[ 37.944687] kauditd_printk_skb: 9 callbacks suppressed [ 37.944698] audit: type=1800 audit(1555900606.273:33): pid=7083 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 [ 37.972236] audit: type=1800 audit(1555900606.273:34): pid=7083 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0 [ 38.554980] random: sshd: uninitialized urandom read (32 bytes read) [ 38.988767] audit: type=1400 audit(1555900607.313:35): avc: denied { map } for pid=7255 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 39.039968] random: sshd: uninitialized urandom read (32 bytes read) Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 39.731999] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.189' (ECDSA) to the list of known hosts. [ 45.427705] random: sshd: uninitialized urandom read (32 bytes read) 2019/04/22 02:36:53 fuzzer started [ 45.637001] audit: type=1400 audit(1555900613.963:36): avc: denied { map } for pid=7264 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 47.783324] random: cc1: uninitialized urandom read (8 bytes read) 2019/04/22 02:36:56 dialing manager at 10.128.0.105:43303 2019/04/22 02:36:57 syscalls: 2434 2019/04/22 02:36:57 code coverage: enabled 2019/04/22 02:36:57 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/04/22 02:36:57 extra coverage: extra coverage is not supported by the kernel 2019/04/22 02:36:57 setuid sandbox: enabled 2019/04/22 02:36:57 namespace sandbox: enabled 2019/04/22 02:36:57 Android sandbox: /sys/fs/selinux/policy does not exist 2019/04/22 02:36:57 fault injection: enabled 2019/04/22 02:36:57 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/04/22 02:36:57 net packet injection: enabled 2019/04/22 02:36:57 net device setup: enabled [ 49.898555] random: crng init done 02:39:15 executing program 0: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0x40085112, &(0x7f0000000200)={{0xffffff92}, {0xffffffb0}}) 02:39:15 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) syz_open_dev$mouse(&(0x7f0000000180)='/dev/input/mouse#\x00', 0x0, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc\x00', 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") socket$tipc(0x1e, 0x2, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(r1, 0x7003, 0x0) preadv(r1, &(0x7f0000000280)=[{&(0x7f00000003c0)=""/116, 0x74}], 0x1, 0x0) sendmsg$TIPC_NL_PUBL_GET(0xffffffffffffffff, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r0, 0x16) 02:39:15 executing program 1: 02:39:15 executing program 2: 02:39:15 executing program 3: 02:39:15 executing program 4: unshare(0x40000000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) socket(0x0, 0x0, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'filter\x00'}, &(0x7f0000000080)=0x54) [ 187.289216] audit: type=1400 audit(1555900755.613:37): avc: denied { map } for pid=7264 comm="syz-fuzzer" path="/root/syzkaller-shm198128918" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 187.335436] audit: type=1400 audit(1555900755.663:38): avc: denied { map } for pid=7281 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=17 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 188.231133] IPVS: ftp: loaded support on port[0] = 21 [ 188.527015] IPVS: ftp: loaded support on port[0] = 21 [ 188.606043] chnl_net:caif_netlink_parms(): no params data found [ 188.615846] IPVS: ftp: loaded support on port[0] = 21 [ 188.708685] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.716187] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.724172] IPVS: ftp: loaded support on port[0] = 21 [ 188.724574] device bridge_slave_0 entered promiscuous mode [ 188.781904] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.788527] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.796884] device bridge_slave_1 entered promiscuous mode [ 188.828942] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 188.842502] chnl_net:caif_netlink_parms(): no params data found [ 188.862992] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 188.913531] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 188.921864] team0: Port device team_slave_0 added [ 188.948441] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 188.956571] team0: Port device team_slave_1 added [ 188.965709] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 188.993177] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 189.006663] IPVS: ftp: loaded support on port[0] = 21 [ 189.059615] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.067129] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.074422] device bridge_slave_0 entered promiscuous mode [ 189.123326] device hsr_slave_0 entered promiscuous mode [ 189.160678] device hsr_slave_1 entered promiscuous mode [ 189.244722] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 189.260951] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 189.285393] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.295520] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.304331] device bridge_slave_1 entered promiscuous mode [ 189.325234] chnl_net:caif_netlink_parms(): no params data found [ 189.382053] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 189.416502] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 189.499463] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 189.507979] team0: Port device team_slave_0 added [ 189.546609] chnl_net:caif_netlink_parms(): no params data found [ 189.556663] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 189.564955] team0: Port device team_slave_1 added [ 189.581386] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.587961] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.597023] IPVS: ftp: loaded support on port[0] = 21 [ 189.597933] device bridge_slave_0 entered promiscuous mode [ 189.628084] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 189.637078] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.643965] bridge0: port 2(bridge_slave_1) entered forwarding state [ 189.652057] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.658703] bridge0: port 1(bridge_slave_0) entered forwarding state [ 189.669598] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.679140] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.692355] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.699215] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.707659] device bridge_slave_1 entered promiscuous mode [ 189.733040] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 189.853290] device hsr_slave_0 entered promiscuous mode [ 189.910681] device hsr_slave_1 entered promiscuous mode [ 189.981294] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 189.988641] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 190.024431] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 190.055064] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.062910] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.070488] device bridge_slave_0 entered promiscuous mode [ 190.089192] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 190.108732] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 190.133544] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.139987] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.148016] device bridge_slave_1 entered promiscuous mode [ 190.195974] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 190.205783] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 190.220765] team0: Port device team_slave_0 added [ 190.226892] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 190.235294] team0: Port device team_slave_1 added [ 190.244591] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 190.252986] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 190.273271] chnl_net:caif_netlink_parms(): no params data found [ 190.284230] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 190.301231] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 190.308905] team0: Port device team_slave_0 added [ 190.317616] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 190.325152] team0: Port device team_slave_1 added [ 190.412889] device hsr_slave_0 entered promiscuous mode [ 190.451162] device hsr_slave_1 entered promiscuous mode [ 190.511935] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 190.535969] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 190.544433] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 190.553564] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 190.685111] device hsr_slave_0 entered promiscuous mode [ 190.731582] device hsr_slave_1 entered promiscuous mode [ 190.778732] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 190.819823] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.827020] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.834237] device bridge_slave_0 entered promiscuous mode [ 190.842011] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.848440] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.855942] device bridge_slave_1 entered promiscuous mode [ 190.862733] chnl_net:caif_netlink_parms(): no params data found [ 190.876907] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 190.937591] 8021q: adding VLAN 0 to HW filter on device bond0 [ 190.947762] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 190.958045] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 190.985508] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 190.995343] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 191.006193] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 191.039455] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.047769] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 191.055073] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 191.062982] team0: Port device team_slave_0 added [ 191.076980] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 191.084934] team0: Port device team_slave_1 added [ 191.107133] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.114174] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.121430] device bridge_slave_0 entered promiscuous mode [ 191.128904] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 191.137362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 191.147154] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 191.157791] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 191.184402] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.193505] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.201381] device bridge_slave_1 entered promiscuous mode [ 191.231446] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 191.247180] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 191.294531] device hsr_slave_0 entered promiscuous mode [ 191.351701] device hsr_slave_1 entered promiscuous mode [ 191.403083] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 191.413214] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 191.419499] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.431343] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 191.451705] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 191.467882] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 191.481186] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 191.491124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 191.498710] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 191.507651] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 191.516572] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 191.525774] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.532467] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.557056] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 191.567074] team0: Port device team_slave_0 added [ 191.578938] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 191.588417] team0: Port device team_slave_1 added [ 191.596512] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 191.607854] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 191.615248] 8021q: adding VLAN 0 to HW filter on device team0 [ 191.635658] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 191.646246] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 191.696224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.705373] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 191.713595] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.720481] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.730693] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 191.739751] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 191.795973] device hsr_slave_0 entered promiscuous mode [ 191.840745] device hsr_slave_1 entered promiscuous mode [ 191.880898] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 191.888925] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 191.897085] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 191.904760] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.911210] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.919179] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 191.930091] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 191.938434] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 191.948734] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 191.965348] 8021q: adding VLAN 0 to HW filter on device bond0 [ 191.973304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.981671] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 191.989765] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.996356] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.011555] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 192.019632] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 192.029320] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 192.040417] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 192.051288] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.059368] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 192.067036] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 192.076186] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 192.084523] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 192.092602] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 192.101007] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 192.109116] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 192.120453] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 192.131690] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 192.139850] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 192.148494] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 192.158729] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 192.168898] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 192.179088] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 192.188508] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 192.198532] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 192.206035] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 192.214242] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 192.221772] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 192.229826] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 192.238469] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 192.258358] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 192.273847] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 192.279984] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.288563] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 192.302325] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 192.314019] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 192.322001] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 192.329236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 192.336522] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 192.344285] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 192.352277] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 192.359911] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 192.370470] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 192.382787] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 192.394501] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 192.405601] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 192.413537] 8021q: adding VLAN 0 to HW filter on device team0 [ 192.419731] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 192.428680] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 192.436715] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.443187] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.450332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 192.457982] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 192.466222] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.475874] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 192.485953] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 192.496911] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 192.506236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 192.514855] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 192.523142] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.529527] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.536696] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 192.544602] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 192.552361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 192.560422] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 192.568059] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.574480] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.581894] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.593009] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 192.601614] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 192.607721] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 192.633917] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 192.640710] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 192.648965] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 192.661638] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 192.676863] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 192.689173] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 192.698316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 192.706712] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 192.714936] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 192.723454] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.729874] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.740542] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 192.753924] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 192.766173] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 192.780755] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 192.798484] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.811219] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 192.823417] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 192.832263] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 192.842552] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 192.856183] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 192.881246] 8021q: adding VLAN 0 to HW filter on device bond0 [ 192.888874] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 192.903394] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 192.915670] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 192.927157] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 192.937909] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 192.946954] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 192.958403] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 192.966493] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 192.980970] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 192.988617] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 192.997261] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 193.005457] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 193.017050] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 193.032154] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 193.038352] 8021q: adding VLAN 0 to HW filter on device team0 [ 193.047555] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 193.065058] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 193.073989] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 193.098732] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 193.115047] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 193.126127] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 193.146105] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 193.162073] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 193.170013] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 193.185541] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 193.209222] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 193.222435] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 193.229509] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 193.239438] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 193.254782] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 193.265427] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 193.275788] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 193.284947] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 193.294517] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 193.302601] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.309115] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.317036] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 193.325808] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 193.334647] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.341250] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.349511] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 193.359536] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 193.370847] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 193.381421] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 193.387643] 8021q: adding VLAN 0 to HW filter on device team0 [ 193.396572] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 193.409281] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 193.424915] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 193.445847] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 193.458481] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 193.479384] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready 02:39:21 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x1, 0x31, 0xffffffffffffffff, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f00000000c0)={'filter\x00', 0x7, 0x4, 0x480, 0x280, 0x280, 0x0, 0x398, 0x398, 0x398, 0x4, 0x0, {[{{@arp={@dev, @dev, 0x0, 0x0, @empty, {}, @empty, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'gre0\x00', 'sit0\x00'}, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@remote, @mac=@dev, @local, @loopback}}}, {{@uncond, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@broadcast, @empty, @local, @remote}}}, {{@arp={@local, @dev, 0x0, 0x0, @empty, {}, @empty, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'sit0\x00', 'irlan0\x00'}, 0xf0, 0x118}, @unspec=@AUDIT={0x28, 'AUDIT\x00'}}], {{[], 0xc0, 0xe8}, {0x28}}}}, 0x4d0) [ 193.508390] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 193.520498] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 193.529660] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.536365] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.547713] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 193.569004] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 193.578717] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 193.594672] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 193.612315] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 193.618767] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 193.634455] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 193.647591] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 193.658841] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 193.684098] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 193.694004] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 193.704493] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 193.714517] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 193.727877] 8021q: adding VLAN 0 to HW filter on device batadv0 02:39:22 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/capi/capi20ncci\x00', 0x80, 0x0) sendto$unix(r1, 0x0, 0x0, 0x800, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) write$FUSE_LSEEK(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0xfffffffffffffff8, &(0x7f0000000140)=0x40000000000009) r3 = syz_open_dev$audion(&(0x7f0000000180)='/dev/audio#\x00', 0x0, 0x0) r4 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) shmget$private(0x0, 0x2000, 0x0, &(0x7f0000ffd000/0x2000)=nil) shmget$private(0x0, 0x3000, 0x562, &(0x7f0000ffd000/0x3000)=nil) getpid() setsockopt$inet6_dccp_buf(r3, 0x21, 0x80, &(0x7f0000000400)="c55964a1278f7ae3c942ef9963ed0fcea7b408251c9fb0479638803e062cda73a4bdfbdf95542423825cfd747e15b0fbfe42789877fb54cdb8f58d059e36fdf28566ab528d5f965f1238fd027d1b63a05fc59c6d237fca3339bf92b2b0d0a021f57516c6e1e648790b8f38d39691ebb754c282386c9f6941a0a598cfbd42e97903875546f64c2dd1824a9387e1c27b8beaac3ad0c91313d3a7970c0387f1124bf107997e25759a2eba09fffc01a8594fdf446608dd7ec10dd52ea69a6c31cc3121dae682a79130803279b9878b91fdf2833f06f4f14a38386b78550b5cc136089942ac033cf224271c64aad15077339996cf73c3c8708a3597519c7a7561d8a0d22311d31f5c69bad1adfb5b0179269b8f3bf435a774f204262e262a944f7036ba4e35c527cc515219fbacb6bf0c429f3c85f094177d3c48204087ce28ef6423eff599bd8cc92c123d26bbfab96519aeb454779494268e285012ddc8ee8808603e4ff3bccfad58e844fe1988228205af05f8659dc1db402cdea7f92946d5a6e1eca73f28cb41c4e72b04e876065d49bdc02d0897943453725d737c976b9405d1e9638e02e1a0480748d7873dcfbecf91f9b479bc54bf43195870732a59ab4620cb35f4f57bf80062d8b8978dbefa3d7a9d9b50438e272c8d0c1f9ce27659c67a1e89fdd9ab7167f01c35dd0670163745f5229d3ee7b40b19ece7967da266937cb99880e68f563dbe880d260a6f843fc75f7c6fa43f81cccf851b15da080e99463b6fefa92f118de56d75a3380d42242f79ec634bfc95da2881817bfd8ecb1a9542afb2d2646ab721195d64f0ee5361e10b0932e2fb580f788029dcc44d763edf0719f59f230f09586a3fab40b5fd57b01546750f5c7ff4ef20c43c20b4fdf6a96d01d7faf1e5fec388db1b773ff6d1a424643fb7241f0f7cddb90a86ad034fcf236b8096f62b9465ab5b75f9b3ce35649685d1b181acd482c7db89370e6fe0c507107b5aa29d394fa8904409bb44629be24d6e6195e43aa008718855cfa8744102f3e24790bcf9afd8a0a77ea4f2e4b027595ac7ecbe440f88283965f78361294c8fa1c3b481e3c522ece49726fcb572c120a05e64506413ed2fa8933b3bb661a245fe17366f02fe493fa3a16c06011d854263e0f3684af85ec380fffa434bbe7225ef9f3d21bcf78c2c53cc75c164b165b5727a43efa04f73b6d7da52c6f433041ddc523e6513e0267c84de3d7411cd1afc4e9c1316142f86906a3f8f263411fe4b0b9ddcaed20eebcd7afb2cf79c322e5e95ef782e2e1f030fa94466a31ac099bd21cb8150324ca398b4c3ebc6b104249bff15bc8453e47788236382bb2f73b48942a05fda941880e063abb9131fe6bd6dad3c36e3c917f6a2ba8bdf62264e43227639a259cc66a5f0e88eb21965346f0a8a777be32f572354381213aac4cd14b55b3c6835c68de60f650824c7155bdec64bf683f79b3b3695173d436d1c81a8b6161c5765b23dcc85bc678d79b653fdf3898c3e62fd0e1ee6211afa32801fa7831b0f525b58662e3ccaf115328941e10f64d654493aa9df22aaf633083e1e49e69b02d181ae295d99c0465f928e53af74c21cd30b3499fb3c568dedd7ba4d3c0aa57eaea1fc81a42ac97782b455adfd61960832b7d6548f66cb09c6478ddfe1e130fa5a3050477c68009897c88526cacc9f1d2490c9b2757f5d013a2aa6b91d193a2325c5dcbd2423c8d961d96b45ba2a999e2054c9b5ddbd0118a9afbd8de795679f2235a652f3121af982b1064ab382d99a59b1d5a91faf77959202e9889fefa081a20f48dab2984eebe1480f5a53e567dde83cb78e686f467477048c1c6b5921ee93bc4744cc7b9fd282a509ffcf1717ab019206baae55da8c0f01bab847e03a19493812d5afc664c60ddfe3a779014a08ce976ae08e67a2c274775bd6d082d31858370e5d95c3bad0f2e87b003eea44005236949b58062cfc8215f33099ad8bf88bd50a7ed89fddc293eef53f8fa0eb99e6f89a5a452529c3bbcd72c7d3ed01d42aeeae6280e33340ca2bf9f295545c73e9fa7fc3fe5342535f8cfb8a43a61ede823770ef2efa5e9a764cf8c1b56cb64e3a39f4634e8e6258ff95ea6a90c6c7764cf262b48357b82d0f46e2eceb7d84e0ce5054aa619d56819d9c72a007d54d5bea8bfe7842d372625c44060d249f055d05f5f3c062d6fcd1a711bcc3e49586c6b77d55386ecc1bff8897eb4a8a189557d15dd33de786067e35a8f44c214550b904cef8abab96e48da6753529c3d257b5fd788f352ae7d87870d1adf85dd43db23e942451f0f36fc68989d2399c1b795610f47345f2ac00fd3e0e6923b654079c6605736120156dba753969f123233aca5b89e42864fab9d8f4130e9cc2abb03df53f5ec99610163ff5440f54d738c4561d65978d852bd96649094943d831562ef59723dc5cbe9aa1e5eee0aaff06c2f1e9b7d06c2b85874c72309935cb5bea65f036bb998d1805e50d5543e8cc27cefa2d2346f11b4e607f759c26c3cd1b77de101e98d0126235ee4923c33c6ca7f271ecb43e73f89fd5ac8d03fd24275ec32b22e2b318e32bb05daa125676ee7d34a61b813332f56fe4c4af4524d3dff2b8b88c78afc64f0180882f3bf2a8cefbdfaa6bda77175b222c768f90fed5196453f9c5455342ce79d3bac07f2b00dec4b226eff5228cc03668e7cb16a63d93bd0a0d1258393fc0917f82a3470d383ace00092e6cc022b6faa27dbc30f2b0d15e3d83036e5e94eec9c0c6b7d8bb879e0db47ed45f20ed3038d28bb7511bdfd6aa511d8d2cc22d503ffccb4fc40a882e1d31a9648a337ce289bb1db7d91f7a588afe4ec7f435a80b09471a3a677029d5b6f4d15e8a9001beb7dcc1b2801d16d5cdfbf9e8dc86c7d44f8f2baa6e8fbb18298f61d98fe1972455b5957a44ad07e38b8574a95ca36d6e573a4bf885c4b390ddadfd64174601a64684aff3957de73cb6f381987d36b68aae9df40b91320f5064d28609e0221063a6821d25a1dcfa7e1c56ca366953baeacd8589ba969d22751fc159efb905b619ca4a7acb7d430f96648b69a4442e9158db36f07fb66030562915db6ae59520c6c610b42b98932f7e8b8804d726176cb99a8848f2f259b58329143afc92a3897bc741319864d0185cdbbff213f8b010e1a0ff5c15898bb8fb500162110172b4da513d3adab9e8c1dd35b997afd7eb53915044305620cb439d92555ad7ab1d99a3c5e13c2e480332d486f3e910bc532711d5f7d105c2d4f54f9924195e806a0bf2aeb6d835f4b267ec6e5784f9fd6c3e55bff69b835aefac0da67c6f2b7ac9cff2f5a3ac7b92ba8f0e7b439d3320b1d419ac2b9105367d490e0bb021a4df6f5204eb2e13903155ff2bc843e2a4a1b134739994cc40e8de49a2708e427e74dd4b59c07a138cb8bac580384ae43ca2d1e9e2c927f48d22f4318dcb0aa6ebd77724013da0e536a48a40230ee1a25319ace522464f40f01e40622a5e36f3de4f3e728fe51017d8f0c87319d622d98050d571024f8102b1c365aedd0e02aee8358571464988ca72bbc71e76055d13ba4b40324659d4e082e8f2238fdd3fe7046ff9a24e33cd006149d19ca1db1658c8363f0b62648c9914ead0a1408804c84931a98460e460ae2321a1aba0a0b6b24621adbb4bef79059d3f7de0841e18bb0f2c794ec710dcae74a3d447370cf443636122d5d83a10de13ebbb9046034ca128c4216f8cf56dde11234d53170a0599fe2aa643a19316d98220ec6d29bb291c728538d58a292f0f11eeefc1d428e5379f22e14ba3940b7398506b4aa22e36affc82a3772f66791a8a0a0931e8814da324218d02d39f31ab7768b4daa4f595ea83762a108ba46374e1cc19be7e81286c5d31092940146fcbad76123d92db2f11938606ee3c4dc94d7ff4d3fc126977a7f316c7dd4c7d3a0781d2ec1e478be1c8f9506b06f9560e0079151770ae17e2160e1bdcb23cd67cc0f2bbfe54c6b51612eb6cc0bbd3a39524fde4032c7dff7a17c1fa418a245f407538aed99dfba103c8b3b8d5880d882a53be85015b163eb6c793fa800b9e0b4133ce3fe672d98d66ccef81fac69bb9763f27171e8f163aed5c5e7cec334583c773a0e5189ced3b236419683699f1576c4cce3487d8dc80402319dec38e9581c4b36a009bfd67509811b169f1d4414740870552e07ac6e6cb69cfad56bd245af87e510753173d98a2f182937392ed01b2c2ddcc68dfa3e7d8398c34ab9ea92071a45dc015bb2f0dc4a7e13b7d63e9bb27fb83683b9376dcbf6cb4646fe8b76342566f732660c71d10627e6b3bc91bed6271ab0c130f2d292d35e2a5358d4d4897fe1eb97742cee40bc1654c8e6b984ded54b0ba2e182be98f9662c0ddc30a55a647e86393e03a80ae624d466b88d4ac2ab33100cd4fa259b4bd13f4eb1ce1e169ac3bb0a890395526ba378d9cce3f6c0ca37ca0dc874df0e52f032e8c5d2a27528b29f7b95e181a03378e08004c18a632eb944190b83da3ed6a85c72481886b5d098c4b140cf7f43c4f50932d8b9f722f38563e47d2095c94fc72d43eca0e51255472c1e3277e1287f42ef11de3b391380aa19e5a6b224231a11c29d7152604da34e2c939919bcd044bbfc50a35c7d82f82924d81e9e3144564cac38721f7f42fc04cefb3dec1ac8cbbee57dc9e4f307ecc6178a40fe115c034840c6d0e684c99dada5fe6b705c213b0ab0db6c132b0bd79cb3878f6c3f75168f36e75cf7f07199bcbc3f8c0f35bfa221d69ae1910d4a2253cbc60a54ab127a2791524b8050fb4ac861e1e15db8321ae0d7ffbe473f0e2e2c2532157a71b6b34d61340d9a5bb2cff5e7bf5a23d6402d19bc3ea6001c04c50702c23375e9232c431cf9325ac591c6b9a6dde8c59406ca0225b4f310ab2bf1b8f8da72b4badbbcf4ad09ecc97e1a5fe783cb121607029837d6d9bd98385904c6c9150f9616c6fe5701b2462667b04d8f0ba3b47a645a64b0a53c2c86d9250a8696aa21612dbf01d2983549fb68b8b99822d4ae93a7b26f7cdbc97c868387b34132d6a79c48d165b69451500f947afd0d3b590e1a7840643c7f79e5a101b0e76a6423f8a9fddfba0e556ab5fe2a3541a39e1f3a803889f32a470d25f8aa7039c0306576e9db3c7ae868c52667d522b1199621d28c35b14a60db4de3fa5688060b8992e4b3e09b80454430c482d0aef009c3a95ef3cb3dcd181647ed8279210ddba8c93218bccfa65917986f5b5a70735b4030d5eb80cf5800a9d5867d2d70c4e6b67bd81e50efe80940d773112745ffbcc381ee0807167f25de79ede38a384229e55c4ff11459f2cb20acbc501d610b94426ef691464a3fded71683d099966991a817278eb93af2c132ed54b34ca9cddf47d769a0a4e2b40b0570ef311e5c4e1d8ca005445cf7798cc0c86a51a8d8ceef6f654e98b4b81444d8628c9923251516e2e20b224d926236c9e0dc55eea50f040e0d4da57a329bb65ef8c72381226e767bacbd7bc48ed6af52b91c953b9674f8cb6e4181a296fb606632ba197fc1f8c893e72ff3d838f98b27ac3478b3f425ac09f51330e51b964110a053ff8eb83bb38153059e78d1bcf40f733fee0402edba0b24d877c86ee17cf409397c958cd43f114a95710dfae6e952f555d768783936c8a7c980507bc0cff8ff2eb22f557214eed90c5fceca63d059dc0439a64a3e39e94f8016314163af09c6acc854e2781e6685d4dfb4729d5cc8097149625040107f90dcbb95834d287635fdffef3e62c6a9ca8c1", 0x1000) fstat(r4, &(0x7f0000000240)) fsetxattr$system_posix_acl(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) clone(0x4000, &(0x7f0000000380), 0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xfffffffffffffffe) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0xa000000200000000, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFBRDADDR(r3, 0x8919, &(0x7f00000003c0)={'gretap0\x00', {0x2, 0x4e24, @multicast2}}) clone(0x80a102001ff8, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000343ff8)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffff9c, 0x84, 0x7c, 0x0, 0x0) [ 193.736439] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 193.753907] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready 02:39:22 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-sse2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000180)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) write$cgroup_int(r1, &(0x7f00000000c0), 0xfe58) recvmmsg(r1, &(0x7f0000008a00)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000000)=""/48, 0xfe0f}], 0x1}}], 0x1, 0x0, 0x0) [ 193.784703] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.791256] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.823991] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 193.837818] audit: type=1400 audit(1555900762.163:39): avc: denied { create } for pid=7339 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 193.851218] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 193.884113] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 193.901372] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 193.924755] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 193.943837] hrtimer: interrupt took 34417 ns 02:39:22 executing program 5: openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/capi/capi20ncci\x00', 0x80, 0x0) sendto$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sched_setaffinity(0x0, 0x0, 0x0) r1 = syz_open_dev$audion(&(0x7f0000000180)='/dev/audio#\x00', 0x0, 0x0) shmget$private(0x0, 0x2000, 0x0, &(0x7f0000ffd000/0x2000)=nil) fstat(0xffffffffffffffff, 0x0) fsetxattr$system_posix_acl(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xfffffffffffffffe) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0xa000000200000000, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCGIFBRDADDR(r1, 0x8919, &(0x7f00000003c0)={'gretap0\x00', {0x2, 0x4e24, @multicast2}}) clone(0x80a102001ff8, 0x0, 0xfffffffffffffffe, &(0x7f00000000c0), 0xffffffffffffffff) mount(0x0, &(0x7f0000343ff8)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffff9c, 0x84, 0x7c, 0x0, 0x0) [ 193.968958] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 194.014359] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 194.065912] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 194.092620] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 194.101153] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 194.115644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 194.126817] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 194.143476] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 194.166229] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 194.173041] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 194.185784] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 194.205688] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 194.225973] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 194.237464] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 194.247428] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 194.255975] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 194.265796] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 194.276414] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 194.287368] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 194.297710] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 194.306142] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 194.317190] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 194.331253] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 194.346045] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 194.354008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 194.363114] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 194.369243] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 02:39:22 executing program 2: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x50000}]}) pwritev(0xffffffffffffff9c, 0x0, 0xfffffffffffffe55, 0x0) [ 194.413112] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 194.438250] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready 02:39:22 executing program 2: ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) eventfd(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f000000b000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f000063de2c)=@newsa={0x13c, 0x10, 0x713, 0x0, 0x0, {{@in6=@dev}, {@in6=@mcast2, 0x0, 0x32}, @in6=@ipv4, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_aead={0x4c, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0x0, 0x60}}]}, 0x13c}}, 0x0) [ 194.466361] 8021q: adding VLAN 0 to HW filter on device batadv0 02:39:22 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x1, 0x31, 0xffffffffffffffff, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x11, 0xb, &(0x7f00000000c0)={'filter\x00', 0x7, 0x4, 0x480, 0x280, 0x280, 0x0, 0x398, 0x398, 0x398, 0x4, 0x0, {[{{@arp={@dev, @dev, 0x0, 0x0, @empty, {}, @empty, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'gre0\x00', 'sit0\x00'}, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@remote, @mac=@dev, @local, @loopback}}}, {{@uncond, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@broadcast, @empty, @local, @remote}}}, {{@arp={@local, @dev, 0x0, 0x0, @empty, {}, @empty, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'sit0\x00', 'irlan0\x00'}, 0xf0, 0x118}, @unspec=@AUDIT={0x28, 'AUDIT\x00'}}], {{[], 0xc0, 0xe8}, {0x28}}}}, 0x4d0) 02:39:23 executing program 0: [ 194.675756] syz-executor.0 (7342) used greatest stack depth: 23152 bytes left 02:39:23 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x1, 0x31, 0xffffffffffffffff, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x11, 0x67, &(0x7f00000000c0)={'filter\x00', 0x7, 0x4, 0x480, 0x280, 0x280, 0x0, 0x398, 0x398, 0x398, 0x4, 0x0, {[{{@arp={@dev, @dev, 0x0, 0x0, @empty, {}, @empty, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'gre0\x00', 'sit0\x00'}, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@remote, @mac=@dev, @local, @loopback}}}, {{@uncond, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@broadcast, @empty, @local, @remote}}}, {{@arp={@local, @dev, 0x0, 0x0, @empty, {}, @empty, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'sit0\x00', 'irlan0\x00'}, 0xf0, 0x118}, @unspec=@AUDIT={0x28, 'AUDIT\x00'}}], {{[], 0xc0, 0xe8}, {0x28}}}}, 0x4d0) 02:39:23 executing program 2: 02:39:23 executing program 3: [ 196.270415] IPVS: ftp: loaded support on port[0] = 21 02:39:24 executing program 4: 02:39:24 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-sse2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000180)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) 02:39:24 executing program 2: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x800006, 0x0, 0x0, 0x50000}]}) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendto$unix(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 02:39:24 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000000440)={0x0, 0x12}, &(0x7f0000044000)) r1 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(r1, 0xc0109207, 0x20000000) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) read$alg(r1, 0x0, 0x0) tkill(r0, 0x14) 02:39:24 executing program 1: 02:39:24 executing program 3: 02:39:25 executing program 4: 02:39:25 executing program 3: 02:39:25 executing program 1: ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r0 = eventfd(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f000000b000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f000063de2c)=@newsa={0x13c, 0x10, 0x713, 0x0, 0x0, {{@in6=@dev}, {@in6=@mcast2, 0x0, 0x32}, @in6=@ipv4, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_aead={0x4c, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0x0, 0x60}}]}, 0x13c}}, 0x0) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000200)={0x0, 0x0, 0x0, r0}) 02:39:25 executing program 4: 02:39:25 executing program 3: 02:39:25 executing program 2: 02:39:25 executing program 5: 02:39:25 executing program 0: 02:39:25 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="11dca5055e0bcfec7be070") r1 = socket$inet(0x10, 0x2, 0x0) sendmsg(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000380)="24000000200007041dfffd946f610500020000001f0000000000080008000b000400ff7e", 0x24}], 0x1}, 0x0) 02:39:25 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbmon(&(0x7f00000014c0)='/dev/usbmon#\x00', 0x0, 0x0) read$alg(r0, 0x0, 0x0) 02:39:25 executing program 1: ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r0 = eventfd(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f000000b000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f000063de2c)=@newsa={0x13c, 0x10, 0x713, 0x0, 0x0, {{@in6=@dev}, {@in6=@mcast2, 0x0, 0x32}, @in6=@ipv4, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_aead={0x4c, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0x0, 0x60}}]}, 0x13c}}, 0x0) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000200)={0x0, 0x0, 0x0, r0}) 02:39:25 executing program 2: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) getsockopt$EBT_SO_GET_ENTRIES(r1, 0x0, 0x83, &(0x7f0000000100)={'filter\x00', 0x0, 0x0, 0x1000, [], 0x0, 0x0, &(0x7f00000003c0)=""/4096}, &(0x7f0000000200)=0xe0) 02:39:25 executing program 0: r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@remote, 0x800, 0x0, 0x102, 0x100000000000001}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000140)={@loopback, 0x800, 0x0, 0x3}, 0x20) 02:39:25 executing program 5: 02:39:25 executing program 4: 02:39:25 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x2000000000000000, 0x80, &(0x7f0000000100)=@broute={'broute\x00LH\x00\x00\x00\a\x00', 0x20, 0x2, 0x210, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200006c0], 0x0, 0x0, &(0x7f00000006c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x9, 0x0, 0x0, 'vlan0\x00', 'vcan0\x00', 'yam0\x00', 'erspan0\x00', @link_local, [], @empty, [], 0x70, 0x70, 0xa0}}, @common=@redirect={'redirect\x00', 0x8, {{0xfffffffffffffffe}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xfffffffffffffffc, 0x1, [{{{0x3, 0x0, 0x0, 'bond_slave_1\x00', 'ip6gretap0\x00', 'bond_slave_1\x00', 'veth0\x00', @broadcast, [], @link_local, [], 0xb0, 0xb0, 0xe0, [@connbytes={'connbytes\x00', 0x18}]}}, @common=@NFQUEUE0={'NFQUEUE\x00', 0x8}}]}]}, 0x288) 02:39:25 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts-aes-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000180)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) write$cgroup_int(r1, &(0x7f00000000c0), 0xfe58) recvmmsg(r1, &(0x7f0000008a00)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000000)=""/48, 0xfe10}], 0x1}}], 0x1, 0x0, 0x0) 02:39:25 executing program 1: ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) r0 = eventfd(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f000000b000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f000063de2c)=@newsa={0x13c, 0x10, 0x713, 0x0, 0x0, {{@in6=@dev}, {@in6=@mcast2, 0x0, 0x32}, @in6=@ipv4, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_aead={0x4c, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0x0, 0x60}}]}, 0x13c}}, 0x0) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000200)={0x0, 0x0, 0x0, r0}) 02:39:25 executing program 0: r0 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x201, 0x8000000100079) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) r2 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x0, 0x0) bind$rds(r1, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) sendmsg$rds(r1, &(0x7f0000000340)={&(0x7f0000000080)={0x2, 0x104e21, @remote}, 0x10, &(0x7f0000000300)}, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0x8108551b, &(0x7f0000000200)={0x0, 0x0, @start}) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x84, 0x0) socket$inet(0x2, 0xf, 0x0) bind$inet(r2, 0x0, 0x0) stat(&(0x7f0000000540)='./file0\x00', &(0x7f0000000580)) 02:39:25 executing program 5: r0 = syz_open_dev$radio(&(0x7f00000000c0)='/dev/radio#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_G_FREQUENCY(r0, 0xc02c5638, &(0x7f0000000100)) 02:39:25 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x0) ioctl$VIDIOC_QUERY_EXT_CTRL(r1, 0xc0445624, &(0x7f00000001c0)={0xc0000000, 0x0, "82f7d226281bcd1e1d913bb1a68775d75049522d8d7d035902f9ca414bed5f7e"}) 02:39:25 executing program 3: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x0, 0x0, 0x0) 02:39:25 executing program 5: r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x9) write$cgroup_type(r0, &(0x7f00000002c0)='threaded\x00', 0xffffffd8) sched_setattr(0x0, &(0x7f0000000140)={0x0, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0) chmod(&(0x7f0000000100)='./file0\x00', 0x88) [ 197.376989] xt_connbytes: cannot load conntrack support for proto=7 [ 197.386518] xt_connbytes: Forcing CT accounting to be enabled 02:39:25 executing program 4: r0 = socket$packet(0x11, 0x80000000000a, 0x300) getsockname(r0, 0x0, &(0x7f0000000040)) 02:39:25 executing program 2: r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@remote, 0x800, 0x0, 0x102, 0x100000000000001}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000140)={@loopback, 0x800, 0x2}, 0x20) 02:39:25 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) writev(0xffffffffffffffff, &(0x7f0000000280)=[{&(0x7f00000002c0)="2da85b07f7a224ab77ab8a705cc14edf9dc89f455d2e0e8bfe37702b7d0b240e5b7ded616cbe658b8550de8b2817f3da5e030f100e2e9883893c6e62c4387267cd8d9969b213ea72d92284c6c8b4216081bf206420575278f5977f94b725862c012d", 0x62}], 0x1) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000980)={{{@in=@multicast2, @in6=@mcast1}}, {{@in=@local}, 0x0, @in6=@loopback}}, &(0x7f0000000380)=0xe8) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f00000001c0)={0x20001}) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 'y\x14\bK\x16^\x9e\xc5/\x15\x95\xab)\xeb\xf0\x15\xf3{T\x1aWP\xac\xb2\xac\x95\xe9\xad9b\xaf5.S#\xb7y\x82\x1f\xa5^\xe1K\xf9'}) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 02:39:25 executing program 0: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003840)=[{{0x0, 0x0, &(0x7f0000002b80)=[{&(0x7f0000001880)=""/190, 0xbe}], 0x1}}], 0x40000000000003d, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ipv6_route\x00') preadv(r0, &(0x7f00000017c0), 0x1d0, 0x0) 02:39:25 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f319bd070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x200000000000013, &(0x7f0000000140)=0x400100000001, 0x4) setsockopt$inet6_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) connect$inet6(r1, &(0x7f0000000080), 0x1c) r2 = dup2(r1, r1) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_bt_hci(0xffffffffffffffff, 0x0, 0x0) gettid() setsockopt$inet6_buf(r2, 0x29, 0x21, 0x0, 0x275) fcntl$setstatus(r1, 0x4, 0x42806) [ 197.619477] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 02:39:26 executing program 4: r0 = socket$packet(0x11, 0x80000000000a, 0x300) getsockname(r0, 0x0, &(0x7f0000000040)) 02:39:26 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fa, &(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) 02:39:26 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_XCRS(r2, 0x4040ae9e, &(0x7f00000003c0)=ANY=[]) 02:39:26 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000dddfc8)={0x0, 0x0, &(0x7f0000001280)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000000a060501ff0080fffdffff270a0600000c000100060000007d0a00010c000200007059c93f0022ff"], 0x2c}}, 0x0) 02:39:26 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(r1, &(0x7f0000000200)={0x2, 0x0, @remote}, 0x10) setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000080)={0x20000000000003}, 0x8) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x13, &(0x7f0000000140), 0x14) close(r1) [ 197.938508] audit: type=1400 audit(1555900766.263:40): avc: denied { create } for pid=7559 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 02:39:26 executing program 1: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0) r0 = syz_open_dev$loop(&(0x7f00000004c0)='/dev/loop#\x00', 0x80000001, 0x1) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff) ioctl$BLKROGET(r0, 0x125e, &(0x7f0000000040)) ioctl$FS_IOC_SETVERSION(0xffffffffffffffff, 0x40087602, &(0x7f0000000180)) [ 198.128478] audit: type=1400 audit(1555900766.293:41): avc: denied { write } for pid=7559 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 02:39:26 executing program 5: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x18, &(0x7f0000000280)=ANY=[@ANYBLOB="85000000070000002500000000000000950000000000000069259e0355f0f3817cd35c3e80abf6aee93960e7c2d01b5117f4877b14c64b349798efb362ae41473d64764bd7bdc8c8c0d758992f7893445d3e79bf72d4ad529e6920d295b510347e31b4567b48a9e30a40e9815b8929e253798029b86122e63f9edf7efcf125fedc6ad8a68429e416648aaca240448e4fd1bfe77af8b38578daad00839394dd637f01b3aaa828f8ec475fe381b0fb794e2428225e5c1c8324dfd9128b5c5a914faa6617"], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = gettid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={r2, r0, 0x0, 0x7, &(0x7f0000000100)='cpuset\x00', 0xffffffffffffffff}, 0x30) 02:39:26 executing program 4: clone(0x3102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x12) openat$cgroup_type(0xffffffffffffffff, 0x0, 0x2, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ptrace(0x8, r0) write$P9_RMKDIR(r2, 0x0, 0x0) 02:39:26 executing program 0: syz_execute_func(&(0x7f00000001c0)="410f01f964ff0941c3c4e2c99758423e46d873120f96b1feefffffc4e12f2ac03e0f1110c442019dcc6f") clone(0x3102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigprocmask(0x0, &(0x7f00000000c0)={0xfffffffffffffffa}, 0x0, 0x8) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x12) ptrace$cont(0x1f, r0, 0x0, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ptrace(0x18, r0) 02:39:26 executing program 3: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc\x00', 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x7003, 0x0) preadv(r1, &(0x7f0000000280)=[{&(0x7f00000003c0)=""/116, 0x74}], 0x1, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r0, 0x16) 02:39:26 executing program 1: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$sock_inet_tcp_SIOCATMARK(r0, 0x7003, 0x0) preadv(r0, &(0x7f0000000280)=[{&(0x7f00000003c0)=""/116, 0x74}], 0x1, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) 02:39:27 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000280)='yeah\x00', 0x76) sendto$inet(r0, 0x0, 0x26, 0x400200007fe, &(0x7f00000000c0)={0x2, 0x10084e23, @local}, 0x10) write$binfmt_elf64(r0, &(0x7f00000016c0)=ANY=[@ANYPTR=&(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f00000004c0)=ANY=[@ANYRES16], @ANYRES32, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000580)=ANY=[@ANYPTR64, @ANYRESHEX, @ANYPTR64, @ANYRES32=0x0]], @ANYRESDEC, @ANYRES16], 0x120001644) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000740)=@nfc, 0x2880, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x7ffff012}], 0x7, &(0x7f0000000200)=""/20, 0xc2b}, 0x300) socket$inet_udplite(0x2, 0x2, 0x88) 02:39:27 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x220, 0x0, 0x0, 0x10000007a) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f0000000080)={0x7b, 0x0, [0x20000003b]}) 02:39:27 executing program 1: setreuid(0x0, 0xee00) r0 = geteuid() setreuid(0x0, 0x0) mknod(&(0x7f0000000240)='./bus\x00', 0x8, 0x0) clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setreuid(r0, r0) execve(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) 02:39:27 executing program 5: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0x25}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = gettid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r2, r0, 0x0, 0x1000000, 0x0, 0xffffffffffffffff}, 0x30) 02:39:27 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e24, 0x0, @ipv4={[], [], @loopback}}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x91, 0x4) 02:39:27 executing program 1: r0 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my}) socket$vsock_stream(0x28, 0x1, 0x0) r1 = accept(0xffffffffffffffff, &(0x7f00000000c0)=@pptp={0x18, 0x2, {0x0, @multicast1}}, &(0x7f0000000140)=0x80) recvfrom$unix(r1, &(0x7f0000000400)=""/22, 0x16, 0x102, &(0x7f0000000440)=@file={0x1, './file0\x00'}, 0x6e) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000180)={0x10000000}) setsockopt$inet_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000000)='tls\x00', 0x4) r2 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r2, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r2, 0xdf1b) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) r4 = accept4(r2, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r3, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000240)=ANY=[@ANYBLOB="9c72ffc80f64f56e9afde2a6b95cbfba4b47ce0ef6055f9630660fa91fca1f91601fa8ce9c30a0029718915363a3df16769c2a2c9efe3f4b6096d59057f962e0ca33d83c9ec16f6c92b99448aa06fea27cc092730b82e43b040ad32029d280fe4d74e4708ed8a93a496e6511fcb11b4a12d59f3c5f0f3edec165ffc4528d1ceab9a3f6c4268b779fbdb93d83bfee817834a444ecb18439085fd5475ede2764e6234bdea21c9a3a2ab74f4babcd12aa0c34efa3925557fcc1c294812f59e6248e1502068cd6d0d83d2cfe748d6e5b37d05c128f587288478432"], 0x1) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f00000001c0)={@my=0x0}) getsockopt$EBT_SO_GET_INIT_INFO(r4, 0x0, 0x82, &(0x7f00000004c0)={'broute\x00'}, &(0x7f0000000200)=0x36d) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000340)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x1000000000054}, 0x98) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-monitor\x00', 0x0, 0x0) 02:39:27 executing program 4: r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000002c0)='threaded\x00', 0xffffffd8) sched_setattr(0x0, &(0x7f0000000140)={0x0, 0x6, 0x0, 0x0, 0x0, 0x9917, 0xffff}, 0x0) chmod(&(0x7f0000000100)='./file0\x00', 0x0) 02:39:27 executing program 5: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0x25}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = gettid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r2, r0, 0x0, 0x1000000, 0x0, 0xffffffffffffffff}, 0x30) 02:39:27 executing program 5: r0 = gettid() syz_open_procfs$namespace(r0, &(0x7f0000000080)='ns/pid_for_children\x00') r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") unshare(0x28020400) syz_open_procfs$namespace(r0, &(0x7f0000000100)='ns/pid_for_children\x00') 02:39:29 executing program 0: r0 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x201, 0x8000000100079) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000000)) setsockopt$inet_tcp_buf(r0, 0x6, 0xd, &(0x7f0000000080)="5fcedc0c16b6961eb5122d1b217886b66b0c9b173a0a6037bf4076980e4257b0e3222b61e65132b2766e487fcb168cf58e792fe8b68846d7d25af74ba37abb4ea940ef36d135a90bf11334af9f63d7059c904ad9b70b5eb8df130d1eda06172199e44e6fbe97aa918cdcbdd7e224efe103861433d929ccf056171765a984d34a1ac01801a1bc", 0x86) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) r2 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x0, 0x68300) bind$rds(r1, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) sendmsg$rds(0xffffffffffffffff, 0x0, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0x8108551b, &(0x7f0000000200)={0x0, 0x0, @start}) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x84, 0x0) socket$inet(0x2, 0xf, 0x0) bind$inet(r2, 0x0, 0x0) stat(&(0x7f0000000540)='./file0\x00', &(0x7f0000000580)) stat(&(0x7f0000000600)='./file0\x00', &(0x7f0000000640)) 02:39:29 executing program 5: accept(0xffffffffffffffff, 0x0, &(0x7f0000000140)) setsockopt$inet_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r0, 0xdf1b) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000340)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x1000000000054}, 0x98) 02:39:29 executing program 3: r0 = syz_open_dev$vbi(&(0x7f0000000040)='/dev/vbi#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000180)={0x0, 0x6, 0x1, {0x4, @raw_data="efaa91e861aa9431ed1253263499a0b1b370c43f9fe8f2927337a7d398c6845cb38171589b15e8d8b61dc2e54209994fec0662ed54b2baa44404f48509356f73689ffee8d5b5900744889c501420724ea72c482a9e0dd0fa701629106ab573c94c82fa974e2cc0b74e5eb5d3df1eda89581c045ae28a41b014d328db1ec69773717d52c347e1ab293032682811cc8c1a943e4ff99d6413e857409534cbeb3d5c2cef8143ea24613061aca7b83d6a2dbb623aa0cb7093e6818c917710012a3be504412cf3dc2dc008"}}) 02:39:29 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000080)={'sit0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) epoll_create(0x8) ioctl$sock_ifreq(r0, 0x8977, &(0x7f0000000000)={'sit0\xf3\xff\xff\xff\x00', @ifru_flags=0x1}) getsockopt$EBT_SO_GET_INIT_ENTRIES(r0, 0x0, 0x83, &(0x7f0000000140)={'nat\x00', 0x0, 0x4, 0x4c, [], 0x2, &(0x7f0000000280)=[{}, {}], &(0x7f0000000200)=""/76}, &(0x7f00000001c0)=0x78) ioctl$sock_ifreq(r0, 0x89f1, &(0x7f0000000080)={'sit0\x00', @ifru_flags}) 02:39:29 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='rdma.current\x00', 0x26e1, 0x0) write$cgroup_int(r0, &(0x7f0000000100), 0x5952e1) fcntl$F_SET_RW_HINT(r0, 0x40c, &(0x7f0000000200)) 02:39:29 executing program 4: r0 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x201, 0x8000000100079) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$rds(0x15, 0x5, 0x0) syz_open_dev$vcsn(0x0, 0x0, 0x68300) bind$rds(0xffffffffffffffff, 0x0, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0x8108551b, &(0x7f0000000200)={0x0, 0x0, @start}) mknod$loop(0x0, 0x0, 0xffffffffffffffff) stat(0x0, 0x0) stat(0x0, &(0x7f0000000640)) fchown(0xffffffffffffffff, 0x0, 0x0) 02:39:29 executing program 3: 02:39:29 executing program 1: 02:39:30 executing program 4: 02:39:30 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r0, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1081}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000004000/0x4000)=nil, 0x4000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 02:39:30 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) writev(0xffffffffffffffff, &(0x7f0000000280)=[{&(0x7f00000002c0)="2da85b07f7a224ab77ab8a705cc14edf9dc89f455d2e0e8bfe37702b7d0b240e5b7ded616cbe658b8550de8b2817f3da5e030f100e2e9883893c6e62c4387267cd8d9969b213ea72d92284c6c8b4216081bf206420575278f5977f94b725862c012d", 0x62}], 0x1) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000980)={{{@in=@multicast2, @in6=@mcast1}}, {{@in=@local}, 0x0, @in6=@loopback}}, &(0x7f0000000380)=0xe8) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r2, 0x4048ae9b, &(0x7f00000001c0)={0x20001, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000dd27]}) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(0xffffffffffffffff, 0x40405515, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 'y\x14\bK\x16^\x9e\xc5/\x15\x95\xab)\xeb\xf0\x15\xf3{T\x1aWP\xac\xb2\xac\x95\xe9\xad9b\xaf5.S#\xb7y\x82\x1f\xa5^\xe1K\xf9'}) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000000)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 02:39:30 executing program 0: r0 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x201, 0x8000000100079) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000000)) setsockopt$inet_tcp_buf(r0, 0x6, 0xd, &(0x7f0000000080)="5fcedc0c16b6961eb5122d1b217886b66b0c9b173a0a6037bf4076980e4257b0e3222b61e65132b2766e487fcb168cf58e792fe8b68846d7d25af74ba37abb4ea940ef36d135a90bf11334af9f63d7059c904ad9b70b5eb8df130d1eda06172199e44e6fbe97aa918cdcbdd7e224efe103861433d929ccf056171765a984d34a1ac01801a1bc", 0x86) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) r2 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x0, 0x68300) bind$rds(r1, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) sendmsg$rds(0xffffffffffffffff, 0x0, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0x8108551b, &(0x7f0000000200)={0x0, 0x0, @start}) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x84, 0x0) socket$inet(0x2, 0xf, 0x0) bind$inet(r2, 0x0, 0x0) stat(&(0x7f0000000540)='./file0\x00', &(0x7f0000000580)) stat(&(0x7f0000000600)='./file0\x00', &(0x7f0000000640)) 02:39:30 executing program 4: r0 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x201, 0x8000000100079) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000000)) setsockopt$inet_tcp_buf(r0, 0x6, 0xd, &(0x7f0000000080)="5fcedc0c16b6961eb5122d1b217886b66b0c9b173a0a6037bf4076980e4257b0e3222b61e65132b2766e487fcb168cf58e792fe8b68846d7d25af74ba37abb4ea940ef36d135a90bf11334af9f63d7059c904ad9b70b5eb8df130d1eda06172199e44e6fbe97aa918cdcbdd7e224efe103861433d929ccf056171765a984d34a1ac01801a1bc", 0x86) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) r2 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x0, 0x68300) bind$rds(r1, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) sendmsg$rds(0xffffffffffffffff, 0x0, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0x8108551b, &(0x7f0000000200)={0x0, 0x0, @start}) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x84, 0x0) socket$inet(0x2, 0xf, 0x0) bind$inet(r2, 0x0, 0x0) stat(&(0x7f0000000540)='./file0\x00', &(0x7f0000000580)) stat(&(0x7f0000000600)='./file0\x00', &(0x7f0000000640)) 02:39:30 executing program 5: 02:39:30 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000fff000/0x1000)=nil}) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f0000000280)={0x7a, 0x10, [0x40000000, 0x0, 0x4b564d02], [0xc1]}) 02:39:30 executing program 5: [ 202.000572] *** Guest State *** [ 202.022180] kvm [7693]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc1 data 0x0 [ 202.048544] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 202.108026] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 202.131725] CR3 = 0x00000000fffbc000 [ 202.136792] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 202.147872] RFLAGS=0x00000002 DR7 = 0x000010000000dd27 02:39:30 executing program 2: 02:39:30 executing program 0: r0 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x201, 0x8000000100079) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000000)) setsockopt$inet_tcp_buf(r0, 0x6, 0xd, &(0x7f0000000080)="5fcedc0c16b6961eb5122d1b217886b66b0c9b173a0a6037bf4076980e4257b0e3222b61e65132b2766e487fcb168cf58e792fe8b68846d7d25af74ba37abb4ea940ef36d135a90bf11334af9f63d7059c904ad9b70b5eb8df130d1eda06172199e44e6fbe97aa918cdcbdd7e224efe103861433d929ccf056171765a984d34a1ac01801a1bc", 0x86) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) r2 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x0, 0x68300) bind$rds(r1, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) sendmsg$rds(0xffffffffffffffff, 0x0, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0x8108551b, &(0x7f0000000200)={0x0, 0x0, @start}) mknod$loop(&(0x7f0000000140)='./file0\x00', 0x84, 0x0) socket$inet(0x2, 0xf, 0x0) bind$inet(r2, 0x0, 0x0) stat(&(0x7f0000000540)='./file0\x00', &(0x7f0000000580)) stat(&(0x7f0000000600)='./file0\x00', &(0x7f0000000640)) 02:39:30 executing program 4: 02:39:30 executing program 5: 02:39:30 executing program 3: [ 202.158230] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 202.165632] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 202.179653] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 202.188334] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 02:39:30 executing program 3: [ 202.207181] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 202.268522] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 202.287261] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 202.322605] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 202.357668] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 202.368887] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 202.378171] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 202.399179] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 202.405867] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 202.413518] Interruptibility = 00000000 ActivityState = 00000000 [ 202.422056] *** Host State *** [ 202.425264] RIP = 0xffffffff8117477a RSP = 0xffff88805e1cf998 [ 202.431364] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 202.437801] FSBase=00007f244e941700 GSBase=ffff8880aef00000 TRBase=fffffe0000003000 [ 202.446725] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 202.452977] CR0=0000000080050033 CR3=00000000a8e9d000 CR4=00000000001426e0 [ 202.460154] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff86201910 [ 202.466852] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 202.472983] *** Control State *** [ 202.476457] PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=000000c3 [ 202.483216] EntryControls=0000d1ff ExitControls=002fefff [ 202.488689] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 202.495842] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 [ 202.502602] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 202.509193] reason=80000021 qualification=0000000000000000 [ 202.515581] IDTVectoring: info=00000000 errcode=00000000 02:39:30 executing program 1: 02:39:30 executing program 5: 02:39:30 executing program 4: 02:39:30 executing program 0: 02:39:30 executing program 3: 02:39:30 executing program 2: [ 202.521094] TSC Offset = 0xffffff907ffc54a0 [ 202.525410] TPR Threshold = 0x00 [ 202.528771] EPT pointer = 0x0000000096b0e01e 02:39:30 executing program 5: 02:39:30 executing program 3: 02:39:30 executing program 4: 02:39:30 executing program 0: 02:39:31 executing program 2: 02:39:31 executing program 1: 02:39:31 executing program 3: 02:39:31 executing program 4: 02:39:31 executing program 5: 02:39:31 executing program 0: 02:39:31 executing program 2: 02:39:31 executing program 1: 02:39:31 executing program 4: 02:39:31 executing program 3: 02:39:31 executing program 0: 02:39:31 executing program 5: 02:39:31 executing program 2: 02:39:31 executing program 1: 02:39:31 executing program 3: 02:39:31 executing program 4: 02:39:31 executing program 0: 02:39:31 executing program 4: 02:39:31 executing program 5: 02:39:31 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'morus640\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000200)="ab553fec94248c32e27d04000000288a", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000001380)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}, 0x0) recvmmsg(r1, &(0x7f0000004ec0)=[{{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000004f00)=""/4096, 0x1000}], 0x1}}], 0x1, 0x0, 0x0) 02:39:31 executing program 2: clone(0x200, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f00000000c0)='./file0\x00', 0x38, 0x0) syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0x0, 0x0) syz_open_dev$binder(0x0, 0x0, 0x0) execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) r0 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc06001c123f319bd070") unshare(0x0) socket$l2tp(0x18, 0x1, 0x1) socket$l2tp(0x18, 0x1, 0x1) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000000580)) openat$smack_thread_current(0xffffffffffffff9c, 0x0, 0x2, 0x0) open_by_handle_at(0xffffffffffffffff, 0x0, 0x404000) openat$mixer(0xffffffffffffff9c, 0x0, 0x400, 0x0) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, 0x0, 0x2008c0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r1, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) 02:39:31 executing program 0: 02:39:31 executing program 5: 02:39:31 executing program 3: 02:39:31 executing program 1: 02:39:31 executing program 0: 02:39:31 executing program 3: 02:39:31 executing program 1: 02:39:31 executing program 5: 02:39:31 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000001f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x14, 0x1d, 0xffffffffffffffff, 0x0, 0x0, {0x20000000005}}, 0x14}}, 0x0) syz_extract_tcp_res(0x0, 0x0, 0x0) 02:39:31 executing program 3: ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x800000000016, &(0x7f0000000000)={0x3, 0x0, 0x40000000000}) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000001200)='/dev/vga_arbiter\x00', 0x40000, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r1, 0xc0a85352, &(0x7f0000001240)={{0x0, 0xd58}, 'port1\x00', 0x2d, 0x40000, 0x7ff, 0x3, 0x4ce, 0x6, 0x1, 0x0, 0x2, 0x8}) syz_open_dev$rtc(&(0x7f0000000080)='/dev/rtc#\x00', 0x0, 0x0) r2 = syz_open_dev$midi(&(0x7f00000000c0)='/dev/midi#\x00', 0x6, 0x0) setsockopt$inet6_MRT6_DEL_MFC(r2, 0x29, 0xcd, &(0x7f0000000100)={{0xa, 0x4e22, 0x7, @remote, 0x1}, {0xa, 0x4e22, 0x3, @remote, 0x1f}, 0xff, [0x11ac000000000000, 0x101, 0xb24, 0x1, 0x80, 0x5, 0x4, 0x6]}, 0x5c) write$P9_RMKNOD(r2, &(0x7f0000000180)={0x14, 0x13, 0x1, {0x9, 0x3, 0x5}}, 0x14) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000000)) ptrace$getregset(0x4205, r0, 0x2, &(0x7f00000011c0)={&(0x7f00000001c0)=""/4096, 0xffffffffffffff10}) 02:39:31 executing program 4: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x10, 0x2, 0x0) sendmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)="24000000220007031dfffd946f610500020000000543000000000000421ba3a20400ff7e280000001100ff5613d3475bb65f64000000000004000000000000eff24d8238cfa47e63f7efbf54", 0x4c}], 0x1}, 0x0) ioctl$DRM_IOCTL_AGP_FREE(0xffffffffffffffff, 0x40206435, &(0x7f0000000100)={0x7bffc1e8, 0x0, 0x1, 0x2}) [ 203.456694] audit: type=1400 audit(1555900771.783:42): avc: denied { write } for pid=7800 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 02:39:31 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = msgget(0x3, 0x200) msgctl$IPC_RMID(r0, 0x0) 02:39:31 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x3, &(0x7f00000000c0)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x11, 0x6c}}, &(0x7f00000002c0)='syzkaller\x00', 0x9, 0x4ae, &(0x7f0000000340)=""/207}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0xffffffffa0008000, 0xe, 0x0, &(0x7f0000000040)="2504f2ff1f002c6176c5f3343dbe", 0x0, 0x1000000}, 0x28) 02:39:31 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts-aes-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000180)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) write$cgroup_int(r1, &(0x7f00000000c0), 0xfe58) recvmmsg(r1, &(0x7f0000002b00)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000080)=""/62, 0x3e}, {0x0}], 0x2, &(0x7f0000000380)=""/146, 0x92}}], 0x1, 0x0, 0x0) 02:39:31 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000200)='pids.max\x00', 0x2, 0x0) sendfile(r1, r1, 0x0, 0x20000000010) [ 203.498720] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. 02:39:31 executing program 1: perf_event_open(&(0x7f0000000580)={0x2, 0x70, 0x5c64, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f00000002c0)='./file0\x00', 0x0) lchown(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) 02:39:32 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = msgget(0x3, 0x200) msgctl$IPC_RMID(r0, 0x0) 02:39:32 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000580)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts-aes-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000180)="b7f2288a911993f0265df5cf1cdd8b55b062950b86bc01abc8464d4f8a906151", 0x20) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) write$cgroup_int(r1, &(0x7f00000000c0), 0xfe58) read$alg(r1, &(0x7f00000001c0)=""/57, 0x39) 02:39:32 executing program 2: r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@remote, 0x800, 0x0, 0x102, 0x100000000000001}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000140)={@loopback, 0x800, 0x0, 0x2, 0x2}, 0x20) 02:39:32 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$SO_COOKIE(r0, 0x1, 0x37, 0x0, &(0x7f00000000c0)) 02:39:32 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x15) prctl$PR_SET_SPECULATION_CTRL(0x35, 0x0) syz_open_dev$cec(&(0x7f0000000140)='/dev/cec#\x00', 0x2, 0x2) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000240)={0x3, 0x1, &(0x7f00000001c0)=""/109, 0x0, 0x0}) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x3e}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 02:39:32 executing program 3: r0 = memfd_create(&(0x7f0000000080)='\x00\x00\x06\x00\x00\x10\x00\x00\x00\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="7f454c4600000000000000000000000003003e0000000000000000040000000040000000000000f7ff000035570007efa973c914f53b380002"], 0x39) execveat(r0, &(0x7f0000000100)='\x00', 0x0, 0x0, 0x1100) 02:39:32 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000140), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x131f64) clone(0x2000101, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) sendmsg$TIPC_NL_MEDIA_SET(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0), 0x1, 0x0, 0x0, 0x1}, 0x0) fsetxattr$security_smack_transmute(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 02:39:32 executing program 2: r0 = socket$inet6(0xa, 0x3, 0xbb) fcntl$F_GET_RW_HINT(0xffffffffffffffff, 0x40b, 0x0) recvmmsg(r0, &(0x7f0000000200), 0x38c, 0x0, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x10, 0x3bb) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) 02:39:32 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind$inet(r0, &(0x7f0000000600)={0x2, 0x4e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x2, 0x4e20, @multicast1}, 0x10) recvmmsg(r0, &(0x7f0000003a40)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x114}}], 0xaf7, 0x2, 0x0) 02:39:32 executing program 5: r0 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x201, 0x8000000100079) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0x8108551b, &(0x7f0000000200)={0x0, 0x0, @start}) 02:39:32 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = msgget(0x3, 0x200) msgctl$IPC_RMID(r0, 0x0) 02:39:32 executing program 3: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0x25}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1) r2 = gettid() r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={r2, r0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x30) 02:39:33 executing program 0: r0 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my}) socket$vsock_stream(0x28, 0x1, 0x0) recvfrom$unix(0xffffffffffffffff, &(0x7f0000000400)=""/22, 0x16, 0x102, &(0x7f0000000440)=@file={0x1, './file0\x00'}, 0x6e) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000180)={0x10000000}) setsockopt$inet_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0) r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r1, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r1, 0xdf1b) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) r3 = accept4(r1, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r2, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f00000001c0)={@my=0x0}) getsockopt$EBT_SO_GET_INIT_INFO(r3, 0x0, 0x82, &(0x7f00000004c0)={'broute\x00'}, &(0x7f0000000200)=0x36d) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000340)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x1000000000054}, 0x98) 02:39:33 executing program 5: syz_mount_image$reiserfs(&(0x7f0000000000)='reiserfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000900)={[{@commit={'commit', 0x3d, 0xfffffffffffffffd}}]}) 02:39:33 executing program 3: r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = gettid() bpf$BPF_TASK_FD_QUERY(0x10, &(0x7f0000000240)={r1, r0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x30) 02:39:33 executing program 1: r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) sendmsg$rds(r0, &(0x7f0000000340)={&(0x7f0000000080)={0x2, 0x104e21, @remote}, 0x10, 0x0}, 0x0) [ 204.870673] ================================================================== [ 204.878447] BUG: KASAN: global-out-of-bounds in strscpy+0x20e/0x2c0 [ 204.884874] Read of size 8 at addr ffffffff8677b558 by task syz-executor.5/7898 [ 204.892319] [ 204.892339] CPU: 0 PID: 7898 Comm: syz-executor.5 Not tainted 4.14.113 #3 [ 204.892346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 204.892370] Call Trace: [ 204.892400] dump_stack+0x138/0x19c [ 204.892417] ? strscpy+0x20e/0x2c0 [ 204.901150] print_address_description.cold+0x5/0x1dc [ 204.901163] ? strscpy+0x20e/0x2c0 [ 204.901172] kasan_report.cold+0xaf/0x2b5 [ 204.901186] __asan_report_load8_noabort+0x14/0x20 [ 204.901194] strscpy+0x20e/0x2c0 [ 204.901219] prepare_error_buf+0x94/0x1aa0 [ 204.945677] ? save_trace+0x290/0x290 [ 204.949505] ? __lock_acquire+0x5f9/0x45e0 [ 204.953757] ? scnprintf_le_key+0x600/0x600 [ 204.958119] ? _parse_integer+0xe8/0x140 [ 204.962250] __reiserfs_warning+0x9f/0xb0 [ 204.966500] ? reiserfs_printk+0xd0/0xd0 [ 204.970675] ? ip6_string+0x3b0/0x3b0 [ 204.974575] reiserfs_parse_options+0x13cd/0x1820 [ 204.979485] ? reiserfs_sync_fs+0xe0/0xe0 [ 204.983682] ? trace_hardirqs_on+0x10/0x10 [ 204.988020] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 204.993086] ? lockdep_init_map+0x9/0x10 [ 204.997178] ? debug_mutex_init+0x2d/0x5a [ 205.002797] reiserfs_fill_super+0x461/0x2b20 [ 205.007352] ? finish_unfinished+0x1010/0x1010 [ 205.011998] ? snprintf+0xa5/0xd0 [ 205.015555] ? set_blocksize+0x270/0x300 [ 205.019706] ? ns_test_super+0x50/0x50 [ 205.023688] mount_bdev+0x2c1/0x370 [ 205.027386] ? finish_unfinished+0x1010/0x1010 [ 205.032066] get_super_block+0x35/0x40 [ 205.036004] mount_fs+0x9d/0x2a7 [ 205.039436] vfs_kern_mount.part.0+0x5e/0x3d0 [ 205.044027] do_mount+0x417/0x27d0 [ 205.047691] ? copy_mount_options+0x5c/0x2f0 [ 205.052216] ? rcu_read_lock_sched_held+0x110/0x130 [ 205.057796] ? copy_mount_string+0x40/0x40 [ 205.062163] ? copy_mount_options+0x1fe/0x2f0 [ 205.066707] SyS_mount+0xab/0x120 [ 205.070288] ? copy_mnt_ns+0x8c0/0x8c0 [ 205.074210] do_syscall_64+0x1eb/0x630 [ 205.078162] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 205.083038] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 205.088239] RIP: 0033:0x45b69a [ 205.091431] RSP: 002b:00007f9c319dca88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 205.099137] RAX: ffffffffffffffda RBX: 00007f9c319dcb40 RCX: 000000000045b69a [ 205.106433] RDX: 00007f9c319dcae0 RSI: 0000000020000040 RDI: 00007f9c319dcb00 [ 205.113753] RBP: 0000000000000000 R08: 00007f9c319dcb40 R09: 00007f9c319dcae0 [ 205.122639] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000003 [ 205.129921] R13: 00000000004c782d R14: 00000000004dd880 R15: 00000000ffffffff [ 205.137197] [ 205.138856] The buggy address belongs to the variable: [ 205.144142] __func__.31266+0xc38/0x3a60 [ 205.148193] [ 205.149822] Memory state around the buggy address: [ 205.154742] ffffffff8677b400: 00 03 fa fa fa fa fa fa 00 00 00 00 fa fa fa fa [ 205.162113] ffffffff8677b480: 05 fa fa fa fa fa fa fa 00 00 00 03 fa fa fa fa [ 205.169491] >ffffffff8677b500: 00 03 fa fa fa fa fa fa 00 00 00 03 fa fa fa fa [ 205.176868] ^ [ 205.183096] ffffffff8677b580: 00 03 fa fa fa fa fa fa 00 00 00 00 00 fa fa fa [ 205.190479] ffffffff8677b600: fa fa fa fa 00 03 fa fa fa fa fa fa 00 00 00 00 [ 205.197875] ================================================================== [ 205.205227] Disabling lock debugging due to kernel taint [ 205.210963] Kernel panic - not syncing: panic_on_warn set ... [ 205.210963] [ 205.218353] CPU: 0 PID: 7898 Comm: syz-executor.5 Tainted: G B 4.14.113 #3 [ 205.224104] kobject: 'loop1' (ffff8880a494f7a0): kobject_uevent_env [ 205.226504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 205.235884] kobject: 'loop1' (ffff8880a494f7a0): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 205.242281] Call Trace: [ 205.242306] dump_stack+0x138/0x19c [ 205.242317] ? strscpy+0x20e/0x2c0 [ 205.242326] panic+0x1f2/0x438 [ 205.242334] ? add_taint.cold+0x16/0x16 [ 205.242350] kasan_end_report+0x47/0x4f [ 205.242358] kasan_report.cold+0x136/0x2b5 [ 205.242367] __asan_report_load8_noabort+0x14/0x20 [ 205.242375] strscpy+0x20e/0x2c0 [ 205.242390] prepare_error_buf+0x94/0x1aa0 [ 205.292210] ? save_trace+0x290/0x290 [ 205.296057] ? __lock_acquire+0x5f9/0x45e0 [ 205.300328] ? scnprintf_le_key+0x600/0x600 [ 205.304689] ? _parse_integer+0xe8/0x140 [ 205.308852] __reiserfs_warning+0x9f/0xb0 [ 205.313067] ? reiserfs_printk+0xd0/0xd0 [ 205.317260] ? ip6_string+0x3b0/0x3b0 [ 205.321164] reiserfs_parse_options+0x13cd/0x1820 [ 205.326061] ? reiserfs_sync_fs+0xe0/0xe0 [ 205.330265] ? trace_hardirqs_on+0x10/0x10 [ 205.334583] ? workqueue_sysfs_register+0x3c0/0x3c0 [ 205.339654] ? lockdep_init_map+0x9/0x10 [ 205.343755] ? debug_mutex_init+0x2d/0x5a [ 205.344624] kobject: 'loop2' (ffff8880a499e6e0): kobject_uevent_env [ 205.347959] reiserfs_fill_super+0x461/0x2b20 [ 205.347975] ? finish_unfinished+0x1010/0x1010 [ 205.347991] ? snprintf+0xa5/0xd0 [ 205.348004] ? set_blocksize+0x270/0x300 [ 205.348015] ? ns_test_super+0x50/0x50 [ 205.348024] mount_bdev+0x2c1/0x370 [ 205.348032] ? finish_unfinished+0x1010/0x1010 [ 205.348040] get_super_block+0x35/0x40 [ 205.348047] mount_fs+0x9d/0x2a7 [ 205.348062] vfs_kern_mount.part.0+0x5e/0x3d0 [ 205.348073] do_mount+0x417/0x27d0 [ 205.348080] ? copy_mount_options+0x5c/0x2f0 [ 205.348096] ? rcu_read_lock_sched_held+0x110/0x130 [ 205.348104] ? copy_mount_string+0x40/0x40 [ 205.348113] ? copy_mount_options+0x1fe/0x2f0 [ 205.348124] SyS_mount+0xab/0x120 [ 205.348131] ? copy_mnt_ns+0x8c0/0x8c0 [ 205.348143] do_syscall_64+0x1eb/0x630 [ 205.348150] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 205.348163] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 205.348170] RIP: 0033:0x45b69a [ 205.348176] RSP: 002b:00007f9c319dca88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 205.348186] RAX: ffffffffffffffda RBX: 00007f9c319dcb40 RCX: 000000000045b69a [ 205.348192] RDX: 00007f9c319dcae0 RSI: 0000000020000040 RDI: 00007f9c319dcb00 [ 205.348197] RBP: 0000000000000000 R08: 00007f9c319dcb40 R09: 00007f9c319dcae0 [ 205.348202] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000003 [ 205.348207] R13: 00000000004c782d R14: 00000000004dd880 R15: 00000000ffffffff [ 205.349480] Kernel Offset: disabled [ 205.490136] Rebooting in 86400 seconds..