020000140 [ 190.532654] RDX: 0000000020000180 RSI: 0000000000000000 RDI: 000000002000a000 [ 190.539931] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 190.547205] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 190.554474] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 190.561774] [ 190.563405] Allocated by task 7346: [ 190.567038] save_stack+0x43/0xd0 [ 190.570488] kasan_kmalloc+0xc7/0xe0 [ 190.574207] __kmalloc+0x14e/0x760 [ 190.577752] fscache_alloc_cookie+0x6f7/0x880 [ 190.582248] __fscache_acquire_cookie+0x230/0xb60 [ 190.587092] nfs_fscache_get_client_cookie+0x463/0x600 [ 190.592376] nfs_alloc_client+0x563/0x760 [ 190.596524] nfs_get_client+0x8e8/0x14d0 [ 190.600585] nfs_init_server+0x357/0x1010 [ 190.604737] nfs_create_server+0x86/0x5f0 [ 190.608887] nfs_try_mount+0x180/0xa80 [ 190.612792] nfs_fs_mount+0x17f8/0x2f1c [ 190.616766] mount_fs+0xae/0x31d [ 190.620134] vfs_kern_mount.part.35+0xdc/0x4f0 [ 190.624722] do_mount+0x581/0x31f0 [ 190.628265] __ia32_compat_sys_mount+0x5d5/0x860 [ 190.633035] do_fast_syscall_32+0x34d/0xfb2 [ 190.637366] entry_SYSENTER_compat+0x70/0x7f [ 190.641764] [ 190.643389] Freed by task 0: [ 190.646398] (stack is not available) [ 190.650103] [ 190.651729] The buggy address belongs to the object at ffff8801c5380000 [ 190.651729] which belongs to the cache kmalloc-32 of size 32 [ 190.664220] The buggy address is located 20 bytes inside of [ 190.664220] 32-byte region [ffff8801c5380000, ffff8801c5380020) [ 190.675922] The buggy address belongs to the page: [ 190.680854] page:ffffea000714e000 count:1 mapcount:0 mapping:ffff8801da8001c0 index:0xffff8801c5380fc1 [ 190.690303] flags: 0x2fffc0000000100(slab) [ 190.694549] raw: 02fffc0000000100 ffffea00072eb808 ffffea0006de8a08 ffff8801da8001c0 [ 190.702434] raw: ffff8801c5380fc1 ffff8801c5380000 000000010000003f 0000000000000000 [ 190.710309] page dumped because: kasan: bad access detected [ 190.716011] [ 190.717630] Memory state around the buggy address: [ 190.722562] ffff8801c537ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 190.729932] ffff8801c537ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 190.737302] >ffff8801c5380000: 00 00 06 fc fc fc fc fc 01 fc fc fc fc fc fc fc [ 190.744667] ^ [ 190.748564] ffff8801c5380080: 01 fc fc fc fc fc fc fc 01 fc fc fc fc fc fc fc [ 190.755928] ffff8801c5380100: 01 fc fc fc fc fc fc fc 04 fc fc fc fc fc fc fc [ 190.763286] ================================================================== 16:30:16 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0x19) [ 190.770640] Disabling lock debugging due to kernel taint [ 190.801821] Kernel panic - not syncing: panic_on_warn set ... [ 190.801821] [ 190.809253] CPU: 1 PID: 7346 Comm: syz-executor5 Tainted: G B 4.19.0-rc8+ #190 [ 190.812993] kobject: 'loop0' (0000000066767075): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 190.817911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 190.817922] Call Trace: [ 190.817945] dump_stack+0x1c4/0x2b4 [ 190.817966] ? dump_stack_print_info.cold.2+0x52/0x52 [ 190.848393] panic+0x238/0x4e7 [ 190.851598] ? add_taint.cold.5+0x16/0x16 [ 190.855757] ? preempt_schedule+0x4d/0x60 [ 190.859923] ? ___preempt_schedule+0x16/0x18 [ 190.864347] ? trace_hardirqs_on+0xb4/0x310 [ 190.868702] kasan_end_report+0x47/0x4f [ 190.872687] kasan_report.cold.9+0x76/0x309 [ 190.877013] ? fscache_alloc_cookie+0x7ad/0x880 [ 190.881688] __asan_report_load4_noabort+0x14/0x20 [ 190.886618] fscache_alloc_cookie+0x7ad/0x880 [ 190.891122] ? fscache_cookie_init_once+0x80/0x80 [ 190.896024] ? rpcauth_cache_shrink_scan+0x180/0x180 [ 190.901130] ? __kmalloc_track_caller+0x14a/0x750 [ 190.905978] ? kstrdup+0x39/0x70 [ 190.909344] ? nfs_alloc_client+0x383/0x760 [ 190.913670] ? nfs_get_client+0x8e8/0x14d0 [ 190.917939] ? nfs_init_server+0x357/0x1010 [ 190.922282] ? nfs_create_server+0x86/0x5f0 [ 190.926617] ? nfs_fs_mount+0x17f8/0x2f1c [ 190.930773] ? mount_fs+0xae/0x31d [ 190.934320] ? vfs_kern_mount.part.35+0xdc/0x4f0 [ 190.939084] ? do_mount+0x581/0x31f0 [ 190.942800] ? __ia32_compat_sys_mount+0x5d5/0x860 [ 190.947729] ? do_fast_syscall_32+0x34d/0xfb2 [ 190.952255] ? entry_SYSENTER_compat+0x70/0x7f [ 190.956847] __fscache_acquire_cookie+0x230/0xb60 [ 190.961693] ? fscache_cookie_put+0x880/0x880 [ 190.966198] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 190.972243] ? check_preemption_disabled+0x48/0x200 [ 190.977353] ? rcu_lockdep_current_cpu_online+0x1f0/0x2d0 [ 190.982894] ? rcu_dynticks_curr_cpu_in_eqs+0x9f/0x160 [ 190.988181] ? rcu_pm_notify+0xc0/0xc0 [ 190.992072] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 190.997615] nfs_fscache_get_client_cookie+0x463/0x600 [ 191.002895] ? nfs_readpage_from_fscache_complete+0x200/0x200 [ 191.008799] nfs_alloc_client+0x563/0x760 [ 191.012953] ? register_nfs_version+0x280/0x280 [ 191.017627] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 191.022215] nfs_get_client+0x8e8/0x14d0 [ 191.026277] ? kmem_cache_alloc_trace+0x152/0x750 [ 191.031123] ? mount_fs+0xae/0x31d [ 191.034671] ? __lockdep_init_map+0x105/0x590 [ 191.039177] ? nfs_put_client+0x30/0x30 [ 191.043151] ? nfs_alloc_server+0x5ca/0x730 [ 191.047486] ? nfs_wait_client_init_complete+0x210/0x210 [ 191.052942] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 191.058483] ? check_preemption_disabled+0x48/0x200 [ 191.063501] ? check_preemption_disabled+0x48/0x200 [ 191.068536] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 191.073727] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 191.079277] nfs_init_server+0x357/0x1010 [ 191.083446] ? nfs_clone_server+0x920/0x920 [ 191.087773] ? nfs_alloc_fattr+0x48/0x1d0 [ 191.091925] ? rcu_read_lock_sched_held+0x108/0x120 [ 191.096954] nfs_create_server+0x86/0x5f0 [ 191.101106] nfs_try_mount+0x180/0xa80 [ 191.104999] ? lock_downgrade+0x900/0x900 [ 191.109151] ? nfs_request_mount.constprop.18+0x920/0x920 [ 191.114700] ? kasan_check_read+0x11/0x20 [ 191.118851] ? do_raw_spin_unlock+0xa7/0x2f0 [ 191.123259] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 191.127843] ? kasan_check_write+0x14/0x20 [ 191.132079] ? do_raw_spin_lock+0xc1/0x200 [ 191.136318] ? _raw_spin_unlock+0x2c/0x50 [ 191.140467] ? find_nfs_version+0x138/0x190 [ 191.144794] nfs_fs_mount+0x17f8/0x2f1c [ 191.148771] ? nfs_show_options+0x250/0x250 [ 191.153095] ? nfs_clone_super+0x420/0x420 [ 191.157327] ? nfs_parse_mount_options+0x2660/0x2660 [ 191.162448] ? lock_downgrade+0x900/0x900 [ 191.166602] mount_fs+0xae/0x31d [ 191.169977] vfs_kern_mount.part.35+0xdc/0x4f0 [ 191.174560] ? may_umount+0xb0/0xb0 [ 191.178189] ? _raw_read_unlock+0x2c/0x50 [ 191.182334] ? __get_fs_type+0x97/0xc0 [ 191.186249] do_mount+0x581/0x31f0 [ 191.189795] ? trace_hardirqs_off+0x310/0x310 [ 191.194291] ? copy_mount_string+0x40/0x40 [ 191.198527] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 191.203294] ? retint_kernel+0x2d/0x2d [ 191.207200] ? copy_mount_options+0x1f3/0x380 [ 191.211783] ? copy_mount_options+0x1f9/0x380 [ 191.216283] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 191.221820] ? copy_mount_options+0x288/0x380 [ 191.226321] __ia32_compat_sys_mount+0x5d5/0x860 [ 191.231086] do_fast_syscall_32+0x34d/0xfb2 [ 191.235414] ? do_int80_syscall_32+0x890/0x890 [ 191.240002] ? entry_SYSENTER_compat+0x68/0x7f [ 191.244586] ? trace_hardirqs_off_caller+0xbb/0x310 [ 191.249602] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 191.254454] ? trace_hardirqs_on_caller+0x310/0x310 [ 191.259481] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 191.264528] ? recalc_sigpending_tsk+0x180/0x180 [ 191.269285] ? kasan_check_write+0x14/0x20 [ 191.273524] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 191.278377] entry_SYSENTER_compat+0x70/0x7f [ 191.282782] RIP: 0023:0xf7f59ca9 [ 191.286150] Code: 85 d2 74 02 89 0a 5b 5d c3 8b 04 24 c3 8b 0c 24 c3 8b 1c 24 c3 90 90 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 191.305062] RSP: 002b:00000000f5f550cc EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 191.312772] RAX: ffffffffffffffda RBX: 00000000200002c0 RCX: 0000000020000140 [ 191.320038] RDX: 0000000020000180 RSI: 0000000000000000 RDI: 000000002000a000 [ 191.327305] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 191.334568] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 191.341836] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 191.350045] Kernel Offset: disabled [ 191.353670] Rebooting in 86400 seconds..