, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="058635cf0afcd1f69221c45943aa2ea4abc1bd0193cc3e72ebb5b297612781e86808f516a3d5346a009c1c84e26ba8a19d5c1b548d6ba30ddb61fbc3e90bb6b6e8eba9d9fbfb65e540a8d1fac483cd67a3000000003b5422ca0000000000000000"], 0x0, 0x0, 0x0}) [ 221.035836] binder: 11055:11058 unknown command -818575867 [ 221.062154] binder: 11055:11058 ioctl c0306201 20012000 returned -22 06:42:02 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x0, 0x0, 0x0}) r3 = syz_open_dev$swradio(0x0, 0x1, 0x2) read$rfkill(r3, &(0x7f00000001c0), 0x8) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000000)={0x3b, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x1, 'sh\x00', 0x4, 0x69, 0x21}, 0x2c) ioctl$SIOCNRDECOBS(r3, 0x89e2) [ 221.117630] audit: type=1326 audit(1567665721.949:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11030 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 221.231028] binder: 11068:11069 ioctl 89e2 0 returned -22 06:42:02 executing program 2: bind$alg(0xffffffffffffffff, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:02 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r2, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794e0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065a0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c898461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca800000000000000b8b37646aacec1db6a0000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) r3 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r3, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) sendmmsg$sock(r3, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000001080)="0e31a499f06bc5d19d279d20df5c368515a6c67ea9f44fb658087f6ef595bfc4d92a7fa4820be19c91a6a908d38b7751760a26f7b51d285f69b9b29281bc1701a0240d4f8f5aeebba145bee8cf0133a0a13616117335d9593ba7784410c9ef9ee6c762e4b9ffd89ee92c40714ba2f97f67d3c20dfd44bf61f2e58123e7d226e9970b99541030768a30d75d6daa989aafdd05774fa69bb3a543", 0x99}, {&(0x7f0000001140)="a7d4cbd84161aba2d8efa7e3785f624b53d998e35113eb65", 0x18}, {&(0x7f0000001180)="ac90b8e17b0adda55f45a570862d63177c7fd6695256cef91f91c15be205151d0f", 0x21}, {&(0x7f00000011c0)="c63ee3aeb1201c412290fb22cab9aebc8cf3854578e01919f13dd557262821b2810ac9c0aeedb1122c427d90df60e6cac24f3046feac94f4d9276ded88d08fdf7e40cb00bc33397d86a004f6ba56e4885dd23d32ac8aaf629ee683c309d85a7c3a1c2aa0a59adca62ee72b7f5611fa63fa67a15f45ed37ba91ff9f5ea9fac54c8d1d4f1f386a2a2c9332bd0c2528e9d070b763376e51b33d0b8ea354580b9a5e11c47e61f6b572d33e2208641e55aa15898ed3c23258fee69040828be2558783babc4a548cfb02238db50a70dbc1921cae06fa4cadfc309be160c3138b5d635e775f024a841fccd8afab48d66f266774e9", 0xf1}, {&(0x7f00000012c0)="7b0b3b750140fbd4b8ed5a64d48db9bf0887e1ff37276999b2ae2110942fd015b76e7f6df2d3", 0x26}, {&(0x7f0000001300)="a97ced104048976cbfb744761d8aad49766f945f4ac4c8b603da2556062bc4190c39d95c44de95f194c38dc06ebff0456ce8db63d46444a4913a4603925b805ba8b3c9bba0d57bb7b6e067c14cac5aa34c2d41f9626cbba4775943d8a1b938b04597b660e13a3b6e7691d1abfcc471fbd198e62be954d435de31a9d6888274652ea857c60576271198d058c0167040e6ffb5a3329d3bd0d800db69895c4a68ced7073c9646a5d56356654d76eb2f3d2c27136f52bcf0ebf6c2111497c28e64ab8239d62d77f69933755e1454e03962fcb79ed5", 0xd3}], 0x6, &(0x7f0000001480)=[@timestamping={{0x14, 0x1, 0x25, 0x9}}, @timestamping={{0x14, 0x1, 0x25, 0x6}}, @txtime={{0x18, 0x1, 0x3d, 0x1c5}}], 0x48}}], 0x1, 0xc0409d0) ioctl$EVIOCGABS2F(r2, 0x8018456f, &(0x7f0000000080)=""/4096) r4 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x0, 0x0, 0x0}) 06:42:02 executing program 0: getpgid(0x0) r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r1) r2 = gettid() ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x38) ptrace$cont(0x18, r2, 0x0, 0x0) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r2, 0x0, 0x0) r3 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r3) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x16, &(0x7f0000000000)='net/ip_tables_matches\x00'}, 0x30) prctl$PR_SET_PTRACER(0x59616d61, r4) r5 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_tables_matches\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r5, 0x0, 0x0) 06:42:02 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/ipx\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r0, 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff}) r2 = syz_open_dev$swradio(0x0, 0x1, 0x2) read$rfkill(r2, &(0x7f00000001c0), 0x8) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000000)={0x3b, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x1, 'sh\x00', 0x4, 0x69, 0x21}, 0x2c) getdents(r2, &(0x7f0000000140)=""/4096, 0x1000) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r1, 0x4058534c, &(0x7f00000000c0)={0x7d, 0x7, 0x3, 0x480, 0x1, 0x2}) 06:42:02 executing program 1: write$input_event(0xffffffffffffffff, &(0x7f0000000180)={{0x0, 0x7530}, 0x1, 0x9dd, 0x4}, 0x18) r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x2) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = syz_open_dev$binder(0x0, 0x0, 0x0) r3 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) ioctl$IMDELTIMER(r3, 0x80044941, &(0x7f00000001c0)=0x3) sendmsg$nl_generic(r3, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) r4 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r4, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) ioctl$FS_IOC_ENABLE_VERITY(r4, 0x6685, &(0x7f0000000340)={0x1, 0x8, 0x1000, 0xbc, &(0x7f0000000200)="647227c437a4d623375371cdfaf2f6eafee831ddb24607de42b6729ef822fa1d4e5d74ab8113bc26e25c32cfd9b931d13ddc37756a8099069e8c113a17b71fca769c36030c411acc0a22cc8393256336c200f56a743374427969d09ae6e738a26da3c99048cd206acad017af6c3cb99735363a19864f0ddfef557f0605b1cdef542a95cc5dde9472189ab1a6e81917e65323d9c079609b9120db99e359c84234038454ba28f6ec30774e2932e552b4871c3ea82b012063e1d0928215", 0x43, 0x0, &(0x7f00000002c0)="e8de803d739e94aa14ead0ef884f7db90367de643c6c325b5eeaca398b84f8d7c1d0068cbe98e4c7bfd973cee227a45d4f2b211360af9341cd3d721c7055b145fabda8"}) ioctl$UI_SET_SNDBIT(r3, 0x4004556a, 0x1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x0, 0x0, 0x0}) 06:42:02 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 221.486837] audit: type=1326 audit(1567665722.319:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11086 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:02 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r1, 0x0) bind$inet(r1, &(0x7f0000000100)={0x2, 0x4e20, @multicast2}, 0x10) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r2 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r3 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r3, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) r4 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) connect$inet6(r4, &(0x7f0000000140)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r5 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r4, 0x84, 0x6d, &(0x7f0000000280)={r6, 0x1c, "237a5c3ef6bb91546a94ff010000ffa95f92a726729beb47d32bc5b5"}, &(0x7f0000000100)=0x24) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r3, 0x84, 0xa, &(0x7f0000000180)={0x7, 0x8, 0x8001, 0x3f, 0x13, 0x0, 0xaf, 0x800, r6}, &(0x7f0000000200)=0x20) r7 = syz_open_dev$binder(0x0, 0x0, 0x0) r8 = syz_open_dev$swradio(0x0, 0x1, 0x2) read$rfkill(r8, &(0x7f00000001c0), 0x8) setsockopt$IP_VS_SO_SET_ADD(r8, 0x0, 0x482, &(0x7f0000000000)={0x3b, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x1, 'sh\x00', 0x4, 0x69, 0x21}, 0x2c) r9 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r9, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) setsockopt$inet_sctp_SCTP_RECVRCVINFO(r9, 0x84, 0x20, &(0x7f0000000300)=0x392, 0x4) ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000080)={0x1, 0x0, &(0x7f0000000140)=ANY=[@ANYPTR64=&(0x7f00000000c0)=ANY=[@ANYRES32=r7, @ANYRES16=r0, @ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYRESOCT], @ANYRES64=r8]], 0xfffffffffffffdaa, 0x0, 0x0}) 06:42:02 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0xb, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="05a5d51ebc3e8ec0807c82"], 0x0, 0x0, 0x0}) 06:42:02 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) 06:42:02 executing program 2: bind$alg(0xffffffffffffffff, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 221.931998] binder: 11099:11101 unknown command 517317893 [ 221.952611] binder: 11099:11101 ioctl c0306201 20012000 returned -22 06:42:02 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) arch_prctl$ARCH_GET_GS(0x1004, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = syz_open_dev$binder(0x0, 0x0, 0x0) fcntl$getownex(r0, 0x10, &(0x7f00000000c0)={0x0, 0x0}) ioprio_set$pid(0x1, r3, 0xf38) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x0, 0x0, 0x0}) 06:42:02 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 222.279116] audit: type=1326 audit(1567665723.109:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11086 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:03 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') r1 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r1, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) ioctl$PPPIOCSPASS(r1, 0x40107447, &(0x7f0000000040)={0x8, &(0x7f0000000000)=[{0x1, 0x5fa, 0xf3, 0x80000001}, {0x8, 0x81, 0x1, 0x100}, {0x10000, 0x0, 0x6, 0x10000}, {0x3, 0x400, 0x6, 0x5}, {0x608, 0x8, 0x0, 0x7f}, {0x202a, 0x1, 0x5, 0x3}, {0x8, 0x7ff, 0x2, 0x8}, {0xcf5, 0x1, 0x7, 0xfffffffffffffff9}]}) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x5, &(0x7f0000000180)=[{0x4, 0x8, 0x5, 0xffff}, {0x3d, 0x7, 0xfff, 0x6}, {0x5, 0x4, 0xcfb3, 0x1}, {0x5, 0xfffffffffffffff8, 0xcd, 0x7}, {0x3f2, 0x7, 0x1, 0x1}]}) getdents(r0, 0x0, 0x0) 06:42:03 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 222.444602] audit: type=1326 audit(1567665723.279:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11128 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:03 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05636cc6"], 0x0, 0x0, 0x0}) syz_open_dev$binder(0x0, 0x0, 0x0) r2 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r2, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) r3 = syz_open_dev$swradio(0x0, 0x1, 0x2) read$rfkill(r3, &(0x7f00000001c0), 0x8) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000000)={0x3b, @dev={0xac, 0x14, 0x14, 0x23}, 0x4e23, 0x1, 'sh\x00', 0x4, 0x69, 0x21}, 0x2c) r4 = syz_open_dev$swradio(0x0, 0x1, 0x2) r5 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r5, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) r6 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r6, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) connect$inet6(r6, &(0x7f0000000140)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r6, 0x84, 0x6d, &(0x7f0000000280)={r8, 0x1c, "237a5c3ef6bb91546a94ff010000ffa95f92a726729beb47d32bc5b5"}, &(0x7f0000000100)=0x24) getsockopt$inet_sctp_SCTP_RTOINFO(r5, 0x84, 0x0, &(0x7f0000000080)={r8, 0x9, 0x1, 0xd2}, &(0x7f0000000140)=0x10) read$rfkill(r4, &(0x7f00000001c0), 0x8) setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000000)={0x3b, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x1, 'sh\x00', 0x4, 0x69, 0x21}, 0x2c) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000100)={0x4, 0x0, &(0x7f00000000c0)=ANY=[@ANYRES32], 0x0, 0x0, 0x0}) [ 222.653491] binder: 11135:11136 unknown command -965975291 [ 222.670696] binder: 11135:11136 ioctl c0306201 20012000 returned -22 06:42:03 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 222.789352] IPVS: set_ctl: invalid protocol: 59 172.30.1.2:20003 06:42:03 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:03 executing program 1: r0 = syz_open_dev$swradio(0x0, 0x1, 0x2) read$rfkill(r0, &(0x7f00000001c0), 0x8) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000000)={0x3b, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x1, 'sh\x00', 0x4, 0x69, 0x21}, 0x2c) ioctl$CAPI_REGISTER(r0, 0x400c4301, &(0x7f0000000080)={0xfb7, 0x80000001, 0x7}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r3 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x0, 0x0, 0x0}) [ 223.005263] binder: 11147:11148 ioctl 400c4301 20000080 returned -22 06:42:04 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) 06:42:04 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) open(&(0x7f0000000100)='./file0\x00', 0x101000, 0x80) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x0, 0x0, 0x0}) r3 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='\x01\x00\x00\x00\x00\x00\x00\x00n\x00', 0x109201, 0x0) ioctl$NBD_CLEAR_QUE(r3, 0xab05) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x0, 0x0) 06:42:04 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 223.228425] audit: type=1326 audit(1567665724.059:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11128 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:04 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) prctl$PR_SET_MM_MAP_SIZE(0x23, 0xf, &(0x7f0000000000)) getdents(r0, 0x0, 0x0) 06:42:04 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) syz_open_dev$binder(0x0, 0x0, 0x0) r2 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r2, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) r3 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/capi/capi20\x00', 0x20400, 0x0) renameat(r2, &(0x7f0000000080)='./file0\x00', r3, &(0x7f0000000100)='./file0\x00') setsockopt$bt_BT_CHANNEL_POLICY(r2, 0x112, 0xa, &(0x7f0000000200)=0x7, 0x4) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x141\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r4, 0x0) ioctl$RTC_RD_TIME(r4, 0x80247009, &(0x7f0000000180)) r5 = syz_open_dev$swradio(0x0, 0x1, 0x2) read$rfkill(r5, &(0x7f00000001c0), 0x8) setsockopt$IP_VS_SO_SET_ADD(r5, 0x0, 0x482, &(0x7f0000000000)={0x3b, @multicast2, 0x4e23, 0x1, 'sh\x00', 0x4, 0x69, 0x21}, 0x2c) openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/access\x00', 0x2, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x0, 0x0, 0x0}) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, &(0x7f0000000300)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf') [ 223.405477] audit: type=1326 audit(1567665724.239:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11165 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:04 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:04 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) 06:42:04 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:05 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='|\n\xf8\x81\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r0, 0x0, 0x0) [ 224.169845] audit: type=1326 audit(1567665724.999:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11165 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 224.268141] audit: type=1326 audit(1567665725.069:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11191 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:05 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:05 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x0, 0x0, 0x0}) r3 = syz_open_dev$swradio(0x0, 0x1, 0x2) read$rfkill(r3, &(0x7f00000001c0), 0x8) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000000)={0x3b, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x1, 'sh\x00', 0x4, 0x69, 0x21}, 0x2c) ioctl$SIOCNRDECOBS(r3, 0x89e2) [ 224.466676] binder: 11196:11198 ioctl 89e2 0 returned -22 06:42:05 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0f6304406995cde8d4ab08000000000000007f6627ff9ff1dcd9ac498ff1ea040000000000181f00000000000000"], 0x0, 0x0, 0x0}) r2 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x0, 0x0, 0x0}) r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r4, 0x1000008912, &(0x7f0000000140)="c0dca5055e0bcfec7bf070") r5 = openat$random(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/urandom\x00', 0x103042, 0x0) accept4$ax25(0xffffffffffffffff, &(0x7f0000000340)={{}, [@remote, @bcast, @netrom, @null, @null, @rose, @rose, @netrom]}, &(0x7f0000000400)=0x47, 0x80000) dup3(r3, r5, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[], 0xfffffffe) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r6, 0x0) r7 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r7, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) connect$inet6(r7, &(0x7f0000000140)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r7, 0x84, 0x6d, &(0x7f0000000280)={r9, 0x1c, "237a5c3ef6bb91546a94ff010000ffa95f92a726729beb47d32bc5b5"}, &(0x7f0000000100)=0x24) getsockopt$inet_sctp6_SCTP_CONTEXT(r6, 0x84, 0x11, &(0x7f00000000c0)={r9, 0xdb0}, &(0x7f0000000100)=0x8) recvfrom$inet6(0xffffffffffffffff, &(0x7f0000000180)=""/182, 0xb6, 0x10000, &(0x7f0000000300)={0xa, 0x4e20, 0x4, @dev={0xfe, 0x80, [], 0x14}, 0x7}, 0x1c) 06:42:05 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) 06:42:05 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = syz_open_dev$binder(0x0, 0x0, 0x0) openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) r3 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r3, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x40, 0x0) ioctl$KVM_GET_PIT(r0, 0xc048ae65, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0xfffffffffffffc8a, 0x0, 0x0}) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r5 = add_key$keyring(&(0x7f0000000540)='keyring\x00', &(0x7f0000000580)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, r5, 0x0, 0x0) r6 = add_key$keyring(&(0x7f00000001c0)='keyring\x00', &(0x7f0000000200)={'syz', 0x0}, 0x0, 0x0, r5) r7 = add_key(&(0x7f0000000240)='keyring\x00', &(0x7f0000000280)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc) r8 = request_key(&(0x7f00000002c0)='cifs.idmap\x00', &(0x7f0000000300)={'sy:', 0x3}, &(0x7f0000000340)='\xb0++!:tem1posix_acl_access\x00', r7) keyctl$KEYCTL_MOVE(0x1e, r6, r7, r8, 0x0) connect$bt_sco(r4, &(0x7f0000000080)={0x1f, {0x2, 0x6, 0x6, 0x0, 0x2, 0x3}}, 0x8) [ 224.638510] binder: 11205:11209 unknown command 1074029327 [ 224.659482] binder: 11210:11211 ioctl c048ae65 20000100 returned -22 [ 224.666918] binder: 11210:11211 ioctl c0306201 20012000 returned -14 [ 224.682639] binder: 11205:11209 ioctl c0306201 20012000 returned -22 06:42:05 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 224.726845] binder: 11210:11211 ioctl c048ae65 20000100 returned -22 06:42:05 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) syz_open_dev$binder(0x0, 0x0, 0x0) r2 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r2, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) ioctl$VIDIOC_DQBUF(r2, 0xc0585611, &(0x7f00000000c0)={0x9, 0x8, 0x4, 0x4000000, {0x0, 0x2710}, {0x1, 0x0, 0x10001, 0x7, 0x10000, 0xff, "7388c8b7"}, 0x9f9, 0x3, @planes=&(0x7f0000000080)={0x9, 0x2, @userptr=0x7ff, 0x5}, 0x4}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x0, 0x0, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0}) 06:42:05 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r2, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) r3 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) r5 = syz_open_dev$swradio(0x0, 0x1, 0x2) read$rfkill(r5, &(0x7f00000001c0), 0x8) setsockopt$IP_VS_SO_SET_ADD(r5, 0x0, 0x482, &(0x7f0000000000)={0x3b, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x1, 'sh\x00', 0x4, 0x69, 0x21}, 0x2c) ioctl$SCSI_IOCTL_TEST_UNIT_READY(r5, 0x2) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f0000000280)={r6, 0x1c, "237a5c3ef6bb91546a94ff010000ffa95f92a726729beb47d32bc5b5"}, &(0x7f0000000100)=0x24) setsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f00000000c0)=@assoc_value={r6, 0xffffffff}, 0x8) syz_open_dev$sndpcmp(&(0x7f0000000080)='/dev/snd/pcmC#D#p\x00', 0x4, 0x20602) r7 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x0, 0x0, 0x0}) 06:42:05 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:05 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='neZ\x00\x00\x00\x00\x00\x00\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r0, 0x0, 0x0) sendmsg$key(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="020709092b00000026bd7000fddbdf2520000800a007000021dcfaa454838cefe1417c6680dbeb6bf882babf44025557919948e953c4b9aedaa77ffe101835020eaade37a94802ad8361933fd28c217217edd114898417d2e3440bb2ffa72487462223a5bd5542811ce55cbf5f2791c1c59edc4a02d54482bd10d5e6f28f774fe2a79fbfc3377283e438e6a2f87a243179445d7f89e160ee033a2de93fdfbead8a80b19ff9a5102a8c3bc137a28c467a6191eb9a4cc837cbd7bd082fd73537064d34cf60619ff417de2458a84e1cead528c57686913b1a5785de0e9266ec3abd7a813564627029c23a6bdf29380e78c55d29feb924c2a652ce70b7b486cf249bbca88ad94151018a3159d7880000000005001a00000000020000000000000000000000007f0000010000000008000010040002000600000007000000000000001d0d00"/344], 0x158}}, 0x4) [ 225.026240] audit: type=1326 audit(1567665725.859:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11191 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:05 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = syz_open_dev$binder(0x0, 0x0, 0x0) prctl$PR_GET_PDEATHSIG(0x2, &(0x7f0000000080)) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x0, 0x0, 0x0}) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCRSGCAUSE(r3, 0x89e0, &(0x7f0000000100)) 06:42:06 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000080)='/tev\x108Vnderc\x10', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = syz_open_dev$binder(0x0, 0x0, 0x0) prctl$PR_TASK_PERF_EVENTS_ENABLE(0x20) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x0, 0x0, 0x0}) [ 225.169924] audit: type=1326 audit(1567665725.999:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11238 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:06 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:06 executing program 1: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0x0, 0xc00) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x8c80, 0x0) ioctl$SNDRV_TIMER_IOCTL_STATUS(r1, 0x80605414, &(0x7f0000000180)=""/30) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x40, 0x0) setsockopt$TIPC_GROUP_LEAVE(r2, 0x10f, 0x88) r3 = syz_open_dev$binder(0x0, 0x0, 0x0) pipe(&(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000000080)=ANY=[@ANYRES64], 0x0, 0x0, 0x0}) r4 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x17c, 0x0, 0x0}) [ 225.317026] binder: 11253:11254 unknown command -1 [ 225.322185] binder: 11253:11254 ioctl c0306201 20012000 returned -22 [ 225.330562] binder: 11253:11254 unknown command 5 [ 225.335658] binder: 11253:11254 ioctl c0306201 20012000 returned -22 06:42:06 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0x0, 0x806) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = syz_open_dev$binder(0x0, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r3, 0x0) readahead(r3, 0x400, 0x1180000000) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x0, 0x0, 0x0}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x40, 0x0) ioctl$TUNGETSNDBUF(r4, 0x800454d3, &(0x7f00000000c0)) 06:42:06 executing program 3: r0 = syz_open_dev$binder(&(0x7f00000000c0)='/dev/binder#\x00', 0x0, 0xc00) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x8c80, 0x0) ioctl$SNDRV_TIMER_IOCTL_STATUS(r1, 0x80605414, &(0x7f0000000180)=""/30) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x40, 0x0) setsockopt$TIPC_GROUP_LEAVE(r2, 0x10f, 0x88) r3 = syz_open_dev$binder(0x0, 0x0, 0x0) pipe(&(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000000080)=ANY=[@ANYRES64], 0x0, 0x0, 0x0}) r4 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x17c, 0x0, 0x0}) 06:42:06 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 225.547183] binder: 11263:11266 unknown command -1 [ 225.565012] binder: 11263:11266 ioctl c0306201 20012000 returned -22 06:42:06 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 225.593467] binder: 11263:11266 unknown command 5 [ 225.608952] binder: 11263:11266 ioctl c0306201 20012000 returned -22 06:42:06 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = syz_open_dev$binder(0x0, 0x0, 0x0) openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) r3 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r3, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20ncci\x00', 0x40, 0x0) ioctl$KVM_GET_PIT(r0, 0xc048ae65, &(0x7f0000000100)) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0xfffffffffffffc8a, 0x0, 0x0}) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r5 = add_key$keyring(&(0x7f0000000540)='keyring\x00', &(0x7f0000000580)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffff9) keyctl$update(0x2, r5, 0x0, 0x0) r6 = add_key$keyring(&(0x7f00000001c0)='keyring\x00', &(0x7f0000000200)={'syz', 0x0}, 0x0, 0x0, r5) r7 = add_key(&(0x7f0000000240)='keyring\x00', &(0x7f0000000280)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc) r8 = request_key(&(0x7f00000002c0)='cifs.idmap\x00', &(0x7f0000000300)={'sy:', 0x3}, &(0x7f0000000340)='\xb0++!:tem1posix_acl_access\x00', r7) keyctl$KEYCTL_MOVE(0x1e, r6, r7, r8, 0x0) connect$bt_sco(r4, &(0x7f0000000080)={0x1f, {0x2, 0x6, 0x6, 0x0, 0x2, 0x3}}, 0x8) 06:42:06 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) syz_open_dev$binder(0x0, 0x0, 0x0) r2 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r2, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) r3 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/capi/capi20\x00', 0x20400, 0x0) renameat(r2, &(0x7f0000000080)='./file0\x00', r3, &(0x7f0000000100)='./file0\x00') setsockopt$bt_BT_CHANNEL_POLICY(r2, 0x112, 0xa, &(0x7f0000000200)=0x7, 0x4) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x141\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r4, 0x0) ioctl$RTC_RD_TIME(r4, 0x80247009, &(0x7f0000000180)) r5 = syz_open_dev$swradio(0x0, 0x1, 0x2) read$rfkill(r5, &(0x7f00000001c0), 0x8) setsockopt$IP_VS_SO_SET_ADD(r5, 0x0, 0x482, &(0x7f0000000000)={0x3b, @multicast2, 0x4e23, 0x1, 'sh\x00', 0x4, 0x69, 0x21}, 0x2c) openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/access\x00', 0x2, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x0, 0x0, 0x0}) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x40082406, &(0x7f0000000300)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf') [ 225.726504] binder: 11273:11274 ioctl c048ae65 20000100 returned -22 [ 225.744208] binder: 11273:11274 ioctl c0306201 20012000 returned -14 06:42:06 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 225.950794] audit: type=1326 audit(1567665726.789:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11238 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:06 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) pipe2(&(0x7f0000000000), 0x80000) r1 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r1, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) getdents(r0, 0x0, 0x4c6) 06:42:07 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:07 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) ioctl$KVM_SET_VAPIC_ADDR(0xffffffffffffffff, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 06:42:07 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x0, 0x0, 0x0}) r3 = socket$caif_seqpacket(0x25, 0x5, 0x2) r4 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) ioctl$FS_IOC_ENABLE_VERITY(r0, 0x6685, &(0x7f0000000280)={0x1, 0x5, 0x1000, 0x88, &(0x7f0000000180)="383dadd0359fa99ef131723a75ac8ef3af46c8974bf38f08e336aa0b7e7346b496d200748b68c2af97a2034c600b6505de6515e8cebb0458233d1e4cfe0f97b8d26d5fbc33ea6f687fe5a36bab16ffaa975e582c4a70546077d79da41fb6aaaf10b84e7385b86412a67a4f9a837052b92cb93f1e77b67e983ef22263b6c869c19b4efaa45032f839", 0x3f, 0x0, &(0x7f0000000240)="5b039b27a07502eaa7dd1c63931e06d46c16fb0a5e141c57004eb77e8409fb58a74282c576536ac1111f1ae33cf6ef3cf7fcb7e0a2ba109857183693e66183"}) sendmsg$nl_generic(r4, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) fstat(r4, &(0x7f00000000c0)) flistxattr(r3, &(0x7f0000000080)=""/21, 0x15) 06:42:07 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) ioctl$KVM_SET_VAPIC_ADDR(0xffffffffffffffff, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 226.464966] binder: 11300:11302 ioctl 6685 20000280 returned -22 06:42:07 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:07 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) ioctl$KVM_SET_VAPIC_ADDR(0xffffffffffffffff, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 226.546589] binder: 11300:11306 ioctl 6685 20000280 returned -22 06:42:07 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(0x0, 0x0, 0x0) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cachefiles\x00', 0x182242, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000000c0)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="08630440"], 0x0, 0x0, 0x0}) r2 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x0, 0x0, 0x0}) 06:42:07 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 226.791390] *** Guest State *** [ 226.808659] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 06:42:07 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 226.842063] kauditd_printk_skb: 1 callbacks suppressed [ 226.842071] audit: type=1326 audit(1567665727.679:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11289 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:07 executing program 0: getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000000)=""/87, &(0x7f00000000c0)=0x57) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x200000, 0x0) bind$ax25(r0, &(0x7f0000000100)={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x6}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @bcast, @null, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) getdents(0xffffffffffffffff, 0x0, 0x0) [ 226.895501] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 226.941861] CR3 = 0x00000000fffbc000 06:42:07 executing program 5: bind$alg(0xffffffffffffffff, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 226.962791] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 226.985246] RFLAGS=0xfbf593b407ffc2e2 DR7 = 0x0000000000000400 [ 227.002177] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 06:42:07 executing program 1: r0 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) r1 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000000280)={r3, 0x1c, "237a5c3ef6bb91546a94ff010000ffa95f92a726729beb47d32bc5b5"}, &(0x7f0000000100)=0x24) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f00000000c0)={r3, 0x3}, &(0x7f0000000100)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={r4, @in6={{0xa, 0x4e24, 0x2, @loopback, 0x5}}, 0x0, 0x80, 0x2, 0x1, 0x80}, 0x98) r5 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r5, 0x40046207, 0x0) r6 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r7 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="605b1cf3f09705"], 0x0, 0x0, 0x0}) [ 227.046194] audit: type=1326 audit(1567665727.809:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11326 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 227.075906] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 227.099671] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 227.122540] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 227.126791] binder: 11332:11333 unknown command -216245408 [ 227.144180] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 227.147983] binder: 11332:11333 ioctl c0306201 20012000 returned -22 [ 227.168322] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 227.181041] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 06:42:08 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 227.194978] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 227.236114] *** Guest State *** [ 227.244109] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 227.253433] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 227.262577] binder: 11332:11333 unknown command -216245408 [ 227.263773] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 227.269661] binder: 11332:11333 ioctl c0306201 20012000 returned -22 [ 227.279293] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 227.292408] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 227.300419] CR3 = 0x00000000fffbc000 [ 227.300426] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 227.300435] RFLAGS=0xfbf593b407ffc2e2 DR7 = 0x0000000000000400 [ 227.300446] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 227.300456] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 227.300469] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 227.300482] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 227.300494] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 227.300506] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 227.300518] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 227.300526] GDTR: limit=0x0000ffff, base=0x0000000000000000 06:42:08 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) r2 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r2, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) r3 = syz_open_dev$swradio(0x0, 0x1, 0x2) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r4, 0x0) ioctl$UI_GET_VERSION(r4, 0x8004552d, &(0x7f0000000180)) read$rfkill(r3, &(0x7f00000001c0), 0x8) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000000)={0x3b, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x1, 'sh\x00', 0x4, 0x69, 0x21}, 0x2c) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x17, 0x0, &(0x7f00000001c0)=ANY=[@ANYRESOCT=r3], 0x0, 0x0, 0x0}) r5 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='E'], 0x0, 0x0, 0x0}) [ 227.300544] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 227.304794] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 227.338934] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 227.340777] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 227.419353] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 227.428589] Interruptibility = 00000000 ActivityState = 00000000 [ 227.446335] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 227.457134] *** Host State *** [ 227.468028] RIP = 0xffffffff81174990 RSP = 0xffff8880622af998 [ 227.469754] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 227.487758] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 227.498642] binder: 11344:11348 unknown command 808464432 [ 227.517820] FSBase=00007fbbc5cdf700 GSBase=ffff8880aef00000 TRBase=fffffe0000034000 [ 227.541227] Interruptibility = 00000000 ActivityState = 00000000 [ 227.547528] *** Host State *** [ 227.551952] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 227.560283] binder: 11344:11348 ioctl c0306201 20000080 returned -22 [ 227.566693] CR0=0000000080050033 CR3=0000000086cc2000 CR4=00000000001426e0 [ 227.589071] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff862018e0 06:42:08 executing program 5: bind$alg(0xffffffffffffffff, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 227.604440] RIP = 0xffffffff81174990 RSP = 0xffff88805b23f998 [ 227.605193] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 227.624498] *** Control State *** [ 227.632652] PinBased=0000003f CPUBased=b699edfe SecondaryExec=000000e2 [ 227.641269] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 227.648917] EntryControls=0000d1ff ExitControls=002fefff [ 227.673994] FSBase=00007f46c6d59700 GSBase=ffff8880aef00000 TRBase=fffffe0000003000 [ 227.701553] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 227.704384] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 227.707489] CR0=0000000080050033 CR3=0000000063a3e000 CR4=00000000001426e0 [ 227.707501] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff862018e0 [ 227.707510] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 227.707513] *** Control State *** [ 227.707519] PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=000000e3 [ 227.707524] EntryControls=0000d1ff ExitControls=002fefff [ 227.707533] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 227.707539] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 227.707545] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 227.707551] reason=80000021 qualification=0000000000000000 [ 227.707555] IDTVectoring: info=00000000 errcode=00000000 [ 227.707560] TSC Offset = 0xffffff83cede17f4 [ 227.707564] TPR Threshold = 0x00 [ 227.707570] EPT pointer = 0x000000009fd6f01e [ 227.707578] Virtual processor ID = 0x0002 [ 227.733269] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 227.791284] audit: type=1326 audit(1567665728.609:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11326 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:08 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r0, 0x0) ioctl$IMADDTIMER(r0, 0x80044940, &(0x7f00000001c0)=0x14) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x10000, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f0000000240)='/dev/snd/pcmC#D#p\x00', 0x6, 0x200) ioctl$DRM_IOCTL_RES_CTX(r2, 0xc0106426, &(0x7f0000000800)={0x1, &(0x7f00000007c0)=[{0x0}]}) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r4, 0x0) setsockopt$TIPC_GROUP_LEAVE(r4, 0x10f, 0x88) ioctl$DRM_IOCTL_NEW_CTX(r2, 0x40086425, &(0x7f0000000840)={r3, 0x1}) ioctl$DRM_IOCTL_SWITCH_CTX(r1, 0x40086424, &(0x7f0000000180)={r3}) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') r6 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r6, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r6) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r5, 0x0, 0x0) r7 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x3, 0x2) ioctl$EVIOCGABS0(r7, 0x80184540, &(0x7f00000000c0)=""/129) 06:42:08 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:08 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 227.949012] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 228.009667] reason=80000021 qualification=0000000000000000 [ 228.033905] IDTVectoring: info=00000000 errcode=00000000 [ 228.048172] TSC Offset = 0xffffff840b9faa5f [ 228.058338] EPT pointer = 0x00000000a131801e [ 228.068581] Virtual processor ID = 0x0001 06:42:08 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 228.179046] audit: type=1326 audit(1567665729.009:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11359 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 228.275120] *** Guest State *** [ 228.293264] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 228.339984] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 228.386916] CR3 = 0x00000000fffbc000 [ 228.409741] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 228.441208] RFLAGS=0xfbf593b407ffc2e2 DR7 = 0x0000000000000400 [ 228.474074] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 228.504055] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 06:42:09 executing program 5: bind$alg(0xffffffffffffffff, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 228.534707] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 228.591808] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 228.627527] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 228.656550] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 228.688638] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 06:42:09 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:09 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 228.787742] GDTR: limit=0x0000ffff, base=0x0000000000000000 06:42:09 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = syz_open_dev$binder(0x0, 0x0, 0x0) r3 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r3, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r4, 0x0) r5 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r5, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) r6 = syz_open_dev$swradio(0x0, 0x1, 0x2) read$rfkill(r6, &(0x7f00000001c0), 0x8) setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x482, &(0x7f0000000000)={0x3b, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x1, 'sh\x00', 0x4, 0x69, 0x21}, 0x2c) r7 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r7, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) r8 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r8, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r9, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r9, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0xd4, 0x0, &(0x7f00000003c0)=ANY=[@ANYPTR64=&(0x7f0000000800)=ANY=[@ANYPTR64=&(0x7f0000000100)=ANY=[@ANYRESDEC=0x0], @ANYPTR64=&(0x7f0000000140)=ANY=[@ANYPTR64, @ANYRESHEX=r3, @ANYRES64=r4, @ANYRESDEC=r5], @ANYRES64=r6, @ANYRESHEX=0x0, @ANYRESHEX=0x0, @ANYRESHEX, @ANYPTR=&(0x7f0000000180)=ANY=[@ANYRES16, @ANYBLOB="299a7f056dfff60321aa96552fd7af1db96f4550d5aab77f5bb58f1820adc04c642a89c180a34e0a0e14deff13613b2eeea0eeba60d8e8d17c6666c95117db80288e9a8e926d65df04c4bea825d4016a88684c", @ANYRES64, @ANYRES32=r7, @ANYRESOCT=r3, @ANYPTR, @ANYRESDEC=r8, @ANYPTR64], @ANYBLOB="666d87663d5b4fe1fd6c0c12cf992bf0d424cd4524ae0873b27e163a40fdf0e8ad1d7c1d2bcd8648248acb2b01ad804c2e68bc47631951b53c9437445cc9bcf05c75ff08bb085dc47de2274fa0c4211bc3d05ff468ace4608dd7e19ab06561c81a0eef78a85b807e67e33bfd124365b526fc0b1714a0f84812f15716e5da00a5c3aebe6cb26d6e4ce32ddc013810a1c8bb3f4c5a0a00570bfc3a4f6185b622457eb74d9a0b40a5ac940caa1a6f44583c265ca6587f7a1586eedbb68706532f83359867a3a1f9c7cf433ab0b4a8ff4f184595040ab19dd0362cacd1ce204bc5ea86dc16d0c926328d", @ANYRESOCT=r2], @ANYRESHEX=r9, @ANYRES16, @ANYRES32, @ANYRESHEX=r2, @ANYBLOB="21a9be549d57f0f8354930ff755e158f87e83180bd8766c4533b6ec3b7dcc0d605e9a7841098fe6bdab2cd76d7f6c16c7198526de65b99aa0b2ed2ca3d6adf63cc71bdbd1225931dc338b3396c595f71488a2b27a6337fa6c761c6347d1e3bcb50d80909fbff95aa0a1283489e8d41dec7feea5bedbe5a0f555147be95b117069827da94e13cfd968e058bea6fcd2859be78082f7d82360935b60d0b84918995c5d7bfc6e921019b575030c4"], 0xfffffed3, 0x0, 0x0}) [ 228.836125] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 228.855417] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 228.863675] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 228.875297] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 228.883251] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 228.890906] Interruptibility = 00000000 ActivityState = 00000000 [ 228.898056] *** Host State *** [ 228.905626] RIP = 0xffffffff81174990 RSP = 0xffff888061d27998 [ 228.911892] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 228.918503] FSBase=00007fbbc5cdf700 GSBase=ffff8880aef00000 TRBase=fffffe0000034000 [ 228.926832] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 228.984182] CR0=0000000080050033 CR3=00000000a7241000 CR4=00000000001426e0 [ 229.102775] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff862018e0 [ 229.137555] binder: 11394:11401 unknown command 536872960 [ 229.137689] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 229.172510] binder: 11394:11401 ioctl c0306201 20000080 returned -22 06:42:10 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') ioctl$VT_RELDISP(r0, 0x5605) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r0, 0x0, 0x0) [ 229.216632] *** Control State *** [ 229.234976] PinBased=0000003f CPUBased=b699edfe SecondaryExec=000000e2 [ 229.273148] EntryControls=0000d1ff ExitControls=002fefff [ 229.289803] audit: type=1326 audit(1567665730.119:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11405 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 229.329521] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 229.367964] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 06:42:10 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 229.393811] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 229.438426] reason=80000021 qualification=0000000000000000 [ 229.476505] IDTVectoring: info=00000000 errcode=00000000 [ 229.496797] TSC Offset = 0xffffff83403a7029 [ 229.505227] EPT pointer = 0x0000000080ee101e [ 229.509954] Virtual processor ID = 0x0001 06:42:10 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:10 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) 06:42:10 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 229.715812] *** Guest State *** [ 229.737008] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 229.782415] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 229.825251] CR3 = 0x00000000fffbc000 [ 229.829753] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 229.836450] RFLAGS=0xfbf593b407ffc2e2 DR7 = 0x0000000000000400 06:42:10 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="792cd90845"], 0x0, 0x0, 0x0}) [ 229.870859] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 229.878022] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 229.886608] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 229.900290] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 229.915265] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 229.934912] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 229.966018] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 230.016687] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 230.033999] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 230.048926] binder: 11428:11430 unknown command 148450425 [ 230.062590] binder: 11428:11430 ioctl c0306201 20012000 returned -22 [ 230.083232] IDTR: limit=0x0000ffff, base=0x0000000000000000 06:42:11 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0xa, 0x2}) getdents(r0, 0x0, 0x0) 06:42:11 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='\xc2\x00\xa2\xa9\x88\xcf\x00\x02\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x0, 0x0, 0x0}) [ 230.133259] audit: type=1326 audit(1567665730.969:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11405 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 230.168045] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 230.201763] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 230.224985] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 06:42:11 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 230.248436] Interruptibility = 00000000 ActivityState = 00000000 [ 230.258361] audit: type=1326 audit(1567665731.089:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11435 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 230.283234] *** Host State *** [ 230.287092] RIP = 0xffffffff81174990 RSP = 0xffff88805a877998 [ 230.293285] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 230.308435] FSBase=00007fbbc5cdf700 GSBase=ffff8880aee00000 TRBase=fffffe0000003000 [ 230.316661] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 230.325425] CR0=0000000080050033 CR3=00000000818df000 CR4=00000000001426f0 06:42:11 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0xfffffffffffffd61, 0x0, &(0x7f0000000100)=ANY=[@ANYRESOCT=r1], 0x0, 0x0, 0x0}) r2 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000140)=ANY=[@ANYPTR64], 0x0, 0x0, 0x0}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) r4 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r4, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) r5 = syz_open_dev$swradio(0x0, 0x1, 0x2) read$rfkill(r5, &(0x7f00000001c0), 0x8) setsockopt$IP_VS_SO_SET_ADD(r5, 0x0, 0x482, &(0x7f0000000000)={0x3b, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x1, 'sh\x00', 0x4, 0x69, 0x21}, 0x2c) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r6, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r6, 0x0) r7 = openat$cgroup_subtree(r6, &(0x7f0000000080)='cgroup.subtree_control\x00', 0x2, 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x4000010, r7, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r3, 0xae04) [ 230.360278] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff862018e0 [ 230.378693] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 230.385106] *** Control State *** [ 230.388924] PinBased=0000003f CPUBased=b699edfe SecondaryExec=000000e2 [ 230.399566] EntryControls=0000d1ff ExitControls=002fefff [ 230.405726] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 230.416493] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 230.423572] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 230.430849] reason=80000021 qualification=0000000000000000 [ 230.441773] IDTVectoring: info=00000000 errcode=00000000 [ 230.448071] TSC Offset = 0xffffff827b24d666 [ 230.452998] EPT pointer = 0x00000000a525001e 06:42:11 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 230.457548] binder: 11447:11449 unknown command 0 [ 230.465193] binder: 11447:11449 ioctl c0306201 20000040 returned -22 [ 230.471986] Virtual processor ID = 0x0001 06:42:11 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_ENABLE_CAP(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000240)={0x79}) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r0, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r0, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r0, 0xae80, 0x0) 06:42:11 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_ENABLE_CAP(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000240)={0x79}) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r0, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r0, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r0, 0xae80, 0x0) 06:42:11 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="792cd90845"], 0x0, 0x0, 0x0}) 06:42:11 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_ENABLE_CAP(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000240)={0x79}) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r0, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r0, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r0, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r0, 0xae80, 0x0) [ 230.694269] binder: 11463:11464 unknown command 148450425 [ 230.726043] binder: 11463:11464 ioctl c0306201 20012000 returned -22 06:42:11 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r0, 0x4068aea3, &(0x7f0000000240)={0x79}) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r1, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r1, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r1, 0xae80, 0x0) 06:42:11 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="792cd90845"], 0x0, 0x0, 0x0}) 06:42:11 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r0, 0x4068aea3, &(0x7f0000000240)={0x79}) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r1, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r1, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r1, 0xae80, 0x0) [ 230.876996] binder: 11474:11476 unknown command 148450425 [ 230.915868] binder: 11474:11476 ioctl c0306201 20012000 returned -22 06:42:11 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r1, 0x0) setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000040)={0x5, &(0x7f0000000000)=[{0x7ff, 0x2, 0x101, 0xea8}, {0x47a4, 0x5, 0xffff, 0x7}, {0x7fffffff, 0x4, 0x4, 0x80000001}, {0x1, 0x3ff, 0x5, 0x2}, {0x3, 0x6, 0x0, 0x9}]}, 0xe4) getdents64(r1, &(0x7f00000000c0)=""/239, 0x1000000c3) getdents(r0, 0x0, 0x0) 06:42:11 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="792cd90845"], 0x0, 0x0, 0x0}) 06:42:11 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r0, 0x4068aea3, &(0x7f0000000240)={0x79}) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r1, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r1, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r1, 0xae80, 0x0) [ 231.031859] audit: type=1326 audit(1567665731.869:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11435 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 231.125101] binder: 11485:11489 unknown command 148450425 [ 231.139582] audit: type=1326 audit(1567665731.949:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11487 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 231.157963] binder: 11485:11489 ioctl c0306201 20012000 returned -22 06:42:12 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="ce8eae8b864be2f3e8942e59a08b4f30d102d0e317b78a3a96fac0b108222ac1"], 0x0, 0x0, 0x0}) 06:42:12 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(0xffffffffffffffff, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:12 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) 06:42:12 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:12 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = syz_open_dev$binder(0x0, 0x0, 0x0) r3 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r3, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r4, 0x0) r5 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r5, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) r6 = syz_open_dev$swradio(0x0, 0x1, 0x2) read$rfkill(r6, &(0x7f00000001c0), 0x8) setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x482, &(0x7f0000000000)={0x3b, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x1, 'sh\x00', 0x4, 0x69, 0x21}, 0x2c) r7 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r7, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) r8 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r8, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r9, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r9, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0xd4, 0x0, &(0x7f00000003c0)=ANY=[@ANYPTR64=&(0x7f0000000800)=ANY=[@ANYPTR64=&(0x7f0000000100)=ANY=[@ANYRESDEC=0x0], @ANYPTR64=&(0x7f0000000140)=ANY=[@ANYPTR64, @ANYRESHEX=r3, @ANYRES64=r4, @ANYRESDEC=r5], @ANYRES64=r6, @ANYRESHEX=0x0, @ANYRESHEX=0x0, @ANYRESHEX, @ANYPTR=&(0x7f0000000180)=ANY=[@ANYRES16, @ANYBLOB="299a7f056dfff60321aa96552fd7af1db96f4550d5aab77f5bb58f1820adc04c642a89c180a34e0a0e14deff13613b2eeea0eeba60d8e8d17c6666c95117db80288e9a8e926d65df04c4bea825d4016a88684c", @ANYRES64, @ANYRES32=r7, @ANYRESOCT=r3, @ANYPTR, @ANYRESDEC=r8, @ANYPTR64], @ANYBLOB="666d87663d5b4fe1fd6c0c12cf992bf0d424cd4524ae0873b27e163a40fdf0e8ad1d7c1d2bcd8648248acb2b01ad804c2e68bc47631951b53c9437445cc9bcf05c75ff08bb085dc47de2274fa0c4211bc3d05ff468ace4608dd7e19ab06561c81a0eef78a85b807e67e33bfd124365b526fc0b1714a0f84812f15716e5da00a5c3aebe6cb26d6e4ce32ddc013810a1c8bb3f4c5a0a00570bfc3a4f6185b622457eb74d9a0b40a5ac940caa1a6f44583c265ca6587f7a1586eedbb68706532f83359867a3a1f9c7cf433ab0b4a8ff4f184595040ab19dd0362cacd1ce204bc5ea86dc16d0c926328d", @ANYRESOCT=r2], @ANYRESHEX=r9, @ANYRES16, @ANYRES32, @ANYRESHEX=r2, @ANYBLOB="21a9be549d57f0f8354930ff755e158f87e83180bd8766c4533b6ec3b7dcc0d605e9a7841098fe6bdab2cd76d7f6c16c7198526de65b99aa0b2ed2ca3d6adf63cc71bdbd1225931dc338b3396c595f71488a2b27a6337fa6c761c6347d1e3bcb50d80909fbff95aa0a1283489e8d41dec7feea5bedbe5a0f555147be95b117069827da94e13cfd968e058bea6fcd2859be78082f7d82360935b60d0b84918995c5d7bfc6e921019b575030c4"], 0xfffffed3, 0x0, 0x0}) 06:42:12 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) 06:42:12 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 231.487792] binder: 11508:11511 unknown command -1951494450 [ 231.500363] binder: 11508:11511 ioctl c0306201 20012000 returned -22 06:42:12 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r0, 0x4068aea3, &(0x7f0000000240)={0x79}) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r1, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r1, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r1, 0xae80, 0x0) 06:42:12 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = syz_open_dev$binder(0x0, 0x0, 0x2) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="05"], 0x0, 0x0, 0x0}) [ 231.612116] binder: 11505:11526 unknown command 536872960 [ 231.650457] binder: 11505:11526 ioctl c0306201 20000080 returned -22 [ 231.689698] binder: 11530:11532 unknown command 5 [ 231.718388] binder: 11530:11532 ioctl c0306201 20012000 returned -22 [ 231.908485] audit: type=1326 audit(1567665732.739:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11487 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:13 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = syz_open_dev$binder(0x0, 0x0, 0x0) r3 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r3, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r4, 0x0) r5 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r5, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) r6 = syz_open_dev$swradio(0x0, 0x1, 0x2) read$rfkill(r6, &(0x7f00000001c0), 0x8) setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x482, &(0x7f0000000000)={0x3b, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x1, 'sh\x00', 0x4, 0x69, 0x21}, 0x2c) r7 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r7, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) r8 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r8, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r9, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r9, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0xd4, 0x0, &(0x7f00000003c0)=ANY=[@ANYPTR64=&(0x7f0000000800)=ANY=[@ANYPTR64=&(0x7f0000000100)=ANY=[@ANYRESDEC=0x0], @ANYPTR64=&(0x7f0000000140)=ANY=[@ANYPTR64, @ANYRESHEX=r3, @ANYRES64=r4, @ANYRESDEC=r5], @ANYRES64=r6, @ANYRESHEX=0x0, @ANYRESHEX=0x0, @ANYRESHEX, @ANYPTR=&(0x7f0000000180)=ANY=[@ANYRES16, @ANYBLOB="299a7f056dfff60321aa96552fd7af1db96f4550d5aab77f5bb58f1820adc04c642a89c180a34e0a0e14deff13613b2eeea0eeba60d8e8d17c6666c95117db80288e9a8e926d65df04c4bea825d4016a88684c", @ANYRES64, @ANYRES32=r7, @ANYRESOCT=r3, @ANYPTR, @ANYRESDEC=r8, @ANYPTR64], @ANYBLOB="666d87663d5b4fe1fd6c0c12cf992bf0d424cd4524ae0873b27e163a40fdf0e8ad1d7c1d2bcd8648248acb2b01ad804c2e68bc47631951b53c9437445cc9bcf05c75ff08bb085dc47de2274fa0c4211bc3d05ff468ace4608dd7e19ab06561c81a0eef78a85b807e67e33bfd124365b526fc0b1714a0f84812f15716e5da00a5c3aebe6cb26d6e4ce32ddc013810a1c8bb3f4c5a0a00570bfc3a4f6185b622457eb74d9a0b40a5ac940caa1a6f44583c265ca6587f7a1586eedbb68706532f83359867a3a1f9c7cf433ab0b4a8ff4f184595040ab19dd0362cacd1ce204bc5ea86dc16d0c926328d", @ANYRESOCT=r2], @ANYRESHEX=r9, @ANYRES16, @ANYRES32, @ANYRESHEX=r2, @ANYBLOB="21a9be549d57f0f8354930ff755e158f87e83180bd8766c4533b6ec3b7dcc0d605e9a7841098fe6bdab2cd76d7f6c16c7198526de65b99aa0b2ed2ca3d6adf63cc71bdbd1225931dc338b3396c595f71488a2b27a6337fa6c761c6347d1e3bcb50d80909fbff95aa0a1283489e8d41dec7feea5bedbe5a0f555147be95b117069827da94e13cfd968e058bea6fcd2859be78082f7d82360935b60d0b84918995c5d7bfc6e921019b575030c4"], 0xfffffed3, 0x0, 0x0}) 06:42:13 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r0, 0x4068aea3, &(0x7f0000000240)={0x79}) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r1, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r1, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r1, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r1, 0xae80, 0x0) 06:42:13 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:13 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:13 executing program 3: syz_open_procfs(0x0, &(0x7f0000000200)='\x00\x00\x00\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w^2\f\xe5\xcc`\xa0\xce\xf0D\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aul>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf0\xc1\xfb\xae\xb5\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa0\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|\xff\xb5\v\x93\x7f\xbc\x1a\x7f\xa90xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 232.694764] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 232.732691] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 232.764051] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 232.790925] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 232.818444] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 232.844653] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 232.856453] GDTR: limit=0x0000ffff, base=0x0000000000000000 06:42:13 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 232.875139] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 232.889285] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 232.908606] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 232.958966] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 232.984989] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 233.011340] Interruptibility = 00000000 ActivityState = 00000000 [ 233.036806] *** Host State *** [ 233.049697] audit: type=1326 audit(1567665733.879:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11545 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 233.057369] RIP = 0xffffffff81174990 RSP = 0xffff8880a8bbf998 [ 233.157876] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 233.198626] FSBase=00007fbbc5cdf700 GSBase=ffff8880aef00000 TRBase=fffffe0000034000 [ 233.251922] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 233.285087] CR0=0000000080050033 CR3=00000000a63fc000 CR4=00000000001426e0 06:42:14 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x3c, 0x0, &(0x7f00000001c0)=[@acquire_done, @exit_looper, @acquire_done={0x40106309, 0x2}, @request_death={0x400c630e, 0x1}], 0x47, 0x0, &(0x7f0000000100)="6ca37cce6a78d353c128a60bffc6d4794c6ad5d104e093df5f31977130e52e7f9e9e31cb4c99d05e9758edb3d63f65a26214d0925394ed86a0409f76eb5ae873dd5f0c11ee102e"}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r3 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$TIOCSSOFTCAR(0xffffffffffffffff, 0x541a, &(0x7f0000000080)=0x9) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x0, 0x0, 0x0}) 06:42:14 executing program 0: r0 = syz_open_dev$swradio(0x0, 0x1, 0x2) read$rfkill(r0, &(0x7f00000001c0), 0x8) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000000)={0x3b, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x1, 'sh\x00', 0x4, 0x69, 0x21}, 0x2c) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_NET_SET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x18, r2, 0x5c5dd5b8cffe85f1, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x4}]}, 0x18}}, 0x0) sendmsg$TIPC_NL_MEDIA_GET(r0, &(0x7f00000003c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x340e020}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x2e0, r2, 0x210, 0x70bd28, 0x25dfdbfd, {}, [@TIPC_NLA_MON={0x3c, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffffffffffffffe}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x9}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x20}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}]}, @TIPC_NLA_NODE={0x10, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_BEARER={0xd8, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'yam0\x00'}}, @TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffffffffff3c}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e24, 0x9, @loopback, 0xff}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0x467, @mcast1, 0x3f}}}}, @TIPC_NLA_BEARER_PROP={0x54, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80000000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7fffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x400}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}]}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'hwsim0\x00'}}]}, @TIPC_NLA_NET={0x30, 0x7, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x6}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x81}, @TIPC_NLA_NET_NODEID_W1={0xc}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x100000000}]}, @TIPC_NLA_LINK={0x3c, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}]}]}, @TIPC_NLA_MON={0x2c, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xf5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x8f}]}, @TIPC_NLA_SOCK={0x40, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7f}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xffffffffffff0000}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xa3}]}, @TIPC_NLA_BEARER={0xac, 0x1, [@TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_BEARER_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x784a}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3a23}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffffffffff21}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xff}]}, @TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8001}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}]}, @TIPC_NLA_BEARER_PROP={0x34, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x200000000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_BEARER_DOMAIN={0x8}]}, @TIPC_NLA_NET={0x24, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0xfffffffffffffffc}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x7fff}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x9}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x9}]}]}, 0x2e0}, 0x1, 0x0, 0x0, 0x20008015}, 0x24000000) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r3, 0x0, 0x0) 06:42:14 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x3c, 0x0, &(0x7f00000001c0)=[@acquire_done, @exit_looper, @acquire_done={0x40106309, 0x2}, @request_death={0x400c630e, 0x1}], 0x47, 0x0, &(0x7f0000000100)="6ca37cce6a78d353c128a60bffc6d4794c6ad5d104e093df5f31977130e52e7f9e9e31cb4c99d05e9758edb3d63f65a26214d0925394ed86a0409f76eb5ae873dd5f0c11ee102e"}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r3 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$TIOCSSOFTCAR(0xffffffffffffffff, 0x541a, &(0x7f0000000080)=0x9) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x0, 0x0, 0x0}) [ 233.321602] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff862018e0 06:42:14 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 233.376154] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 233.411383] audit: type=1326 audit(1567665734.249:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11587 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 233.441358] *** Control State *** [ 233.457164] PinBased=0000003f CPUBased=b699edfe SecondaryExec=000000e2 [ 233.478672] EntryControls=0000d1ff ExitControls=002fefff [ 233.493918] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 233.514839] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 233.556149] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 233.600958] reason=80000021 qualification=0000000000000000 [ 233.638145] IDTVectoring: info=00000000 errcode=00000000 [ 233.667668] TSC Offset = 0xffffff8103ddb8b6 [ 233.689565] EPT pointer = 0x000000008f2cc01e [ 233.710516] Virtual processor ID = 0x0001 06:42:14 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) 06:42:14 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, 0x0, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 233.878674] *** Guest State *** [ 233.886607] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 233.905558] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 233.927086] CR3 = 0x00000000fffbc000 [ 233.935120] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 233.947917] RFLAGS=0xfbf593b407ffc2e2 DR7 = 0x0000000000000400 [ 233.964135] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 233.978232] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 233.995716] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 234.013216] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 06:42:14 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 234.035230] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 234.045344] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 234.090710] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 234.132864] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 234.162638] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 06:42:15 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r0, 0x0, 0x0) ioctl$SIOCX25SCAUSEDIAG(0xffffffffffffffff, 0x89ec, &(0x7f0000000000)={0x7, 0x3}) r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/enforce\x00', 0x400, 0x0) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f00000000c0)={@remote, 0x1, 0x0, 0x2, 0x0, 0x97, 0x9}, &(0x7f0000000100)=0x20) [ 234.189861] audit: type=1326 audit(1567665735.019:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11587 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 234.192193] IDTR: limit=0x0000ffff, base=0x0000000000000000 06:42:15 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x3c, 0x0, &(0x7f00000001c0)=[@acquire_done, @exit_looper, @acquire_done={0x40106309, 0x2}, @request_death={0x400c630e, 0x1}], 0x47, 0x0, &(0x7f0000000100)="6ca37cce6a78d353c128a60bffc6d4794c6ad5d104e093df5f31977130e52e7f9e9e31cb4c99d05e9758edb3d63f65a26214d0925394ed86a0409f76eb5ae873dd5f0c11ee102e"}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r3 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$TIOCSSOFTCAR(0xffffffffffffffff, 0x541a, &(0x7f0000000080)=0x9) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x0, 0x0, 0x0}) [ 234.326635] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 234.363037] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 234.363129] audit: type=1326 audit(1567665735.119:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11620 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 234.391791] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 234.451520] Interruptibility = 00000000 ActivityState = 00000000 [ 234.492627] *** Host State *** [ 234.510910] RIP = 0xffffffff81174990 RSP = 0xffff8880a8bbf998 [ 234.542980] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 234.583721] FSBase=00007fbbc5cdf700 GSBase=ffff8880aef00000 TRBase=fffffe0000003000 [ 234.601472] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 234.608180] CR0=0000000080050033 CR3=00000000a3de5000 CR4=00000000001426e0 [ 234.622373] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff862018e0 06:42:15 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, 0x0, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 234.659779] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 234.685859] *** Control State *** [ 234.707741] PinBased=0000003f CPUBased=b699edfe SecondaryExec=000000e2 06:42:15 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x3c, 0x0, &(0x7f00000001c0)=[@acquire_done, @exit_looper, @acquire_done={0x40106309, 0x2}, @request_death={0x400c630e, 0x1}], 0x47, 0x0, &(0x7f0000000100)="6ca37cce6a78d353c128a60bffc6d4794c6ad5d104e093df5f31977130e52e7f9e9e31cb4c99d05e9758edb3d63f65a26214d0925394ed86a0409f76eb5ae873dd5f0c11ee102e"}) r1 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) r2 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r3 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$TIOCSSOFTCAR(0xffffffffffffffff, 0x541a, &(0x7f0000000080)=0x9) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x0, 0x0, 0x0}) 06:42:15 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 234.745167] EntryControls=0000d1ff ExitControls=002fefff [ 234.758311] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 234.772784] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 234.787543] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 06:42:15 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 234.805473] reason=80000021 qualification=0000000000000000 [ 234.812102] IDTVectoring: info=00000000 errcode=00000000 [ 234.817709] TSC Offset = 0xffffff803f84644c [ 234.826889] EPT pointer = 0x000000009cc0101e [ 234.831726] Virtual processor ID = 0x0001 [ 234.944474] *** Guest State *** [ 234.962296] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 234.998655] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 235.035992] CR3 = 0x00000000fffbc000 [ 235.039998] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 235.058036] RFLAGS=0xfbf593b407ffc2e2 DR7 = 0x0000000000000400 [ 235.072217] audit: type=1326 audit(1567665735.909:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11620 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:16 executing program 0: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = syz_open_procfs(r0, &(0x7f00000000c0)='net/if_inet6\x00') openat$uhid(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uhid\x00', 0x802, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r1, 0x0, 0x0) [ 235.127063] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 235.152820] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 235.177652] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 235.205511] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 235.216256] audit: type=1326 audit(1567665736.049:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11650 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 235.255076] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 235.278437] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 235.304372] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 235.328524] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 235.348192] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 235.375137] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 235.402054] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 235.427715] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 235.447917] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 235.498247] Interruptibility = 00000000 ActivityState = 00000000 06:42:16 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, 0x0, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 235.541939] *** Host State *** [ 235.560220] RIP = 0xffffffff81174990 RSP = 0xffff888060b6f998 06:42:16 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 235.591796] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 235.609273] FSBase=00007fbbc5cdf700 GSBase=ffff8880aee00000 TRBase=fffffe0000034000 [ 235.635436] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 235.645473] CR0=0000000080050033 CR3=00000000a3de5000 CR4=00000000001426f0 [ 235.658063] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff862018e0 [ 235.668626] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 235.675166] *** Control State *** [ 235.678725] PinBased=0000003f CPUBased=b699edfe SecondaryExec=000000e2 06:42:16 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0xa0c1c2eb933f415b}, [@IFLA_GROUP={0xffffffffffffffa3, 0x1b, 0x1c}]}, 0x28}}, 0x0) [ 235.689903] EntryControls=0000d1ff ExitControls=002fefff [ 235.695623] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 235.710909] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 235.717758] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 235.728767] reason=80000021 qualification=0000000000000000 [ 235.735319] IDTVectoring: info=00000000 errcode=00000000 [ 235.745036] TSC Offset = 0xffffff7fad953adb [ 235.749486] EPT pointer = 0x00000000a1ac901e 06:42:16 executing program 3: r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x3d6001, 0x0) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000080)) syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)={[{@mft_zone_multiplier={'mft_zone_multiplier'}}, {@show_sys_files_no='show_sys_files=no'}, {@errors_recover='errors=recover'}, {@case_sensitive_yes='case_sensitive=yes'}, {@umask={'umask'}}, {@umask={'umask'}}, {@mft_zone_multiplier={'mft_zone_multiplier', 0x3d, 0x2}}, {@umask={'umask'}}]}) [ 235.787398] Virtual processor ID = 0x0001 06:42:16 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 235.973527] *** Guest State *** [ 235.977120] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 236.013832] audit: type=1326 audit(1567665736.849:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11650 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 236.047074] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 236.051728] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 236.098414] CR3 = 0x00000000fffbc000 06:42:16 executing program 0: syz_mount_image$bfs(&(0x7f0000000000)='bfs\x00', &(0x7f0000000040)='./file0\x00', 0x82, 0x5, &(0x7f0000001400)=[{&(0x7f00000000c0)="ae259a7b7af58e8d47f8d970ff2e247444f26816111cbb04c04674d6576d80e4845bbe16654f2d5c329a647a7aec5c6c0ed158f80a650ad5b33bc4d2877f2fc2f1984c57044365043d01c93f13498a88ed7ae6ad3f529b0f6b550d3bb90bd4287f5e1793efd18ed49c26649dc718cc22fed14b9e5e64e28e8c120e448f733a361a9e8f69247560350b2eb3f424811dd306b7bacb9129", 0x96, 0x100}, {&(0x7f0000000180)="eaa3e0ef326c4126af5c674fff71a7be58816d2a57638ac33c18303a3331ba20bf536748b70c7213d4083299c792d709f20c677105d6e3613fcb42baa00f5c6db51e25c841b425431f4a74ef7f0cefd15d6c32f6501ff6cd635b075e0d03755cbdd17c16b445a386415f4bdb2228bef51dbf43c28574756563be7922a81621ee16148aa95107a719f5ad67630fe596263d7181b96a9c7f0d58e4c17af0f2e59a514b3b4b", 0xa4, 0x3}, {&(0x7f0000000240)="9ebc2854b94271b1abd264b4414eb141fd3663129df72f01b689798bb45d57c6e29f16c562bc611ddcb25e7eb3f0c528b2d66ba6424af8862deab2d567825af41a8dfa3c59e745be5f47656413be33078baf557a5f610103332ad1a902ff85dda2f0974ecaa3e033cbc3d1f97fc562aa3c8cf7f0b10a42728ce317b2358402e0ffca96", 0x83, 0x8000}, {&(0x7f0000000300)="10a5f500b0a9052359ee0877ba2080bb76cfc4301df31690b05ebc5f2958a6871017000009f3b9853431d06451a815f68b1d2f1a9809774617f36b2bbdafa1848976392c579185e1f5a050937dfacc715f5284f540738690307726ce11cf12c47b48fd5ada41b40bf1ffae5a91bbaea0002a5ebc422072dc315462215e053cdbc75e71510ee9ed5cea67670c2d25c8f24188478bb2fd658887e1ea9717c7a6348f74a3cc9d3a0c96aae7171f3442018cdae58a2aa22dc3c813501c507e384fbdaa1bbd1fc7a20c29ff4a7f9216648bcb6950c0fc469ff9df034cdbe7b0727c6db96d5593185cfc6c774a01f8c7ba", 0xee, 0x10000}, {&(0x7f0000000400)="c413b0dc8d10eb47f940c29711248e3dd1bf0a5b0b5a493d06231bd4a8f5d52a23f65fa5c2434c4a2e04d2cb5315a54fba7a533eac929699cc376c7e50ff7b9b78deb69ffbbcb433d833a44d6a4ecac498056a5bb4e2ca21b55891a9d2f4e9698fd30107c19953de2eb12a943f964fd0f4454e9cee10c6f456e3c5bdecdae63186695d32a5abb1b27b035b32bdca4696ce9a03d178d6a3a8c31d26a94d7436a7e279aaab2a92a29b2d5600026933c91e539e9b6c93e81e6ec0293ddc07dc82d132d41c68d18ad1c20ee4bea7051a95125d1a5e8c67933d882c4de59e5bdbf0f6c56c70fc2b657a18cd1a1a92be32aab197d7324d927129fe30ca113438322e215e28d968deab2639485193439f9db2abe70e0c360978c3c0ae7b9bb6b19e1ecb96b805c9bb52c0ad50c456235f584a508984f762d8ec15f64c2d89af6e44acf4195d5b870a70638f18929916bbddf76c4d8320292cded466685d35844d35e453b456815b807c88b8315a4d925a7bf90cc27ddc79c2e2190f55fd765ab132acdf805201aec646b64e056de4c6c7e0936c66b73ac2834dc0a83e993376cac7428cadc2052e8e277728313a565301dff9179d82ca3d28255e14fa80dbf642ddba594ecbc46a7e63fbe3ea092697b748908ec2328376fa8d3971c239437aea258c7144b17c80ea6ccf194f8abf37ad45c84ce02dd47d29502d6d5a5661a645bb98323979c1c96559185e8ea56eded1723fc5cb4640f99c20adb2132edcbde6cc617bbf382b5db541c7816aca38ba7e53ab48cae13897e01fdd8b16a1845369ff512a53d560df134b6982b0ba831dc8ca40196c645f544ec505c45d347f605dbf82bb80fd5fae391725cda72af447a8db72b612bfb18cb5c9ba8edc4d2ff6872fa51c0322239ebd0f2c481328c9c96f5781675ad491ae405de0828571ec34c5427b0c4a1c56357f378099dbe2e79dc4958cda92171db91159492d80c3e32847ea4889eb9f8a8cd77c038cc624141a8d91adae9e9d68b37a455852c7b0c713719d7916f81f642821ab3fb5751e6b014530bb5a0b4783f5568e14933776340cabe3ecabc58ad8fe0fccec5bc35b58cbda0fd9ecd0d5e555b283c8d887cb8275ba53447299e7ae12836de2bc96d1d6e1d77bdfbe951dc492f0f3c9f3ce506994956e4970b43bdd63fc5b38aba53134438513b1e9018523f2503d4a9a4cc1eebb4ff6eb9f4146cd3d0074fe4e15f0781efe106b69ca8c346826fdd7d44942e1a5e5c7a7096e18896dde75770b5333708f4ed2802fa1fb84fc8bd20579769dd7370e1c4c9bc4b65b9c1ea4ecf9151e88a712bdafc98f6b468213539ee9f6116734d3a9e8403013739d369a127b87ce563da441f70a07c7184c6ff18b598a3c7fc54c39712e01a04b2efa31935dbfab768ef30509dfcd32e2e876e2547d4ea99436c887bd691d1075111dceb646cd8dc935eba4fb892d90c800236ee0e6dc9f519ba9946828b7954064b8ad67b3e2ae6339bd4ae206a51d5ea99fbddfa5f6da4cc00764ec2370129eaeffc00d197d8d8716d95eba2a9e88b806b32ac8920107d87afe1e45ea62c24e884c689bd93fba9fbf2d8fbcb7e5823f695dad26127df1ad5feb5f8c2aa1f5eaeaaaee7e429e82fd5ff9910f72eaa6af698dbc018dacd886d98ea0fdd30401da9848f454b533f9ba9f014e36b800240ba96224684a2e947fe66794792fc6ee1a7f9a39214514ea590f10465ffb00e29f2866f028eec8b7c4de6d4a5efa2c2a66d65c9c399e815306ef1dcea1cc02924e8b8bdbb418ceace03cd16f1154fc24676120f77b305f364759cc54614f813aca876b66fb370ab1b6111f342ee628b81c9f7d27fba70bf0b9de2d564306c51f49baa910ff2e63a9c1d5d63760da2609458054df7255c361db91f0c3bff86af308f43d1453448fb19a33f9c60980b57686c7d39f868ced59d2b289d80a16c04717010c154122a5c22f5a137201569f9494c3d7406abde453d385dacb1e22476688dade73e14d93071693cd4302c3adc809acc4c567a7bfe11b0cec3f89fe5828f32bd5928fa07721b40a96edee77ffcd610b1d61737d3aa6b27df6d2fd43bcfb57417c720e6a88f5903fd7b74fcd1389507e9eddfb7c21394613b0ed79fff6b127f2a86115b03b598a140c696966825d2f6d2f78d4c9375753f2f98038a1bf42a77bb4bee07242c66a1a02b4959263f4d700217de2830560ee5b52173f35ae41058b90088185e38ab605189e8545a7114e43ec3d6dbfdad937b5dae0172e0c08f2bb62a85cc1fe5898a418ae2cdc08e00525c3f35a20d159e686d8f54f37107d77aa36b386622c3ff57b47f100c1ac00acd0ae73c823d008fbeda4f579a673fd3d3480b7e560973013dae9c7ee8f34e515879aeb8d5fda1b1deff1886ea04b66cebdd78d5868ae975c192a322aebc1a7b03f94706bcf5b17e0e29952a4d4fa3e37bfb94473f06ee8069edd82fc9f39a6e5012ffbb4acec85558ad0e62a3a74c2f3dd3a9f6ba854a812d4b3aec07e00d04a6fe7fd1748a9f6f98c634222698a8d07919298c2025db63dba8673b0ff8fdac241b5d604f45d9bd67b6061af9675021d3ef14a6baa3aca3e5ca5b0126c6014186127caa602d8ea79d3d4b96b87d7f59cd91ea0563c6bba160925ec341353746912b2ded8bcf745b164f97afead16d368708cbe2a64d1886a06ba06db78ef2d1df4d2315a9153e51d22d28bf8c6e0f5bb56e0aea22bcd92ddd22405d0a0b0b87d9213f20ca9c272c2049da8bf59833dda529bee2f1c11744e17b6fb082317d22ea15d5d1a45c2814ae6f13448ea33d9a8bd55d59310918b71f3549aa843688f020eff23025744416ee069fca54406c181c475114848b4031823ced2a9d7027d6fb8a2a2472b8a6fb5ff143cac19a6f4fc1f02769d8e695d008f7952ba2136eb9924f20515fda91034338d84b66dfbe71b3fb3c3408ceaeddaad33b02fc320c581bb1cecc68de380ddef491eb0081d8706c0c23c7ae25c62fe853c3d1fede50763cc52f36a8d93bfad108a5e8df456fbf01ed093511a83625fb3198e0d61a1edd489ed6e4230c5c0e3bd1ef93b89baf5b8aefd54b63e1c09eb36c158d09fd72f39a7934e6e7c050448b8b33b34dda8a273e03b70b30a015b16dbb3ca84c83a88639d46f50f0176f8fb260c063219a08f7d6455e4c04684b7fd91d8f2f6f4eadfa957311df964198c7816e9ce401c41a6c483c5e5839988581c57a8588bda2a1b481caf02712363d2f30aab3c72f53ed13b4646fa0bf5c3e688df323e286ec0573490906e45f9a54a4099e21e26b4606dab526965f584e6afae12b68a24f014e0e84a3a686f2d124078aa945deba38613a2bb5b87941a36f655919d0a9db0d867f7edbdd98523d855ee62c85ea7a97bec98f56415f5c744d07934833a5d1dcf183ca5f4d587aeb65addbf15c9258264be2cc5d459197cfa031c896e30659b9ed256e078a3568e2895dcbfef2ce0a89574085848ea8ad9371b0e6da5e74f885212b426bf142cab4fb2bf0f56b1779b9ca2f9ef5c705ae18ae1ffb52ce87e2246bd845095b075132ca2dad01cd0b9d7eaa6358a05d349c6f6f75f9d1cb96ef0d4be38d775d18e460c4b5dba0068b10f17056ee30adf1f8298b1eaa905b35f8ac86c7399a46140ce770dcc7a147b295b4769148966237fd684163e95338b628f44627caa756cbd3ac65590180e5bce2ab195a55e5c83b024312b63467c3e35ed21f5cc455ea2b31e8aebf669ce4a2343a5d487f9645b68ef81d8e568b48280de9514118bfa7a139ed7790407b93aa85805ea57f0683562729b9008106f448c4548e57a48b19be6fdfdd8f266a71e388323a593191df286b2f1271b18fd0f1ac5aff8405b4bb2781e98e42b98cb32dca583423185b9102faf0daf66d99e63121989702ce75e9ea11fa16d9e1dae67723917fe6b81a44bee911c17d89b28ed709106234ec9d8734f4ecb3eaf12d851971793489e744829dc8fa1232610848530eb977aa3b4d919e0967b93d7f7af38cc001946d0c97d64a7c586749fa46d0b6f143bf1c046a660879863fc2c276374a7a33508e54290f9064592e2ad38709a35f946fab25460cda613f624350f82ef3473bf5d3c12406a98760513cb29a8f6b8e49bd9651768a9550d39c271c786db36e04c40667bf0f0fef94d868bbb91dd2abc39ed359259d86374b3143b9c6e5be81259eba1d6d046b61df4526a8f7144cf11eb1b9351f3a2165e08e08ae477a4b996b147eea5704079bcef1219aed32950acbec0e8265b41bee50aeb6e7ca2c4e676d8b5350040781b9c23bef60d4d1403110b6edfe424fbd91727f9d7c8c8089505050f7b96b3634d8769daac54fa28d9e929486e5e8874d52b4261337cc1fc21cc8e916aff2434fa6b777a4803df2e5a13be9d966579f278d4676044bc7527e25aba717bc519ef277e8fc29a49e1d1657c616edf5b141e401291ef9dada022a94dfeb4debc33804f3fc4e1cd3bc3e279fcdf33f6e07380380f84d18de0a4d152004db062cb3be77fd9247757a553e86a7a43c8ebdce7ae2ac44ede9e9a166008db52de4c911609fc949f175ab7daa3480a082630ff7983654008eabc38d9948874e67214f7ac5b929836ed483e66f7824faac3d2e91f83df5136f31ad2e87b82559615b0505bbdb45a7512fbdec12f0a2f5c53fde79b2775197415259e2b869727b69f87fcd7abaecb3f4312d4d7e2cd44fe466ac6482c81e66b95727887d7cd5d2c5bce286eb724e2dba93ad2e0d416aa3dba78c99ec5549cd91698f76b526772122a1e3bb0688494eb3ffc6ca9e5b8e97d083b5339693df2bd3fd5739a79e8f8c400e22785f0aee136b7ff2133d10e41c7a268b8d61416cad29cd87d7390e29343affc73451b45be832476fbeb14e58df10df6092bc27fe3d6519fbb19fb8ba083290b7bd6edf4bda7fb160f354c5a4ed60533ad5ebc1df3b8d526dda70e1608674439716911fa6a53d313642f9279244e4b8a7da00269cb5aa8b5ce199dd8cf90113ec3d91e7d2dd8c1aeabb01338bc43cca80929be31676eb0ae6a39a942641afd29cd2d5144696cdfa596e3fb97824249f07a9fed09b6abc927897890787f8cececda07c2e870f9854345a1d8838b1d148129692c9c2ecd4925dd97c74bee6072bab941ba61775ad023e50b6f6373e0f10e43368a80ac8dc207c4753eebbef8f89eefb786f0a7cd6993cf9b74621241335e6b9c5a1cf1426a34c11e549e9cd331a28decd0808e451ba0b8abcea3a031d9157566bdefad1fc8e0eb22cd6ea0ff6cd30ff852410fa6709a818c7f77ed0e63841f9a160085ac44a9b732df995902b4c1672daefce2d48610eabf210bf63b5d25acf1a1217f3ce1b4b8368292c6d4b016c56420db8d43b24e08b784181b977bed257104e3cb0b775cc50cb8ee8b9b905dbe132553d17ec968890d82b44a8a4bfca25192924d5428187f2a6c707df557419dd6318640a3f3088e81fbe023425ed60b5de6141e6413572cc1242e1aa1ce65dde61d871240c928e60da1f6a7415d5956e1b7d3d68d7f6e4f6ca3961a1267eee5eee455bff09f97dfa74282e90462bfe71b386c5c3c3fe21ba669d18f6e0f5bcd22c13df79a7d3d159634ffdb574cfa4053416d59a4dd120b0a1240b5ca4f14c6deea52dbec1b358ad1dbb6eba83ac00d783645fe4e7be334fa75773cedf18b0a1048f7363dac66dd88402061fb6b6c987c4479ce7eac03847aa1b54ea637d06ac83760a5a3b3dc9fcc1b1083", 0x1000, 0x7}], 0x1000042, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') r1 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r1, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000001580)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b7c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66fe8ecc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4814e34592ee794c000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d533ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201280e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a59280c72be30a8069edd4a6cac3f08a8aaabd43ddf06e469e10539f3f699528680593ee4cef9f2b4bb40b0000000000"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000001540)={0x6, &(0x7f0000001500)=[{0x0, 0xffffffffffffbf43, 0x5, 0x8}, {0x3, 0x1, 0x9, 0x1f}, {0xfffffffffffffc01, 0x9, 0x7, 0xfff}, {0x1, 0x3ff, 0x7}, {0x98, 0x0, 0x2, 0x8}, {0x2, 0x7, 0x7, 0xff}]}) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) r2 = syz_open_dev$swradio(0x0, 0x1, 0x2) ioctl$UI_DEV_DESTROY(r0, 0x5502) read$rfkill(r2, &(0x7f00000001c0), 0x8) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000000)={0x3b, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x1, 'fo\x00', 0x4, 0x69, 0x21}, 0x2c) fcntl$setsig(r1, 0xa, 0x25) r3 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r3, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0e85f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) fstatfs(r3, &(0x7f00000018c0)=""/4096) r4 = syz_open_dev$swradio(0x0, 0x1, 0x2) read$rfkill(r4, &(0x7f00000001c0), 0x8) bind$vsock_dgram(r2, &(0x7f0000002900)={0x28, 0x0, 0x2710}, 0x10) setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000000)={0x3b, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x1, 'sh\x00', 0x4, 0x69, 0x21}, 0x2c) r5 = dup2(r0, r4) write$USERIO_CMD_REGISTER(r5, &(0x7f0000001880)={0x0, 0x6}, 0x2) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000028c0)='/dev/ubi_ctrl\x00', 0x58000, 0x0) getsockopt$inet_mreq(r2, 0x0, 0x24, &(0x7f0000001480)={@rand_addr, @multicast1}, &(0x7f00000014c0)=0x8) getdents(r0, 0x0, 0x0) [ 236.120181] RSP = 0x0000000000000000 RIP = 0x0000000000000000 06:42:17 executing program 1: r0 = syz_open_dev$radio(&(0x7f0000000140)='/dev/radio#\x00', 0x0, 0x2) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r1, 0x0) renameat(0xffffffffffffffff, &(0x7f0000000480)='./file0\x00', r1, &(0x7f00000004c0)='./file0\x00') r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000440)='IPVS\x00') sendmsg$IPVS_CMD_SET_CONFIG(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000500)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="df0965de566bbdb6f532b6fd2d7b4443ab084c4a7260fd0100"], 0x14}}, 0x0) sendmsg$IPVS_CMD_DEL_SERVICE(r0, &(0x7f00000003c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4080002}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)={0x180, r3, 0x702, 0x70bd25, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x800}, @IPVS_CMD_ATTR_DAEMON={0x4}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@dev={0xac, 0x14, 0x14, 0x1c}}, @IPVS_SVC_ATTR_AF={0x8}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}]}, @IPVS_CMD_ATTR_DAEMON={0x84, 0x3, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e23}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'syzkaller1\x00'}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e21}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e23}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'gretap0\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @initdev={0xfe, 0x88, [], 0x1, 0x0}}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x3}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @ipv4={[], [], @broadcast}}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xa2d5}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x3}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x100000000}]}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0x2}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x9}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xfaed}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x7ff}, @IPVS_DEST_ATTR_INACT_CONNS={0x8}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0xff}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}]}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x618e9d46}, @IPVS_DEST_ATTR_TUN_PORT={0x8, 0xe, 0x4e20}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x7}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0xffff}, @IPVS_DEST_ATTR_TUN_PORT={0x8, 0xe, 0x4e24}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8}]}, 0x180}, 0x1, 0x0, 0x0, 0x50}, 0x15f37dad85acb314) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) lsetxattr$security_selinux(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='security.selinux\x00', &(0x7f0000000100)='system_u:object_r:xen_device_t:s0\x00', 0x22, 0x1) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) r5 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r5, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) ioctl$KVM_SIGNAL_MSI(r5, 0x4020aea5, &(0x7f0000000400)={0x5000, 0xcfbe21a9ab832868, 0x9, 0x1, 0x3}) [ 236.164914] RFLAGS=0xfbf593b407ffc2e2 DR7 = 0x0000000000000400 [ 236.198245] BFS-fs: bfs_fill_super(): No BFS filesystem on loop0 (magic=ea000000) [ 236.222901] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 06:42:17 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r1, 0x0) getsockname(r1, &(0x7f00000002c0)=@pppoe={0x18, 0x0, {0x0, @local}}, &(0x7f0000000340)=0x80) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00') ioctl$sock_inet_SIOCSIFNETMASK(0xffffffffffffffff, 0x891c, &(0x7f0000000280)={'ip6gre0\x00', {0x2, 0x4e23, @loopback}}) sendmsg$TIPC_CMD_DISABLE_BEARER(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x2c, r2, 0x1, 0x70bd29, 0x25dfdbfc, {{}, 0x0, 0x4102, 0x0, {0x10, 0x13, @udp='udp:syz0\x00'}}, ["", ""]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x4000014) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x0, 0x0) ioctl$SG_SET_RESERVED_SIZE(r3, 0x2275, &(0x7f00000000c0)=0x7fffffff) getdents(r0, 0x0, 0xfffffffffffffff6) openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x8400, 0x0) [ 236.274272] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 236.292470] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 236.306285] ntfs: (device loop3): parse_options(): Unrecognized mount option . [ 236.315827] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 06:42:17 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 236.357728] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 236.379750] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 236.402515] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 06:42:17 executing program 3: r0 = syz_open_dev$radio(&(0x7f0000000140)='/dev/radio#\x00', 0x0, 0x2) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r1, 0x0) renameat(0xffffffffffffffff, &(0x7f0000000480)='./file0\x00', r1, &(0x7f00000004c0)='./file0\x00') r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000440)='IPVS\x00') sendmsg$IPVS_CMD_SET_CONFIG(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000500)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="df0965de566bbdb6f532b6fd2d7b4443ab084c4a7260fd0100"], 0x14}}, 0x0) sendmsg$IPVS_CMD_DEL_SERVICE(r0, &(0x7f00000003c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4080002}, 0xc, &(0x7f00000001c0)={&(0x7f0000000240)={0x180, r3, 0x702, 0x70bd25, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x800}, @IPVS_CMD_ATTR_DAEMON={0x4}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, [@IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0x2}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@dev={0xac, 0x14, 0x14, 0x1c}}, @IPVS_SVC_ATTR_AF={0x8}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}]}, @IPVS_CMD_ATTR_DAEMON={0x84, 0x3, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e23}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'syzkaller1\x00'}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e21}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e23}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'gretap0\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @initdev={0xfe, 0x88, [], 0x1, 0x0}}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x3}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @ipv4={[], [], @broadcast}}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xa2d5}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x3}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x100000000}]}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0x2}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x9}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xfaed}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x7ff}, @IPVS_DEST_ATTR_INACT_CONNS={0x8}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0xff}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}]}, @IPVS_CMD_ATTR_DEST={0x3c, 0x2, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x618e9d46}, @IPVS_DEST_ATTR_TUN_PORT={0x8, 0xe, 0x4e20}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x7}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0xffff}, @IPVS_DEST_ATTR_TUN_PORT={0x8, 0xe, 0x4e24}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8}]}, 0x180}, 0x1, 0x0, 0x0, 0x50}, 0x15f37dad85acb314) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$PPPIOCSCOMPRESS(0xffffffffffffffff, 0x4010744d) lsetxattr$security_selinux(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='security.selinux\x00', &(0x7f0000000100)='system_u:object_r:xen_device_t:s0\x00', 0x22, 0x1) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) r5 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r5, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) ioctl$KVM_SIGNAL_MSI(r5, 0x4020aea5, &(0x7f0000000400)={0x5000, 0xcfbe21a9ab832868, 0x9, 0x1, 0x3}) 06:42:17 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 236.436721] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 236.469049] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 236.522481] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 236.549559] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 236.602101] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 236.607422] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 236.631562] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 236.646955] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 236.680249] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 236.721177] Interruptibility = 00000000 ActivityState = 00000000 [ 236.748888] *** Host State *** [ 236.763816] RIP = 0xffffffff81174990 RSP = 0xffff888069677998 [ 236.789999] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 236.818744] FSBase=00007fbbc5cdf700 GSBase=ffff8880aef00000 TRBase=fffffe0000034000 [ 236.852748] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 236.877994] CR0=0000000080050033 CR3=0000000086283000 CR4=00000000001426e0 [ 236.909182] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff862018e0 [ 236.943548] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 06:42:17 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 236.968464] *** Control State *** [ 236.983757] PinBased=0000003f CPUBased=b699edfe SecondaryExec=000000e2 [ 237.005799] EntryControls=0000d1ff ExitControls=002fefff [ 237.032840] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 237.062687] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 237.083717] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 237.102023] reason=80000021 qualification=0000000000000000 [ 237.114267] IDTVectoring: info=00000000 errcode=00000000 [ 237.119892] TSC Offset = 0xffffff7f214a8aad [ 237.126744] EPT pointer = 0x000000008115e01e [ 237.139006] Virtual processor ID = 0x0001 06:42:18 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) 06:42:18 executing program 1: syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="6d66745f7a6f6e655f6d756c7469706c6965723d3078303030303030303030303030303030302c7368696c65733d6e6f1f6572726f72733d7265636f7665722c756d61736b3d30303030303030303030303030303030303030303030302c756d61736b3d30303030303030303030303030303030303030303030302c8e6d61736b3d30303030303030303030303030303030303030303030302c6d66745f7a6f6e655f6d756c7469706c6965723d30783030303030303030303030ad53fb98d762e24cd830303030322c756d61736b3d30303030303030303030303030303030"]) r0 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) r1 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r1, 0xc0d05605, &(0x7f0000000d40)={0xc, @pix_mp={0x0, 0x0, 0xff4465cda8510382, 0x0, 0xc, [{}, {}, {}, {0x7, 0xffffffff}], 0xf5, 0x602da9c1, 0x7, 0x3}}) ioctl$VFIO_SET_IOMMU(r0, 0x3b66, 0x8) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='9p\x00', 0x1200000, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}, {@cache_fscache='cache=fscache'}, {@cache_mmap='cache=mmap'}, {@loose='loose'}, {@version_L='version=9p2000.L'}, {@version_9p2000='version=9p2000'}, {@nodevmap='nodevmap'}, {@loose='loose'}, {@privport='privport'}, {@access_user='access=user'}], [{@dont_measure='dont_measure'}, {@appraise='appraise'}]}}) syz_open_dev$usbmon(&(0x7f00000001c0)='/dev/usbmon#\x00', 0x4, 0x105000) [ 237.231362] kauditd_printk_skb: 1 callbacks suppressed [ 237.231371] audit: type=1326 audit(1567665738.069:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11689 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:18 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 237.403134] *** Guest State *** [ 237.424263] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 237.479955] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 06:42:18 executing program 3: syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)={[{@mft_zone_multiplier={'mft_zone_mul:\xfdplier', 0x3d, 0x4}}, {@show_sys_files_no='show_sys_files=no'}, {@utf8='utf8'}, {@umask={'umask'}}, {@umask={'umask'}}, {@umask={'umask'}}, {@disable_sparse_yes='disable_sparse=yes'}, {@umask={'umask'}}]}) r0 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/hash_stats\x00', 0x0, 0x0) ioctl$RTC_SET_TIME(r0, 0x4024700a, &(0x7f0000000080)={0x28, 0x38, 0xf, 0x19, 0x5, 0x30881580, 0x3, 0xc2}) [ 237.524646] CR3 = 0x00000000fffbc000 [ 237.543739] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 237.549760] RFLAGS=0xfbf593b407ffc2e2 DR7 = 0x0000000000000400 06:42:18 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, 0xfffffffffffffffd) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r0, 0x0, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r1, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix={0x4, 0xfffffffffffff150, 0x38414261, 0x7, 0x0, 0x3, 0x5, 0xa39, 0x1, 0x3}}) r2 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/checkreqprot\x00', 0x40000, 0x0) r3 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r3, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) ioctl$PPPIOCGCHAN(r3, 0x80047437, &(0x7f0000000280)) ioctl$FS_IOC_GETFSMAP(r2, 0xc0c0583b, &(0x7f0000000080)=ANY=[@ANYBLOB="000000000000000005000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000005000000ffffffff00000000000000000000000005000000000000000500000000000000000000000000000000000000000000000000000000000000ff030000050000001f00000000000000ffff0000000000000300000000000000070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000017fcbefbddafe26693c0a65babee35ac00"/512]) ioctl$EVIOCSKEYCODE(r1, 0x40084504, &(0x7f0000000000)=[0x3ff, 0xffff]) 06:42:18 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 237.577575] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 237.605835] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 237.652248] audit: type=1326 audit(1567665738.489:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11736 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 237.677644] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 237.689599] ntfs: (device loop1): parse_options(): Unrecognized mount option shiles. [ 237.703620] ntfs: (device loop1): parse_options(): Unrecognized mount option Žmask. [ 237.731360] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 237.734043] ntfs: (device loop1): parse_options(): Invalid mft_zone_multiplier option argument: 0x00000000000­Sû˜×bâLØ00002 [ 237.768743] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 237.804393] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 237.846327] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 237.901338] GDTR: limit=0x0000ffff, base=0x0000000000000000 06:42:18 executing program 1: syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="6d66745f7a6f6e655f6d756c7469706c6965723d3078303030303030303030303030303030302c7368696c65733d6e6f1f6572726f72733d7265636f7665722c756d61736b3d30303030303030303030303030303030303030303030302c756d61736b3d30303030303030303030303030303030303030303030302c8e6d61736b3d30303030303030303030303030303030303030303030302c6d66745f7a6f6e655f6d756c7469706c6965723d30783030303030303030303030ad53fb98d762e24cd830303030322c756d61736b3d30303030303030303030303030303030"]) r0 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) r1 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r1, 0xc0d05605, &(0x7f0000000d40)={0xc, @pix_mp={0x0, 0x0, 0xff4465cda8510382, 0x0, 0xc, [{}, {}, {}, {0x7, 0xffffffff}], 0xf5, 0x602da9c1, 0x7, 0x3}}) ioctl$VFIO_SET_IOMMU(r0, 0x3b66, 0x8) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='9p\x00', 0x1200000, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}, {@cache_fscache='cache=fscache'}, {@cache_mmap='cache=mmap'}, {@loose='loose'}, {@version_L='version=9p2000.L'}, {@version_9p2000='version=9p2000'}, {@nodevmap='nodevmap'}, {@loose='loose'}, {@privport='privport'}, {@access_user='access=user'}], [{@dont_measure='dont_measure'}, {@appraise='appraise'}]}}) syz_open_dev$usbmon(&(0x7f00000001c0)='/dev/usbmon#\x00', 0x4, 0x105000) [ 237.950885] ntfs: (device loop3): parse_options(): Unrecognized mount option mft_zone_mul:ýplier. [ 237.958856] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 238.006368] ntfs: (device loop3): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 238.019010] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 238.058051] ntfs: (device loop1): parse_options(): Unrecognized mount option shiles. [ 238.083709] ntfs: (device loop3): parse_options(): Unrecognized mount option . [ 238.107920] ntfs: (device loop1): parse_options(): Unrecognized mount option Žmask. [ 238.120664] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 238.143913] EFER = 0x0000000000000000 PAT = 0x0007040600070406 06:42:19 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 238.167672] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 06:42:19 executing program 1: syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="6d66745f7a6f6e655f6d756c7469706c6965723d3078303030303030303030303030303030302c7368696c65733d6e6f1f6572726f72733d7265636f7665722c756d61736b3d30303030303030303030303030303030303030303030302c756d61736b3d30303030303030303030303030303030303030303030302c8e6d61736b3d30303030303030303030303030303030303030303030302c6d66745f7a6f6e655f6d756c7469706c6965723d30783030303030303030303030ad53fb98d762e24cd830303030322c756d61736b3d30303030303030303030303030303030"]) r0 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) r1 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r1, 0xc0d05605, &(0x7f0000000d40)={0xc, @pix_mp={0x0, 0x0, 0xff4465cda8510382, 0x0, 0xc, [{}, {}, {}, {0x7, 0xffffffff}], 0xf5, 0x602da9c1, 0x7, 0x3}}) ioctl$VFIO_SET_IOMMU(r0, 0x3b66, 0x8) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='9p\x00', 0x1200000, &(0x7f00000000c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend='noextend'}, {@cache_fscache='cache=fscache'}, {@cache_mmap='cache=mmap'}, {@loose='loose'}, {@version_L='version=9p2000.L'}, {@version_9p2000='version=9p2000'}, {@nodevmap='nodevmap'}, {@loose='loose'}, {@privport='privport'}, {@access_user='access=user'}], [{@dont_measure='dont_measure'}, {@appraise='appraise'}]}}) syz_open_dev$usbmon(&(0x7f00000001c0)='/dev/usbmon#\x00', 0x4, 0x105000) 06:42:19 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:19 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="280000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="1418cb64d7dd313008001b0000000000"], 0x28}}, 0x0) [ 238.238327] Interruptibility = 00000000 ActivityState = 00000000 [ 238.272402] *** Host State *** [ 238.299688] RIP = 0xffffffff81174990 RSP = 0xffff88805c0af998 [ 238.320171] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 238.326846] FSBase=00007fbbc5cdf700 GSBase=ffff8880aef00000 TRBase=fffffe0000034000 [ 238.335813] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 238.341995] CR0=0000000080050033 CR3=0000000080191000 CR4=00000000001426e0 [ 238.349764] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff862018e0 [ 238.357569] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 238.364387] *** Control State *** [ 238.368173] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 238.375659] EntryControls=0000d1ff ExitControls=002fefff [ 238.381459] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 238.389011] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 06:42:19 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 238.407619] bridge0: port 2(bridge_slave_1) entered disabled state [ 238.414491] bridge0: port 1(bridge_slave_0) entered disabled state [ 238.425754] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 238.432657] reason=80000021 qualification=0000000000000000 [ 238.439282] IDTVectoring: info=00000000 errcode=00000000 [ 238.445185] TSC Offset = 0xffffff7e5d421f9c [ 238.449669] EPT pointer = 0x0000000090cb401e [ 238.461778] Virtual processor ID = 0x0001 06:42:19 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) 06:42:19 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='nd\x00(') r1 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r1, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) ioctl$KVM_INTERRUPT(r1, 0x4004ae86, &(0x7f0000000000)=0x1ff) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r0, 0x0, 0x0) 06:42:19 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = syz_open_dev$binder(0x0, 0x0, 0x0) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x3000, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r3, 0xc0905664, &(0x7f00000000c0)={0x0, 0x0, [], @bt={0x0, 0x10001, 0x9, 0x8000, 0x28c, 0x5, 0x804c6424303e051a, 0x15}}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x0, 0x0, 0x0}) [ 238.893028] *** Guest State *** [ 238.905017] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 238.915854] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 238.927952] CR3 = 0x00000000fffbc000 [ 238.933867] RSP = 0x0000000000000000 RIP = 0x0000000000000000 06:42:19 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = syz_open_dev$binder(0x0, 0x0, 0x0) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x3000, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r3, 0xc0905664, &(0x7f00000000c0)={0x0, 0x0, [], @bt={0x0, 0x10001, 0x9, 0x8000, 0x28c, 0x5, 0x804c6424303e051a, 0x15}}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x0, 0x0, 0x0}) [ 238.940655] RFLAGS=0xfbf593b407ffc2e2 DR7 = 0x0000000000000400 [ 238.947956] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 238.955324] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 238.973547] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 238.994719] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 239.013004] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 239.026679] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 239.035600] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 06:42:19 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 239.045276] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 239.053612] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 239.062197] IDTR: limit=0x0000ffff, base=0x0000000000000000 06:42:19 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = syz_open_dev$binder(0x0, 0x0, 0x0) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x3000, 0x0) ioctl$VIDIOC_DV_TIMINGS_CAP(r3, 0xc0905664, &(0x7f00000000c0)={0x0, 0x0, [], @bt={0x0, 0x10001, 0x9, 0x8000, 0x28c, 0x5, 0x804c6424303e051a, 0x15}}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x0, 0x0, 0x0}) [ 239.098518] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 239.112531] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 239.124475] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 06:42:20 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 239.144711] Interruptibility = 00000000 ActivityState = 00000000 06:42:20 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 239.173070] *** Host State *** [ 239.186829] RIP = 0xffffffff81174990 RSP = 0xffff88805f48f998 [ 239.210959] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 06:42:20 executing program 1: syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)={[{@mft_zone_multiplier={'mft_zone_multiplier'}}, {@show_sys_files_no='show_sys_files=no'}, {@errors_recover='errors=recover'}, {@umask={'umask'}}, {@umask={'umask'}}, {@umask={'umask'}}, {@mft_zone_multiplier={'mft_zone_multiplier', 0x3d, 0x2}}, {@umask={'umask'}}]}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0xc000) setsockopt$ax25_int(r0, 0x101, 0x6, &(0x7f0000000080)=0x1, 0x4) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r1, 0x0) write$UHID_CREATE(r1, &(0x7f00000001c0)={0x0, 'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f00000000c0)=""/91, 0x5b, 0x80, 0x0, 0x100000001, 0x9, 0x6}, 0x120) [ 239.218164] FSBase=00007fbbc5cdf700 GSBase=ffff8880aef00000 TRBase=fffffe0000034000 [ 239.239903] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 239.246711] CR0=0000000080050033 CR3=0000000081dab000 CR4=00000000001426e0 [ 239.246721] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff862018e0 [ 239.262508] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 239.268635] *** Control State *** [ 239.268646] PinBased=0000003f CPUBased=b699edfe SecondaryExec=000000e2 [ 239.279165] EntryControls=0000d1ff ExitControls=002fefff [ 239.285086] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 239.295037] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 239.301889] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 239.308472] reason=80000021 qualification=0000000000000000 [ 239.315182] IDTVectoring: info=00000000 errcode=00000000 [ 239.321421] TSC Offset = 0xffffff7d908cfbeb [ 239.325918] EPT pointer = 0x00000000a960b01e [ 239.331254] Virtual processor ID = 0x0001 06:42:20 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 239.496129] *** Guest State *** [ 239.520405] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 239.573033] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 239.620123] CR3 = 0x00000000fffbc000 06:42:20 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') getdents(r0, 0x0, 0x0) getsockopt$EBT_SO_GET_ENTRIES(r0, 0x0, 0x81, &(0x7f00000001c0)={'broute\x00', 0x0, 0x3, 0xcb, [], 0x6, &(0x7f0000000000)=[{}, {}, {}, {}, {}, {}], &(0x7f00000000c0)=""/203}, &(0x7f0000000240)=0x78) [ 239.641464] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 239.676128] RFLAGS=0xfbf593b407ffc2e2 DR7 = 0x0000000000000400 [ 239.717163] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 06:42:20 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r0, 0x0, 0x160) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/cachefiles\x00', 0x40000, 0x0) ioctl$VIDIOC_SUBDEV_G_SELECTION(r1, 0xc040563d, &(0x7f0000000040)={0x1, 0x0, 0x3, 0x1, {0xffffffff, 0x4e, 0x161, 0x1}}) [ 239.759763] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 239.810421] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 239.871026] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 06:42:20 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0x0, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 239.927571] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 239.954119] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 239.983131] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 240.015668] GDTR: limit=0x0000ffff, base=0x0000000000000000 06:42:20 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 240.038359] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 240.048071] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 240.074968] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 06:42:21 executing program 1: syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)={[{@mft_zone_multiplier={'mft_zone_multiplier'}}, {@show_sys_files_no='show_sys_files=no'}, {@errors_recover='errors=recover'}, {@umask={'umask'}}, {@umask={'umask'}}, {@umask={'umask'}}, {@mft_zone_multiplier={'mft_zone_multiplier', 0x3d, 0x2}}, {@umask={'umask'}}]}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0xc000) setsockopt$ax25_int(r0, 0x101, 0x6, &(0x7f0000000080)=0x1, 0x4) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r1, 0x0) write$UHID_CREATE(r1, &(0x7f00000001c0)={0x0, 'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f00000000c0)=""/91, 0x5b, 0x80, 0x0, 0x100000001, 0x9, 0x6}, 0x120) 06:42:21 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 240.117784] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 240.127780] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 240.135948] Interruptibility = 00000000 ActivityState = 00000000 [ 240.143857] *** Host State *** [ 240.152422] RIP = 0xffffffff81174990 RSP = 0xffff88805f48f998 [ 240.158543] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 240.172507] FSBase=00007fbbc5cdf700 GSBase=ffff8880aee00000 TRBase=fffffe0000003000 [ 240.186058] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 240.196363] CR0=0000000080050033 CR3=0000000081dab000 CR4=00000000001426f0 [ 240.204095] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff862018e0 [ 240.210939] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 240.217123] *** Control State *** [ 240.222122] PinBased=0000003f CPUBased=b699edfe SecondaryExec=000000e2 [ 240.231669] EntryControls=0000d1ff ExitControls=002fefff [ 240.237262] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 240.244672] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 240.251781] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 240.258679] reason=80000021 qualification=0000000000000000 [ 240.265288] IDTVectoring: info=00000000 errcode=00000000 [ 240.271281] TSC Offset = 0xffffff7d3e42dc83 [ 240.276631] EPT pointer = 0x000000008685d01e [ 240.292687] Virtual processor ID = 0x0001 06:42:21 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 240.632399] *** Guest State *** 06:42:21 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r0, 0x0, 0xfffffffffffffe8d) [ 240.652682] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 240.705347] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 240.757416] CR3 = 0x00000000fffbc000 [ 240.774943] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 240.802433] RFLAGS=0xfbf593b407ffc2e2 DR7 = 0x0000000000000400 [ 240.833564] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 06:42:21 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, 0x0, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 240.851836] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 240.870813] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 240.884401] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 240.893010] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 06:42:21 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 240.917897] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 240.928654] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 240.943063] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 240.952979] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 06:42:21 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$VIDIOC_QUERY_EXT_CTRL(r0, 0xc0e85667, &(0x7f0000000080)={0x40000000, 0x9, "72f39c0747a66f8c4919d1279e041da97ca609d323c2436350cc64682fb0fd88", 0x80000001, 0x0, 0x3, 0x3, 0x6, 0x8001, 0xfffffffffffff800, 0xd74b, [0xc6d, 0x74b, 0x5, 0xea]}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='x;O<'], 0x0, 0x0, 0x0}) r2 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x0, 0x0, 0x0}) [ 240.961167] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 240.969248] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 240.980963] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 241.015402] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 241.023181] Interruptibility = 00000000 ActivityState = 00000000 [ 241.029664] *** Host State *** [ 241.033159] RIP = 0xffffffff81174990 RSP = 0xffff88805efa7998 [ 241.039316] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 241.046744] FSBase=00007fbbc5cdf700 GSBase=ffff8880aee00000 TRBase=fffffe0000003000 [ 241.054833] binder: 11895:11896 ioctl c0e85667 20000080 returned -22 [ 241.062259] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 241.070855] binder: 11895:11896 unknown command 1011825528 [ 241.077487] binder: 11895:11896 ioctl c0306201 20012000 returned -22 [ 241.085606] CR0=0000000080050033 CR3=00000000a5c57000 CR4=00000000001426f0 [ 241.096370] binder: 11895:11896 unknown command 1011825413 [ 241.102262] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff862018e0 [ 241.109537] binder: 11895:11896 ioctl c0306201 20012000 returned -22 06:42:22 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$VIDIOC_QUERY_EXT_CTRL(r0, 0xc0e85667, &(0x7f0000000080)={0x40000000, 0x9, "72f39c0747a66f8c4919d1279e041da97ca609d323c2436350cc64682fb0fd88", 0x80000001, 0x0, 0x3, 0x3, 0x6, 0x8001, 0xfffffffffffff800, 0xd74b, [0xc6d, 0x74b, 0x5, 0xea]}) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='x;O<'], 0x0, 0x0, 0x0}) r2 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x0, 0x0, 0x0}) [ 241.118174] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 241.137046] *** Control State *** [ 241.142624] PinBased=0000003f CPUBased=b699edfe SecondaryExec=000000e2 [ 241.159809] EntryControls=0000d1ff ExitControls=002fefff [ 241.167859] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 241.182125] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 241.189767] binder: 11901:11903 ioctl c0e85667 20000080 returned -22 [ 241.196598] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 241.206129] binder: 11901:11903 unknown command 1011825528 [ 241.212821] reason=80000021 qualification=0000000000000000 [ 241.219441] binder: 11901:11903 ioctl c0306201 20012000 returned -22 [ 241.226298] IDTVectoring: info=00000000 errcode=00000000 [ 241.236376] binder: 11901:11903 unknown command 1011825413 [ 241.242375] TSC Offset = 0xffffff7ca1f4df88 [ 241.249276] binder: 11901:11903 ioctl c0306201 20012000 returned -22 [ 241.256104] EPT pointer = 0x0000000093d1001e [ 241.265141] Virtual processor ID = 0x0001 06:42:22 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) 06:42:22 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) r1 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x9, 0x120200) r2 = socket$netlink(0x10, 0x3, 0x8) ioctl$sock_SIOCSIFBR(r2, 0x8941, &(0x7f0000000140)=@get={0x1, &(0x7f0000000240)=""/213, 0x1}) getsockname$netlink(r1, &(0x7f00000000c0), &(0x7f0000000100)=0xc) [ 241.431620] *** Guest State *** [ 241.445416] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 241.469825] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 06:42:22 executing program 1: syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="6d66745f7a6f6e655f6d756c746970896965723d3078303008003030303030303030303030302c73686f775f7379735f66696c65733d6e6f2c6572726f72733d7265636f7665722c756d61736b3d3030303030303030303061736b3d30303030309270d4f0823030303030303030303030303030303030302c756d61736b3d30303030303030303030303030303430303030303030302c6d66745f7a6f6e655f6d756c7469706c6965723d3078303030303030303030303030303030322c756d61736b3d303030303030303030303030303030303030303000"/232]) sysfs$1(0x1, &(0x7f0000000040)='show_sys_files=no') 06:42:22 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/netstat\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r0, 0x0, 0x0) [ 241.537679] CR3 = 0x00000000fffbc000 [ 241.542441] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 241.566331] RFLAGS=0xfbf593b407ffc2e2 DR7 = 0x0000000000000400 [ 241.605808] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 241.630959] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 241.654550] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 241.667277] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 241.688137] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 06:42:22 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 241.720950] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 241.747834] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 06:42:22 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, 0x0, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:22 executing program 3: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') r1 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r1, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) finit_module(r1, &(0x7f0000000000)='net\x00', 0x1) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r0, 0x0, 0x0) [ 241.787044] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 241.795688] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 241.812901] IDTR: limit=0x0000ffff, base=0x0000000000000000 06:42:22 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000340)=ANY=[], 0x0) write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000280)=ANY=[@ANYBLOB="b7000000a5510700bfa30000000000001503000028feffff720af0fff8ffffff71a4f0ff00000000b706000001edff9fbd400200000000000406000001ed000071185400000000002d640000000000006a0a00fe00000000850000002e000000b7000000000000009500000000000000040000000000000079fc9e94af69912461917adef6ee1c8a2b4f8ef1e50beca090f32050e436fe275daf11efd601b6bf01c8e8b1b5e4fef3bef7054815ae98743d1ace4c46631256dd19aed0d600c095199fe3ff3128e599b0eaeba9d940a891b2a0cefc646cb77900000000000000"], &(0x7f00000001c0)='\x00\xf1)\r*\xbbzL\x8e7\x9e\xaa\xb3y\xb9\xfa!\xad!\xb4\xd4\x94\xa0\x86\xcf\x12#\xb4\xd3n$\x85\x06k\xb2\xf9\xd5\"\xfe\x86 \b\x7f\xe8\x8a\xcf\x89\x9b\xbaR]\xf5{J\x84\x15\xf9)\xf3\xc8\xd5`\xe6\xe6\x9eI\x02\xce\x1fI\xa8w\xc3#\xba\xf5\xe9\xea>\xc7\xab2,\xa0\x84t\xce\x04Tf\xc5\xfe`\'\x9b\xe2MH%\x93\x028\xcb\x0f\xdb\x16\xe2l\x80\xe6\xcd\xceW\x01SS-o`X\xf6\xa4\xc1|\xbe\xc4\xf0\xac1zp\xc9\x89\xef.\xa4\x91\xb4\xf3('}, 0x48) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) lstat(0x0, &(0x7f0000000540)) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000880)={{{@in=@initdev, @in=@multicast1}}, {{@in=@multicast1}, 0x0, @in=@initdev}}, &(0x7f0000000980)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000ec0), &(0x7f0000000f00)=0xc) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x4e21, @multicast2}, 0x10) getegid() sendto$inet(r1, 0x0, 0x0, 0x0, 0x0, 0xb2) r3 = socket$inet_sctp(0x2, 0x1, 0x84) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r3, 0x84, 0x22, &(0x7f00000001c0)={0x0, @in={{0x2, 0x0, @loopback}}, 0x0, 0x8000000000000000}, &(0x7f00000000c0)=0x90) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) [ 241.830986] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 241.839107] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 241.852246] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 241.859897] Interruptibility = 00000000 ActivityState = 00000000 [ 241.871039] *** Host State *** [ 241.874618] RIP = 0xffffffff81174990 RSP = 0xffff8880636ff998 [ 241.886550] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 241.899988] FSBase=00007fbbc5cdf700 GSBase=ffff8880aee00000 TRBase=fffffe0000003000 [ 241.912708] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 241.919939] CR0=0000000080050033 CR3=0000000082ab6000 CR4=00000000001426f0 [ 241.929448] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff862018e0 [ 241.941932] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 241.949071] *** Control State *** [ 241.957263] PinBased=0000003f CPUBased=b699edfe SecondaryExec=000000e2 [ 241.966327] EntryControls=0000d1ff ExitControls=002fefff [ 241.979006] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 241.989157] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 242.013889] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 242.046487] reason=80000021 qualification=0000000000000000 06:42:22 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) syz_open_dev$binder(0x0, 0x0, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x40000, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r2, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x210, 0x0, &(0x7f00000000c0)=ANY=[@ANYRESOCT=r2], 0xffffffffffffffda, 0x0, 0x0}) r3 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="0059008000004d68e3e5d7cd701f65e3746c6923d99942ab841a01"], 0x0, 0x0, 0x0}) [ 242.077859] IDTVectoring: info=00000000 errcode=00000000 [ 242.106215] TSC Offset = 0xffffff7c34b64d86 [ 242.122660] EPT pointer = 0x000000008e7dc01e [ 242.143538] Virtual processor ID = 0x0001 06:42:23 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) 06:42:23 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 242.424462] kauditd_printk_skb: 16 callbacks suppressed [ 242.424471] audit: type=1326 audit(1567665743.259:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11913 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:23 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) 06:42:23 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(0xffffffffffffffff, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) 06:42:23 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:23 executing program 3: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='c\b\x00m\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) r1 = syz_open_dev$swradio(0x0, 0x1, 0x2) read$rfkill(r1, &(0x7f00000001c0), 0x8) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000000)={0x3b, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x1, 'sh\x00', 0x4, 0x69, 0x21}, 0x2c) r2 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r2, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) r3 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f0000000280)={r5, 0x1c, "237a5c3ef6bb91546a94ff010000ffa95f92a726729beb47d32bc5b5"}, &(0x7f0000000100)=0x24) truncate(&(0x7f0000000180)='./file0\x00', 0x3) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r2, 0x84, 0x13, &(0x7f0000000000)={r5, 0x1}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f00000000c0)={r6, 0x100000001}, &(0x7f0000000100)=0x8) getdents(r0, 0x0, 0x0) 06:42:23 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, 0x0, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 242.734376] audit: type=1326 audit(1567665743.569:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11959 comm="syz-executor.3" exe="/root/syz-executor.3" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:23 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') r1 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r1, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) ioctl$SIOCAX25GETINFO(r1, 0x89ed, &(0x7f00000000c0)) r2 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r2, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000800)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea1400047cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f224743851e4d0c6ed828a13ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c3510d4353769c9b5ba3be6a105dcaec2087eeaeffbdc2840147d5cad85f1480c84af58108275c8d178b1f977c789"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000480)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r3, &(0x7f0000000500)={0x0, 0x9000000, &(0x7f00000004c0)={&(0x7f0000000040)={0x1e, r4, 0x805, 0x0, 0x0, {{}, 0x0, 0x6, 0x0, {0x14}}}, 0x3fb}}, 0x0) sendmsg$TIPC_CMD_GET_LINKS(r2, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, r4, 0x300, 0x70bd26, 0x25dfdbfc, {{}, 0x0, 0x4, 0x0, {0x8, 0x11, 0x7}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x881}, 0xc000) r5 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r5, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) connect$inet6(r5, &(0x7f0000000140)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r6 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r5, 0x84, 0x6d, &(0x7f0000000280)={r7, 0x1c, "237a5c3ef6bb91546a94ff010000ffa95f92a726729beb47d32bc5b5"}, &(0x7f0000000100)=0x24) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000040)=@sack_info={r7, 0x7f, 0x9}, 0xc) openat$smack_task_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/attr/current\x00', 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r0, 0x0, 0x0) [ 242.952747] audit: type=1326 audit(1567665743.789:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11975 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:24 executing program 1: prctl$PR_SET_FPEXC(0xc, 0x20000) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0}, &(0x7f00000001c0)=0xc) syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)={[{@uid={'uid', 0x3d, r2}}]}) r3 = syz_open_dev$vcsa(0x0, 0x0, 0x2000) r4 = socket$inet_tcp(0x2, 0x1, 0x0) fstat(r4, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setregid(r5, 0x0) write$P9_RSTATu(r3, &(0x7f0000000240)={0x80, 0x7d, 0x0, {{0x0, 0x50, 0xfffffffffffffffe, 0x1, {0x82, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x9, '/dev/sg#\x00', 0x0, '', 0xb, '/dev/vcsa#\x00', 0x9, 'fdinfo/3\x00'}, 0x1b, 'eth0cgroupsecurity&%fvmnet1', 0xee00, r5}}, 0x80) r6 = geteuid() syz_mount_image$iso9660(&(0x7f0000000040)='iso9660\x00', &(0x7f00000000c0)='./file0\x00', 0x3, 0xa, &(0x7f00000034c0)=[{&(0x7f0000000100)="66804dc7bc5f1ea41e692e631f03b966b1969257a300844af3427fb2a969fafab30bf21cc0b39a9800b219966754", 0x2e, 0x1f}, {&(0x7f0000000240)="b02d4c22a7208c50d61dcdc32f145072370564b2c7f4b482ada3d615b9b37083a703cb04d8351059715de9b60ef6ce6be229ec3fd726d7cd22d0e8882bcf72212ab5d300bc211811ddba99f6ae36198ee636260782ad4f88ebd2945f07a0468ec6a5abf72ff55d1a475c94901bf1089aae703b3d6d275d53b6c314013177838472f576a373e5b3add44ed0be6af12865f7b39682e9205e6510e7130eaed5113d9e0a12b7694f236e3fbd1891a354b97d5ba713b36d7fd6c68af4d0a3b7a7fafda4f1c2e2ff45d43e717b9d0d4802bf7384632ad1cd526d6ad90c452b66260d85ec65e483c528768a221dd25e80992ff9876983f955305b37a336b7c4c22c9e2c10f978ba7c923408c2139cf0e2ed3b2dfe41887a9381f5d38fc1a460e0ab3e88c1c53d62d49d2d10650a83a258e5ed0cbe8c234697d09c3238d1880fd5c198aa3221d480b24a0546d4310faa00d4bba35f1f9a962c9be47b843bf785a63e68b43d341f4247dfdd30ad5ea5145389ec36fe27cacd91a29edd6925f0b727e5eb953b8d824dc3b987901037c716ca1592520a392e09dfa728926081f9cd597c8ca78253ca0bb81123725f40149f37c100c44c3467a758bee3ae4cef38126268964a64f918878adab38477232112383d5cb2446045dbf36bc1e2bdf2a35d6f273d5eb598d9bd4c6a11f4e6af5a0a8f5751372d8abb510817a10fa585000c79ecee978138d8a041c4c532ffb19e74dcbf79679a0f7893f29e0767e9b532a36dbb5510a9aaf66d4c630424390f0e6c1d40cae3a72af3a181d75694c1fb9cdb4658693700000cd6f000cb96e644c3a4d0885b31aae43b6be70733c42867d486652f8b6bd0ac4142b7b9ecbb9951fe2699f7b0a0b9a1e7e636fb628bd383745fc8c30c943ac92ca202a2fb103a52dbfeadf650cebf28cd59749b87aa60f9bff3e53c36bc08de39eb2af8b8054cf978a703730b73dea95a4cb808990f44f3a01b407d4fc669f72b979cb5d92a0be18054046b0345baa03686aee72d6a478c255389bcc1cea7bb04b8c1a71895308db00e4e978c34124b1bc3deaacf21dbfabd09dfa095f041404225a02b85e0ccbe16a460336a4a3f94eb4520188a5026cf55551bd7bd1e595cf278d9c6dd78e287c37aa62d2fd974d47bc4bfbacddd317f3b74922ac6b6488badb8caf86279b194591d747552f1a083fa62074b376ecc9d0985d16fb56c2a229eb7fe1c10f6d7c557b673a15d89ac5827d5c3ad8d7c7d3eb1dfd2d77f7165f704bb84640cc8955726cc44b6d0ca205e10c3739ed534e1c362b1c046a082f094a87fa37ae15bdb70a4c0c7a0e096dba27566870f733c41447f1fe56c2748a7fdeba12c9638476dea08f3a42db34ded34c4bd393a92424ffb98a739f0013fd23ceefa3f35783ea20fa2f0681b0ecc08d5c4e35fe93979172a5b098bdb3f0e87dc57d4d4011d2f62ef99f5cadf65e124a9e79be483dad1d005d0790df77dcf44571b751fd39c027448e28e927789017e9e38e6e39ba99b6a86e432a1e38ce4724e92c72fd0aeb48c8b89cacbe461f34104ddb5d06c0707feb2a0d309630dd32978233c26cd7e37206a11e5454ad74f7ca3b691560683faab0968c572c8b20633a3c57339c7d1c78b8baacf1f9cba279b59998692dbf8cec331336d25aeedd0cb2d3401c33e35bb78a567323a1c774a672bff8f87d73e0ac3aff609f0520bb0421de42c2074cb0d8d3f6b1816960de1ea8fe4229d8f210ccbe249d1b7b0c1ee1719d7c75f354bcd952bfa469e89bec0679f966296c6dfd9376202872c9fd817aa42c0efdb18ef867290d15f7d964e1db8e2290fdd6e106222020ad9721aa6ced850418351bdade5b35059d5e4103c386f7bdec95c4d3ee38e9a9b6b4a544530bc8357f98dfc31d9291b9433c92e189e2f8e117072fef289af4a95696b61d4a33383297de1564cd4c51556010774ae4c6814be4354b11ea50676c02cbd036830ac6e1b8f57347e66816f840ef3a1a226daaf67852d06a50346c7003dfae65303b24912647ef454aa621d4ea8e2779f8e53c58f3c4cfbad0158822a39a1ef88a26d06e2feab98cd16cf1b666aab4ddcb70969f2a8d9adf0484b3f1e3ef0960772d9ee4a6886a957b763f1af8e87877ae24c27dd4a65356a2c90f7dcba8c3e0bae540f1f39dc7822bb49db23ca270d35b4ba1fa847fe4f5430caf2b0b7cca4dff61ba38356a615b67e4c2bf6ae06266894039d0d7bbee400fde14bf892c5e64f0e755e761effd48ce1f3318a048759204e068066b6e3c67549048425200f083da07b8663e6718f2e547948406049d042f84d1b1e0e01bc281cd9968f63f98543f2a3848ade17f1b492ede90453a44604e7cfe455ff2a00cfe9ed65a126f27f8514746c779655dbbb328fcf91cc215cda94078ffee2d086fc535c03f1580cef4bc9067701b609cb32cd6c6a687083783f0546249739042f92792038e0d8335e54105acfdc2c70ab747bd4f50f3edaabbda3cc7275dd437e781be8975ed43c7458450f8028a0899bf0e3d1f82a17d7048972da549fa6111b82e56b40e5131d32bd78d19f4cc9bbca5ce270350bc74dd986ca86ffc621e5c822816196fcad5fc7147faeda646db009b19528db91961b84a6b6ae0bc00ce5dfaec443f5b8b7a36071cb90c66f41ced34de8d9d6e3a2b65e26f582a596405582f251578322b27aef9f1b488f9f70cbafa2db6d326b747336bdb36d824ee72c56d5432c89554fa7ea77c16a26dee2fb5bdaf90482996b540a1eb4a286dde99548646a7d2438fd2df5000e18310de0381c5ac169b305f8cdba3cb4dec5ba5667277039432d972573eca9eb7461b3ee6d839513e8a447d47ad6842fbfc2540a3215afba42d53309242eae70ecded6f3d29828da39373f414cdc02ac0b9fbd759c369d4965fc31cc065fa6f779bc534b3ede325200d2ab9161f9eac7e2c4472676ab13a8218e74fc5d554c5fb9d0674ccb3d7f867310258335daaa60a78b24caa21a36428d05961dd42732fbc5cd459d85079af79f66bfe0c4d9142beb390e6e91230317da8a8eb0469654419806fb3d550b013f7c4e3229d9e383a2b9560a5d54ccac832665c5305ac3453211e3a04dbcb837c874b68edda9c8387d41d1dcc2a971a4df7d2aa2a87491ab993b056c4f79c49cddb3bd8481cd70ee4e29373f0f9c60393458f816fe7d10ace03868a3d2471cba5e2248803b6c78d478cfc961deef3d6c83798acb3953ffeaf99c3759aae5ee483e8ad4a15466fec3b600ebc1a67aceec85dd2a904b3197a609230d56c640ce0309b3cd6cb5454565ec1b10f6577ad058528be1abdeefb50a4596bef0b7d1eb27e79d30cd4fa71bf818d22eaeabcb4359681dd2e462f88d1fb9e1cf2cad6592fe073bb81c6d225e9a0d50657356b908ed0637857add128152e6ca3702ca38ed05744de651db89cc60db405f27e105788c62d679fc92f1ed62317c1ec3bb670661d55eb7fbe0b50079f33ed2f0862c6a7c7bbd2c6e323d1b94c844b113ab95f6597eb561cc59069a862d3ed246c1d16c15f461d570ff716d8c37ddc8a70bbe3e3ba666c46c8a343bc41a62864fcf281c5fe7e877982826e3393f9eaeac5d3aca36710512f5204472b48d7f7921eff24a59c562c3d1cf4a660cdbe70ecbfac3d4905538e2235d056d4c84cfde63bdeeb10847364af2e0a2ee30d94ecfff63db10e440f7d2b525b473e5ca08ebc923cd81a66abdd13af27d568ce4f7a8228043f41e929f5d14303efa392a599e44c8e403dc63046c8423cdc95513c9a3b0b235eb5aeed8e217dbd6fd4934ab115d79764b962702c1e2ae31d52c1aaca8abf31e85fe0073fbfc316c9b4d09bda1e965d69d48efdaf4d5d008e8fc3fc08370758ec7611ce27d0c320b52467f015320a4cf990e3408431113ef5bdb1f343a109bcdd3ab924394fe49e2f50f458de825fbd76bc2620b2cf5c64e796ed6fe03d40c8860e4d39e765442f15e617b107b7056cedfa9b49ba7bb69b1ef0cf093ecc89bb38f280c83e7459f4038b43613271d685afc09e84e4fe1a16eb24d84ed73b0abdaa8102a90b7865f58766600a2b0adefa047945dcbc20c09249f6d81016195ae1216bf313f5f25a0f0400c8dcfb94f9c4e2f79fbbc30a846c8e5045c37af658596e80c8f317122c96832b57023c0fb2b838d3ee5d083c10691e142e0f39bc92f649d333358d01089ca29eefe485a54773678ed1bd2575df5bf8b552fd9e94f4ff8d4a584a7f762f82ea2f54ca534da2a7d7bcd99a15c5a1fb45e3810b6041d5992d40d5c1a5a1f9be050361c7e5c1b15145a36810b3f26f03645278c6350a38d0139402019070caac7c86daca9ee89017604dca2000ca8925d8527a62c2327054d285e5e156800c104381d4bc2d9ad9a07c9848ae2f3e6b60ccc6f92feba33dca796a370acbbda16dc32ccb00b3d43d9c73990f8a229dfad4291b605ae4f0de8b9d7b99970c0e2517bd82decfa235188f96bdc21f4102e6f07fd1cf49b9bb31371de85b2dedf8daeb31569d33b9b6d54379f2f43da2451c4b8990b043f2223d63c67ce36b886a8767a76ab4acbbcbf97b00b08f10592c28ee0560ee6a76ada976b540a8c78e6889ceff8b6aece1eb13352d437a9f02b1a2fc184b6bff055e60f15d86aa57bb937311cfd92e322137d94a528fb101efd0850710c6ae2c52a4f3a9a125aa97c0871928b844fe42d4cb6792a4a291b15efd81592c4072d30196317c8d820be1f0d3eb4e4a30429f94dc8f69f5b5d67a2277bf01de0585185d2757b6eb25cc71ee13cc8ab1c11fd7a24b60b4869f8ae9ca18228904b09cab3df49cb3aac0d2e6ff76bd10ba40cc6801ea5dbc7638b55412b2a944088c8c0d9c3be051821785f0939b06ea8bc332f1cb9040e0f7ac7d302c081fb6101995646eb4647fd47c9c0fb6183aa3b1e99aeb4ed12c41ed0c599f8c48fcc15e7f7adac616bd2ae6f3c47502a33b2cfede3de9ff70729c7e550c6bc212c5181f455ee5e33a4481b5e64681a13f5836177f4da7feb81699d54bd3a293dbfc9125fdd857fec43e132d95c53e02e87d3795f0bb33d19a186b2872e2c01dafd301ee0b328cd7d9caf4dd0ced01277e707b78711ac610a43e1939671c21a792df2121cb4bb2d17a65acaacb878c1c1c25c4054fdd7ada1e889d5a434670744d1730dd3a8754e1db1b845888a12b6a84b4af1fdf7b2b93de0bfcf164e0d3a1789c956334a39eaa724f20425c2a1bd41ed2fcd5ed38b9a875dc5cf9cab5a52eff0bd3b184e32ea5096aba5b2ea748eddd65e2e2db2a59489c50e818d406ce9da0ec53cf12448fdc2d5cb9bd769355adb160ba542d4f2d0feea643d8a9130587f9a3ab0ebe27f7a530a78084d972fa64ad0e066ebc7908acb88dbe74ba23f8d6cd8ad1d6d7b34fda2c1bdd16c8a76c0d1b3393fbeaaa9423f83f3ec3aca61e6a2bd67298846b21d17b10cdbbc14a7138976ed29d58f82467fb1ee848579bffc2da6a98b6e460102481959b9fe3ced7b52ab4af0a400d6cfaaab4b82c6bdd675ca113469ab36c202fddb839c2f4eb17078d75cf75cb7d6c20597dc026ea49f028fbede0ef82b27cc1d55a997efd46d1b78cb6d6d5b5d4486b29dc34e618c64c939320b0f26af585e0f02cb782b64ca3b8fb89cd94c15c956a05bde159d618616110666a938f86684dd54ffba8ebbaf6355ac1a6a48b8a466a29e9c2f262caa61857057936d03adb58f030286b6e99a6a08ee42f6e41bff387e611af3d0209aef274631e200420e", 0x1000, 0x9}, {&(0x7f0000000140)="9da0101613ccb71b30210f67", 0xc, 0x6}, {&(0x7f0000001240)="9ec821376c560bad11326329821a8c1a558c550d66e5aa254178f22c83d1c83fdbf8e17ec4edb6eac7cc4de8ee94d2f2b108208048c5ec83b1b7ae7738652a3a1bbda9ce2a80c2128cdd24df1a9d05fc9d8b93745e73dba3838e0bca5c4f8b6da8f63dab8585535eb4e5add03fb617ea9675651fa58c3210fee94009b2eee7486bde8a21168a5b2d0d687006d94d268c96725f0cfd5df94799d770ad936b0e0d02c66f82c163e70859a1669fb0182f625bf763a0ebb1a3659d2415089cf5c6ec1e024db482a34c8b94a2c2f1c8eaec4fb43db566f99d341354d29e31113c8a5ac6295a4517054fcf2a06cdde44af77c585755f94a5d69742de9413621df578aed65205f0ff19f3f7da02b7f7cc605f515c430bf6293d54f5124fbcf459da9926540677378de039b49d49c5895b2a1c992041e3a90f4eb93ec6af18ef287b00aa9fce759cb54568ae41832338edf937de745a7c53776dbf46057918ee400140c264c714d9277c8b8cb05e4b20716fd9025bd1cbcc2dcc04044c386a27903ce4be9322e4ab20a8d54b6ab8e77cf62d4192925c838af8e5350778902f2ddc4e1837c0ff1d96cfff5ad5ca3507be5e03e3e669f923265883687ee55b100b3eb3a7ed4069f08ec8b7cef90f3514e976b86e92598b5daaf90956ea4ee3034f5691241e5bc46465bf57ad37dfcdfe02fb4ccb43f69f75700e6da6abad3fa42f655ac07d2c2fad57fa2ab3ec419923ce11814a24c8409bbd9566bb91930a29e4a22ee6cfa8efb10ea3dfcc58f79805a68fc4e387694bea9336c55e9bce9119e6244b5162ca024226b88c1fccc3e960248cc88b17be6b8591cdd754cf8ece1929bb2949d5a69692e9aa821bd07869a29a09cc1b954eb9d57abfd1a1cc05a28acef23aafb4fb3d508fb9e3b7cbd1992159bb632e95c6b4a22c710d2c8703182f20e221685c503c2aae0bbaf7c1e59d6f49cbe14bb5c353747c0aaaa3dd63d6ff630eea718cdca6a5a8abace21d63922c4fc1569d3d63a588961bfac8cde24f3ec6d85d00da70e4ac743555366352bfe9dc9c7c1dba91bad161c2b89e460e4f7b916e0a5acd09662137d4f576ff4c14de554794bd1b758fd098099e90501057a1c0c4d86d692716f51e60e1f1503356fcf1ce8e7e9b0d5d56aaacd8f2212b95ca16e21a1ea9b0c4900198869588a19c6f5e969b11d7d82996e8fc50cefe61d74c7e1a05776169c35c84aac0ce2fd145c6e68a1b7aa519b28cbb26ff772d20355dfc74a2f3709bc6f0625bf9853f16cb2ce6f80ed3cff6dfe760de72217d7aea8949d4bc0ece633c505871d9bb6d0a26501d1a19ffddb7cc90a21bca01fd3bfd8cb04a0ba4af7dd72d9bf89637533caef671d3e7edcd5ea872d274b0b02e55ceb9bc8ca61431604751a93ef0463285cacb35f419ef9336f36fa4596a5caff482edc52bb5b4ddbaaf51a0611d8d697c160ed99552f1c3c72c8c7abb3d735c5b5d1f1d08ef82fd85651e9850d8979f8624411778336ac7f484c1ee27b6cb403337a55283f3add95f71c31502590fd2ef2998c663ae5d154926349f6f3f3142c846cbd4b957193d0685819112b03c109784a55eff652940a20580f1eb66516139fb29681470ea2295cac1309bf3586fc525dbedc0582a5cbb86592728ba9454d030b151314a719dd138059fecfd3fe566db0f161260d3cc39e9cd1d2fc5a8493c244f0c4664eea67349b63b24369b7a66dd97957c65a1f2685252ed6c99623cf6c77de8ab829ce90aaf372cb62b7b82c877277520ba3bdae50273c2b66b77494ab5eaae565c763fd061a17a5f512c424d63cbb8a7766a78312e2b5b4a04fbf13f7c7a1cc407dece6a6cd438269d5ad7ee87ace173a62de6a20dfb399319a57aeec4eb1975790ddbaba1f9f7435e1a1e001d1342cfa0ad3f9431d385cea0a01e226abb06d1bd7b667c6b5e0994e63f7e56a69b136976738eccd61e8a30a2014d6739446a366dce50569723e1d2ddb785b735edf8f7930bf880ec756d088e1483048f3bbe07df01db204c88f2adbd4335f1408e48ed432249c7682002efbbfba0bdb2592a1b89c13d8f966d77ddfdf47a8f020ad927c00a0758ff05dc3b9c63bbafc4da0c386fd53cb959b4ade6f2d9790723ad76f77e5192c8f10f169fd8a9f66d51c1fb312e889f16365ae59c72d9826f9bd205c755392e0c6003bd44614f683fd91416c34b25e8505fc924f1825837a035ed4d04b2d43d76dd3f49e8d7ccb0a5a844398787d78d2ef4b73a2ada4b2b45baf9df33650c44cf1a455262a00e0ea1ede23ff7847d67eee5d134a35c091d3430435158c281429209e5194608429adb76c3a402ec73f8f4eb6f6f62c8418772a851bc9da134c2d518854b989e1deabc5c8870eba46c6b69430277c7186003ad9d559f6c64f54b0254ebf732dfff0b7cbc14479f068029cf48f933b22ccb93256210598f45c96442108759dd2f5f2e75b86b1f4912e39fd21a2fa0d0930b29e18bb19a6463cc91c31281dc687a47a9a9b974dfc0681c23cbce91fb13debe10d27c67d35c05fbc288e3538aab44bc15a6bfa81869b6fbad77c29c28f4e0dbb645d76f917c643d8e3aa34c36bd54be4fff1e1e99d0a09bdfecad09f575645a9428cc1d65f3c362bd90a2b66ea5a22496e030684f3baaa4dda57195a5a48fe25b726ca589b562fcaf951a401c399e4e4999af4d08593790ecaf67410cb7a1df30228857374a30d21606ef2503880842304b5dc2c636ab7ce063ce0fc9a9b2bd1d07d09e581098e3009c3dc9d0186836826e69a3275ce7ca71b6605e7fdd715d56b118cf7dbe12954d00edd32ad6b37933cc6acd47c65e9620fb66f25a3694b4166462b062b2550b648c4788382ee41710b91c49b97a663fecdd4b052f9aabb038e938026122e3b1e48becd080b70f7f7bc22ba6825c1e428a58f65b31879fbf4b18b199d0d973be54ac7d9fd7c5589c8b7a20e3a70152a1f7e8ef50332996cdc672ad941517223364d1fbc4a9ce1e5bc7e5e9c84f937c6279f3eb8752e07e249432b2352fa575d8b13da92ed906f3f72234878369d4db4a4d0e5f3e329e92d6ee7e87fd52bb2e7406c9eeb12ae3835185d967c1debf22bd000bbd2a4fddd43388ea453cf62b42ef4bfba921726ab7c15e0aea0f96dc8e00d2e66e716c2d21866bb3b2bbfce9de2a5d7a9c79a4881f0c38cc75bcd269320b8938705d35f2183aecdc1d276ae8fb216b3881b28af9537f7173ecd29c071fc074a88ebf4f508ee8c5ae0fbbb61d6fb14141c942370e99b62df5fe80a168a30c802c852082ac83a2a4ded38436c82682859be04f3961e6ce350383d1e3e3bd12906edb1d6f6ad1817d172cba480bcde3640969ccb8ae7040777fe78c557e3445fe3262f7d8878c2f2d434dbc24548e3feb5d477532979c94cb53dbcb9ee6a1225074dad222bae1a93cfaa318ffce126985f05a96fb875de1d50c9d20cdf2560d61b4d3e4278f3e177952f7ccb5a222df4ea3c22bcff1016b13b8529578a0d01f95bc904ec5014d1334cbb074c5f8d83d96ec278aab0b7c6a1f1a01ba14337acad9c5bca8314567502ec123ac06033c4911795d73e63e354886499ee35d1665db853a484b5b3db77187411244e334eb205db2715fd7b88611562e5236189de8e168a19f4920a86bf06745c57c3eb4fdf10c6effaff63626b66f0fab1b4b945e467deb8d3b86cd15fd3297b4e68438ee219fd8f6134c5482e23a9a60e535af4ab9c1af0e9866635fa92aaf8248af382f18d1ea03e3aee70608f259eacf1942971998e1b878fcd257e7ac7decaca511a4f6cece13b1977a566d245cde4b195170095274408ebf9254235482a1b338f025bbdf5c787cb246eb05fd631a475f31059bd3392a150c4e16959dc6ed823aed79815d3feb6a54b9f87047bb4e1a49a042254cf62a59293de16ae9a718537542a88093c877e78cb497ed2a9682026c29c03d54cfa3ad51ba72bd32cb86940fa005b1d72e5bbab513fe157c7251a8217235be06cb23de8df93ef2c408e94e1ff6c8465c041b43d140b4a4bcdd0297e671bf87297ccc35a10e7112928c36160346b5c97fff9d1734da4d87711f6a50eea4f963ca2d974664da3c479049551602a5618bfa8af245a6001a8c9e293024b15345b045560a8690328aabe6c5de209740c51cb57831f1d9e3a18ceb304ecf8f62243564aaeb831c69fcd48450172656e634d413bb41f93c30d3cca33b0ff6316d3524ee415450043f7518494a203f9bee70f0f91aae5daca9e3e1e979928b68db10caf637110e253663346aebd34ee85b0ac815a78c26e0861eb67787c7e546cc4f093567ac9e76cacc103f226237a48e080fe016fa739e532586758560fe35dfc09b6d687d21bb032733e12de616a1f9b0ccaa2d56cee909645e0dc5c3fe829ac0a10b18ac4c893891e366e08a099a22bad10187f0b274d656f75c3170942c69223a04c84af955eb4bd4c883644e85dac456153c8c6fffeaeb9376e2806eb4eb86c92c9ad312ee12f082d263a56ed8af44521f440501bcb6e8f9ba92e029b5f687420842b3b7bfefe0d423a017d3087e84c30e5bbe37d79e4b376ee5354dd6a0a0f6842254a85d9bd9fe7c2584bf2f6185060ff12503380a486771331a3a82320808d2b293ab300391905ed625389d0dd1df9809e9a9887ca487914837ed9f58655c3d56354bb935aa7339183affd66b882f66aee35fe461cfc9745a69c269aa29dc480b2b07c2b5e9c34c62079becaf611dda59d3d2dbb3736eee30472fb6e41ffcc2d586800cca734d05251839402a1b546a83ff38002025bb79e8e2f6325b5f0ea0a434416de69389c3e2c67f34321af9695f82ff0d5301c846192c86c0bb98ca22391a19683edcb09c5f31a0647d31e2ce48dda453a3b7ad5fd4fb8cdf98366ecfec7aa70f2ec97b86f1a8e46f6abf0641a55ae8920c7651f48ef0057701e14ef1a6a2221214e5db81c3fc38f2372b9b807668fba878287827ac4935127412ca5d1978b535c3b62f2d4f54b27a474fbd8104a46c8fd18f7cc0ada6b59bc242368a848c0512855028d7a96e8dd3d42d79187e50727c8d024dae480f6b6c0b907671baffe79e597a1814949a04b0da9a22f6f768d8b0a597d23ddfee7077fc7a5755ec67f8093ee8dd5ac27e2f8bc1ac35a34efc67072a81ebd4cd0b5e05903350bb16217602cc3165dddb2087843a6a40259b18d395936c080e24e0fb5ef4cd8861e7813e033487e3f52c2fce80708743f778080422cc9cea755f5db33a251f3dfb7b9466dde4861d8de9dd96ae9a6a37f5bf9fee7d652625acf685d54d91a5c3cf8b9fafd3dde13fd559dd76e03b58f78a7e15a10dfea75bbe0132b023780058355489560e99fafadccd1b22e457c6310f631b356b1dbd71c10e7909a8028a57ff34bb635c6fa5b31cd880ae331f86509249bb64a35dbcbe0d0df6442e73cab19b6d26ae0d568b7e7333083eccf2129f6896bd37f2e7c0ec4c2ece1c37b8e36cd489a398dc4135f5a962178c7d48db12613f95f074adc57a2592af1d87f01ee98cd89ab59cb19eba040ecde1ca8dbf99fe9f7505d8d296a5bf469e8931ae16b34b50a2da897e57b96b16c0cdabbf12a8e134b95cf276a375133c5ce6b29f6c4a187ef914cf961aa20f8e989ede557989c0fbb3958703a0000670e00ff20ea80adc2a010cd411eee9077275b907688a0f23528bad03d5a6285802df9d3178067a30a5977de0eaae44bbf0a1972d555bcfa012f9dcf9c54759ced859fbbb1bc5951e", 0x1000, 0x2}, {&(0x7f0000000180)="626af2e8746809ccfd5a1d4d70d3c199420ddef8b0156e77f6356cce7889393d820946e97c5a0f4b280368cf2635ceb32bbc681ab2debd70b9e04bf2fba916ee3ca1e0", 0x43}, {&(0x7f0000002240)="f632696cbef6a34f18b24ec07f6696ee44a875c4d69d24941f83f1b56a3767dd4a16429fff4c03137a39ed5a043054fe87145f52ebaa3a594b4f63ccd10daab3285280205194985a8637c925176895492dc39adb53fe37916ce7a85ed5109914e6003f5082ef6f1aed9e2e12a6359fe171b662b8687ddc26", 0x78, 0x20}, {&(0x7f00000022c0)="969f411afd0ee86ed3aed5f0ecf6a5908ee18ab89b5588d05f0eb9bbfef338a9ba4a7cd424a319a3dbbc4c92564a3579d6c180e3d543ab6f08952553ba54bd778890895a4539e83f40791a2bd8589c09f02b521297f21f84be33080cf9f50cd779cc20e5f83eb4ba69627db3449fb15a76692030ab8046de4d727910cdd3d415b710b81ad7fcb5ab884beedd75992cdc52a20f1fdbce24fe4bd2d41112af5252e8053183e3ab1bd94ef7bc6605a48e8b586dce1d727f0c51462cfff96cc711357afb203f37d8087683074639a6964e4c0594b616faf7b0e60480a53878a72b39a17060557890e7aef4d8c64761e933ca83b1dd0b86fd3cfbb82cedaca4d514e74a89f85d28c47ab02a1361109a1e48d08715f6fa8513ceb51993c07ed121b00183058500cbd8b16f82ff7b03d47cec4c7951641fe4b33cb7823136d65251fecb00da6180ea4623ba61163d2f2fe556c94c997f7362b7aea147a804294f2ae3490dc5d27a6b9ad1bdb5363a833c9f8d8ab7647a64a1e8df4be8bebd4c5456988e543cb07afe84da419968370e2e56ddfe79eca9fb7d42ee9d1ff154badad0b67a4d2664a862e9ac1cae61414c07471b20cb723f6f05edf10455a806078e090c5eb28e3b81482ee8260425e970b34d12043023110e7bd9b952da0a7eabaa1e8d80b67152acb94a0f6335c4ff0bcf66ecd3af6646fe7a0db06aa0a942fdaf3f334a0d22b12a0f997876e813301e00a35c29479d74a3978110c914f7e46ebb4e479b50a7668b93df99057f3faa29131b4f739c5e5883375c449917e1d48b9ce862ec8ccad3538efea1dbe694d76c7533c3b52db842df5d113e8804bf650bd525e3ec698db37c824b2582501c99f11ff4bb722b977e6dcff36b31cb6ef23876754948d433399f08ba8bbb083551149689d06f4fd42085bda9f3e2d6bfbbf263ecce658f0247ee3465822f17391d2c1277daa7a69f38fb9b816d6b50b76d3a41141e95edeb5737adbaa85b66d25c4aa7406383c7d2bee7028f0d35997d35b6438763ca15e93ee90a3184429dc9e8f344d7fbe023c5902e7bde485b350ad511ba21b9d5d8e1e92aa995e6fe615d0f48a13dca8cb7db3f23a91bebbfa3e80d9de512d9d72467dcac7ca0f794d15a308a05099a4c2f07be618243c69e85257823d03e55f0e3fdb4d1141f0b3871dd283674d0b3e69e69d55a51cbf95907d4407c418a1b0d3e26166aa4d7c1699b65cf002a1df56b026087398f50013f16109a6a13cff63e77b19749468162ee304672c6b562c2c29939531d5244720dec3e0ba3659454d049b1550acbe06455f914eeebd7b9b61bff0e75a9a6e307c9d81b626c57f6c1e76d7819a3966d3e23a28a3aaadacf9ed5f96750f81f8d06911a241eb0a140cfb8bf784cbd6bdcd1a79ed08b640d2085dcb7bee4bb2bf9cea333f284c3c4fb514806876ef31728faf7bc7656dd59d64284471750ef179b993ba767649e52ae9c7c1bf35d88529242efe48c58c0ebf8160afa3576588535f3d29e4f05dba9928a51bd82b477ab91a6fb6385314789bd1104572afc2edec489abe2b4dbd875a81ac0085093e5f3ca42e26c38f3401f9eb362aab2c9aeecb4a1d56080d48a4e71b8461268eb1b192956807fc139ad866242939cd034cfa68b1a7acf05d20eaf184f4e8c6d8de21bf31f59a2c3ab81d6294982898c90b21c0a6969145f20c310bba61fa8b38bf7f4cc6557e5710d82611269ed7febe6e997019e0a9294c2b11f23177209330758b3ab480ec66b38b53a71af1f8ce0fe0a665fbfa7665ac2ef50dc8614dffead1820ad29e6dd501f973a9ea2f8e73f830a7584934bae29b198f1776b2f6f9f4ffea9c0f6000e03b10cdfb631634fd9db601860c7db6c1a439b474ec32bf3381f81890978919b86434ab2a573ad174eb03056f3ecdc053897ec694393eae64054a5c3c4c3ea08f2fc7c154034d29c48733d01df89e5ca7ad6d853f875d7ca875f464fe3497230910bd994e9bee74dd0c96e5fdfc8dca6f7e40aecdb52269050a149eeb1c48c57f83b46de63feeeb762c7dead154d272de23fec0bf23688a8a0f6348add7304cfe45f4ae10626a98030ec1b48f50c7b6880dc20515850e19e17342c6afaefcf50045b7814e1e5b1ac5c505a9d26b9354dd20e9e498f42f9d0e2ebc9ebcbb5b8bc554599a906f7862354a853fc2777020240bd768efc850f7001e31978b4a736d5e8d48c67904c6597c0986e8baf5111252cb4524daf6ef1db9c96473de90766abf87e51bccd2b7aead7f34a7b58adab83204a074504ed79348541c75850eaa8535b16f0c2acc7da0237306c415d006b526d904e2bb2bd50c6fad0c6cf43ce6d72233ac1d16902700d41dfe47c42b6e7c2366cb56c1e3a7c6a024875ff06da2b62d73f6ec8fde0aa508c7e800d785da64033d0b1eff923063e4b47bba8eff7ba5f20235e8abe54e13a724fe3e92bb3d485a36fadbc994c39116c4c05459f768b3ca22d628294ebedb1d3e6dab78474bfd422120b90632f721e393e6c4dbd7f5bf8f853e5c79311cc85609507d45434ca17dd1956555026a039ae4c9d1f617e5c730fc21e88f7e905fa56ea7a1b16be3aca989af4af7f0255989f194c1ad4be177c5de1eec4fdcefbd1d9a6fda7fc916ec06ee8cf2e43e10a7997f014f8a43e8bfca2b785a6e7fcd5b8b790b74cec9b99d204f408672ddc377a5135d92c385e0e6e047a70045c150c29a25be926971f3b87b6bf82109595f5a82cc269eef4d3516e05811e5adfcc52ca1a329e68ece2e064f9c3a8b15be8c6eba4324245d16365983db0e6f223ccc04eb288489a32d5c23436f9765600961e6899b89fc7329ee465907d03977b819a0adbdaabe40d7b1d8321ac1a3ed5ba7c3e531cd58c7b11ccb71069f16e8e52e7d4e518ec829be4ad3e38e55ed7fe1bba6d7c951fe5485903ae7627fa5d7bf9a7d126c995932bdde7dc502f1476d9d9871c2f8354750be60e3e2610aed59530afb2e9f9b673d3090bea8bfc2b7d06f69eddbca391c85cb44ec4050891d526ca045f22ebec3b6fa741cbb91945812cf66dd69bd1086bf4227181a7915c98b49373f713c0c0897e49833b2256c720734ef1a8c0e998d22efdcb3405087c4f3b107fcc9c773dc19ca05771b80dc622485900d70ce28aef5395353c7aea86557836eafe1b11749f453cb5d3298cdb98af7392ba1f78578c699f47e66ef7cbe05970a360487e35e27d1a601bd145ea22d2f7eb9c5251dab1bf38def4c28f75181e7f0b08bdd32a4ee92251ff87c258ea929591321ca0c1dc7a5544ce62966f1d2ce0562dbc5f7e4a981cdea61d24e494aab40b141d2b0e3409b719890ab2b2a961c78b5a030a3bd9eacaba315132a11105074ee8f0554674f32f01043d70c4be8ed27bff72c478e5fc26cb2bdd5c5de1fcc603b3acbf0a4dbacc1a508ed8a23d6a31f1c4c116ec1f292eed091c9b40db9b0a2b131060da944796c6e11d111bc4ee6e20cb4fbd9094649dbd391cd436c030468a17bdb06fe200279cfa293db3ae1f1d11b868c32f778bec673a308352b331afb03c33f43eacfd54abb94e9a9138adbc9d3515089fefaca526fda6f00860764e19cf22b16c29b5ce88669cf09fc9ee24c206cef1bac7939f9cd8b86b41d000e56ab03bff18fbb14fba8faf6db47cb752e343bb643bf3b13d897ac7d8ed70b34b49f0e65c26b0e97d826f2421bb601544bee6efc8101bb0273b3b3624f18763dd05df76d896b7eab681cb9b42a02f64eddb3300dcd7e258a06d39e99c48c3da4940f89492a9c03e00d44252d8b9d8dba3972a7c4152362ba1a96a80a34e7b17f14d2047168bf705386c141aca70d50b4abc140cc7d3ad9e538051dd488e21bb8d4bdd6ee186ed49b261c342adaa5c8a35a5ac02a9ecdf8941f355136ebfdfa58cf4ad89702f239afc6e0ecb8c1c0647a5a7c4fcf47dbcf68190ce1015ba04869f645e1eaddbcdec77d92c0522404471f51bb546607309c90d4041746313e823effccfe959e10d5cc9db17c23ec0ba06eae385c1af9f5e376722e41b8b0563f04a0c03bc13f1a492f823f87293b946e056ab916e1b3ea3ca4a9854b40e438d5700e11137c979d0538e1bfecbab3d0f076fe6c2b2a1277fd93cb6098df32d33c4f520f7d4c1b852379d6ecfd059ba74a33076fc5712dc42dd1da7f266376c638de6b7b5568a765cee452ab31d324cb042a24c502a83f075c1c06abd46bbdb76dd5a33ac6a533bc6dc9f57bec1a2071df4368dbea1e7c6831315dd3f1f9f8fa7238ee9516b0df7a6aca491822eb5ac29119750b5c4768f585287068aaa0c68b81172b8b724d689c552bc62addf2cdaa872a76ab41caf42406baab1f5013ce2718afb0cd866b64373306607697f2812320535a7649318d16cfac3030c9a15f2f26ab727177aff5c9cb3e221717eacc3b31f8e7f220b5b029d49b9f6c9e97bf42f94f926ce43db44f47253b0354454d831b11907af03f2900d6ff066d46a0c7b3df5721f22c1cb9cd8ce94cb6676416fe485a839db5c0fb5698fc01836a8bdc96dc0ed205c597ec3c6bf608ccb13229781a84ccda77d66a62683298060d80fbab08e4881c329c13bdb2c438b0500e7eb4064b88e3388423593674ad9415a0a65e167342f21504aa80583e8573017d9786a4bbbb86593bd432248550f12267c31c31b5fb798cc4f6d9590be9b20541ae17403cd87c47ef8842718d20d3ff66e4d9536be84d995a29d8cf2cc6df3a3ac986da730a70f815396cdb424bb1ad83e08b8bffae231d4c23c6b6968d2cf98b71c3997117c230bf8bc521d43b0328638b14a5284ec9ed0e729ef1422e6fcec29bf6525b0af6d2eb6e40e01b3952598583cfb21aee9f009e4ffedd64b0729122bc68228d9f7e0d2602ad43ff178e7f27ca5602e92abf5ef4eb44762b2b98bc96104a9c46b7e8e7797228e1058b441da57b0ef82895d0470f737fab59f284b0c151fc21f750a346451401517e34c19f82e1ab03684b062f541946c31d619aa9b147e0811dd3186342d8d85232adbbe67833d065002700ef0091a326772092d45722d746567afe21cbcc52f55fa7ce2dc3091bece3679f217b9bf61c77090cee1fd8b42ccc37d26c05c25b1a1cf0b8d933353bcfb9082121c79fa427246a6e9cf8468194f10afa6a7641a8ef26ff37cdb01702dac4fc9a0fa94bd0e0e80f0905e61e124f1bc38084e13279499c618e839ce9a4a603288162472291574081d154dab8b4230c8127c08da51f9b1da57a23e051d30394ff072e02efdddb76162f793b52fc4eeaeb5b751f1ebfe01597ca206bd9199a3eb39c26abc8b95e2c18df995b2886208893961f70104a6ea1b739258875314343e98cc0000290fa9e34ac35a6812a0586f600d72aaab232d4a0cc26764823ff5313a8a05f8f44de6aff6eee1ff05e5521da9ee7597309d5ce7d3e13cff23bcbce72ad9a45797f272e1ff7dc9c771f5775c6a02354c4d26aba0b1ebd947dff376fbe5ce716862a99af90022660b9d9e77b4f515d0609b42978158cc660148837807a97bf614faab4c8e904897bd7573fa341348997ebbd6e11bc0e6feabf717e27696ceaaeb9f1a6106b9bc95d13b417b08410a69ba3fde393022f55355634a3c13f9e73e4445ba6283a9f0595b3eb442b672fc6a9c811b206793e92f44008248da4c859e7be10021e85668ccc623b649525868784eca8c4877e72652d2aea910f1794245f6eedaf2f14585bd1e097bee2c1f6a2c2ad5690022ca3c3fffc841330365", 0x1000, 0x81}, {&(0x7f00000032c0)="246c0e46aa74c0b121278604a59bf0d04591ee876fb0221ae5ac91e53c8433dff75bc24332c61b8f2ae46cafd5bffaf8abe477a77a28bf6044cab97ffdc54a4c005850f0d0a78219fcfeee85d475b767a6a412eea1e7c3e61fea9203b5a0af9d3f9475aeeb28eac538bc4450a5c9706c78297c43aa74262b0258e0824672eaa1e48aedc4db609c572ad09c40ea6c934cefe98d37d1fd1a5d8363fdb124e019f27abc6fb25becbaa04c58d23829560085f1c988eb030b566d9128aa909b11f8f14b1168f13f81e29a98c6107ac639d08f37671183e9d1", 0xd6, 0xfffffffeffffffff}, {&(0x7f00000033c0)="d2dd15df72226e811d96f09fb44994848ada4f43cbdf9fff992a088cca63195ef16fc4b6efe8bbb7414625f4675389dc94b505b1", 0x34, 0x3}, {&(0x7f0000003400)="69c633958683cef3f710a811191ce9537b01af178b674a70f682ca921b8f54f4169220835561be85d016da35320befeee6c90987b2b1829746220a328712f04bd435ca639867ab8a640c4bd5387d4f88efeb8882eb9d6350319516028e1ccfaeb732a5473a34e91ff4a015765c784f7f8c23f85dc3e9c37d64c0c02e0dbf8c7a3639ea8ffa588c8805ebc713ebbd1fa595337dad80f3c340e7b90468b1b546031fc6ba9e9842673d821f1753efec4cff8cab5bf8f69d42284b67d550", 0xbc, 0x2c55}], 0x0, &(0x7f00000035c0)={[{@sbsector={'sbsector', 0x3d, 0x5b1}}, {@hide='hide'}, {@unhide='unhide'}, {@uid={'uid', 0x3d, r2}}, {@block={'block', 0x3d, 0x800}}, {@gid={'gid', 0x3d, r5}}, {@check_strict='check=strict'}, {@utf8='utf8'}], [{@fowner_lt={'fowner<', r6}}, {@context={'context', 0x3d, 'staff_u'}}]}) fchmod(0xffffffffffffffff, 0x200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) 06:42:24 executing program 3: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='c\b\x00m\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) r1 = syz_open_dev$swradio(0x0, 0x1, 0x2) read$rfkill(r1, &(0x7f00000001c0), 0x8) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000000)={0x3b, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x1, 'sh\x00', 0x4, 0x69, 0x21}, 0x2c) r2 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r2, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) r3 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f0000000280)={r5, 0x1c, "237a5c3ef6bb91546a94ff010000ffa95f92a726729beb47d32bc5b5"}, &(0x7f0000000100)=0x24) truncate(&(0x7f0000000180)='./file0\x00', 0x3) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r2, 0x84, 0x13, &(0x7f0000000000)={r5, 0x1}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f00000000c0)={r6, 0x100000001}, &(0x7f0000000100)=0x8) getdents(r0, 0x0, 0x0) 06:42:24 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:24 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:24 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(0xffffffffffffffff, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 243.598858] audit: type=1326 audit(1567665744.429:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11983 comm="syz-executor.3" exe="/root/syz-executor.3" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 243.675699] jfs: Unrecognized mount option " Ì·0!g00ffffffff" or missing value [ 243.681919] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 06:42:24 executing program 1: prctl$PR_SET_FPEXC(0xc, 0x20000) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0}, &(0x7f00000001c0)=0xc) syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)={[{@uid={'uid', 0x3d, r2}}]}) r3 = syz_open_dev$vcsa(0x0, 0x0, 0x2000) r4 = socket$inet_tcp(0x2, 0x1, 0x0) fstat(r4, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setregid(r5, 0x0) write$P9_RSTATu(r3, &(0x7f0000000240)={0x80, 0x7d, 0x0, {{0x0, 0x50, 0xfffffffffffffffe, 0x1, {0x82, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x9, '/dev/sg#\x00', 0x0, '', 0xb, '/dev/vcsa#\x00', 0x9, 'fdinfo/3\x00'}, 0x1b, 'eth0cgroupsecurity&%fvmnet1', 0xee00, r5}}, 0x80) r6 = geteuid() syz_mount_image$iso9660(&(0x7f0000000040)='iso9660\x00', &(0x7f00000000c0)='./file0\x00', 0x3, 0xa, &(0x7f00000034c0)=[{&(0x7f0000000100)="66804dc7bc5f1ea41e692e631f03b966b1969257a300844af3427fb2a969fafab30bf21cc0b39a9800b219966754", 0x2e, 0x1f}, {&(0x7f0000000240)="b02d4c22a7208c50d61dcdc32f145072370564b2c7f4b482ada3d615b9b37083a703cb04d8351059715de9b60ef6ce6be229ec3fd726d7cd22d0e8882bcf72212ab5d300bc211811ddba99f6ae36198ee636260782ad4f88ebd2945f07a0468ec6a5abf72ff55d1a475c94901bf1089aae703b3d6d275d53b6c314013177838472f576a373e5b3add44ed0be6af12865f7b39682e9205e6510e7130eaed5113d9e0a12b7694f236e3fbd1891a354b97d5ba713b36d7fd6c68af4d0a3b7a7fafda4f1c2e2ff45d43e717b9d0d4802bf7384632ad1cd526d6ad90c452b66260d85ec65e483c528768a221dd25e80992ff9876983f955305b37a336b7c4c22c9e2c10f978ba7c923408c2139cf0e2ed3b2dfe41887a9381f5d38fc1a460e0ab3e88c1c53d62d49d2d10650a83a258e5ed0cbe8c234697d09c3238d1880fd5c198aa3221d480b24a0546d4310faa00d4bba35f1f9a962c9be47b843bf785a63e68b43d341f4247dfdd30ad5ea5145389ec36fe27cacd91a29edd6925f0b727e5eb953b8d824dc3b987901037c716ca1592520a392e09dfa728926081f9cd597c8ca78253ca0bb81123725f40149f37c100c44c3467a758bee3ae4cef38126268964a64f918878adab38477232112383d5cb2446045dbf36bc1e2bdf2a35d6f273d5eb598d9bd4c6a11f4e6af5a0a8f5751372d8abb510817a10fa585000c79ecee978138d8a041c4c532ffb19e74dcbf79679a0f7893f29e0767e9b532a36dbb5510a9aaf66d4c630424390f0e6c1d40cae3a72af3a181d75694c1fb9cdb4658693700000cd6f000cb96e644c3a4d0885b31aae43b6be70733c42867d486652f8b6bd0ac4142b7b9ecbb9951fe2699f7b0a0b9a1e7e636fb628bd383745fc8c30c943ac92ca202a2fb103a52dbfeadf650cebf28cd59749b87aa60f9bff3e53c36bc08de39eb2af8b8054cf978a703730b73dea95a4cb808990f44f3a01b407d4fc669f72b979cb5d92a0be18054046b0345baa03686aee72d6a478c255389bcc1cea7bb04b8c1a71895308db00e4e978c34124b1bc3deaacf21dbfabd09dfa095f041404225a02b85e0ccbe16a460336a4a3f94eb4520188a5026cf55551bd7bd1e595cf278d9c6dd78e287c37aa62d2fd974d47bc4bfbacddd317f3b74922ac6b6488badb8caf86279b194591d747552f1a083fa62074b376ecc9d0985d16fb56c2a229eb7fe1c10f6d7c557b673a15d89ac5827d5c3ad8d7c7d3eb1dfd2d77f7165f704bb84640cc8955726cc44b6d0ca205e10c3739ed534e1c362b1c046a082f094a87fa37ae15bdb70a4c0c7a0e096dba27566870f733c41447f1fe56c2748a7fdeba12c9638476dea08f3a42db34ded34c4bd393a92424ffb98a739f0013fd23ceefa3f35783ea20fa2f0681b0ecc08d5c4e35fe93979172a5b098bdb3f0e87dc57d4d4011d2f62ef99f5cadf65e124a9e79be483dad1d005d0790df77dcf44571b751fd39c027448e28e927789017e9e38e6e39ba99b6a86e432a1e38ce4724e92c72fd0aeb48c8b89cacbe461f34104ddb5d06c0707feb2a0d309630dd32978233c26cd7e37206a11e5454ad74f7ca3b691560683faab0968c572c8b20633a3c57339c7d1c78b8baacf1f9cba279b59998692dbf8cec331336d25aeedd0cb2d3401c33e35bb78a567323a1c774a672bff8f87d73e0ac3aff609f0520bb0421de42c2074cb0d8d3f6b1816960de1ea8fe4229d8f210ccbe249d1b7b0c1ee1719d7c75f354bcd952bfa469e89bec0679f966296c6dfd9376202872c9fd817aa42c0efdb18ef867290d15f7d964e1db8e2290fdd6e106222020ad9721aa6ced850418351bdade5b35059d5e4103c386f7bdec95c4d3ee38e9a9b6b4a544530bc8357f98dfc31d9291b9433c92e189e2f8e117072fef289af4a95696b61d4a33383297de1564cd4c51556010774ae4c6814be4354b11ea50676c02cbd036830ac6e1b8f57347e66816f840ef3a1a226daaf67852d06a50346c7003dfae65303b24912647ef454aa621d4ea8e2779f8e53c58f3c4cfbad0158822a39a1ef88a26d06e2feab98cd16cf1b666aab4ddcb70969f2a8d9adf0484b3f1e3ef0960772d9ee4a6886a957b763f1af8e87877ae24c27dd4a65356a2c90f7dcba8c3e0bae540f1f39dc7822bb49db23ca270d35b4ba1fa847fe4f5430caf2b0b7cca4dff61ba38356a615b67e4c2bf6ae06266894039d0d7bbee400fde14bf892c5e64f0e755e761effd48ce1f3318a048759204e068066b6e3c67549048425200f083da07b8663e6718f2e547948406049d042f84d1b1e0e01bc281cd9968f63f98543f2a3848ade17f1b492ede90453a44604e7cfe455ff2a00cfe9ed65a126f27f8514746c779655dbbb328fcf91cc215cda94078ffee2d086fc535c03f1580cef4bc9067701b609cb32cd6c6a687083783f0546249739042f92792038e0d8335e54105acfdc2c70ab747bd4f50f3edaabbda3cc7275dd437e781be8975ed43c7458450f8028a0899bf0e3d1f82a17d7048972da549fa6111b82e56b40e5131d32bd78d19f4cc9bbca5ce270350bc74dd986ca86ffc621e5c822816196fcad5fc7147faeda646db009b19528db91961b84a6b6ae0bc00ce5dfaec443f5b8b7a36071cb90c66f41ced34de8d9d6e3a2b65e26f582a596405582f251578322b27aef9f1b488f9f70cbafa2db6d326b747336bdb36d824ee72c56d5432c89554fa7ea77c16a26dee2fb5bdaf90482996b540a1eb4a286dde99548646a7d2438fd2df5000e18310de0381c5ac169b305f8cdba3cb4dec5ba5667277039432d972573eca9eb7461b3ee6d839513e8a447d47ad6842fbfc2540a3215afba42d53309242eae70ecded6f3d29828da39373f414cdc02ac0b9fbd759c369d4965fc31cc065fa6f779bc534b3ede325200d2ab9161f9eac7e2c4472676ab13a8218e74fc5d554c5fb9d0674ccb3d7f867310258335daaa60a78b24caa21a36428d05961dd42732fbc5cd459d85079af79f66bfe0c4d9142beb390e6e91230317da8a8eb0469654419806fb3d550b013f7c4e3229d9e383a2b9560a5d54ccac832665c5305ac3453211e3a04dbcb837c874b68edda9c8387d41d1dcc2a971a4df7d2aa2a87491ab993b056c4f79c49cddb3bd8481cd70ee4e29373f0f9c60393458f816fe7d10ace03868a3d2471cba5e2248803b6c78d478cfc961deef3d6c83798acb3953ffeaf99c3759aae5ee483e8ad4a15466fec3b600ebc1a67aceec85dd2a904b3197a609230d56c640ce0309b3cd6cb5454565ec1b10f6577ad058528be1abdeefb50a4596bef0b7d1eb27e79d30cd4fa71bf818d22eaeabcb4359681dd2e462f88d1fb9e1cf2cad6592fe073bb81c6d225e9a0d50657356b908ed0637857add128152e6ca3702ca38ed05744de651db89cc60db405f27e105788c62d679fc92f1ed62317c1ec3bb670661d55eb7fbe0b50079f33ed2f0862c6a7c7bbd2c6e323d1b94c844b113ab95f6597eb561cc59069a862d3ed246c1d16c15f461d570ff716d8c37ddc8a70bbe3e3ba666c46c8a343bc41a62864fcf281c5fe7e877982826e3393f9eaeac5d3aca36710512f5204472b48d7f7921eff24a59c562c3d1cf4a660cdbe70ecbfac3d4905538e2235d056d4c84cfde63bdeeb10847364af2e0a2ee30d94ecfff63db10e440f7d2b525b473e5ca08ebc923cd81a66abdd13af27d568ce4f7a8228043f41e929f5d14303efa392a599e44c8e403dc63046c8423cdc95513c9a3b0b235eb5aeed8e217dbd6fd4934ab115d79764b962702c1e2ae31d52c1aaca8abf31e85fe0073fbfc316c9b4d09bda1e965d69d48efdaf4d5d008e8fc3fc08370758ec7611ce27d0c320b52467f015320a4cf990e3408431113ef5bdb1f343a109bcdd3ab924394fe49e2f50f458de825fbd76bc2620b2cf5c64e796ed6fe03d40c8860e4d39e765442f15e617b107b7056cedfa9b49ba7bb69b1ef0cf093ecc89bb38f280c83e7459f4038b43613271d685afc09e84e4fe1a16eb24d84ed73b0abdaa8102a90b7865f58766600a2b0adefa047945dcbc20c09249f6d81016195ae1216bf313f5f25a0f0400c8dcfb94f9c4e2f79fbbc30a846c8e5045c37af658596e80c8f317122c96832b57023c0fb2b838d3ee5d083c10691e142e0f39bc92f649d333358d01089ca29eefe485a54773678ed1bd2575df5bf8b552fd9e94f4ff8d4a584a7f762f82ea2f54ca534da2a7d7bcd99a15c5a1fb45e3810b6041d5992d40d5c1a5a1f9be050361c7e5c1b15145a36810b3f26f03645278c6350a38d0139402019070caac7c86daca9ee89017604dca2000ca8925d8527a62c2327054d285e5e156800c104381d4bc2d9ad9a07c9848ae2f3e6b60ccc6f92feba33dca796a370acbbda16dc32ccb00b3d43d9c73990f8a229dfad4291b605ae4f0de8b9d7b99970c0e2517bd82decfa235188f96bdc21f4102e6f07fd1cf49b9bb31371de85b2dedf8daeb31569d33b9b6d54379f2f43da2451c4b8990b043f2223d63c67ce36b886a8767a76ab4acbbcbf97b00b08f10592c28ee0560ee6a76ada976b540a8c78e6889ceff8b6aece1eb13352d437a9f02b1a2fc184b6bff055e60f15d86aa57bb937311cfd92e322137d94a528fb101efd0850710c6ae2c52a4f3a9a125aa97c0871928b844fe42d4cb6792a4a291b15efd81592c4072d30196317c8d820be1f0d3eb4e4a30429f94dc8f69f5b5d67a2277bf01de0585185d2757b6eb25cc71ee13cc8ab1c11fd7a24b60b4869f8ae9ca18228904b09cab3df49cb3aac0d2e6ff76bd10ba40cc6801ea5dbc7638b55412b2a944088c8c0d9c3be051821785f0939b06ea8bc332f1cb9040e0f7ac7d302c081fb6101995646eb4647fd47c9c0fb6183aa3b1e99aeb4ed12c41ed0c599f8c48fcc15e7f7adac616bd2ae6f3c47502a33b2cfede3de9ff70729c7e550c6bc212c5181f455ee5e33a4481b5e64681a13f5836177f4da7feb81699d54bd3a293dbfc9125fdd857fec43e132d95c53e02e87d3795f0bb33d19a186b2872e2c01dafd301ee0b328cd7d9caf4dd0ced01277e707b78711ac610a43e1939671c21a792df2121cb4bb2d17a65acaacb878c1c1c25c4054fdd7ada1e889d5a434670744d1730dd3a8754e1db1b845888a12b6a84b4af1fdf7b2b93de0bfcf164e0d3a1789c956334a39eaa724f20425c2a1bd41ed2fcd5ed38b9a875dc5cf9cab5a52eff0bd3b184e32ea5096aba5b2ea748eddd65e2e2db2a59489c50e818d406ce9da0ec53cf12448fdc2d5cb9bd769355adb160ba542d4f2d0feea643d8a9130587f9a3ab0ebe27f7a530a78084d972fa64ad0e066ebc7908acb88dbe74ba23f8d6cd8ad1d6d7b34fda2c1bdd16c8a76c0d1b3393fbeaaa9423f83f3ec3aca61e6a2bd67298846b21d17b10cdbbc14a7138976ed29d58f82467fb1ee848579bffc2da6a98b6e460102481959b9fe3ced7b52ab4af0a400d6cfaaab4b82c6bdd675ca113469ab36c202fddb839c2f4eb17078d75cf75cb7d6c20597dc026ea49f028fbede0ef82b27cc1d55a997efd46d1b78cb6d6d5b5d4486b29dc34e618c64c939320b0f26af585e0f02cb782b64ca3b8fb89cd94c15c956a05bde159d618616110666a938f86684dd54ffba8ebbaf6355ac1a6a48b8a466a29e9c2f262caa61857057936d03adb58f030286b6e99a6a08ee42f6e41bff387e611af3d0209aef274631e200420e", 0x1000, 0x9}, {&(0x7f0000000140)="9da0101613ccb71b30210f67", 0xc, 0x6}, {&(0x7f0000001240)="9ec821376c560bad11326329821a8c1a558c550d66e5aa254178f22c83d1c83fdbf8e17ec4edb6eac7cc4de8ee94d2f2b108208048c5ec83b1b7ae7738652a3a1bbda9ce2a80c2128cdd24df1a9d05fc9d8b93745e73dba3838e0bca5c4f8b6da8f63dab8585535eb4e5add03fb617ea9675651fa58c3210fee94009b2eee7486bde8a21168a5b2d0d687006d94d268c96725f0cfd5df94799d770ad936b0e0d02c66f82c163e70859a1669fb0182f625bf763a0ebb1a3659d2415089cf5c6ec1e024db482a34c8b94a2c2f1c8eaec4fb43db566f99d341354d29e31113c8a5ac6295a4517054fcf2a06cdde44af77c585755f94a5d69742de9413621df578aed65205f0ff19f3f7da02b7f7cc605f515c430bf6293d54f5124fbcf459da9926540677378de039b49d49c5895b2a1c992041e3a90f4eb93ec6af18ef287b00aa9fce759cb54568ae41832338edf937de745a7c53776dbf46057918ee400140c264c714d9277c8b8cb05e4b20716fd9025bd1cbcc2dcc04044c386a27903ce4be9322e4ab20a8d54b6ab8e77cf62d4192925c838af8e5350778902f2ddc4e1837c0ff1d96cfff5ad5ca3507be5e03e3e669f923265883687ee55b100b3eb3a7ed4069f08ec8b7cef90f3514e976b86e92598b5daaf90956ea4ee3034f5691241e5bc46465bf57ad37dfcdfe02fb4ccb43f69f75700e6da6abad3fa42f655ac07d2c2fad57fa2ab3ec419923ce11814a24c8409bbd9566bb91930a29e4a22ee6cfa8efb10ea3dfcc58f79805a68fc4e387694bea9336c55e9bce9119e6244b5162ca024226b88c1fccc3e960248cc88b17be6b8591cdd754cf8ece1929bb2949d5a69692e9aa821bd07869a29a09cc1b954eb9d57abfd1a1cc05a28acef23aafb4fb3d508fb9e3b7cbd1992159bb632e95c6b4a22c710d2c8703182f20e221685c503c2aae0bbaf7c1e59d6f49cbe14bb5c353747c0aaaa3dd63d6ff630eea718cdca6a5a8abace21d63922c4fc1569d3d63a588961bfac8cde24f3ec6d85d00da70e4ac743555366352bfe9dc9c7c1dba91bad161c2b89e460e4f7b916e0a5acd09662137d4f576ff4c14de554794bd1b758fd098099e90501057a1c0c4d86d692716f51e60e1f1503356fcf1ce8e7e9b0d5d56aaacd8f2212b95ca16e21a1ea9b0c4900198869588a19c6f5e969b11d7d82996e8fc50cefe61d74c7e1a05776169c35c84aac0ce2fd145c6e68a1b7aa519b28cbb26ff772d20355dfc74a2f3709bc6f0625bf9853f16cb2ce6f80ed3cff6dfe760de72217d7aea8949d4bc0ece633c505871d9bb6d0a26501d1a19ffddb7cc90a21bca01fd3bfd8cb04a0ba4af7dd72d9bf89637533caef671d3e7edcd5ea872d274b0b02e55ceb9bc8ca61431604751a93ef0463285cacb35f419ef9336f36fa4596a5caff482edc52bb5b4ddbaaf51a0611d8d697c160ed99552f1c3c72c8c7abb3d735c5b5d1f1d08ef82fd85651e9850d8979f8624411778336ac7f484c1ee27b6cb403337a55283f3add95f71c31502590fd2ef2998c663ae5d154926349f6f3f3142c846cbd4b957193d0685819112b03c109784a55eff652940a20580f1eb66516139fb29681470ea2295cac1309bf3586fc525dbedc0582a5cbb86592728ba9454d030b151314a719dd138059fecfd3fe566db0f161260d3cc39e9cd1d2fc5a8493c244f0c4664eea67349b63b24369b7a66dd97957c65a1f2685252ed6c99623cf6c77de8ab829ce90aaf372cb62b7b82c877277520ba3bdae50273c2b66b77494ab5eaae565c763fd061a17a5f512c424d63cbb8a7766a78312e2b5b4a04fbf13f7c7a1cc407dece6a6cd438269d5ad7ee87ace173a62de6a20dfb399319a57aeec4eb1975790ddbaba1f9f7435e1a1e001d1342cfa0ad3f9431d385cea0a01e226abb06d1bd7b667c6b5e0994e63f7e56a69b136976738eccd61e8a30a2014d6739446a366dce50569723e1d2ddb785b735edf8f7930bf880ec756d088e1483048f3bbe07df01db204c88f2adbd4335f1408e48ed432249c7682002efbbfba0bdb2592a1b89c13d8f966d77ddfdf47a8f020ad927c00a0758ff05dc3b9c63bbafc4da0c386fd53cb959b4ade6f2d9790723ad76f77e5192c8f10f169fd8a9f66d51c1fb312e889f16365ae59c72d9826f9bd205c755392e0c6003bd44614f683fd91416c34b25e8505fc924f1825837a035ed4d04b2d43d76dd3f49e8d7ccb0a5a844398787d78d2ef4b73a2ada4b2b45baf9df33650c44cf1a455262a00e0ea1ede23ff7847d67eee5d134a35c091d3430435158c281429209e5194608429adb76c3a402ec73f8f4eb6f6f62c8418772a851bc9da134c2d518854b989e1deabc5c8870eba46c6b69430277c7186003ad9d559f6c64f54b0254ebf732dfff0b7cbc14479f068029cf48f933b22ccb93256210598f45c96442108759dd2f5f2e75b86b1f4912e39fd21a2fa0d0930b29e18bb19a6463cc91c31281dc687a47a9a9b974dfc0681c23cbce91fb13debe10d27c67d35c05fbc288e3538aab44bc15a6bfa81869b6fbad77c29c28f4e0dbb645d76f917c643d8e3aa34c36bd54be4fff1e1e99d0a09bdfecad09f575645a9428cc1d65f3c362bd90a2b66ea5a22496e030684f3baaa4dda57195a5a48fe25b726ca589b562fcaf951a401c399e4e4999af4d08593790ecaf67410cb7a1df30228857374a30d21606ef2503880842304b5dc2c636ab7ce063ce0fc9a9b2bd1d07d09e581098e3009c3dc9d0186836826e69a3275ce7ca71b6605e7fdd715d56b118cf7dbe12954d00edd32ad6b37933cc6acd47c65e9620fb66f25a3694b4166462b062b2550b648c4788382ee41710b91c49b97a663fecdd4b052f9aabb038e938026122e3b1e48becd080b70f7f7bc22ba6825c1e428a58f65b31879fbf4b18b199d0d973be54ac7d9fd7c5589c8b7a20e3a70152a1f7e8ef50332996cdc672ad941517223364d1fbc4a9ce1e5bc7e5e9c84f937c6279f3eb8752e07e249432b2352fa575d8b13da92ed906f3f72234878369d4db4a4d0e5f3e329e92d6ee7e87fd52bb2e7406c9eeb12ae3835185d967c1debf22bd000bbd2a4fddd43388ea453cf62b42ef4bfba921726ab7c15e0aea0f96dc8e00d2e66e716c2d21866bb3b2bbfce9de2a5d7a9c79a4881f0c38cc75bcd269320b8938705d35f2183aecdc1d276ae8fb216b3881b28af9537f7173ecd29c071fc074a88ebf4f508ee8c5ae0fbbb61d6fb14141c942370e99b62df5fe80a168a30c802c852082ac83a2a4ded38436c82682859be04f3961e6ce350383d1e3e3bd12906edb1d6f6ad1817d172cba480bcde3640969ccb8ae7040777fe78c557e3445fe3262f7d8878c2f2d434dbc24548e3feb5d477532979c94cb53dbcb9ee6a1225074dad222bae1a93cfaa318ffce126985f05a96fb875de1d50c9d20cdf2560d61b4d3e4278f3e177952f7ccb5a222df4ea3c22bcff1016b13b8529578a0d01f95bc904ec5014d1334cbb074c5f8d83d96ec278aab0b7c6a1f1a01ba14337acad9c5bca8314567502ec123ac06033c4911795d73e63e354886499ee35d1665db853a484b5b3db77187411244e334eb205db2715fd7b88611562e5236189de8e168a19f4920a86bf06745c57c3eb4fdf10c6effaff63626b66f0fab1b4b945e467deb8d3b86cd15fd3297b4e68438ee219fd8f6134c5482e23a9a60e535af4ab9c1af0e9866635fa92aaf8248af382f18d1ea03e3aee70608f259eacf1942971998e1b878fcd257e7ac7decaca511a4f6cece13b1977a566d245cde4b195170095274408ebf9254235482a1b338f025bbdf5c787cb246eb05fd631a475f31059bd3392a150c4e16959dc6ed823aed79815d3feb6a54b9f87047bb4e1a49a042254cf62a59293de16ae9a718537542a88093c877e78cb497ed2a9682026c29c03d54cfa3ad51ba72bd32cb86940fa005b1d72e5bbab513fe157c7251a8217235be06cb23de8df93ef2c408e94e1ff6c8465c041b43d140b4a4bcdd0297e671bf87297ccc35a10e7112928c36160346b5c97fff9d1734da4d87711f6a50eea4f963ca2d974664da3c479049551602a5618bfa8af245a6001a8c9e293024b15345b045560a8690328aabe6c5de209740c51cb57831f1d9e3a18ceb304ecf8f62243564aaeb831c69fcd48450172656e634d413bb41f93c30d3cca33b0ff6316d3524ee415450043f7518494a203f9bee70f0f91aae5daca9e3e1e979928b68db10caf637110e253663346aebd34ee85b0ac815a78c26e0861eb67787c7e546cc4f093567ac9e76cacc103f226237a48e080fe016fa739e532586758560fe35dfc09b6d687d21bb032733e12de616a1f9b0ccaa2d56cee909645e0dc5c3fe829ac0a10b18ac4c893891e366e08a099a22bad10187f0b274d656f75c3170942c69223a04c84af955eb4bd4c883644e85dac456153c8c6fffeaeb9376e2806eb4eb86c92c9ad312ee12f082d263a56ed8af44521f440501bcb6e8f9ba92e029b5f687420842b3b7bfefe0d423a017d3087e84c30e5bbe37d79e4b376ee5354dd6a0a0f6842254a85d9bd9fe7c2584bf2f6185060ff12503380a486771331a3a82320808d2b293ab300391905ed625389d0dd1df9809e9a9887ca487914837ed9f58655c3d56354bb935aa7339183affd66b882f66aee35fe461cfc9745a69c269aa29dc480b2b07c2b5e9c34c62079becaf611dda59d3d2dbb3736eee30472fb6e41ffcc2d586800cca734d05251839402a1b546a83ff38002025bb79e8e2f6325b5f0ea0a434416de69389c3e2c67f34321af9695f82ff0d5301c846192c86c0bb98ca22391a19683edcb09c5f31a0647d31e2ce48dda453a3b7ad5fd4fb8cdf98366ecfec7aa70f2ec97b86f1a8e46f6abf0641a55ae8920c7651f48ef0057701e14ef1a6a2221214e5db81c3fc38f2372b9b807668fba878287827ac4935127412ca5d1978b535c3b62f2d4f54b27a474fbd8104a46c8fd18f7cc0ada6b59bc242368a848c0512855028d7a96e8dd3d42d79187e50727c8d024dae480f6b6c0b907671baffe79e597a1814949a04b0da9a22f6f768d8b0a597d23ddfee7077fc7a5755ec67f8093ee8dd5ac27e2f8bc1ac35a34efc67072a81ebd4cd0b5e05903350bb16217602cc3165dddb2087843a6a40259b18d395936c080e24e0fb5ef4cd8861e7813e033487e3f52c2fce80708743f778080422cc9cea755f5db33a251f3dfb7b9466dde4861d8de9dd96ae9a6a37f5bf9fee7d652625acf685d54d91a5c3cf8b9fafd3dde13fd559dd76e03b58f78a7e15a10dfea75bbe0132b023780058355489560e99fafadccd1b22e457c6310f631b356b1dbd71c10e7909a8028a57ff34bb635c6fa5b31cd880ae331f86509249bb64a35dbcbe0d0df6442e73cab19b6d26ae0d568b7e7333083eccf2129f6896bd37f2e7c0ec4c2ece1c37b8e36cd489a398dc4135f5a962178c7d48db12613f95f074adc57a2592af1d87f01ee98cd89ab59cb19eba040ecde1ca8dbf99fe9f7505d8d296a5bf469e8931ae16b34b50a2da897e57b96b16c0cdabbf12a8e134b95cf276a375133c5ce6b29f6c4a187ef914cf961aa20f8e989ede557989c0fbb3958703a0000670e00ff20ea80adc2a010cd411eee9077275b907688a0f23528bad03d5a6285802df9d3178067a30a5977de0eaae44bbf0a1972d555bcfa012f9dcf9c54759ced859fbbb1bc5951e", 0x1000, 0x2}, {&(0x7f0000000180)="626af2e8746809ccfd5a1d4d70d3c199420ddef8b0156e77f6356cce7889393d820946e97c5a0f4b280368cf2635ceb32bbc681ab2debd70b9e04bf2fba916ee3ca1e0", 0x43}, {&(0x7f0000002240)="f632696cbef6a34f18b24ec07f6696ee44a875c4d69d24941f83f1b56a3767dd4a16429fff4c03137a39ed5a043054fe87145f52ebaa3a594b4f63ccd10daab3285280205194985a8637c925176895492dc39adb53fe37916ce7a85ed5109914e6003f5082ef6f1aed9e2e12a6359fe171b662b8687ddc26", 0x78, 0x20}, {&(0x7f00000022c0)="969f411afd0ee86ed3aed5f0ecf6a5908ee18ab89b5588d05f0eb9bbfef338a9ba4a7cd424a319a3dbbc4c92564a3579d6c180e3d543ab6f08952553ba54bd778890895a4539e83f40791a2bd8589c09f02b521297f21f84be33080cf9f50cd779cc20e5f83eb4ba69627db3449fb15a76692030ab8046de4d727910cdd3d415b710b81ad7fcb5ab884beedd75992cdc52a20f1fdbce24fe4bd2d41112af5252e8053183e3ab1bd94ef7bc6605a48e8b586dce1d727f0c51462cfff96cc711357afb203f37d8087683074639a6964e4c0594b616faf7b0e60480a53878a72b39a17060557890e7aef4d8c64761e933ca83b1dd0b86fd3cfbb82cedaca4d514e74a89f85d28c47ab02a1361109a1e48d08715f6fa8513ceb51993c07ed121b00183058500cbd8b16f82ff7b03d47cec4c7951641fe4b33cb7823136d65251fecb00da6180ea4623ba61163d2f2fe556c94c997f7362b7aea147a804294f2ae3490dc5d27a6b9ad1bdb5363a833c9f8d8ab7647a64a1e8df4be8bebd4c5456988e543cb07afe84da419968370e2e56ddfe79eca9fb7d42ee9d1ff154badad0b67a4d2664a862e9ac1cae61414c07471b20cb723f6f05edf10455a806078e090c5eb28e3b81482ee8260425e970b34d12043023110e7bd9b952da0a7eabaa1e8d80b67152acb94a0f6335c4ff0bcf66ecd3af6646fe7a0db06aa0a942fdaf3f334a0d22b12a0f997876e813301e00a35c29479d74a3978110c914f7e46ebb4e479b50a7668b93df99057f3faa29131b4f739c5e5883375c449917e1d48b9ce862ec8ccad3538efea1dbe694d76c7533c3b52db842df5d113e8804bf650bd525e3ec698db37c824b2582501c99f11ff4bb722b977e6dcff36b31cb6ef23876754948d433399f08ba8bbb083551149689d06f4fd42085bda9f3e2d6bfbbf263ecce658f0247ee3465822f17391d2c1277daa7a69f38fb9b816d6b50b76d3a41141e95edeb5737adbaa85b66d25c4aa7406383c7d2bee7028f0d35997d35b6438763ca15e93ee90a3184429dc9e8f344d7fbe023c5902e7bde485b350ad511ba21b9d5d8e1e92aa995e6fe615d0f48a13dca8cb7db3f23a91bebbfa3e80d9de512d9d72467dcac7ca0f794d15a308a05099a4c2f07be618243c69e85257823d03e55f0e3fdb4d1141f0b3871dd283674d0b3e69e69d55a51cbf95907d4407c418a1b0d3e26166aa4d7c1699b65cf002a1df56b026087398f50013f16109a6a13cff63e77b19749468162ee304672c6b562c2c29939531d5244720dec3e0ba3659454d049b1550acbe06455f914eeebd7b9b61bff0e75a9a6e307c9d81b626c57f6c1e76d7819a3966d3e23a28a3aaadacf9ed5f96750f81f8d06911a241eb0a140cfb8bf784cbd6bdcd1a79ed08b640d2085dcb7bee4bb2bf9cea333f284c3c4fb514806876ef31728faf7bc7656dd59d64284471750ef179b993ba767649e52ae9c7c1bf35d88529242efe48c58c0ebf8160afa3576588535f3d29e4f05dba9928a51bd82b477ab91a6fb6385314789bd1104572afc2edec489abe2b4dbd875a81ac0085093e5f3ca42e26c38f3401f9eb362aab2c9aeecb4a1d56080d48a4e71b8461268eb1b192956807fc139ad866242939cd034cfa68b1a7acf05d20eaf184f4e8c6d8de21bf31f59a2c3ab81d6294982898c90b21c0a6969145f20c310bba61fa8b38bf7f4cc6557e5710d82611269ed7febe6e997019e0a9294c2b11f23177209330758b3ab480ec66b38b53a71af1f8ce0fe0a665fbfa7665ac2ef50dc8614dffead1820ad29e6dd501f973a9ea2f8e73f830a7584934bae29b198f1776b2f6f9f4ffea9c0f6000e03b10cdfb631634fd9db601860c7db6c1a439b474ec32bf3381f81890978919b86434ab2a573ad174eb03056f3ecdc053897ec694393eae64054a5c3c4c3ea08f2fc7c154034d29c48733d01df89e5ca7ad6d853f875d7ca875f464fe3497230910bd994e9bee74dd0c96e5fdfc8dca6f7e40aecdb52269050a149eeb1c48c57f83b46de63feeeb762c7dead154d272de23fec0bf23688a8a0f6348add7304cfe45f4ae10626a98030ec1b48f50c7b6880dc20515850e19e17342c6afaefcf50045b7814e1e5b1ac5c505a9d26b9354dd20e9e498f42f9d0e2ebc9ebcbb5b8bc554599a906f7862354a853fc2777020240bd768efc850f7001e31978b4a736d5e8d48c67904c6597c0986e8baf5111252cb4524daf6ef1db9c96473de90766abf87e51bccd2b7aead7f34a7b58adab83204a074504ed79348541c75850eaa8535b16f0c2acc7da0237306c415d006b526d904e2bb2bd50c6fad0c6cf43ce6d72233ac1d16902700d41dfe47c42b6e7c2366cb56c1e3a7c6a024875ff06da2b62d73f6ec8fde0aa508c7e800d785da64033d0b1eff923063e4b47bba8eff7ba5f20235e8abe54e13a724fe3e92bb3d485a36fadbc994c39116c4c05459f768b3ca22d628294ebedb1d3e6dab78474bfd422120b90632f721e393e6c4dbd7f5bf8f853e5c79311cc85609507d45434ca17dd1956555026a039ae4c9d1f617e5c730fc21e88f7e905fa56ea7a1b16be3aca989af4af7f0255989f194c1ad4be177c5de1eec4fdcefbd1d9a6fda7fc916ec06ee8cf2e43e10a7997f014f8a43e8bfca2b785a6e7fcd5b8b790b74cec9b99d204f408672ddc377a5135d92c385e0e6e047a70045c150c29a25be926971f3b87b6bf82109595f5a82cc269eef4d3516e05811e5adfcc52ca1a329e68ece2e064f9c3a8b15be8c6eba4324245d16365983db0e6f223ccc04eb288489a32d5c23436f9765600961e6899b89fc7329ee465907d03977b819a0adbdaabe40d7b1d8321ac1a3ed5ba7c3e531cd58c7b11ccb71069f16e8e52e7d4e518ec829be4ad3e38e55ed7fe1bba6d7c951fe5485903ae7627fa5d7bf9a7d126c995932bdde7dc502f1476d9d9871c2f8354750be60e3e2610aed59530afb2e9f9b673d3090bea8bfc2b7d06f69eddbca391c85cb44ec4050891d526ca045f22ebec3b6fa741cbb91945812cf66dd69bd1086bf4227181a7915c98b49373f713c0c0897e49833b2256c720734ef1a8c0e998d22efdcb3405087c4f3b107fcc9c773dc19ca05771b80dc622485900d70ce28aef5395353c7aea86557836eafe1b11749f453cb5d3298cdb98af7392ba1f78578c699f47e66ef7cbe05970a360487e35e27d1a601bd145ea22d2f7eb9c5251dab1bf38def4c28f75181e7f0b08bdd32a4ee92251ff87c258ea929591321ca0c1dc7a5544ce62966f1d2ce0562dbc5f7e4a981cdea61d24e494aab40b141d2b0e3409b719890ab2b2a961c78b5a030a3bd9eacaba315132a11105074ee8f0554674f32f01043d70c4be8ed27bff72c478e5fc26cb2bdd5c5de1fcc603b3acbf0a4dbacc1a508ed8a23d6a31f1c4c116ec1f292eed091c9b40db9b0a2b131060da944796c6e11d111bc4ee6e20cb4fbd9094649dbd391cd436c030468a17bdb06fe200279cfa293db3ae1f1d11b868c32f778bec673a308352b331afb03c33f43eacfd54abb94e9a9138adbc9d3515089fefaca526fda6f00860764e19cf22b16c29b5ce88669cf09fc9ee24c206cef1bac7939f9cd8b86b41d000e56ab03bff18fbb14fba8faf6db47cb752e343bb643bf3b13d897ac7d8ed70b34b49f0e65c26b0e97d826f2421bb601544bee6efc8101bb0273b3b3624f18763dd05df76d896b7eab681cb9b42a02f64eddb3300dcd7e258a06d39e99c48c3da4940f89492a9c03e00d44252d8b9d8dba3972a7c4152362ba1a96a80a34e7b17f14d2047168bf705386c141aca70d50b4abc140cc7d3ad9e538051dd488e21bb8d4bdd6ee186ed49b261c342adaa5c8a35a5ac02a9ecdf8941f355136ebfdfa58cf4ad89702f239afc6e0ecb8c1c0647a5a7c4fcf47dbcf68190ce1015ba04869f645e1eaddbcdec77d92c0522404471f51bb546607309c90d4041746313e823effccfe959e10d5cc9db17c23ec0ba06eae385c1af9f5e376722e41b8b0563f04a0c03bc13f1a492f823f87293b946e056ab916e1b3ea3ca4a9854b40e438d5700e11137c979d0538e1bfecbab3d0f076fe6c2b2a1277fd93cb6098df32d33c4f520f7d4c1b852379d6ecfd059ba74a33076fc5712dc42dd1da7f266376c638de6b7b5568a765cee452ab31d324cb042a24c502a83f075c1c06abd46bbdb76dd5a33ac6a533bc6dc9f57bec1a2071df4368dbea1e7c6831315dd3f1f9f8fa7238ee9516b0df7a6aca491822eb5ac29119750b5c4768f585287068aaa0c68b81172b8b724d689c552bc62addf2cdaa872a76ab41caf42406baab1f5013ce2718afb0cd866b64373306607697f2812320535a7649318d16cfac3030c9a15f2f26ab727177aff5c9cb3e221717eacc3b31f8e7f220b5b029d49b9f6c9e97bf42f94f926ce43db44f47253b0354454d831b11907af03f2900d6ff066d46a0c7b3df5721f22c1cb9cd8ce94cb6676416fe485a839db5c0fb5698fc01836a8bdc96dc0ed205c597ec3c6bf608ccb13229781a84ccda77d66a62683298060d80fbab08e4881c329c13bdb2c438b0500e7eb4064b88e3388423593674ad9415a0a65e167342f21504aa80583e8573017d9786a4bbbb86593bd432248550f12267c31c31b5fb798cc4f6d9590be9b20541ae17403cd87c47ef8842718d20d3ff66e4d9536be84d995a29d8cf2cc6df3a3ac986da730a70f815396cdb424bb1ad83e08b8bffae231d4c23c6b6968d2cf98b71c3997117c230bf8bc521d43b0328638b14a5284ec9ed0e729ef1422e6fcec29bf6525b0af6d2eb6e40e01b3952598583cfb21aee9f009e4ffedd64b0729122bc68228d9f7e0d2602ad43ff178e7f27ca5602e92abf5ef4eb44762b2b98bc96104a9c46b7e8e7797228e1058b441da57b0ef82895d0470f737fab59f284b0c151fc21f750a346451401517e34c19f82e1ab03684b062f541946c31d619aa9b147e0811dd3186342d8d85232adbbe67833d065002700ef0091a326772092d45722d746567afe21cbcc52f55fa7ce2dc3091bece3679f217b9bf61c77090cee1fd8b42ccc37d26c05c25b1a1cf0b8d933353bcfb9082121c79fa427246a6e9cf8468194f10afa6a7641a8ef26ff37cdb01702dac4fc9a0fa94bd0e0e80f0905e61e124f1bc38084e13279499c618e839ce9a4a603288162472291574081d154dab8b4230c8127c08da51f9b1da57a23e051d30394ff072e02efdddb76162f793b52fc4eeaeb5b751f1ebfe01597ca206bd9199a3eb39c26abc8b95e2c18df995b2886208893961f70104a6ea1b739258875314343e98cc0000290fa9e34ac35a6812a0586f600d72aaab232d4a0cc26764823ff5313a8a05f8f44de6aff6eee1ff05e5521da9ee7597309d5ce7d3e13cff23bcbce72ad9a45797f272e1ff7dc9c771f5775c6a02354c4d26aba0b1ebd947dff376fbe5ce716862a99af90022660b9d9e77b4f515d0609b42978158cc660148837807a97bf614faab4c8e904897bd7573fa341348997ebbd6e11bc0e6feabf717e27696ceaaeb9f1a6106b9bc95d13b417b08410a69ba3fde393022f55355634a3c13f9e73e4445ba6283a9f0595b3eb442b672fc6a9c811b206793e92f44008248da4c859e7be10021e85668ccc623b649525868784eca8c4877e72652d2aea910f1794245f6eedaf2f14585bd1e097bee2c1f6a2c2ad5690022ca3c3fffc841330365", 0x1000, 0x81}, {&(0x7f00000032c0)="246c0e46aa74c0b121278604a59bf0d04591ee876fb0221ae5ac91e53c8433dff75bc24332c61b8f2ae46cafd5bffaf8abe477a77a28bf6044cab97ffdc54a4c005850f0d0a78219fcfeee85d475b767a6a412eea1e7c3e61fea9203b5a0af9d3f9475aeeb28eac538bc4450a5c9706c78297c43aa74262b0258e0824672eaa1e48aedc4db609c572ad09c40ea6c934cefe98d37d1fd1a5d8363fdb124e019f27abc6fb25becbaa04c58d23829560085f1c988eb030b566d9128aa909b11f8f14b1168f13f81e29a98c6107ac639d08f37671183e9d1", 0xd6, 0xfffffffeffffffff}, {&(0x7f00000033c0)="d2dd15df72226e811d96f09fb44994848ada4f43cbdf9fff992a088cca63195ef16fc4b6efe8bbb7414625f4675389dc94b505b1", 0x34, 0x3}, {&(0x7f0000003400)="69c633958683cef3f710a811191ce9537b01af178b674a70f682ca921b8f54f4169220835561be85d016da35320befeee6c90987b2b1829746220a328712f04bd435ca639867ab8a640c4bd5387d4f88efeb8882eb9d6350319516028e1ccfaeb732a5473a34e91ff4a015765c784f7f8c23f85dc3e9c37d64c0c02e0dbf8c7a3639ea8ffa588c8805ebc713ebbd1fa595337dad80f3c340e7b90468b1b546031fc6ba9e9842673d821f1753efec4cff8cab5bf8f69d42284b67d550", 0xbc, 0x2c55}], 0x0, &(0x7f00000035c0)={[{@sbsector={'sbsector', 0x3d, 0x5b1}}, {@hide='hide'}, {@unhide='unhide'}, {@uid={'uid', 0x3d, r2}}, {@block={'block', 0x3d, 0x800}}, {@gid={'gid', 0x3d, r5}}, {@check_strict='check=strict'}, {@utf8='utf8'}], [{@fowner_lt={'fowner<', r6}}, {@context={'context', 0x3d, 'staff_u'}}]}) fchmod(0xffffffffffffffff, 0x200) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) [ 243.743550] audit: type=1326 audit(1567665744.579:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=11975 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:24 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r0, 0x0, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000001780)={&(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e, &(0x7f0000001680)=[{&(0x7f00000000c0)="934630039dc9d644354567dbfe7397dc368490ef0c3a09907947b4cefa9ec67f8529776da80d3e2fd569ebda0ed1d9d39dfa41944c73daf116c24c3e036951fb1b8ad698634a0761ad4b85a5b51957bf89e58b9f7063bf7d01f332a1f32714558478eb77caed74fb6c4db7ae170a314646060fc00967f106e60bae998402fdd6c3c562662150ae", 0x87}, {&(0x7f0000000180)="e81f11d4ca3280a9d9f5be79f3497ed41b4006e259a0a3bb0fbcd47293f3ce33acaed7b4ea95fe61b482dace26b33d619190774ffb840fd8849f842cd05812589aabb1b5672e61c109c2cf6154f24c2d19edd85049ccf18e5cb07c7beb8f38635f6d13aaa00b69e0326938d709938df8824fcaadb537f352a3c039e080c7f12bad23ad3adb4386163e79bbcb521d7bc5c32d086d1226cfb9f1682fd84c87b32ba5a8782f3a93ffdd3f6db81b979597e48faf7ef2fa0a903d626f00a6f7d9818eaae573b294981981670bf8fd2e0f75281d991ce7f317003aeaa96f3850f695757e4036b8612eaaff7177713de67e342766c3707066eb", 0xf6}, {&(0x7f0000000280)="3708dae29add03ca3aa635a9ea6fd3981dc18eea7c716bb9829f8182ce8da5a9e75e7f0d4329e32afb382d74f06b05c4b008b3d8e928fc8478f97efe7990ea5ed02ac2aa026d2a1f8de5ac32304661535feed973dac0ac73b0ebe6311e03604bff1073015d9ea645806b7b683b53f49c1c0d3ae45c2834470f4bfc6210797c1581e1076e7525886beaba6fc200540865d2de5b9b1c5da9f59bcf40dc5ed96c55193af3fa589a01bd1c1658cb5bb3c91974277dfd9c07c32dc408a5c3de6eedc517cddb5ba5f7dd6d4cd8915ca5720fa256e1a57842a80eceaf60b03927de4a85", 0xe0}, {&(0x7f0000000380)="426454dd041c0cb3c42a9c9129f7e378c9c93d494379defd38e657216d1a84b06dbce8200175944a4304e599df2daae2ccf85c2941cea3f731c474466bfb67c8f097c7f7116f9bf7400bb31844194b1efd0e365b841e224d83f968567c8e9e7cae4437e0ab9b822bc4457f9fab67381cc8910e1bc4a490e382f6f5a9c875af9cd98ed0a9cb8585b518b1c8dc56097904bd7f32bae74b63c51b0bf663b1708ea12db290d4e31ec3369161722efef04f08bbabd6b619e23ab6f3d1d9d9a8e9ffafb3ae74f755a650366e3d1fe32e257b8ee54786b4ef956c5f24bde9107a96f0120c35006730416ea9b12dbea057feefd76fe89e7a2c38f98ec950f816d0db37616c696d55327ce93cf4c03e1dc340d028ecbd29180a0c8a1fda94e48efa59d030ff7cf4e2f2bca8199038c3968e26351c4504a178cf7f678e55d4424809e0d4a2bc4d87070eb58137904a46dc5263f996d765c0e5912e568f0f41469ec2b3529b149283b59cbbd7847b2df9d9ceeecc85fae36b9ea31b0ce8161d8f60d6b3411ab6a594d9556ad939cdf1c98dc689049a194bfa8a2b6a060784a65771c4b4898647e6635cb52079d7b58711bb14b923678b56ae144cdc9cc2af214cd0fe29b2fa0a28d6f543fe8e6de73a332d3897c37389745ae8a8408d8154729e6ae33f987ceb84edcb345b11d59b78b2862c87d0d46f356947767c3dd1ba2baad42139055d4c94710964e7a7bc8f1d595de8af36d27dc91362f102bdc59acd2c9337fd34ca8087bfe7342164557a8e5dfe0221d6cdcd073f22a7fb616cf7fe2689ad5c0190c13de20fc4a811c434c7e4e49fea854ce4655c56b66e65ba5f6e95cbe127323bfa2c43c4019ee21ab9acd26f96a62b1b6551dcc72f7bb80f6bd34f66f4529e3942e3036c13386650edfcb76f8e81960e1313cfd5a7f9620afe423735882e51f431e0430bf9c762471337bf9b8a10d386957e41e87ad86efcd11edd8d4ab235d2abc23659b0ce0761072fc1f73736457b8b18439a99d3e21163dce3fba3e8339d025a1d256d2df6a5331c4ff4745c4355fc1e3fd51797202de192db63f7bb28fd86ff0a4d6539b2ce332c59a9c47141c009224a8aec9f9d9b8d69f60247e85fea81f2c1680941382c03b9b15bb8b28c1a12073bae7da1808913649ed794f233e303cd6e706315a41299b69f7d889d3371795fb70e48be37da142cddb4bfd64bf1b651ba8fd2a0aa597a9e8b580bb1501ff824444dd18bbdbcae9e3accc966d62a975a34ce83d79449482e6ade8c296ee33ee35bd3ec7bc7bb242f45c0506223525b9b1add8b2931f255441e8a9882c4295af2c5d4394f56718859d6814edcace7191934dda3515dea2acaf8ab7c173830b61760da75bcb71e7e979098ab7951fc211ff29904720db0022c6aa985a7824de9fce4499074357a4c8a8e14a9fde38b3b607af5f5916fd6b4f24eef1c1b22b3543513562901fc61f07ffc57d2776b4ce8df178e897b0c85d5c1962f990b5be85fdbda6aa896c38d9ea223949b512f789effd2700a8e761c01c5eacb5f65c6a2186c14e4eca1e75e3d438ac1b78efa7f05ea691cf6f07ac6f86e8ac664f6a9c9bbc9b4ac918f654427a731c256407cd1a6b70b796e35e1374a0c9c3ceda033a331d77ddbcae5438b486eb8183a8eba2f2120f31f7cfd3ffb820813e4abd5ae07b7b8f1d14cf0e49060eb0f00b1cbbdbf569db7c7721b69101d5bc96c2779f81139f6e163585c61c8bd7a30ecfe1b517a13b9837412db0ca41b36071e194187650ff0f59a92677d0bf23a61f3d8d79bb42d2c08dd10f2bc48b20b2518247c8478097d48f5cd648d40f4928098a251edce768a8fc42531620490b277338e18f2f7652c79b0626b8c6f61b9bc3917cca85d437c0148989f3cf7aaee9697f0dea62c96ded4ea072abc57aedd28e28688634da222ba791e9f701a8b96ec4f32f84e03a1507455bc948c082fef70d2afc3e12abc7c31beedc9bc69fdd803ea75e25a8ed8e166881aefbff49be9e3302f218336709f48e0f16ef7dd42e7ec41b56dff338fd82f3bddb3d8542860bcd3bbf6c764597247c471f6495e2eec431bb101ebb5e39aeb88522fd817ae582792d3fea4906c6dc4653beca6a9f72858bd156cfe8f5e6e8d70efd99630d460f757803d93e2002ace80c3c359d34f11c4fa759c00f6a6f301422d666444a2898d74f5d1649d923e5bec472b4eb80bec3efcafdb82a3e5d6640480dd4fe19b214a22ade014131657c67e236f1b8f9ccb6242e19a19915a27c692bdcd19898138024095d369e28c10d3ca7b7700714afccd45fda93cb783b679e37b1a00609987eebfc69e4537e3b9defdd1c81962c9c61f09dd0bac400696e7da55b1565a0b216d9e3ba45af88eab527017900cc0ba86b44396f6c49ca385843582d8cd3521cda8a3cfafed051df8f5252b587ad1c2b22721ca64c0822e0e1ed853d73b700660af995b2ed3916cee135abe346723234a95153206a2d667e9488e4a7f78ef17b040934bd09c1fb0518e096d2ed51938e745a22c2f454b9af1fc1a70a754babe5f1276c6325c57935eba745e9677819f6bf6b5eeeee39d9473a1b449a8f30c323bd83c180056955d684a77e08c826b18a33f6463344524030cf158e5a17a0ecafebe3a197d4e47be6205d6847916cb94a75126bc194c7360d506a12e09b8f503ca956f96eb77b242127a9f15de1e911211bb7dd8b895aa645d6a41695e377a1b860037d68568efbd08df7f7991a80148a2b95e7de2d1f0d76395599bd3e8ba9de2683bccf94466be5dfea2d4f2f258cc0e1cdb9c1eb38f55914eb1bab760a9c13285d6e4ab8f7cff5fcc0ca10f4039490a4b247cb5bdab73d2772d497d28030c077bc436b53d1276b0ca3afd425cbbd603f1f5004b032cf8e08c6cbd4683fd7af5bb0099f4949ebde1b56d11ba0683a7027bc478b1e73ff17ee60da436ae26dac7fdc9b3927e4f0b58d8dda1ef52ea348bf8eea91690b404ebd93a5177bd56cb0ffac0a2f717454fd18db41c3f75ca208ff833d71973f53bbfa5333de9beb855211c47f820b7dfb1bbc24dcc7dc2c3e142c7454b198e5c89a717fb7c65c0bab25d33685dedcbac012adb8db084eed4467dc8e1d1f016c317839a9d4d921a2a394be24e32e6c55d01aa2e11d19b4532b76a2766e408b0c71c38417abcd4538ce0bacee379e1559648348f1f7ad3192a70e03b62e190ec9613e73921bdf86a4c5ab6a987c9d6ae4b56c5438ebe553ee289c14b11bbfa52e197fae54c12cb787d887fa7c0a5ed512024ee06b8c4371745b0a11785655977c2addcba09444c2b0de4569cd6f24b43542e05d8a5410b5ad2706fdc30cf5569e53854e7225c19df6a9a741e44be4636410692f546692791f63d11b127f0e742b2374becfe5c71f933293306be6633710653f63303c9b46b5e234bd60a35dbbe4b52536f0bf6bf89f4ffb97fdf46a1aeecc5d41ef788fed0d85df2c2969ca212cfb8f383c12f2b93b8d205b8e15e1f38d5261c5a1f16635eafd18a729f677f5a2533074b5c1b8a9148fd4cdabe515bbbf3d997d75658db66659d9b37a69b0e8bbaf3b276f87eb24e34b0701712e84a80a99ff366b2b365f9b3ee1315276a9ac785afeb1fde62a610dcc5f2fc170bff60113f969cb93f0524448ca55b43de587da6b273a0c07025e1d9783678fb31f5d676227ae85b19858574182f7b188cb0f6b726a53322236a0e67daec3312e60d68df95038ee565b9d5b56d8b6a1e90c1722f2193feb28dec250becf9114b1b8486ff94edb8fdb862f4a036a4f77e704d7362843a04d73a78da452521148a9db32ac9a42b3010fb48a9bd80f8a829f6d656b2d89e0e706f45549be758b2648eb3e861a145a7a000a4f6b448cb3990fbd1147394cb4f9708d41cb3d1eed16abf1e5e0be1f55417d9dd4e728bc59226d7e0b8449af19254bb189619c3d103959367bb8de5cf40267d6c8694b27851e802fe0d972d3990b345ce8f33fed062470e2ff8c830ddfdf17aa7d9c847ed58e120bcc77d498010598e929104ff5a88d52434efc5db42931a93894f51b9b4985a8c1d8be95e5c9ca55484d1e02bc1b644ef3bfc4d7c6934f277614d982826feef0d38ee00da7b4fa0b0dd375e35144c0f0ce1e2971e274bc3eaa532d6ad037e77a5924733db4ef6fd49e36fd8f7d27beacab3a1a1685ddf46e3944b4bb40151e4e00699631d8b4e8d2adab244319e3d666f2d185c45cde57797003b92ad997fa24bd0661fac8e440311fad720e74e899fc46cd8686ac8ce194c733340fea8f807457e6ab05f51014bd763d24d2c0aa5d8c786cc7d18b8e81a528bf0f30b8568a037a637738068916f521125589a6b5ab0083ad433b48859a617a47d61be7170c9c668552bcf7b3a187b0bf0d61522aba93ddbafa11421d66935f4f82f9f370024e4b0efe378513b11cce1beffc1d1c680a40cc72addc40f4f0b4e37c0f440e820deb6c1ab399c489799883e128b253d09ee6e492d9677348ea5d421c30391582b688a88950abee8bbe8cb7eaa0c25ffb06c7b0969adc4aa1083cf58870772eb089ac16ac8479c7f02b0f2fb2638e81437f148e62f66ab71b346009020cf9bbdcd28e25d39f044807263bc0b278bbfe49b27d1d0fa0c658bfc66069b0ec5decdfaed37cf5da26ea0089227b85861133295ba70470edc8f62fd9381205245d4339bae1e39a41b2729575fa727d84cbeeaf6541f07d9b92809921348c56d23d3fb55811dae68fe0320617b33584e4f90db2fe824743721249314f6c97d7b9ca7488389f5204992a7759281cb0dbb01a3cc948c9f3dd4b2b978b87d5276717813bac97fb2a3f5646d78541e9a8236915688f750d77ef189368ec23f725085ffe3075ec6b5ec93aea7d0c22137d9201d8c667c5f574f64d89ed87b45371d385ea57f8bcdf86567c54a69ff9454b08349beb6db43960ee7327c8ef764fd8b244c36d72270e048c0aab64c22907d5ec6351cabcaae0b797b613b076a179692b82b0a368a2e6e05ab480363d5e0d5de92e040c998ad8fd938ba81b4839dde736d5ab3f7129c54d3659a2a1c8cd746c551f0833ba3c9c77b7f72009ec0589b39d471cb6135c6ba3eb467fd2c1a8ceb68adbcad72bfc25a851830cd1d6cd5ae7356f6489721ae52d5d388226f6b77c817a986417f100a567239027bc1c81d72bf19416944033ac312be3c4328cbcaa3ab10dcd2c3c30353e6577dbd148ff99bfc40a701204e5fa6024e6dc34f09cd304965a8ab8d4439755600b4841005b7196779571eb04a2c4e3ac8b613afa55d0436de0a252524989523422cd49a744dcc14a4c332df9591054247837a142780a30f16498940c590b90edf37df45f2f6b24061578d47135437a1843a49f7ef3696409fde2abaa30537d8b36ff213e6a4385de605cc496359185721d43a8465769904ab556febe85b82833a110bdd628d686695edad50648527006bc3f273027d63c3c5935666880796b44b1af2fa922028f92e8c89a760f691b72787d1d6b0948e07d56a29de5291f561b162ea1f03ec971a5d7eb9dd2e2e43fb8e602bd3216f454a0bd72b5f9822429ccce645d53c149010cee3d72845e0b2bce45b9d1f90c351ea4cd083310973d3de247201d745d34aabe50cf02e17395abfe8a82a1792d1c5d5681c23b23ce96922ed812ecc2df7d375aff1c4eea5d63c8b88b0a429b80fcf02a5fb4c29306c10f6cb7d113d539ad0290ffa51e8077b7c4cbc8608a26629d0d35deebe09a76ba39b79", 0x1000}, {&(0x7f0000001380)="3d2753ce9f445db5889c6b9f9efdd9f1a73b55bba6a5bca78dfa67ff8a9e6331e96201bd50e22c915bc9a3422ef05d2d6edfeb2f9cb19878ff70ffa362a7ca5d8a980f1ceecfcae095f70d42fc4e7dc8da68ffbada6e552155efd0c972a93c54748e07fb6188613c7aa6655bfbdc7f77f749b2e90be0ba5da6f5aac26d8effeb2bbda919bcd73861255261f704ca136062287d3dcd7c5696ea9f66cbedb2790af43f37a8e19467a4df5c49a66746e26c4f0debf432268c01396dab93c1636af2340490de17", 0xc5}, {&(0x7f0000001480)="ed00fc285f31aafa96d0a3e35181b487f1f9bc940945c43422540c10aaa71b9b88d76f5e638ecd", 0x27}, {&(0x7f00000014c0)="e336d1ba8895217dd17d0141970d5a7f91492b7b9f0836f5a66c518cd2b822415e32d8c469814e1dbfaecc72974e3f7350f97fd9855139923caf8305b28ab18c721707da23f22115d7837a0d354f2420204d8729f9abcc361184ddac9eba9320d9affa19896de6cccfc0b2ef61646d13c6e6bfa7b8b97b6d46f19eac2ea1ca0d93b350", 0x83}, {&(0x7f0000001580)="97fc2a9f6c07b9e20460b048d6b9311fe2cef615865f0202688f816fad123ec169bc06ad11f7c4a6818a22abc95624b68d7c578e53be892a9f82460c120a72b936d5bdfb095266e559e6", 0x4a}, {&(0x7f0000001600)="ec03ba307d6839f4ec378b627a4f9bb64231f84a309dc90fa507e70e26e171c729a9fa68a4b5a1efa76555f8743e58e02ed8240e5cb593d1656612ef542fc843c1e99fce7c3cba252b5829df1f55fa654f2edbf2a01893ed805800b0f5b70d249db20f588aa9475f719c4f5e0f76f6f4cc02b5", 0x73}], 0x9, &(0x7f0000001740)=[@rights={{0x1c, 0x1, 0x1, [r0, r0, r0]}}], 0x20, 0x40}, 0x4000000) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r1, 0x0) getdents(r1, &(0x7f0000001800)=""/110, 0x6e) r2 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r2, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000017c0)={0x73622a85, 0x110a}) [ 243.848063] audit: type=1326 audit(1567665744.679:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12010 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 243.877743] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 06:42:24 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:25 executing program 3: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='c\b\x00m\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) r1 = syz_open_dev$swradio(0x0, 0x1, 0x2) read$rfkill(r1, &(0x7f00000001c0), 0x8) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000000)={0x3b, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x1, 'sh\x00', 0x4, 0x69, 0x21}, 0x2c) r2 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r2, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) r3 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f0000000280)={r5, 0x1c, "237a5c3ef6bb91546a94ff010000ffa95f92a726729beb47d32bc5b5"}, &(0x7f0000000100)=0x24) truncate(&(0x7f0000000180)='./file0\x00', 0x3) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r2, 0x84, 0x13, &(0x7f0000000000)={r5, 0x1}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f00000000c0)={r6, 0x100000001}, &(0x7f0000000100)=0x8) getdents(r0, 0x0, 0x0) 06:42:25 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(0xffffffffffffffff, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) 06:42:25 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 244.507423] audit: type=1326 audit(1567665745.339:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12031 comm="syz-executor.3" exe="/root/syz-executor.3" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:25 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 244.614891] *** Guest State *** [ 244.639875] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 244.660490] audit: type=1326 audit(1567665745.469:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12010 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 244.686830] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 244.696933] CR3 = 0x00000000fffbc000 [ 244.708756] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 244.716037] RFLAGS=0xfbf593b407ffc2e2 DR7 = 0x0000000000000400 [ 244.723306] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 244.750194] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 244.758593] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 244.767122] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 244.775615] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 244.784020] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 244.793109] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 244.801541] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 244.809919] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 06:42:25 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f00000000c0)={&(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000080)="c1724a51a09d620804313efaff462513e724d39ff53516c660a9d5dc9066025d06eb9752615914", 0x27, r0}, 0x68) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x0, 0x0, 0x0}) [ 244.883022] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 244.904018] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 06:42:25 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f00000000c0)={&(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ff9000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000080)="c1724a51a09d620804313efaff462513e724d39ff53516c660a9d5dc9066025d06eb9752615914", 0x27, r0}, 0x68) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x0, 0x0, 0x0}) [ 244.933476] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 244.944819] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 244.961119] Interruptibility = 00000000 ActivityState = 00000000 [ 244.975021] *** Host State *** 06:42:25 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000040)='SEG6\x00') sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x5c, r1, 0xc24, 0x70bd27, 0x25dfdbfc, {}, [@SEG6_ATTR_ALGID={0x8, 0x6, 0x5fe1c12f}, @SEG6_ATTR_DSTLEN={0x8, 0x2, 0x8}, @SEG6_ATTR_SECRET={0xc, 0x4, [0xffffffff, 0x1]}, @SEG6_ATTR_SECRETLEN={0x8, 0x5, 0x4}, @SEG6_ATTR_SECRETLEN={0x8, 0x5, 0x1}, @SEG6_ATTR_DST={0x14, 0x1, @initdev={0xfe, 0x88, [], 0x1, 0x0}}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0xfffffffffffffffc}]}, 0x5c}, 0x1, 0x0, 0x0, 0x10004}, 0x22000004) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r0, 0x0, 0x0) [ 244.983899] RIP = 0xffffffff81174990 RSP = 0xffff88805d6ff998 [ 245.012885] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 06:42:25 executing program 1: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r0, 0x0, 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000001780)={&(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e, &(0x7f0000001680)=[{&(0x7f00000000c0)="934630039dc9d644354567dbfe7397dc368490ef0c3a09907947b4cefa9ec67f8529776da80d3e2fd569ebda0ed1d9d39dfa41944c73daf116c24c3e036951fb1b8ad698634a0761ad4b85a5b51957bf89e58b9f7063bf7d01f332a1f32714558478eb77caed74fb6c4db7ae170a314646060fc00967f106e60bae998402fdd6c3c562662150ae", 0x87}, {&(0x7f0000000180)="e81f11d4ca3280a9d9f5be79f3497ed41b4006e259a0a3bb0fbcd47293f3ce33acaed7b4ea95fe61b482dace26b33d619190774ffb840fd8849f842cd05812589aabb1b5672e61c109c2cf6154f24c2d19edd85049ccf18e5cb07c7beb8f38635f6d13aaa00b69e0326938d709938df8824fcaadb537f352a3c039e080c7f12bad23ad3adb4386163e79bbcb521d7bc5c32d086d1226cfb9f1682fd84c87b32ba5a8782f3a93ffdd3f6db81b979597e48faf7ef2fa0a903d626f00a6f7d9818eaae573b294981981670bf8fd2e0f75281d991ce7f317003aeaa96f3850f695757e4036b8612eaaff7177713de67e342766c3707066eb", 0xf6}, {&(0x7f0000000280)="3708dae29add03ca3aa635a9ea6fd3981dc18eea7c716bb9829f8182ce8da5a9e75e7f0d4329e32afb382d74f06b05c4b008b3d8e928fc8478f97efe7990ea5ed02ac2aa026d2a1f8de5ac32304661535feed973dac0ac73b0ebe6311e03604bff1073015d9ea645806b7b683b53f49c1c0d3ae45c2834470f4bfc6210797c1581e1076e7525886beaba6fc200540865d2de5b9b1c5da9f59bcf40dc5ed96c55193af3fa589a01bd1c1658cb5bb3c91974277dfd9c07c32dc408a5c3de6eedc517cddb5ba5f7dd6d4cd8915ca5720fa256e1a57842a80eceaf60b03927de4a85", 0xe0}, {&(0x7f0000000380)="426454dd041c0cb3c42a9c9129f7e378c9c93d494379defd38e657216d1a84b06dbce8200175944a4304e599df2daae2ccf85c2941cea3f731c474466bfb67c8f097c7f7116f9bf7400bb31844194b1efd0e365b841e224d83f968567c8e9e7cae4437e0ab9b822bc4457f9fab67381cc8910e1bc4a490e382f6f5a9c875af9cd98ed0a9cb8585b518b1c8dc56097904bd7f32bae74b63c51b0bf663b1708ea12db290d4e31ec3369161722efef04f08bbabd6b619e23ab6f3d1d9d9a8e9ffafb3ae74f755a650366e3d1fe32e257b8ee54786b4ef956c5f24bde9107a96f0120c35006730416ea9b12dbea057feefd76fe89e7a2c38f98ec950f816d0db37616c696d55327ce93cf4c03e1dc340d028ecbd29180a0c8a1fda94e48efa59d030ff7cf4e2f2bca8199038c3968e26351c4504a178cf7f678e55d4424809e0d4a2bc4d87070eb58137904a46dc5263f996d765c0e5912e568f0f41469ec2b3529b149283b59cbbd7847b2df9d9ceeecc85fae36b9ea31b0ce8161d8f60d6b3411ab6a594d9556ad939cdf1c98dc689049a194bfa8a2b6a060784a65771c4b4898647e6635cb52079d7b58711bb14b923678b56ae144cdc9cc2af214cd0fe29b2fa0a28d6f543fe8e6de73a332d3897c37389745ae8a8408d8154729e6ae33f987ceb84edcb345b11d59b78b2862c87d0d46f356947767c3dd1ba2baad42139055d4c94710964e7a7bc8f1d595de8af36d27dc91362f102bdc59acd2c9337fd34ca8087bfe7342164557a8e5dfe0221d6cdcd073f22a7fb616cf7fe2689ad5c0190c13de20fc4a811c434c7e4e49fea854ce4655c56b66e65ba5f6e95cbe127323bfa2c43c4019ee21ab9acd26f96a62b1b6551dcc72f7bb80f6bd34f66f4529e3942e3036c13386650edfcb76f8e81960e1313cfd5a7f9620afe423735882e51f431e0430bf9c762471337bf9b8a10d386957e41e87ad86efcd11edd8d4ab235d2abc23659b0ce0761072fc1f73736457b8b18439a99d3e21163dce3fba3e8339d025a1d256d2df6a5331c4ff4745c4355fc1e3fd51797202de192db63f7bb28fd86ff0a4d6539b2ce332c59a9c47141c009224a8aec9f9d9b8d69f60247e85fea81f2c1680941382c03b9b15bb8b28c1a12073bae7da1808913649ed794f233e303cd6e706315a41299b69f7d889d3371795fb70e48be37da142cddb4bfd64bf1b651ba8fd2a0aa597a9e8b580bb1501ff824444dd18bbdbcae9e3accc966d62a975a34ce83d79449482e6ade8c296ee33ee35bd3ec7bc7bb242f45c0506223525b9b1add8b2931f255441e8a9882c4295af2c5d4394f56718859d6814edcace7191934dda3515dea2acaf8ab7c173830b61760da75bcb71e7e979098ab7951fc211ff29904720db0022c6aa985a7824de9fce4499074357a4c8a8e14a9fde38b3b607af5f5916fd6b4f24eef1c1b22b3543513562901fc61f07ffc57d2776b4ce8df178e897b0c85d5c1962f990b5be85fdbda6aa896c38d9ea223949b512f789effd2700a8e761c01c5eacb5f65c6a2186c14e4eca1e75e3d438ac1b78efa7f05ea691cf6f07ac6f86e8ac664f6a9c9bbc9b4ac918f654427a731c256407cd1a6b70b796e35e1374a0c9c3ceda033a331d77ddbcae5438b486eb8183a8eba2f2120f31f7cfd3ffb820813e4abd5ae07b7b8f1d14cf0e49060eb0f00b1cbbdbf569db7c7721b69101d5bc96c2779f81139f6e163585c61c8bd7a30ecfe1b517a13b9837412db0ca41b36071e194187650ff0f59a92677d0bf23a61f3d8d79bb42d2c08dd10f2bc48b20b2518247c8478097d48f5cd648d40f4928098a251edce768a8fc42531620490b277338e18f2f7652c79b0626b8c6f61b9bc3917cca85d437c0148989f3cf7aaee9697f0dea62c96ded4ea072abc57aedd28e28688634da222ba791e9f701a8b96ec4f32f84e03a1507455bc948c082fef70d2afc3e12abc7c31beedc9bc69fdd803ea75e25a8ed8e166881aefbff49be9e3302f218336709f48e0f16ef7dd42e7ec41b56dff338fd82f3bddb3d8542860bcd3bbf6c764597247c471f6495e2eec431bb101ebb5e39aeb88522fd817ae582792d3fea4906c6dc4653beca6a9f72858bd156cfe8f5e6e8d70efd99630d460f757803d93e2002ace80c3c359d34f11c4fa759c00f6a6f301422d666444a2898d74f5d1649d923e5bec472b4eb80bec3efcafdb82a3e5d6640480dd4fe19b214a22ade014131657c67e236f1b8f9ccb6242e19a19915a27c692bdcd19898138024095d369e28c10d3ca7b7700714afccd45fda93cb783b679e37b1a00609987eebfc69e4537e3b9defdd1c81962c9c61f09dd0bac400696e7da55b1565a0b216d9e3ba45af88eab527017900cc0ba86b44396f6c49ca385843582d8cd3521cda8a3cfafed051df8f5252b587ad1c2b22721ca64c0822e0e1ed853d73b700660af995b2ed3916cee135abe346723234a95153206a2d667e9488e4a7f78ef17b040934bd09c1fb0518e096d2ed51938e745a22c2f454b9af1fc1a70a754babe5f1276c6325c57935eba745e9677819f6bf6b5eeeee39d9473a1b449a8f30c323bd83c180056955d684a77e08c826b18a33f6463344524030cf158e5a17a0ecafebe3a197d4e47be6205d6847916cb94a75126bc194c7360d506a12e09b8f503ca956f96eb77b242127a9f15de1e911211bb7dd8b895aa645d6a41695e377a1b860037d68568efbd08df7f7991a80148a2b95e7de2d1f0d76395599bd3e8ba9de2683bccf94466be5dfea2d4f2f258cc0e1cdb9c1eb38f55914eb1bab760a9c13285d6e4ab8f7cff5fcc0ca10f4039490a4b247cb5bdab73d2772d497d28030c077bc436b53d1276b0ca3afd425cbbd603f1f5004b032cf8e08c6cbd4683fd7af5bb0099f4949ebde1b56d11ba0683a7027bc478b1e73ff17ee60da436ae26dac7fdc9b3927e4f0b58d8dda1ef52ea348bf8eea91690b404ebd93a5177bd56cb0ffac0a2f717454fd18db41c3f75ca208ff833d71973f53bbfa5333de9beb855211c47f820b7dfb1bbc24dcc7dc2c3e142c7454b198e5c89a717fb7c65c0bab25d33685dedcbac012adb8db084eed4467dc8e1d1f016c317839a9d4d921a2a394be24e32e6c55d01aa2e11d19b4532b76a2766e408b0c71c38417abcd4538ce0bacee379e1559648348f1f7ad3192a70e03b62e190ec9613e73921bdf86a4c5ab6a987c9d6ae4b56c5438ebe553ee289c14b11bbfa52e197fae54c12cb787d887fa7c0a5ed512024ee06b8c4371745b0a11785655977c2addcba09444c2b0de4569cd6f24b43542e05d8a5410b5ad2706fdc30cf5569e53854e7225c19df6a9a741e44be4636410692f546692791f63d11b127f0e742b2374becfe5c71f933293306be6633710653f63303c9b46b5e234bd60a35dbbe4b52536f0bf6bf89f4ffb97fdf46a1aeecc5d41ef788fed0d85df2c2969ca212cfb8f383c12f2b93b8d205b8e15e1f38d5261c5a1f16635eafd18a729f677f5a2533074b5c1b8a9148fd4cdabe515bbbf3d997d75658db66659d9b37a69b0e8bbaf3b276f87eb24e34b0701712e84a80a99ff366b2b365f9b3ee1315276a9ac785afeb1fde62a610dcc5f2fc170bff60113f969cb93f0524448ca55b43de587da6b273a0c07025e1d9783678fb31f5d676227ae85b19858574182f7b188cb0f6b726a53322236a0e67daec3312e60d68df95038ee565b9d5b56d8b6a1e90c1722f2193feb28dec250becf9114b1b8486ff94edb8fdb862f4a036a4f77e704d7362843a04d73a78da452521148a9db32ac9a42b3010fb48a9bd80f8a829f6d656b2d89e0e706f45549be758b2648eb3e861a145a7a000a4f6b448cb3990fbd1147394cb4f9708d41cb3d1eed16abf1e5e0be1f55417d9dd4e728bc59226d7e0b8449af19254bb189619c3d103959367bb8de5cf40267d6c8694b27851e802fe0d972d3990b345ce8f33fed062470e2ff8c830ddfdf17aa7d9c847ed58e120bcc77d498010598e929104ff5a88d52434efc5db42931a93894f51b9b4985a8c1d8be95e5c9ca55484d1e02bc1b644ef3bfc4d7c6934f277614d982826feef0d38ee00da7b4fa0b0dd375e35144c0f0ce1e2971e274bc3eaa532d6ad037e77a5924733db4ef6fd49e36fd8f7d27beacab3a1a1685ddf46e3944b4bb40151e4e00699631d8b4e8d2adab244319e3d666f2d185c45cde57797003b92ad997fa24bd0661fac8e440311fad720e74e899fc46cd8686ac8ce194c733340fea8f807457e6ab05f51014bd763d24d2c0aa5d8c786cc7d18b8e81a528bf0f30b8568a037a637738068916f521125589a6b5ab0083ad433b48859a617a47d61be7170c9c668552bcf7b3a187b0bf0d61522aba93ddbafa11421d66935f4f82f9f370024e4b0efe378513b11cce1beffc1d1c680a40cc72addc40f4f0b4e37c0f440e820deb6c1ab399c489799883e128b253d09ee6e492d9677348ea5d421c30391582b688a88950abee8bbe8cb7eaa0c25ffb06c7b0969adc4aa1083cf58870772eb089ac16ac8479c7f02b0f2fb2638e81437f148e62f66ab71b346009020cf9bbdcd28e25d39f044807263bc0b278bbfe49b27d1d0fa0c658bfc66069b0ec5decdfaed37cf5da26ea0089227b85861133295ba70470edc8f62fd9381205245d4339bae1e39a41b2729575fa727d84cbeeaf6541f07d9b92809921348c56d23d3fb55811dae68fe0320617b33584e4f90db2fe824743721249314f6c97d7b9ca7488389f5204992a7759281cb0dbb01a3cc948c9f3dd4b2b978b87d5276717813bac97fb2a3f5646d78541e9a8236915688f750d77ef189368ec23f725085ffe3075ec6b5ec93aea7d0c22137d9201d8c667c5f574f64d89ed87b45371d385ea57f8bcdf86567c54a69ff9454b08349beb6db43960ee7327c8ef764fd8b244c36d72270e048c0aab64c22907d5ec6351cabcaae0b797b613b076a179692b82b0a368a2e6e05ab480363d5e0d5de92e040c998ad8fd938ba81b4839dde736d5ab3f7129c54d3659a2a1c8cd746c551f0833ba3c9c77b7f72009ec0589b39d471cb6135c6ba3eb467fd2c1a8ceb68adbcad72bfc25a851830cd1d6cd5ae7356f6489721ae52d5d388226f6b77c817a986417f100a567239027bc1c81d72bf19416944033ac312be3c4328cbcaa3ab10dcd2c3c30353e6577dbd148ff99bfc40a701204e5fa6024e6dc34f09cd304965a8ab8d4439755600b4841005b7196779571eb04a2c4e3ac8b613afa55d0436de0a252524989523422cd49a744dcc14a4c332df9591054247837a142780a30f16498940c590b90edf37df45f2f6b24061578d47135437a1843a49f7ef3696409fde2abaa30537d8b36ff213e6a4385de605cc496359185721d43a8465769904ab556febe85b82833a110bdd628d686695edad50648527006bc3f273027d63c3c5935666880796b44b1af2fa922028f92e8c89a760f691b72787d1d6b0948e07d56a29de5291f561b162ea1f03ec971a5d7eb9dd2e2e43fb8e602bd3216f454a0bd72b5f9822429ccce645d53c149010cee3d72845e0b2bce45b9d1f90c351ea4cd083310973d3de247201d745d34aabe50cf02e17395abfe8a82a1792d1c5d5681c23b23ce96922ed812ecc2df7d375aff1c4eea5d63c8b88b0a429b80fcf02a5fb4c29306c10f6cb7d113d539ad0290ffa51e8077b7c4cbc8608a26629d0d35deebe09a76ba39b79", 0x1000}, {&(0x7f0000001380)="3d2753ce9f445db5889c6b9f9efdd9f1a73b55bba6a5bca78dfa67ff8a9e6331e96201bd50e22c915bc9a3422ef05d2d6edfeb2f9cb19878ff70ffa362a7ca5d8a980f1ceecfcae095f70d42fc4e7dc8da68ffbada6e552155efd0c972a93c54748e07fb6188613c7aa6655bfbdc7f77f749b2e90be0ba5da6f5aac26d8effeb2bbda919bcd73861255261f704ca136062287d3dcd7c5696ea9f66cbedb2790af43f37a8e19467a4df5c49a66746e26c4f0debf432268c01396dab93c1636af2340490de17", 0xc5}, {&(0x7f0000001480)="ed00fc285f31aafa96d0a3e35181b487f1f9bc940945c43422540c10aaa71b9b88d76f5e638ecd", 0x27}, {&(0x7f00000014c0)="e336d1ba8895217dd17d0141970d5a7f91492b7b9f0836f5a66c518cd2b822415e32d8c469814e1dbfaecc72974e3f7350f97fd9855139923caf8305b28ab18c721707da23f22115d7837a0d354f2420204d8729f9abcc361184ddac9eba9320d9affa19896de6cccfc0b2ef61646d13c6e6bfa7b8b97b6d46f19eac2ea1ca0d93b350", 0x83}, {&(0x7f0000001580)="97fc2a9f6c07b9e20460b048d6b9311fe2cef615865f0202688f816fad123ec169bc06ad11f7c4a6818a22abc95624b68d7c578e53be892a9f82460c120a72b936d5bdfb095266e559e6", 0x4a}, {&(0x7f0000001600)="ec03ba307d6839f4ec378b627a4f9bb64231f84a309dc90fa507e70e26e171c729a9fa68a4b5a1efa76555f8743e58e02ed8240e5cb593d1656612ef542fc843c1e99fce7c3cba252b5829df1f55fa654f2edbf2a01893ed805800b0f5b70d249db20f588aa9475f719c4f5e0f76f6f4cc02b5", 0x73}], 0x9, &(0x7f0000001740)=[@rights={{0x1c, 0x1, 0x1, [r0, r0, r0]}}], 0x20, 0x40}, 0x4000000) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r1, 0x0) getdents(r1, &(0x7f0000001800)=""/110, 0x6e) r2 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r2, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f00000017c0)={0x73622a85, 0x110a}) [ 245.033319] FSBase=00007fbbc5cdf700 GSBase=ffff8880aee00000 TRBase=fffffe0000003000 [ 245.062899] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 245.069614] audit: type=1326 audit(1567665745.899:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12061 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 245.078659] CR0=0000000080050033 CR3=000000008ac78000 CR4=00000000001426f0 [ 245.107140] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff862018e0 [ 245.119215] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 245.130548] *** Control State *** [ 245.139499] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2 [ 245.158294] EntryControls=0000d1ff ExitControls=002fefff [ 245.173886] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 245.189149] audit: type=1326 audit(1567665745.939:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12064 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 245.194377] VMEntry: intr_info=00000000 errcode=00000000 ilen=00000000 06:42:26 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x1002) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="075b0426"], 0x0, 0x0, 0x0}) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x20400, 0x0) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f0000000140)={{&(0x7f00000000c0)=""/26, 0x1a}, &(0x7f0000000100), 0x2}, 0x20) r3 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x0, 0x0, 0x0}) [ 245.259288] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 245.277916] reason=80000021 qualification=0000000000000000 [ 245.326420] IDTVectoring: info=00000000 errcode=00000000 [ 245.342524] TSC Offset = 0xffffff7a8061331e [ 245.352543] EPT pointer = 0x00000000a5aaa01e [ 245.366172] Virtual processor ID = 0x0001 [ 245.372103] binder: 12072:12073 unknown command 637819655 [ 245.393206] binder: 12072:12073 ioctl c0306201 20012000 returned -22 06:42:26 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) 06:42:26 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:26 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 245.428065] binder: 12072:12073 unknown command 637819653 [ 245.450428] binder: 12072:12073 ioctl c0306201 20012000 returned -22 06:42:26 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = syz_open_dev$swradio(0x0, 0x1, 0x2) read$rfkill(r1, &(0x7f00000001c0), 0x8) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000000)={0x3b, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x1, 'sh\x00', 0x4, 0x69, 0x21}, 0x2c) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r2, 0x0) r3 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r3, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) r4 = semget(0x3, 0x1, 0x2) semctl$SEM_INFO(r4, 0x3, 0x13, &(0x7f0000000040)=""/75) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r5, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r5, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYRES64, @ANYRES64=r0, @ANYPTR64=&(0x7f0000000180)=ANY=[@ANYRES64=r2, @ANYRESHEX, @ANYRESOCT, @ANYRESOCT=0x0, @ANYRES32=r3, @ANYRES64=r5]], 0x3}, 0x1, 0x0, 0x0, 0x40}, 0x0) 06:42:26 executing program 0: r0 = gettid() r1 = syz_open_procfs(r0, &(0x7f0000000140)='\x118\xe3\xceip_v\x00\x00\x00\x00\x00\xf3\xff\xff\xff\x00\x00\x00\x00\x00\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r1, 0x0, 0x0) 06:42:26 executing program 1: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) bind$inet6(0xffffffffffffffff, &(0x7f000047b000)={0xa, 0x0, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x80000000000000bd) ioctl$KVM_SET_BOOT_CPU_ID(0xffffffffffffffff, 0xae78, &(0x7f0000000140)) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, 0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f00000f0000/0x4000)=nil, 0x4000, 0x2, 0x10, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r2, 0x0) sendmsg$inet(r2, &(0x7f0000000680)={&(0x7f00000001c0)={0x2, 0x4e22, @empty}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000240)="b44c4ada1cf331cdbf336c87c4b5acf95547306832e8f2b8ebe1e946004572817fe2ff2952f0", 0x26}, {&(0x7f0000000280)="65a9ddcb08ebfde23bcb2335f124a364f2f22a19952b0f25bd8be46a6b9fbfd53a7524b10150fdaa68b307fcaad123e158b16277471f81c0df4f33d09904deaccb5685b2d6e9c2a5435f2f121e924da5ee0329a1c213d1f181eab04e852c07d4aaf734cfbf469e877c52ac3ff02cd394cfd334c8589bbbc38e79008adfc7f46728eb49a1fe51", 0x86}, {&(0x7f0000000340)="068cdcf443bf6a4ea89a05b33b1d68240196229d389f819613bd6f78d2b016af7946d653d4a77118e29599e719e83417ca86d85af2ed71e8aabf08e97921a30b44c28e6d10e1da4413ca6722604af0aace7f03c328c3a1785ee39293a462bab50bce13e71ac4ad8daa6ccf", 0x6b}, {&(0x7f00000003c0)="d7846726f609d6ffe45501b2b225c82bf8862f73ded0f19b2a467997624981919d585e4497e1f6e67444b4341c0bc3f7e13fa1e55e1a76f3c1294130d15ac98584d8d625cd232af35283f7230b8af70a5f1e7d0bfe1e710b74efd0487ea51f8bf6024bf2c648eba1a9bd9bafaff1", 0x6e}, {&(0x7f0000000440)="7c1d0abe4856b1b4f779", 0xa}, {&(0x7f0000000480)="4237def4fc706025c907b86e8447111834869e5516adc5a91c9b5b4f3d1f071a8744b1a2ca4eb818503356df8fb9278f9df3e29015cf9225c78859c2fc4e1496627b141ecec73c00a7358bb10cbba3887b212354e3664a9f13ddbda2af1d5394660a91f5338ee4b8680a03fe69aefdf483bbd4d0e3af9bb86cb7d9a050be62c3b3f42fb2783f24cc8ee0d028b636cb04118fe46656e49a735327bc3f9b23f30988dd3289e3f830cc8e6449289851ef1d699399733ed899d55cd70e6e5e1513093277432b19bed990e735272eb105e67e541eccb540090ec0db15d53ccaf7", 0xde}], 0x6, &(0x7f0000000600)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x200}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x1}}, @ip_ttl={{0x14, 0x0, 0x2, 0x1}}], 0x48}, 0x2002001b) ioctl$RTC_WKALM_RD(0xffffffffffffffff, 0x80287010, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x5c831, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_open_dev$audion(0x0, 0x0, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(0xffffffffffffffff, 0x0, 0x1) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000cfc000/0x18000)=nil, 0x0, 0xfffffffffffffefd, 0x1, &(0x7f0000000180), 0x10000000000000a2) close(r1) ioctl$NBD_CLEAR_QUE(0xffffffffffffffff, 0xab05) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_KVMCLOCK_CTRL(r0, 0xaead) syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="6d66745f7a6f6e655f6d756c7469706c6965723d3078303030303030303030303030303030302c73686f775f7379735f66696c65733d6e6f2c6572726f7273030065636f7665722c756d61736b3d30303030303030303030303030303030303030303030302c756d61736b3d30303030303030303030303030303030303030303030302c756d61736b3d30303030303030303030303030303030303030303030302a6d66de285ffeadd76bad8c9b06745f7a6f6e655f6d756c7469706c6965723d3078303030303030303030303030303030322c756d61736b3d30803030303030303030303030303030303030303030302c00"]) r6 = syz_open_dev$radio(&(0x7f0000000140)='/dev/radio#\x00', 0x3, 0x2) ioctl$EVIOCSABS0(r6, 0x401845c0, &(0x7f0000000200)={0x2, 0x3f, 0x81, 0x9, 0x6, 0x7}) 06:42:26 executing program 3: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) bind$inet6(0xffffffffffffffff, &(0x7f000047b000)={0xa, 0x0, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x80000000000000bd) ioctl$KVM_SET_BOOT_CPU_ID(0xffffffffffffffff, 0xae78, &(0x7f0000000140)) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, 0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f00000f0000/0x4000)=nil, 0x4000, 0x2, 0x10, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r2, 0x0) sendmsg$inet(r2, &(0x7f0000000680)={&(0x7f00000001c0)={0x2, 0x4e22, @empty}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000240)="b44c4ada1cf331cdbf336c87c4b5acf95547306832e8f2b8ebe1e946004572817fe2ff2952f0", 0x26}, {&(0x7f0000000280)="65a9ddcb08ebfde23bcb2335f124a364f2f22a19952b0f25bd8be46a6b9fbfd53a7524b10150fdaa68b307fcaad123e158b16277471f81c0df4f33d09904deaccb5685b2d6e9c2a5435f2f121e924da5ee0329a1c213d1f181eab04e852c07d4aaf734cfbf469e877c52ac3ff02cd394cfd334c8589bbbc38e79008adfc7f46728eb49a1fe51", 0x86}, {&(0x7f0000000340)="068cdcf443bf6a4ea89a05b33b1d68240196229d389f819613bd6f78d2b016af7946d653d4a77118e29599e719e83417ca86d85af2ed71e8aabf08e97921a30b44c28e6d10e1da4413ca6722604af0aace7f03c328c3a1785ee39293a462bab50bce13e71ac4ad8daa6ccf", 0x6b}, {&(0x7f00000003c0)="d7846726f609d6ffe45501b2b225c82bf8862f73ded0f19b2a467997624981919d585e4497e1f6e67444b4341c0bc3f7e13fa1e55e1a76f3c1294130d15ac98584d8d625cd232af35283f7230b8af70a5f1e7d0bfe1e710b74efd0487ea51f8bf6024bf2c648eba1a9bd9bafaff1", 0x6e}, {&(0x7f0000000440)="7c1d0abe4856b1b4f779", 0xa}, {&(0x7f0000000480)="4237def4fc706025c907b86e8447111834869e5516adc5a91c9b5b4f3d1f071a8744b1a2ca4eb818503356df8fb9278f9df3e29015cf9225c78859c2fc4e1496627b141ecec73c00a7358bb10cbba3887b212354e3664a9f13ddbda2af1d5394660a91f5338ee4b8680a03fe69aefdf483bbd4d0e3af9bb86cb7d9a050be62c3b3f42fb2783f24cc8ee0d028b636cb04118fe46656e49a735327bc3f9b23f30988dd3289e3f830cc8e6449289851ef1d699399733ed899d55cd70e6e5e1513093277432b19bed990e735272eb105e67e541eccb540090ec0db15d53ccaf7", 0xde}], 0x6, &(0x7f0000000600)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x200}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x1}}, @ip_ttl={{0x14, 0x0, 0x2, 0x1}}], 0x48}, 0x2002001b) ioctl$RTC_WKALM_RD(0xffffffffffffffff, 0x80287010, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x5c831, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_open_dev$audion(0x0, 0x0, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(0xffffffffffffffff, 0x0, 0x1) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000cfc000/0x18000)=nil, 0x0, 0xfffffffffffffefd, 0x1, &(0x7f0000000180), 0x10000000000000a2) close(r1) ioctl$NBD_CLEAR_QUE(0xffffffffffffffff, 0xab05) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_KVMCLOCK_CTRL(r0, 0xaead) syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="6d66745f7a6f6e655f6d756c7469706c6965723d3078303030303030303030303030303030302c73686f775f7379735f66696c65733d6e6f2c6572726f7273030065636f7665722c756d61736b3d30303030303030303030303030303030303030303030302c756d61736b3d30303030303030303030303030303030303030303030302c756d61736b3d30303030303030303030303030303030303030303030302a6d66de285ffeadd76bad8c9b06745f7a6f6e655f6d756c7469706c6965723d3078303030303030303030303030303030322c756d61736b3d30803030303030303030303030303030303030303030302c00"]) r6 = syz_open_dev$radio(&(0x7f0000000140)='/dev/radio#\x00', 0x3, 0x2) ioctl$EVIOCSABS0(r6, 0x401845c0, &(0x7f0000000200)={0x2, 0x3f, 0x81, 0x9, 0x6, 0x7}) 06:42:27 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) 06:42:27 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:27 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:27 executing program 1: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) bind$inet6(0xffffffffffffffff, &(0x7f000047b000)={0xa, 0x0, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x80000000000000bd) ioctl$KVM_SET_BOOT_CPU_ID(0xffffffffffffffff, 0xae78, &(0x7f0000000140)) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, 0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f00000f0000/0x4000)=nil, 0x4000, 0x2, 0x10, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r2, 0x0) sendmsg$inet(r2, &(0x7f0000000680)={&(0x7f00000001c0)={0x2, 0x4e22, @empty}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000240)="b44c4ada1cf331cdbf336c87c4b5acf95547306832e8f2b8ebe1e946004572817fe2ff2952f0", 0x26}, {&(0x7f0000000280)="65a9ddcb08ebfde23bcb2335f124a364f2f22a19952b0f25bd8be46a6b9fbfd53a7524b10150fdaa68b307fcaad123e158b16277471f81c0df4f33d09904deaccb5685b2d6e9c2a5435f2f121e924da5ee0329a1c213d1f181eab04e852c07d4aaf734cfbf469e877c52ac3ff02cd394cfd334c8589bbbc38e79008adfc7f46728eb49a1fe51", 0x86}, {&(0x7f0000000340)="068cdcf443bf6a4ea89a05b33b1d68240196229d389f819613bd6f78d2b016af7946d653d4a77118e29599e719e83417ca86d85af2ed71e8aabf08e97921a30b44c28e6d10e1da4413ca6722604af0aace7f03c328c3a1785ee39293a462bab50bce13e71ac4ad8daa6ccf", 0x6b}, {&(0x7f00000003c0)="d7846726f609d6ffe45501b2b225c82bf8862f73ded0f19b2a467997624981919d585e4497e1f6e67444b4341c0bc3f7e13fa1e55e1a76f3c1294130d15ac98584d8d625cd232af35283f7230b8af70a5f1e7d0bfe1e710b74efd0487ea51f8bf6024bf2c648eba1a9bd9bafaff1", 0x6e}, {&(0x7f0000000440)="7c1d0abe4856b1b4f779", 0xa}, {&(0x7f0000000480)="4237def4fc706025c907b86e8447111834869e5516adc5a91c9b5b4f3d1f071a8744b1a2ca4eb818503356df8fb9278f9df3e29015cf9225c78859c2fc4e1496627b141ecec73c00a7358bb10cbba3887b212354e3664a9f13ddbda2af1d5394660a91f5338ee4b8680a03fe69aefdf483bbd4d0e3af9bb86cb7d9a050be62c3b3f42fb2783f24cc8ee0d028b636cb04118fe46656e49a735327bc3f9b23f30988dd3289e3f830cc8e6449289851ef1d699399733ed899d55cd70e6e5e1513093277432b19bed990e735272eb105e67e541eccb540090ec0db15d53ccaf7", 0xde}], 0x6, &(0x7f0000000600)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x200}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x1}}, @ip_ttl={{0x14, 0x0, 0x2, 0x1}}], 0x48}, 0x2002001b) ioctl$RTC_WKALM_RD(0xffffffffffffffff, 0x80287010, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x5c831, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_open_dev$audion(0x0, 0x0, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(0xffffffffffffffff, 0x0, 0x1) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000cfc000/0x18000)=nil, 0x0, 0xfffffffffffffefd, 0x1, &(0x7f0000000180), 0x10000000000000a2) close(r1) ioctl$NBD_CLEAR_QUE(0xffffffffffffffff, 0xab05) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_KVMCLOCK_CTRL(r0, 0xaead) syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="6d66745f7a6f6e655f6d756c7469706c6965723d3078303030303030303030303030303030302c73686f775f7379735f66696c65733d6e6f2c6572726f7273030065636f7665722c756d61736b3d30303030303030303030303030303030303030303030302c756d61736b3d30303030303030303030303030303030303030303030302c756d61736b3d30303030303030303030303030303030303030303030302a6d66de285ffeadd76bad8c9b06745f7a6f6e655f6d756c7469706c6965723d3078303030303030303030303030303030322c756d61736b3d30803030303030303030303030303030303030303030302c00"]) r6 = syz_open_dev$radio(&(0x7f0000000140)='/dev/radio#\x00', 0x3, 0x2) ioctl$EVIOCSABS0(r6, 0x401845c0, &(0x7f0000000200)={0x2, 0x3f, 0x81, 0x9, 0x6, 0x7}) 06:42:27 executing program 3: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) bind$inet6(0xffffffffffffffff, &(0x7f000047b000)={0xa, 0x0, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x80000000000000bd) ioctl$KVM_SET_BOOT_CPU_ID(0xffffffffffffffff, 0xae78, &(0x7f0000000140)) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, 0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f00000f0000/0x4000)=nil, 0x4000, 0x2, 0x10, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r2, 0x0) sendmsg$inet(r2, &(0x7f0000000680)={&(0x7f00000001c0)={0x2, 0x4e22, @empty}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000240)="b44c4ada1cf331cdbf336c87c4b5acf95547306832e8f2b8ebe1e946004572817fe2ff2952f0", 0x26}, {&(0x7f0000000280)="65a9ddcb08ebfde23bcb2335f124a364f2f22a19952b0f25bd8be46a6b9fbfd53a7524b10150fdaa68b307fcaad123e158b16277471f81c0df4f33d09904deaccb5685b2d6e9c2a5435f2f121e924da5ee0329a1c213d1f181eab04e852c07d4aaf734cfbf469e877c52ac3ff02cd394cfd334c8589bbbc38e79008adfc7f46728eb49a1fe51", 0x86}, {&(0x7f0000000340)="068cdcf443bf6a4ea89a05b33b1d68240196229d389f819613bd6f78d2b016af7946d653d4a77118e29599e719e83417ca86d85af2ed71e8aabf08e97921a30b44c28e6d10e1da4413ca6722604af0aace7f03c328c3a1785ee39293a462bab50bce13e71ac4ad8daa6ccf", 0x6b}, {&(0x7f00000003c0)="d7846726f609d6ffe45501b2b225c82bf8862f73ded0f19b2a467997624981919d585e4497e1f6e67444b4341c0bc3f7e13fa1e55e1a76f3c1294130d15ac98584d8d625cd232af35283f7230b8af70a5f1e7d0bfe1e710b74efd0487ea51f8bf6024bf2c648eba1a9bd9bafaff1", 0x6e}, {&(0x7f0000000440)="7c1d0abe4856b1b4f779", 0xa}, {&(0x7f0000000480)="4237def4fc706025c907b86e8447111834869e5516adc5a91c9b5b4f3d1f071a8744b1a2ca4eb818503356df8fb9278f9df3e29015cf9225c78859c2fc4e1496627b141ecec73c00a7358bb10cbba3887b212354e3664a9f13ddbda2af1d5394660a91f5338ee4b8680a03fe69aefdf483bbd4d0e3af9bb86cb7d9a050be62c3b3f42fb2783f24cc8ee0d028b636cb04118fe46656e49a735327bc3f9b23f30988dd3289e3f830cc8e6449289851ef1d699399733ed899d55cd70e6e5e1513093277432b19bed990e735272eb105e67e541eccb540090ec0db15d53ccaf7", 0xde}], 0x6, &(0x7f0000000600)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x200}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x1}}, @ip_ttl={{0x14, 0x0, 0x2, 0x1}}], 0x48}, 0x2002001b) ioctl$RTC_WKALM_RD(0xffffffffffffffff, 0x80287010, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x5c831, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_open_dev$audion(0x0, 0x0, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(0xffffffffffffffff, 0x0, 0x1) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000cfc000/0x18000)=nil, 0x0, 0xfffffffffffffefd, 0x1, &(0x7f0000000180), 0x10000000000000a2) close(r1) ioctl$NBD_CLEAR_QUE(0xffffffffffffffff, 0xab05) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_KVMCLOCK_CTRL(r0, 0xaead) syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="6d66745f7a6f6e655f6d756c7469706c6965723d3078303030303030303030303030303030302c73686f775f7379735f66696c65733d6e6f2c6572726f7273030065636f7665722c756d61736b3d30303030303030303030303030303030303030303030302c756d61736b3d30303030303030303030303030303030303030303030302c756d61736b3d30303030303030303030303030303030303030303030302a6d66de285ffeadd76bad8c9b06745f7a6f6e655f6d756c7469706c6965723d3078303030303030303030303030303030322c756d61736b3d30803030303030303030303030303030303030303030302c00"]) r6 = syz_open_dev$radio(&(0x7f0000000140)='/dev/radio#\x00', 0x3, 0x2) ioctl$EVIOCSABS0(r6, 0x401845c0, &(0x7f0000000200)={0x2, 0x3f, 0x81, 0x9, 0x6, 0x7}) 06:42:27 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r1, 0x0) fcntl$setsig(r1, 0xa, 0x5) 06:42:28 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) 06:42:28 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:28 executing program 3: r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) bind$inet6(0xffffffffffffffff, &(0x7f000047b000)={0xa, 0x0, 0x0, @loopback}, 0x1c) listen(0xffffffffffffffff, 0x80000000000000bd) ioctl$KVM_SET_BOOT_CPU_ID(0xffffffffffffffff, 0xae78, &(0x7f0000000140)) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, 0x0, 0x0) mlock2(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0) getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f00000f0000/0x4000)=nil, 0x4000, 0x2, 0x10, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r2, 0x0) sendmsg$inet(r2, &(0x7f0000000680)={&(0x7f00000001c0)={0x2, 0x4e22, @empty}, 0x10, &(0x7f0000000580)=[{&(0x7f0000000240)="b44c4ada1cf331cdbf336c87c4b5acf95547306832e8f2b8ebe1e946004572817fe2ff2952f0", 0x26}, {&(0x7f0000000280)="65a9ddcb08ebfde23bcb2335f124a364f2f22a19952b0f25bd8be46a6b9fbfd53a7524b10150fdaa68b307fcaad123e158b16277471f81c0df4f33d09904deaccb5685b2d6e9c2a5435f2f121e924da5ee0329a1c213d1f181eab04e852c07d4aaf734cfbf469e877c52ac3ff02cd394cfd334c8589bbbc38e79008adfc7f46728eb49a1fe51", 0x86}, {&(0x7f0000000340)="068cdcf443bf6a4ea89a05b33b1d68240196229d389f819613bd6f78d2b016af7946d653d4a77118e29599e719e83417ca86d85af2ed71e8aabf08e97921a30b44c28e6d10e1da4413ca6722604af0aace7f03c328c3a1785ee39293a462bab50bce13e71ac4ad8daa6ccf", 0x6b}, {&(0x7f00000003c0)="d7846726f609d6ffe45501b2b225c82bf8862f73ded0f19b2a467997624981919d585e4497e1f6e67444b4341c0bc3f7e13fa1e55e1a76f3c1294130d15ac98584d8d625cd232af35283f7230b8af70a5f1e7d0bfe1e710b74efd0487ea51f8bf6024bf2c648eba1a9bd9bafaff1", 0x6e}, {&(0x7f0000000440)="7c1d0abe4856b1b4f779", 0xa}, {&(0x7f0000000480)="4237def4fc706025c907b86e8447111834869e5516adc5a91c9b5b4f3d1f071a8744b1a2ca4eb818503356df8fb9278f9df3e29015cf9225c78859c2fc4e1496627b141ecec73c00a7358bb10cbba3887b212354e3664a9f13ddbda2af1d5394660a91f5338ee4b8680a03fe69aefdf483bbd4d0e3af9bb86cb7d9a050be62c3b3f42fb2783f24cc8ee0d028b636cb04118fe46656e49a735327bc3f9b23f30988dd3289e3f830cc8e6449289851ef1d699399733ed899d55cd70e6e5e1513093277432b19bed990e735272eb105e67e541eccb540090ec0db15d53ccaf7", 0xde}], 0x6, &(0x7f0000000600)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x200}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x1}}, @ip_ttl={{0x14, 0x0, 0x2, 0x1}}], 0x48}, 0x2002001b) ioctl$RTC_WKALM_RD(0xffffffffffffffff, 0x80287010, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x5c831, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) syz_open_dev$audion(0x0, 0x0, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(0xffffffffffffffff, 0x0, 0x1) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000cfc000/0x18000)=nil, 0x0, 0xfffffffffffffefd, 0x1, &(0x7f0000000180), 0x10000000000000a2) close(r1) ioctl$NBD_CLEAR_QUE(0xffffffffffffffff, 0xab05) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_KVMCLOCK_CTRL(r0, 0xaead) syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="6d66745f7a6f6e655f6d756c7469706c6965723d3078303030303030303030303030303030302c73686f775f7379735f66696c65733d6e6f2c6572726f7273030065636f7665722c756d61736b3d30303030303030303030303030303030303030303030302c756d61736b3d30303030303030303030303030303030303030303030302c756d61736b3d30303030303030303030303030303030303030303030302a6d66de285ffeadd76bad8c9b06745f7a6f6e655f6d756c7469706c6965723d3078303030303030303030303030303030322c756d61736b3d30803030303030303030303030303030303030303030302c00"]) r6 = syz_open_dev$radio(&(0x7f0000000140)='/dev/radio#\x00', 0x3, 0x2) ioctl$EVIOCSABS0(r6, 0x401845c0, &(0x7f0000000200)={0x2, 0x3f, 0x81, 0x9, 0x6, 0x7}) 06:42:28 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:28 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x1, &(0x7f00000001c0)={0xffffffffffffffff}, 0x13f, 0x3}}, 0x20) r3 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r3, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) write$RDMA_USER_CM_CMD_MIGRATE_ID(0xffffffffffffffff, &(0x7f0000000240)={0x12, 0x10, 0xfa00, {&(0x7f0000000180), r2, r3}}, 0x18) r4 = syz_open_dev$binder(0x0, 0x0, 0x1806) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="fadb024b07d89b0a213212f461c105c4a8a6cf8c9e6eac02415d5577351572f019843d133f42425d9dbedcb158bec570b9948616c025c7fce66b95427db87a2cc92a2893a6cd7b65083eb1c73b71cf231a98c76d66f1bde9b20dbaeac52ec35b189e00a3ef453aa07531"], 0x0, 0x0, 0x0}) r5 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r5, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r6 = syz_open_dev$sndpcmp(&(0x7f0000000340)='/dev/snd/pcmC#D#p\x00', 0xbe, 0x20000) r7 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r7, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) getsockopt$inet_IP_XFRM_POLICY(r7, 0x0, 0x11, &(0x7f0000000380)={{{@in=@empty, @in6=@ipv4={[], [], @empty}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{}, 0x0, @in6=@mcast2}}, &(0x7f0000000480)=0xe8) setsockopt$inet6_IPV6_PKTINFO(r6, 0x29, 0x32, &(0x7f00000004c0)={@rand_addr="28b25365e30244c8251f2d46d4ae7eaf", r8}, 0x14) connect$inet6(r5, &(0x7f0000000140)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r9 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r9, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r5, 0x84, 0x6d, &(0x7f0000000800)=ANY=[@ANYRES32=r10, @ANYBLOB="1c000000237a5c3ef6bb91546a94ff010000ffa95f92a726729beb47d32bd1b59c16ad038c461b6f03533d6db4a4d0e7d5f0f46b3d0fdb5770931d6bd441796923ff381619eae6696294d8e467bf241180d6295f1f506a2e7d8ccddb04896260eff8a3ed7de4eb6d"], &(0x7f0000000100)=0x24) getsockopt$inet_sctp_SCTP_MAXSEG(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000080)=@assoc_id=r10, &(0x7f00000000c0)=0x4) 06:42:28 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x2) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x0, 0x0, 0x0}) 06:42:28 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0x0, 0x0) r2 = syz_open_dev$swradio(0x0, 0x1, 0x2) read$rfkill(r2, &(0x7f00000001c0), 0x8) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000000)={0x3b, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x1, 'sh\x00', 0x4, 0x69, 0x21}, 0x2c) ioctl$DRM_IOCTL_MARK_BUFS(r2, 0x40206417, &(0x7f0000000100)={0x1, 0xffff, 0x7, 0x10001, 0x8, 0x3}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0401"], 0x0, 0x0, 0x0}) r3 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x0, 0x0, 0x0}) r4 = socket$inet(0x2, 0x2, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0}, &(0x7f00000001c0)=0xc) syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='uid=', @ANYRESHEX=r5, @ANYBLOB="3bbc8bd898ce3a4390d1ed70d8b151895a93a097627abbf68ecf9838a9fcff3da0feb150457548979caa2fe05a3ff022c48f3b69dbe14d6d8bf3455687d604ba4c408acaf8c9a21541e208f1f34d6db582a66bc8810300c821e9846a2984b24a9fe3ddaf15dc03110eeba58582bb32d96c7380cd120a7db152980dccbb95078346a5eeb5f8adf09aaedd582ade620e58e847f91ec28eb963a18118c114a2d892d4df0d5dc4d39411d9b22c53ffffff7f7686264815c872ff3fb1964bcc7404ad880c8ff3aef816bb15db9f73d5fa20f44e90584916927bb88ec38309675452ce3a071ad21211b27355b1ea586fa720e05d73bd"]) chown(&(0x7f0000000340)='./file0\x00', r5, 0xee01) r6 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x40000, 0x0) r7 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/pfkey\x00', 0x100, 0x0) r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r7, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x5c, r8, 0xf62822a3f9f9157f, 0x70bd25, 0x25dfdbfb, {}, [@TIPC_NLA_MON={0x34, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0xdbde}, @TIPC_NLA_MON_REF={0xfffffffffffffe5d, 0x2, 0x10}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}]}, @TIPC_NLA_SOCK={0x14, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4080100}, 0x20048014) ioctl$UFFDIO_UNREGISTER(r6, 0x8010aa01, &(0x7f00000000c0)={&(0x7f0000ffc000/0x3000)=nil, 0x3000}) [ 247.614066] kauditd_printk_skb: 4 callbacks suppressed [ 247.614074] audit: type=1326 audit(1567665748.449:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12140 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 247.670931] binder: 12184:12188 ioctl 40206417 20000100 returned -22 [ 247.727361] binder: 12184:12190 unknown command 260 [ 247.765129] binder: 12184:12188 unknown command 261 [ 247.765994] binder: 12184:12190 ioctl c0306201 20012000 returned -22 [ 247.770426] binder: 12184:12188 ioctl c0306201 20012000 returned -22 [ 247.840449] jfs: Unrecognized mount option "uid=0x00000000ffffffff;¼‹Ø˜Î:CÑípرQ‰Z“ —bz»öŽÏ˜8©üÿ= þ±PEuH—œª/àZ?ð"Ä;iÛáMm‹óEV‡ÖºL@ŠÊøÉ¢AâñóMmµ‚¦kÈ" or missing value 06:42:28 executing program 3: r0 = syz_open_dev$vcsa(0x0, 0x0, 0x2000) r1 = socket$inet_tcp(0x2, 0x1, 0x0) fstat(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setregid(r2, 0x0) write$P9_RSTATu(r0, &(0x7f0000000240)={0x80, 0x7d, 0x0, {{0x0, 0x50, 0xfffffffffffffffe, 0x1, {0x82, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x9, '/dev/sg#\x00', 0x0, '', 0xb, '/dev/vcsa#\x00', 0x9, 'fdinfo/3\x00'}, 0x1b, 'eth0cgroupsecurity&%fvmnet1', 0xee00, r2}}, 0x80) syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)={[{@mft_zone_multiplier={'mft_zone_multiplier'}}, {@show_sys_files_no='show_sys_files=no'}, {@errors_recover='errors=recover'}, {@umask={'umask', 0x3d, 0x4000000000000000}}, {@umask={'umask'}}, {@fmask={'fmask', 0x3d, 0x8}}, {@mft_zone_multiplier={'mft_zone_multiplier', 0x3d, 0x2}}, {@gid={'gid', 0x3d, r2}}]}) 06:42:28 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r0, 0x0, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f0000000080)='/dev/dmmidi#\x00', 0x2, 0x10001) symlinkat(&(0x7f0000000000)='./file0\x00', r1, &(0x7f00000000c0)='./file0\x00') r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qat_adf_ctl\x00', 0x101000, 0x0) getsockopt$bt_l2cap_L2CAP_OPTIONS(r2, 0x6, 0x1, &(0x7f0000000140), &(0x7f0000000180)=0xc) 06:42:28 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 248.029359] ntfs: (device loop3): parse_options(): Unrecognized mount option . 06:42:28 executing program 1: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r1, 0x0) fcntl$setsig(r1, 0xa, 0x5) 06:42:28 executing program 3: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r1, 0x0) fcntl$setsig(r1, 0xa, 0x5) 06:42:29 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 248.135831] audit: type=1326 audit(1567665748.969:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12202 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:29 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 248.205790] audit: type=1326 audit(1567665749.029:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12209 comm="syz-executor.3" exe="/root/syz-executor.3" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 248.263062] audit: type=1326 audit(1567665749.029:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12210 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:29 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:29 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:29 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') getdents(r0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x7c774aac) r2 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r2, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) ioctl$EVIOCGABS3F(r2, 0x8018457f, &(0x7f0000000140)=""/201) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r1, 0x0) ioctl$SIOCAX25CTLCON(r1, 0x89e8, &(0x7f00000000c0)={@bcast, @default, @bcast, 0x9, 0xded, 0x3, [@null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default]}) ioctl$IOC_PR_CLEAR(r0, 0x401070cd, &(0x7f0000000000)={0x4}) [ 248.896232] audit: type=1326 audit(1567665749.729:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12202 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:29 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) 06:42:29 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradi\x01#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r1, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/autofs\x00', 0x20000, 0x0) r3 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f0000000280)={r5, 0x1c, "237a5c3ef6bb91546a94ff010000ffa95f92a726729beb47d32bc5b5"}, &(0x7f0000000100)=0x24) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000300)={r5, 0x9}, 0xc) r6 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) r7 = syz_open_dev$swradio(0x0, 0x1, 0x2) read$rfkill(r7, &(0x7f00000001c0), 0x8) setsockopt$IP_VS_SO_SET_ADD(r7, 0x0, 0x482, &(0x7f0000000000)={0x4, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x1, 'sh\x00', 0x4, 0x6d, 0x21}, 0x2c) r8 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vga_arbiter\x00', 0x8200, 0x0) getpeername$packet(0xffffffffffffffff, &(0x7f0000003040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000003080)=0xffffffffffffff9f) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x32, &(0x7f00000030c0)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, r9}, 0x14) sendmsg$inet(r8, &(0x7f0000000540)={&(0x7f0000000240)={0x2, 0x4e23, @loopback}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000340)="8a2d1f82e6db06b2345b94e371f73c75723a1a0ac036d555823ff99ef8fbcf9c26b2486928ea66e3c097f384793ae4e53db62b9c4152c85309ff", 0x3a}], 0x1, &(0x7f00000003c0)=[@ip_ttl={{0x14, 0x0, 0x2, 0x1f}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r9, @dev={0xac, 0x14, 0x14, 0xa}, @dev={0xac, 0x14, 0x14, 0x11}}}}, @ip_retopts={{0xc4, 0x0, 0x7, {[@noop, @timestamp={0x44, 0x24, 0x5, 0x3, 0x8, [{[@local]}, {[], 0x6000000000000000}, {[], 0x401}, {[], 0x80000000}, {[], 0x1000}, {[@broadcast], 0x6}]}, @lsrr={0x83, 0x1b, 0x4, [@multicast2, @local, @loopback, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @cipso={0x86, 0x67, 0x6, [{0x6, 0x12, "ff09acc73b5a9ebaaf9870119c937b49"}, {0x7, 0xe, "4c1cfaebec150ed6cfd952ab"}, {0xe, 0x11, "fd4e06cec0066bbc7c07d90500b844"}, {0x5b4a7c71368fb984, 0xf, "fac28e14bf0e0bb097c4dd4925"}, {0x6, 0xc, "54d21ccc265305250f8b"}, {0x6, 0x2}, {0x5, 0x3, "cb"}, {0x2, 0x8, "2661afc43e3e"}, {0x1, 0x5, ':~>'}, {0x0, 0x3, "ec"}]}, @generic={0x89, 0xb, "73336d41fa56e60ead"}]}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x3ff}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @empty, @remote}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x9}}], 0x150}, 0x4) setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f0000000040)='tls\x00', 0x4) ioctl$VIDIOC_TRY_FMT(r6, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) r10 = dup3(r1, r6, 0x180000) ioctl$EVIOCGABS20(r10, 0x80184560, &(0x7f00000000c0)=""/187) 06:42:29 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r0, 0x0) r1 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r3, 0x0) ioctl$KVM_GET_REG_LIST(r3, 0xc008aeb0, &(0x7f00000001c0)={0x4, [0x1, 0x7ff, 0xfffffffffffffff8, 0x8]}) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000000280)={r4, 0x1c, "237a5c3ef6bb91546a94ff010000ffa95f92a726729beb47d32bc5b5"}, &(0x7f0000000100)=0x24) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000040)={r4, 0x3cb2800}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f00000000c0)={r5, 0x100}, &(0x7f0000000100)=0x8) syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)={[{@mft_zone_multiplier={'mft_zone_multiplier'}}, {@show_sys_files_no='show_sys_files=no'}, {@errors_recover='errors=recover'}, {@umask={'umask'}}, {@umask={'umask'}}, {@umask={'umask'}}, {@mft_zone_multiplier={'mft_zone_multiplier', 0x3d, 0x2}}, {@umask={'umask'}}]}) [ 249.629995] ntfs: (device loop1): ntfs_fill_super(): Unable to determine device size. 06:42:30 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:30 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:30 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) 06:42:30 executing program 0: socket$netlink(0x10, 0x3, 0x10) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r0, 0x0, 0x0) 06:42:31 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 250.137120] audit: type=1326 audit(1567665750.969:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12288 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:31 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r0, 0x0) r1 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r3, 0x0) ioctl$KVM_GET_REG_LIST(r3, 0xc008aeb0, &(0x7f00000001c0)={0x4, [0x1, 0x7ff, 0xfffffffffffffff8, 0x8]}) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000000280)={r4, 0x1c, "237a5c3ef6bb91546a94ff010000ffa95f92a726729beb47d32bc5b5"}, &(0x7f0000000100)=0x24) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000040)={r4, 0x3cb2800}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f00000000c0)={r5, 0x100}, &(0x7f0000000100)=0x8) syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)={[{@mft_zone_multiplier={'mft_zone_multiplier'}}, {@show_sys_files_no='show_sys_files=no'}, {@errors_recover='errors=recover'}, {@umask={'umask'}}, {@umask={'umask'}}, {@umask={'umask'}}, {@mft_zone_multiplier={'mft_zone_multiplier', 0x3d, 0x2}}, {@umask={'umask'}}]}) [ 250.532195] ntfs: (device loop1): ntfs_fill_super(): Unable to determine device size. 06:42:31 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:31 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:31 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 250.925653] audit: type=1326 audit(1567665751.759:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12288 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:31 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200), 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:32 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:32 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:32 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:32 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) prctl$PR_GET_SECCOMP(0x15) r1 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r2 = socket$inet6_sctp(0xa, 0x0, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000000280)={r3, 0x1c, "237a5c3ef6bb91546a94ff010000ffa95f92a726729beb47d32bc5b5"}, &(0x7f0000000100)=0x24) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000000)={r3, 0x5}, &(0x7f0000000040)=0x8) getdents(r0, 0x0, 0x0) r4 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r4, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/autofs\x00', 0x0, 0x0) ioctl$CAPI_GET_SERIAL(r5, 0xc0044308, &(0x7f0000000200)=0x6ec3b751) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r4, 0x84, 0x4, &(0x7f0000000180), 0x4) 06:42:32 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) 06:42:32 executing program 3: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='fd/4\x00') getsockopt$bt_sco_SCO_OPTIONS(r0, 0x11, 0x1, &(0x7f0000000100)=""/83, &(0x7f0000000180)=0x53) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000040)=0x1c) r2 = socket$inet6_dccp(0xa, 0x6, 0x0) r3 = socket$inet(0x2, 0x2, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0}, &(0x7f00000001c0)=0xc) syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)={[{@uid={'uid', 0x3d, r4}}]}) ioctl$SIOCAX25ADDUID(0xffffffffffffffff, 0x89e1, &(0x7f00000001c0)={0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, r4}) open_by_handle_at(r2, &(0x7f0000000240)={0x60, 0x0, "e6f05f2e331ede214b578a3ca6a63e036c78b98bb0d96c298c6f5137a91183eeb6a8d1b951dd75b63a3493b40fbe9cc74c1825b2deca2ca2cc791444301854107cc41305e3ff45304024772dc8aa5f99abe0e8f212ecf174"}, 0x2d66ad2aa2ab6186) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r5, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r5, 0x0) openat$cgroup_procs(r5, &(0x7f00000002c0)='tasks\x00', 0x2, 0x0) 06:42:33 executing program 1: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='fd/4\x00') getsockopt$bt_sco_SCO_OPTIONS(r0, 0x11, 0x1, &(0x7f0000000100)=""/83, &(0x7f0000000180)=0x53) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000040)=0x1c) r2 = socket$inet6_dccp(0xa, 0x6, 0x0) r3 = socket$inet(0x2, 0x2, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0}, &(0x7f00000001c0)=0xc) syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)={[{@uid={'uid', 0x3d, r4}}]}) ioctl$SIOCAX25ADDUID(0xffffffffffffffff, 0x89e1, &(0x7f00000001c0)={0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, r4}) open_by_handle_at(r2, &(0x7f0000000240)={0x60, 0x0, "e6f05f2e331ede214b578a3ca6a63e036c78b98bb0d96c298c6f5137a91183eeb6a8d1b951dd75b63a3493b40fbe9cc74c1825b2deca2ca2cc791444301854107cc41305e3ff45304024772dc8aa5f99abe0e8f212ecf174"}, 0x2d66ad2aa2ab6186) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r5, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r5, 0x0) openat$cgroup_procs(r5, &(0x7f00000002c0)='tasks\x00', 0x2, 0x0) 06:42:33 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:33 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x0, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:33 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 252.376546] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 06:42:33 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000040)='ns\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getgid() getdents(r0, 0x0, 0x0) 06:42:33 executing program 3: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) prctl$PR_GET_SECCOMP(0x15) r1 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r2 = socket$inet6_sctp(0xa, 0x0, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000000280)={r3, 0x1c, "237a5c3ef6bb91546a94ff010000ffa95f92a726729beb47d32bc5b5"}, &(0x7f0000000100)=0x24) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000000)={r3, 0x5}, &(0x7f0000000040)=0x8) getdents(r0, 0x0, 0x0) r4 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r4, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/autofs\x00', 0x0, 0x0) ioctl$CAPI_GET_SERIAL(r5, 0xc0044308, &(0x7f0000000200)=0x6ec3b751) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r4, 0x84, 0x4, &(0x7f0000000180), 0x4) 06:42:33 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x0, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:34 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, 0x0, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:34 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) 06:42:34 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 253.321445] kauditd_printk_skb: 3 callbacks suppressed [ 253.321453] audit: type=1326 audit(1567665754.159:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12411 comm="syz-executor.3" exe="/root/syz-executor.3" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:34 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) r1 = syz_open_dev$swradio(0x0, 0x1, 0x2) read$rfkill(r1, &(0x7f00000001c0), 0x8) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000000)={0x3b, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x1, 'sh\x00', 0x4, 0x69, 0x21}, 0x2c) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000000)=[{0xfed, 0x401, 0x8001, 0x9}, {0x53, 0x5, 0x3c}, {0x5, 0x7, 0x7, 0xfffffffffffffffa}]}, 0x10) getdents(r0, 0x0, 0x0) [ 253.457761] audit: type=1326 audit(1567665754.189:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12391 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:34 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x0, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 253.543169] audit: type=1326 audit(1567665754.289:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12420 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:34 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:34 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:35 executing program 3: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) prctl$PR_GET_SECCOMP(0x15) r1 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r2 = socket$inet6_sctp(0xa, 0x0, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000000280)={r3, 0x1c, "237a5c3ef6bb91546a94ff010000ffa95f92a726729beb47d32bc5b5"}, &(0x7f0000000100)=0x24) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000000)={r3, 0x5}, &(0x7f0000000040)=0x8) getdents(r0, 0x0, 0x0) r4 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r4, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/autofs\x00', 0x0, 0x0) ioctl$CAPI_GET_SERIAL(r5, 0xc0044308, &(0x7f0000000200)=0x6ec3b751) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r4, 0x84, 0x4, &(0x7f0000000180), 0x4) [ 254.190293] audit: type=1326 audit(1567665755.019:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12453 comm="syz-executor.3" exe="/root/syz-executor.3" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:35 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 254.396163] audit: type=1326 audit(1567665755.089:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12420 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:35 executing program 0: r0 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r0, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f0000000040)={&(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8, 0x9}) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r1, 0x0, 0x0) [ 254.530110] audit: type=1326 audit(1567665755.359:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12469 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:35 executing program 1: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') prctl$PR_SET_SECCOMP(0x16, 0x3, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r1, 0x0) ioctl$TIOCGICOUNT(r0, 0x545d, 0x0) r2 = dup2(0xffffffffffffffff, r1) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040)={0xffffffffffffffff}, 0x113, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x99f, @dev={0xfe, 0x80, [], 0x1a}, 0x7}, {0xa, 0x4e20, 0xffffffffffffffb8, @mcast1, 0x6}, r3, 0x1}}, 0x48) r4 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r4, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) ioctl$int_out(r4, 0xa8c0, &(0x7f0000000380)) openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000340)='/selinux/user\x00', 0x2, 0x0) r5 = syz_open_dev$swradio(0x0, 0x1, 0x2) getsockopt$bt_l2cap_L2CAP_LM(r4, 0x6, 0x3, &(0x7f00000003c0), &(0x7f0000000400)=0x4) read$rfkill(r5, &(0x7f00000001c0), 0x8) setsockopt$IP_VS_SO_SET_ADD(r5, 0x0, 0x482, &(0x7f0000000000)={0x3b, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x1, 'sh\x00', 0x4, 0x69, 0x21}, 0x2c) write$FUSE_STATFS(r5, &(0x7f0000000180)={0x60, 0x0, 0x8, {{0x401, 0x5, 0x8000, 0x4f, 0x7, 0x9, 0xffff, 0x7ffffffe}}}, 0x60) getdents(r0, 0x0, 0x0) prctl$PR_GET_NO_NEW_PRIVS(0x27) r6 = open(&(0x7f0000000200)='./file0\x00', 0x100, 0x1) openat$cgroup_type(r6, &(0x7f0000000300)='cgroup.type\x00', 0x2, 0x0) socket(0x10, 0x800, 0x2) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r6, 0x6, 0x16, &(0x7f0000000000)=[@timestamp], 0x1) 06:42:35 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:35 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:35 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:35 executing program 3: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) prctl$PR_GET_SECCOMP(0x15) r1 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) connect$inet6(r1, &(0x7f0000000140)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r2 = socket$inet6_sctp(0xa, 0x0, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000000280)={r3, 0x1c, "237a5c3ef6bb91546a94ff010000ffa95f92a726729beb47d32bc5b5"}, &(0x7f0000000100)=0x24) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000000)={r3, 0x5}, &(0x7f0000000040)=0x8) getdents(r0, 0x0, 0x0) r4 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r4, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/autofs\x00', 0x0, 0x0) ioctl$CAPI_GET_SERIAL(r5, 0xc0044308, &(0x7f0000000200)=0x6ec3b751) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r4, 0x84, 0x4, &(0x7f0000000180), 0x4) [ 255.038977] audit: type=1326 audit(1567665755.869:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12489 comm="syz-executor.3" exe="/root/syz-executor.3" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:36 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 255.306459] audit: type=1326 audit(1567665756.139:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12469 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:36 executing program 0: r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) set_thread_area(&(0x7f0000000040)={0x5, 0xffffffffffffffff, 0x2000, 0x704, 0x101, 0x60, 0x5, 0x7fff00000000000, 0x200, 0x7643}) ptrace$cont(0x1f, r0, 0x0, 0x0) r1 = syz_open_dev$swradio(0x0, 0x1, 0x2) read$rfkill(r1, &(0x7f00000001c0), 0x8) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000000)={0x3b, @loopback, 0x4e23, 0x1, 'sh\x00', 0x4, 0x69, 0x21}, 0x2c) ioctl$TIOCGETD(r1, 0x5424, &(0x7f0000000140)) r2 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r2, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, &(0x7f0000000100)={0x0, 0x80000}) socket$alg(0x26, 0x5, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r2, 0x0, 0x42, &(0x7f0000000080)={'HL\x00'}, &(0x7f00000000c0)=0x1e) prctl$PR_SET_TSC(0x1a, 0x2) syz_open_procfs(r0, &(0x7f0000000000)='\xc2et\x88') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) r3 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r3, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) getdents(r3, 0x0, 0x670) 06:42:36 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) ioctl$VIDIOC_QUERY_DV_TIMINGS(r0, 0x80845663, &(0x7f00000000c0)) getdents(r0, 0x0, 0x0) 06:42:36 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 255.541228] audit: type=1326 audit(1567665756.379:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12511 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:36 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:36 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:36 executing program 3: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock\x00', 0x40000, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r0, 0x40bc5311, &(0x7f00000000c0)={0x1, 0x1, 'client1\x00', 0x1, "cefe21d1cadac85b", "26e68a9a428a4d0dc1b0226ae30b71985762a74587a7a6765ff4b8d88f11b2fc", 0x3, 0x7}) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) 06:42:36 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) sendmsg(r0, &(0x7f0000001680)={&(0x7f00000000c0)=@pptp={0x18, 0x2, {0x3, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000140)="414eeba3ec570f0af637bee7276634c729263682dd0aa2e82394c9187168fcaf47593500c952fe6bfedcd96a4a0353c64a278bbc898c3e19f7a800b1725f3ff368aba24127d68774b65dc7a77d9f7a43f95081ca9a920c6b460deb89fd892c043b", 0x61}, {&(0x7f0000000240)="cf09a02214c126a9fd07731b47471357b2706edad02486065691072525ad7956ecaed5483001af68378bc16418a5a1039927f1204c599e73bc759047ad0a61f4dc79681c9cf9576182859c34df5a4e4ff9c32014700d4b5b9b246b90d76db8687dd894fedaaecc8a2032bceadfb02edfe4413482fea5bbd3d43329a7c8552cd2e6e8f3bc9eb8a8f98aadad0011b44bb3f3219c06d30a54e3a10360a17574e5720a34b9fcb10e9973e79af99eb0977e337b6aaf3f1d9b8d3e09adaec5db77bcd101b5ea47bb501d7c98695e8ed7198137773038b0f713bd37", 0xd8}, {&(0x7f0000000340)="e527fec8e0a992c73e2c904f354f4a54b8d2424140cc25cfe38e46836bd480c16c82d4f53881fde9fcb8b4544b30426a9f04e21d972d373602e11f4b020d53ca880c73ef017813aed542b459cbcb329e042c517f97e764ec4fb4190f329254f9c62fa4bfb51ca4a6048ddd858181d7849b4e07c751f6", 0x76}, {&(0x7f0000000040)="65893cfe30508fea1ac9efae2be6682f947a20078f23ef3a29e00e56a43e061cff0c9b5b9514b371dec027d1a8a23fdfdc6649ea4a7209f7ed", 0x39}], 0x4, &(0x7f00000003c0)=[{0x1010, 0x8, 0x700c71bc, "0c7c5239c67ef74cd6557433542f361ad4ad7daea10383ba668ef81a59d6dd2e49589d192c7ed7edcfcf54ca7d6aa326da8c8040ebe8bf110893abc87a56f09357450bf835132c832b9cc80a554fe36bf12dac9506bde62d97db2fc61a4d2eaad20948ea92b956d34223e60d9081cdc5b42df1b1f939e3e6e92ca335debb8a9605601a15af9730788db72ca67d4265cc2a0a2507afce92a66d6ed8a3ad7bc18cd10c97f216b16e59472810ec127866830baddcc0f8e5df975a960012fa8c323a05a36bd6312d21a11e9ac039541b807799974815e7a237fb047986371eaf74d3e65679cb1680c3c0f89ac28b387ad9065fdab9b7014f543eeba81eb68b4da4e548e7903b97a96d2c067f6dc03413e67773770c2aa67ee774256b544ee220b9574d90985d5ed0e268fc9a11f7c015aab2617200666e5851bdd6c38bf28226632ed3878d91f5379bb333a49a7fd2ce3a9197b7e6806d1b8636b7e4997919eec2ca06eacc5d2d85f06198471a4c61a78b375880cf23624f8b58882d6ba15dadfe662f12bbc9cb7a715a1621dc9b499bf261df7c4642137878d90a55f55836cd77b4177fc3f749f00f5fcb3d5167e930e7950d93781ac70ce9f0563024c8a166c497c5754de1a2157c0dcf9198e231458e3f8ed02c784a212e9ab5cd6f02edaee64ca9389b7466663a1e5ff1c83b502de10728df1da970d635df659f9f5069bdfc5adee47508bfc8a04a1ce9e1833fc84bd435d7d2aa04865799126eae023a551b769a62b2350ab5d58bb22b87545a7e7b4f6c0002761d85a18b0a3b79ed5d0afff4246b6aedc6d0ca91bff1558135e5e8ae8a2fc4e7af2879fa0c83cb6109af1d460eeaf0acff64675d8c2c18eda95009977883996e60b14056f0906174233fd5d58ff599fba1393d5a27ddf8e80c01d4d8f2af53a7b18b8c79edc2ea56f2392f49a6eb757b5640fba376d3604aa71a3969e2c315cab5301ea73bfb046bb418dab99f557d0bd41edf2c143c3eb54a6f2c78c4b727461b85fc653a72c6779dbbdc94a0a8e5dc107b99bc51e173ed44527a1157cf3f4b43f90ca88d379576b711bab313bfd2345ade307c07758cb1c8cf410708bba46ded9f5ffbe11dfbdb1072025178a1ae04d825287533d3a8031dbbccb50de37799d841b1da043963a603cf5161a6e5cc19f7e0469a26cdc6b16836105fcfde226c3d1b0fb639dda7e0cfd9ca31961b6b5c901c5580797943ff75f02790be1a14972be6d98dc8e07bfa0e63a7562710e1f73e43193cf10187228acef137488f5c0854f2f7141eb2cf7b0f6f2fa85f7f4148de4d3ec01d8741bc252ccbc7018d6be296dd76b2880f4c7a396ae53f54ae204350a592b6ee55486513404f333a6f79e05a5f7668597fde9b6348d55b8b8081f3c18ce01387160e0f138f1dbb10e6ebf8548955a412473aaababc0792911bc7893c5358d8e5de9e7fa69ea7c8468cda994044cf86ad2c3e2d188c67067d569c478369ad2f8c79002d219eb29021a41af92507c0de43a3d595b1040776eda858de00126010cccd75b3d3e5d67941c38f3cef2cc0ab39c51d2f6f6491ef4444e7e235dd652c9f1a61e7a91aae000868c670e3e8b668ef287c7d549066c2f370501f4d01728cb85034d57889b214572987ff7ddfce24786aeee42c8ac316a3b27d22d91e84b60573340560f71dbad82467f17158484a43e8e94b6c4272d9b1f23a6b47fe3a03dfa0fcf6ca42015dc3ed1d81f491fc824650ca6ca5e915de28d46a1a1a97ba9d455268ea9d3720c70bde27327e4d05cdd5716d004942d9c3a6866242384f2ccb777292e2c4f425ea55a7e57cb95afa93d3ea4a53978158461ec497aeb72070e3c3ebe2889c44052cbea59cb7cc7fcfe7a152f09de8fd33523906812b74bfc411bfb7901ae82c155e452df49cd70dbaed4861432cc48e99ea3913f7e91b1fa9c720c577e6ffb06c9aaae8b2d58194d8474a9bf67159ab6c26a2b76d9f960c5eea3b972b9939214573a56b092961fedc77c61bf638a5caeb58f924437edfc479f4f23e1c571b3ce992f5c51eba3de8d4bd94ac5403de2b29b3d64381f70ec7d8c1c486e85e3b93d331f4c58a6652208b03e45a9b0a597299296ea5e55bc40eceed83cd72543a97205e6e84dcbf0d11acd85015cd775acde080464d270580bd0e2355162e922c1409db511268f920af02b5dac4eccb4da933799976ea36224b10e8e91c505d94e6b492b597a5f20e2e89ca63a18745d0729f90ac3f985d43ad9257fdaf62042d06b9443925ffd5b4c964d659fa614bd7f0bea7790cb730ef2fe5a0cce7e1eacb6b57e07614ac382eeba656f45ef38f7366b7eaf0472f363f2ec365c04ac918100c3b8dcbbcb093a656eaa18d102ddd9d4097331cfe490a3cc10fa8443bcfca1e7c432c1c886132ab9f6fb3ba106e8cbcac2c2dd7dca85398a31574d8f594fe1e8c2c311c9cb465e0c42fc8ea40043deea156c7a145e4d767c4ac4454193013940c86f153f5a4633b9333465872b29edefdadc310eca7b5dd92c8b14c841a2d6f7788b8a4ad3e995dc807520c3f619ad59fedbbcd8b7eaff75bb2e255d7bab70e4f07f767b6f8dfc71ecd5738b488f547aac5dd6720b2bf8ac8cbce1ccb8c257df039ab6fd37117ab497a68c86ab0ab4607ca60ca9c673825e094dc49ebdc263ffcda144e5f88718be9c3b98a163b786b24b275a50dc264589fce6942d6e790d37892758f8dfefcb60e1565b7b1e7b116445e75944ce724536b68aa581d2b1509b39fdc61109a2017f6ae570a88689459b7667d3f13727d525467907931f66d3d2847d6168ab129e871ea5f0fcf67eea98ab3cee88a3b4a713eae6a5f15da3d5e3414fc32ab6e46d6433b73604a51d5dd8064801696738427b588258475c9cddbc88fa3892fa7e49eb2505c5ea187f959982b5efc26a54c60368accd8f59d9d2ea9d0e28057f1d0d0835e973cf0e2142aa878759c4c12bdee960c5125aa08c28c6708346243dfbfd136a11be4e943e6f25d7180f896d8f2d4ba6dd07ef7fddcbf50e21b72339588e728956fa036b729cf7376738a3896aabc9cd2acd5db74cf5f20b7680d4a00d192e269320bc91cb70273093eb428eb42aa496513151ab515b8cf88989a93229bedb742c1a4ba680205c85a18e918418a50fc977a3feb723400b098dc91ec4ba168f8ab5cef6cc069d4f513381d46c0f158acd6aaaad8e777fae5177f8b991de2a05cdf3b7b8cf3777ef66730fa7bb5aa07e5ec80ae2f15705221ad810977c91e2496684335f201857a07f6668032834087b4262852f29fa68686ca48fab08b85108ffe740ddd328c3e84707127652f59957dc7b3b06d047720b199cc6a40af4d5021dc65c3d749e7bf3a2b182009f9bd5199e7eda0ff17b35e7a16162e362f36badc0c7a0fe091d37cad0bb0a6f0e28ce39a0aeb475beec678d76ade2a82185ec98af30a605ed0bb7924fd1e88bf0a8b995db086fe98ee99a83b1e78122640978c24b12e7dc5c5fc1c8230533401cb477c82938bad81e0a8ffe0dca8787189cc7313b622917a64de59b2263dea5450a4403762ed33d6fc94e2676aa3c51c4376ff6d128e5c918afebc595aaccb73bd704d08063859a6a2fc2b1dd3c841959ccca1b63df60917c36e27b89fec947cf41b738c27e1742c603faec2de0df0315b6bb1721336f8b9e048303955b3d336fbfdc3bef95d8ae81b91c15380a21c96ab069cd1f028fe0243e2f78531af62dec4d602d94760da8ca524b04fddb548c8ee986fa1f5458e28f8714b8ad9133cd4828f6c44a9e56fad7dc07c4c8f8c0797c1b30f423147dc296f186ef14c072a3c4006f4d5dc18b569205d2381595f62687edbc13a799570417ee1f719bc160eea181451f9f530257ba2854cfe9da286c98ab37012f134c265abb01b765466e10e1c466845c08cfd0549c3fe101a3387eb25e286a9696eb74f8dff07eba61fcbb15eedc0658028a812a643ce44f2f43fee0fab288fcaabf2c2a9a7c48536bce1831fecc839317de27b4cc31fbf9531d9e01d5c141ee8164d35963434c1fafc54b123b318871cbd0fe031db2e47b9e04cf1189b5aa3fa74ea7d60998729837b1ed240b3ec89519f5713729504a4063b272cfce96d6a1c7d53dc12202ca7b65de7cb08754c96ca47382ece7ef816d2d3c4c859931f6ab9b6c3a23abb45ecbeb7f237f15630d7f5e2b4e0a190c908bdb648da899028d03a9ff0ff51e0984f9a79695c25d074a928199488f4dc5c0e2fea4d3e21d3f05e740510b74e1f3258ae439369566d4e7afe388fb02b248786547ee9fa6ce6d15c5021eacec1c3e8fb2fa3f29176bf4037306706a5e9353a2563b8460b48eb127194feee6d0ec3c5fe9826f60b368c2dbb1b772dd36aa888a12eae2e6a4f93ff7e5bc2f74759a57645fd808529855d93770b1bed4aca789c9f65c018972822212a16794f9adeed3488f48554096166a461db541b8c7a8bb65bf1c510ba9ee26929805ab61b829a4ea3919ab71b487075954c91a9b41bc1e20ab4a78f4337bae760cdc3011877feb84dc9a60abfc51d5118c8439fde33fb0ec68fdb4d9e3d8d2720fff3e4f7c39815fbb820950db18b696f31152c952402307604e24257f495726aefb7418dfa406735226bbecfce8d189943e3b28e77ca6bc2e5b6db551c66b080c2db62ffc99a15d48e7fba290161bbad75068b0a2be444415b910c716c37f9b9cca1a98487e14ff63c72a35f209ae508a2b97990f25bc262a11ef080bfa69e1fefddddd883861fdc0810bd4ab1b8d8c00a59c8410a57b69179846bab0c0b07fde5c26b7b49d16442bf31717785e888a253be8bf6ddac31267c337363b48af56f0cce16c4343f11ec17d3482fa6671b9aa762d603dfa259e4d46a7bd4785d8e5dab9ac740e95083dc070858b2f64f42041edca332f3a546712e1597225b20c14c8db2c0ff78bb249241adad8e51291779bf5707568cc73d1b36df4c92f61ff686ec85f13fb550a9e6d4ebae4acd412c3db227e5100cf2563909e6341862edf8d1500685ec49bdb72a79d7eeccab4c3ea56276bc048f92a2d28ad65944ba2931f64c6506dcebc434dfbbc5ed3142e1e121d361299d61e3f07ee189b1c43211f8590db271c8b025b470a6348847ee0d219d587f8e08fc0b0d735af20b2a30821529e1f5278904f353e5356b16e26a4c433764eb6855b084f7c8fa053dba62985a1ca0412c9ab9a2aaca4d733faaefe24511e739a1816dbce03f9b453d98c2a6e6775c9ea930a856e856645a9400320bd4997999e491b985efe89d1fa081d5187a587e6e77821f282d3af7821ff98800819ca0a93f3b8a2e16165852684b70ba5397d476728af0db6aceb6eefb94026bb4431796390d00985b5d8d642ee504b5a1f900b3405c0ec53f1fe013a6f935b406c014efe5b9e858834706c7752b5ad36c3e99466e7f9da48e5bf320e30ad02499630c79fb2ade1b3a38c2fd1ce2c7b54cd0d815ee23dec81912e99f597f514bab3b3cc040e9921be899278189a5ae9e8de378bb7e57a211df9bf2151c0c8bec2f8a306cff536e4935ae7741dd831a640610d80d6ff037ff7b343b9d645d5447a0fcd61ad21ff67b044be93df4fe508e0135efc41224088c99e8505890ef519b66f0d025dfb4875fe761dbd006a00c3909b95ce5142e631dc7ae190f9725695ebacd160a64542f514eaa6e6ae5d4837e6f8d6bb76e747a9b1b2ee9a1820eb28c55faf9aa79522c4abf3f3931c373f190c960ddded6235d83756265e6"}, {0x48, 0x10a, 0x3, "0155376d3577360119f7019373d5ee5d750cebc4f4b355c755724c2c95a19cfa46dabfc53b3fb2d929c6aa86e8fdb8b17a87020e"}, {0x80, 0x15, 0x7f, "164e35f1ec44ef5a34bf0eea45e46a714c59d635bce37cf03649eb17a229f17465731f65fb86da7102abd1d4277e5cbeec61976e4ca1adaf47e28245aaecab807185e20c722b59b47dcc0e301600f3da5b82c17166c548e6f8afe4a8db441ccdf1b270ed50716da4c53bc4b25be5c1b4"}, {0xb8, 0x1, 0x0, "1ef7da1b9b1ead14d5b6c88f56c70c39db315adbb773273944b59804b299a3da22a814a1249acd32f57fc62a42f9c17090a84d6b12810667ec3daf9f392e4d26045c2f8f2eef5470bf019b94a23db211798c8c2244175dffc682a90921a2082b8dd6b1a975b336d4b445de09c21c220bb849d5e58f7253554da0c5ecf3b1371a34c05554e2369f17ed71720a31eb277b95e329914c29e642a9085e2add36c8b35cb278a0d7"}, {0x100, 0x0, 0x3, "60280751dbebef90473ad5b1cb5ff06025899aed3a67fc176bb3e21987dd6df030759e2d43142c0a1633809956a31433d46f200fb1f309f6670daea0f0f6b4e64b1e2ddd8abc5eaa75cdd5f4604a7b14b572c42d8f215f19b31d415dc15175e0629b9afc2604d912ac6564b7fe7e1ada314168ca432c0f04168ae01c89d4d77958628190767cf4a06d3e2f887f87280df0d4ad70fc8521192bd14bf87db64393a15655aadafd98d528f33d7028ff59ab278b15a8ba0ce5996bb253d7a303cb1c5a57d795f1e2a777aac6440e3ee7a1f345683cbf374b7689798a945a85c297976b1c89f7c289596da131e4"}], 0x1290}, 0x20050000) 06:42:37 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="280000001000010800"/20, @ANYRES32=0x0, @ANYBLOB="0000000000ae00000008001b0000000000"], 0x28}}, 0x0) 06:42:37 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001100)='/dev/kvm\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000140)={0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYBLOB="14bc420000000056b5000000000800000002080008000100000008020500ac14341b080003000800050f01"], 0x1}}, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcs\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f00000001c0)="0f11805d003e0f0626640f01cb0f179a0000b8c8000f00d0f30fc7771df00fc15702f3906766c744240044f6c89e6766c74424020d0000006766c744240600000000670f011424f20fb97900", 0x4c}], 0x1, 0x0, 0x0, 0x0) ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x801c581f, &(0x7f0000000000)={0xffffffffffffc14e, 0x800, 0x6, 0x3c6}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)={[{@mft_zone_multiplier={'mft_zone_multiplier'}}, {@show_sys_files_no='show_sys_files=no'}, {@errors_recover='errors=recover'}, {@umask={'umask'}}, {@umask={'umask'}}, {@umask={'umask'}}, {@mft_zone_multiplier={'mft_zone_multiplier', 0x3d, 0x2}}, {@umask={'umask'}}]}) 06:42:37 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 256.186915] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 256.273079] *** Guest State *** [ 256.276569] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 256.285810] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 256.295151] CR3 = 0x00000000fffbc000 [ 256.299072] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 256.305474] RFLAGS=0xfbf593b407ffc2e2 DR7 = 0x0000000000000400 [ 256.312403] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 256.320116] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 256.328215] audit: type=1326 audit(1567665757.159:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12511 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 256.361713] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 06:42:37 executing program 0: r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) r1 = syz_open_procfs(r0, &(0x7f0000000040)='f%?3\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r1, 0x0, 0x0) sysinfo(&(0x7f0000000000)=""/15) 06:42:37 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:37 executing program 0: ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000000)=0x0) r1 = syz_open_procfs(r0, &(0x7f00000000c0)='net\x00') getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000100)={{{@in6=@loopback, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in6=@mcast1}}, &(0x7f0000000040)=0xe8) r3 = getuid() setresuid(r2, 0x0, r3) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r1, 0x0, 0x0) [ 256.370237] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 256.378448] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 256.389791] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 256.412048] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 256.420543] GDTR: limit=0x0000ffff, base=0x0000000000000000 06:42:37 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 256.446842] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 256.458013] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 256.466738] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 256.474998] EFER = 0x0000000000000000 PAT = 0x0007040600070406 06:42:37 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001100)='/dev/kvm\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000140)={0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYBLOB="14bc420000000056b5000000000800000002080008000100000008020500ac14341b080003000800050f01"], 0x1}}, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcs\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f00000001c0)="0f11805d003e0f0626640f01cb0f179a0000b8c8000f00d0f30fc7771df00fc15702f3906766c744240044f6c89e6766c74424020d0000006766c744240600000000670f011424f20fb97900", 0x4c}], 0x1, 0x0, 0x0, 0x0) ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x801c581f, &(0x7f0000000000)={0xffffffffffffc14e, 0x800, 0x6, 0x3c6}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)={[{@mft_zone_multiplier={'mft_zone_multiplier'}}, {@show_sys_files_no='show_sys_files=no'}, {@errors_recover='errors=recover'}, {@umask={'umask'}}, {@umask={'umask'}}, {@umask={'umask'}}, {@mft_zone_multiplier={'mft_zone_multiplier', 0x3d, 0x2}}, {@umask={'umask'}}]}) [ 256.508729] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 256.527816] Interruptibility = 00000000 ActivityState = 00000000 [ 256.535227] *** Host State *** [ 256.538482] RIP = 0xffffffff81174990 RSP = 0xffff88805f53f998 [ 256.551723] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 256.558168] FSBase=00007fbbc5cdf700 GSBase=ffff8880aef00000 TRBase=fffffe0000034000 [ 256.573870] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 256.580429] CR0=0000000080050033 CR3=000000009f174000 CR4=00000000001426e0 [ 256.598707] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff862018e0 06:42:37 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, 0x0, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 256.605720] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 256.642576] *** Control State *** [ 256.657229] PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=000000e3 [ 256.684280] EntryControls=0000d1ff ExitControls=002fefff [ 256.706560] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 256.812269] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 256.987864] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 257.050287] reason=80000021 qualification=0000000000000000 [ 257.068120] IDTVectoring: info=00000000 errcode=00000000 [ 257.088890] TSC Offset = 0xffffff74417f03ea 06:42:37 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r1, 0x0) setsockopt$netlink_NETLINK_RX_RING(r1, 0x10e, 0x6, &(0x7f0000000300)={0x5, 0x1, 0x5, 0x45ff5a3b}, 0x10) r2 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) ioctl$PPPIOCCONNECT(0xffffffffffffffff, 0x4004743a, &(0x7f00000001c0)=0x1) sendmsg$nl_generic(r2, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9000000014eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) modify_ldt$read(0x0, &(0x7f0000000240)=""/146, 0x92) ioctl$SIOCGSTAMPNS(0xffffffffffffffff, 0x8907, &(0x7f0000000180)) ioctl$sock_SIOCGIFBR(r2, 0x8940, &(0x7f0000000100)=@add_del={0x2, &(0x7f00000000c0)='veth1_to_bridge\x00'}) fcntl$F_SET_RW_HINT(r0, 0x40c, &(0x7f0000000040)=0x1) 06:42:37 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 257.099198] TPR Threshold = 0x00 [ 257.106331] EPT pointer = 0x00000000a94cb01e [ 257.112307] Virtual processor ID = 0x0001 [ 257.213466] *** Guest State *** [ 257.217111] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 257.235926] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 257.256178] CR3 = 0x00000000fffbc000 06:42:38 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:38 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 06:42:38 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r0, 0x0, 0x0) r1 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r1) process_vm_writev(r1, &(0x7f0000000000), 0x0, &(0x7f00000010c0)=[{&(0x7f0000000040)=""/23, 0x17}, {&(0x7f00000010c0), 0x2ff}, {&(0x7f0000001100)=""/32, 0x1d}, {&(0x7f0000001140)=""/27, 0x1b}], 0x4, 0x0) [ 257.267879] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 257.303908] RFLAGS=0xfbf593b407ffc2e2 DR7 = 0x0000000000000400 [ 257.328126] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 257.347186] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 257.362721] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 257.374084] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 257.385688] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 257.396258] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 257.407186] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 257.418739] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 257.431181] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 257.448124] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 257.456434] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 257.498957] EFER = 0x0000000000000000 PAT = 0x0007040600070406 06:42:38 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, 0x0, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 257.614988] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 257.669536] Interruptibility = 00000000 ActivityState = 00000000 [ 257.687293] *** Host State *** [ 257.691051] RIP = 0xffffffff81174990 RSP = 0xffff888056c8f998 [ 257.698207] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 257.704880] FSBase=00007fbbc5cdf700 GSBase=ffff8880aef00000 TRBase=fffffe0000003000 06:42:38 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) 06:42:38 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0) [ 257.733099] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 257.740697] CR0=0000000080050033 CR3=000000009dda5000 CR4=00000000001426e0 [ 257.748068] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff862018e0 [ 257.778210] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 257.797387] *** Control State *** [ 257.801808] PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=000000e3 [ 257.809655] EntryControls=0000d1ff ExitControls=002fefff [ 257.816295] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 257.824440] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 257.832253] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 257.839836] reason=80000021 qualification=0000000000000000 06:42:38 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 258.067964] IDTVectoring: info=00000000 errcode=00000000 [ 258.075938] TSC Offset = 0xffffff73c0f34a71 [ 258.080553] TPR Threshold = 0x00 [ 258.084167] EPT pointer = 0x000000009b79901e [ 258.089000] Virtual processor ID = 0x0001 06:42:39 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:39 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) r1 = syz_open_dev$swradio(0x0, 0x1, 0x2) read$rfkill(r1, &(0x7f00000001c0), 0x8) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000000)={0x3b, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x1, 'sh\x00', 0x4, 0x69, 0x21}, 0x2c) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r1, 0x110, 0x4, &(0x7f0000000040)=0x1, 0x4) r2 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) r3 = creat(&(0x7f0000000200)='./file0\x00', 0xa03c09a1c7759f8a) read$alg(r3, &(0x7f0000000e40)=""/4096, 0x1000) ioctl$VIDIOC_TRY_FMT(r2, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) setsockopt$inet6_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x4e24, 0x6, @local, 0x9}}, 0x0, 0x0, 0x0, "a3516638ce41910f619c6f2c13d7460906674498786b1c700cc731e9a4508f6ce4680231fd4bc4ba686904a1dfeb37d41d345379462f3e883ee8de6fe7d26e8603ead99714e6605c206943689f330b2f"}, 0xd8) syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$UI_GET_SYSNAME(r0, 0x8040552c, &(0x7f0000000000)) getdents(r0, 0x0, 0x0) [ 258.204111] *** Guest State *** [ 258.214845] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 258.232199] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 258.241429] CR3 = 0x00000000fffbc000 [ 258.245393] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 258.255636] RFLAGS=0xfbf593b407ffc2e2 DR7 = 0x0000000000000400 [ 258.262617] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 258.269605] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 258.274782] *** Guest State *** [ 258.281952] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 258.285014] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 258.291328] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 258.303758] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 258.308455] CR3 = 0x00000000fffbc000 [ 258.317230] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 258.320520] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 258.333073] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 258.336173] RFLAGS=0xfbf593b407ffc2e2 DR7 = 0x0000000000000400 [ 258.345625] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 258.349913] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 258.362086] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 258.364410] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 258.374712] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 258.381677] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 258.393130] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 258.408835] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 258.415237] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 258.422306] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 258.434492] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 258.444430] Interruptibility = 00000000 ActivityState = 00000000 [ 258.453615] *** Host State *** 06:42:39 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, 0x0, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 258.454339] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 258.456978] RIP = 0xffffffff81174990 RSP = 0xffff888056c8f998 [ 258.494249] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 258.495868] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 258.519176] FSBase=00007fbbc5cdf700 GSBase=ffff8880aef00000 TRBase=fffffe0000034000 [ 258.541369] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 258.545120] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 258.554644] CR0=0000000080050033 CR3=000000009dda5000 CR4=00000000001426e0 06:42:39 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0) [ 258.563758] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff862018e0 [ 258.576816] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 258.581474] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 258.584114] *** Control State *** [ 258.598658] PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=000000e3 [ 258.607499] EntryControls=0000d1ff ExitControls=002fefff [ 258.616727] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 258.636345] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 258.637881] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 258.660835] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 258.669138] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 258.680788] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 258.689001] reason=80000021 qualification=0000000000000000 [ 258.773393] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 258.853163] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 258.855938] IDTVectoring: info=00000000 errcode=00000000 [ 258.912322] TSC Offset = 0xffffff7338e00f6a [ 258.916318] Interruptibility = 00000000 ActivityState = 00000000 [ 258.921772] TPR Threshold = 0x00 [ 258.946352] EPT pointer = 0x00000000837c101e [ 258.956332] *** Host State *** 06:42:39 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 258.957451] Virtual processor ID = 0x0001 [ 258.972458] RIP = 0xffffffff81174990 RSP = 0xffff88808fab7998 [ 258.985427] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 06:42:39 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x0, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 259.008922] FSBase=00007f46c6d59700 GSBase=ffff8880aee00000 TRBase=fffffe0000003000 [ 259.020821] kauditd_printk_skb: 7 callbacks suppressed [ 259.020829] audit: type=1326 audit(1567665759.849:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12628 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 259.051955] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 259.067653] CR0=0000000080050033 CR3=0000000090c46000 CR4=00000000001426f0 [ 259.106135] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff862018e0 06:42:39 executing program 0: r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x40201, 0x0) ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x3) r1 = syz_open_dev$swradio(0x0, 0x1, 0x2) read$rfkill(r1, &(0x7f00000001c0), 0x8) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r2, 0x0) ioctl$TCGETS(r2, 0x5401, &(0x7f00000000c0)) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000000)={0x3b, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x1, 'sh\x00', 0x4, 0x69, 0x21}, 0x2c) openat(r1, &(0x7f0000000040)='./file0\x00', 0x8080, 0x8) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r3, 0x0, 0x0) [ 259.123849] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 259.130391] *** Control State *** [ 259.133923] PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=000000e3 [ 259.140741] EntryControls=0000d1ff ExitControls=002fefff [ 259.146417] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 06:42:40 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 259.175725] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 259.186147] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 259.205307] reason=80000021 qualification=0000000000000000 [ 259.232432] IDTVectoring: info=00000000 errcode=00000000 [ 259.257917] TSC Offset = 0xffffff732fb83083 [ 259.283245] TPR Threshold = 0x00 [ 259.290953] EPT pointer = 0x000000009e71601e [ 259.293955] *** Guest State *** [ 259.298946] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 259.300721] Virtual processor ID = 0x0002 [ 259.315026] audit: type=1326 audit(1567665760.149:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12659 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:40 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:40 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4), 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 259.421443] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 06:42:40 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0) [ 259.466788] CR3 = 0x00000000fffbc000 [ 259.485904] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 259.524231] RFLAGS=0xfbf593b407ffc2e2 DR7 = 0x0000000000000400 [ 259.544648] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 259.567941] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 259.591745] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 259.612960] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 06:42:40 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x0, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 259.648668] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 259.744797] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 259.874338] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 259.897806] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 259.931590] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 259.948925] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 259.957899] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 259.971134] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 259.977690] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 260.020142] Interruptibility = 00000000 ActivityState = 00000000 [ 260.046198] *** Host State *** [ 260.056830] RIP = 0xffffffff81174990 RSP = 0xffff8880a17df998 [ 260.071790] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 260.090951] FSBase=00007fbbc5cdf700 GSBase=ffff8880aef00000 TRBase=fffffe0000003000 [ 260.112591] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 260.130430] CR0=0000000080050033 CR3=00000000a5c21000 CR4=00000000001426e0 [ 260.145901] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff862018e0 [ 260.164851] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 260.183464] *** Control State *** [ 260.196519] PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=000000e3 [ 260.215865] EntryControls=0000d1ff ExitControls=002fefff 06:42:41 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4), 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 260.255828] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 06:42:41 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200), 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) [ 260.296726] audit: type=1326 audit(1567665761.129:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12659 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 260.330216] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 260.338409] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 260.359766] reason=80000021 qualification=0000000000000000 [ 260.366654] IDTVectoring: info=00000000 errcode=00000000 [ 260.377981] TSC Offset = 0xffffff72a3b18c7d 06:42:41 executing program 3: r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x40201, 0x0) ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x3) r1 = syz_open_dev$swradio(0x0, 0x1, 0x2) read$rfkill(r1, &(0x7f00000001c0), 0x8) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r2, 0x0) ioctl$TCGETS(r2, 0x5401, &(0x7f00000000c0)) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000000)={0x3b, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x1, 'sh\x00', 0x4, 0x69, 0x21}, 0x2c) openat(r1, &(0x7f0000000040)='./file0\x00', 0x8080, 0x8) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r3, 0x0, 0x0) 06:42:41 executing program 0: r0 = gettid() r1 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r1, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) write$P9_RAUTH(r1, &(0x7f0000000000)={0x14, 0x67, 0x2, {0x82, 0x0, 0x6}}, 0x14) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) r2 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r2) r3 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r3, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) fcntl$dupfd(r1, 0x0, r3) r4 = syz_open_procfs(r2, &(0x7f0000000040)='neT/softneu_stat\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r4, 0x0, 0x0) [ 260.421358] TPR Threshold = 0x00 [ 260.438430] EPT pointer = 0x000000008bebf01e [ 260.465111] Virtual processor ID = 0x0001 06:42:41 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 06:42:41 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x0, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:41 executing program 0: syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r0, 0x0) getdents(r0, 0x0, 0x29f) [ 260.729067] audit: type=1326 audit(1567665761.559:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12705 comm="syz-executor.3" exe="/root/syz-executor.3" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 260.797721] *** Guest State *** [ 260.814479] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 260.849670] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 260.859815] audit: type=1326 audit(1567665761.679:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12721 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 260.872389] CR3 = 0x00000000fffbc000 [ 260.907875] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 260.927228] RFLAGS=0xfbf593b407ffc2e2 DR7 = 0x0000000000000400 [ 260.994049] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 261.018643] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 261.048543] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 261.075510] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 261.109996] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 261.135993] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 06:42:42 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4), 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 261.164455] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 06:42:42 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200), 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) [ 261.217891] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 261.271018] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 261.302963] IDTR: limit=0x0000ffff, base=0x0000000000000000 06:42:42 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 261.326123] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 261.349273] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 261.370814] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 261.391545] Interruptibility = 00000000 ActivityState = 00000000 [ 261.412502] *** Host State *** [ 261.424788] RIP = 0xffffffff81174990 RSP = 0xffff8880a1ad7998 [ 261.548177] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 261.664952] FSBase=00007fbbc5cdf700 GSBase=ffff8880aef00000 TRBase=fffffe0000034000 [ 261.673655] audit: type=1326 audit(1567665762.519:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12721 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 261.688591] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 06:42:42 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 261.722667] CR0=0000000080050033 CR3=00000000a3d8b000 CR4=00000000001426e0 [ 261.745043] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff862018e0 [ 261.796164] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 261.837404] *** Control State *** [ 261.849061] PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=000000e3 [ 261.878929] EntryControls=0000d1ff ExitControls=002fefff [ 261.884410] *** Guest State *** [ 261.891318] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 261.908052] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 261.908073] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 261.933482] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 261.952926] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 261.954033] CR3 = 0x00000000fffbc000 [ 262.011668] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 262.032414] reason=80000021 qualification=0000000000000000 [ 262.033129] RFLAGS=0xfbf593b407ffc2e2 DR7 = 0x0000000000000400 [ 262.134284] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 262.150863] IDTVectoring: info=00000000 errcode=00000000 06:42:43 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:43 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') ioctl$TIOCMBIC(r0, 0x5417, &(0x7f0000000000)=0xfffffffeffffffff) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r0, 0x0, 0x0) [ 262.176332] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 06:42:43 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200), 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) [ 262.238907] TSC Offset = 0xffffff71d9232253 [ 262.257519] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 262.261452] TPR Threshold = 0x00 [ 262.269993] EPT pointer = 0x00000000964d101e 06:42:43 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 262.277735] audit: type=1326 audit(1567665763.119:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12758 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 262.285190] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 262.303443] Virtual processor ID = 0x0001 [ 262.324629] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 262.343018] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 262.352037] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 262.360837] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 262.369670] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 262.376833] *** Guest State *** [ 262.383469] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 262.386004] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 262.394056] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 262.401153] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 262.411158] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 262.418405] CR3 = 0x00000000fffbc000 [ 262.430994] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 262.438759] Interruptibility = 00000000 ActivityState = 00000000 [ 262.451991] *** Host State *** [ 262.455482] RIP = 0xffffffff81174990 RSP = 0xffff8880619c7998 [ 262.465979] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 262.469286] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 262.474778] FSBase=00007f46c6d59700 GSBase=ffff8880aee00000 TRBase=fffffe0000003000 [ 262.491802] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 262.498062] CR0=0000000080050033 CR3=0000000063a42000 CR4=00000000001426f0 [ 262.512442] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff862018e0 [ 262.519384] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 262.524642] RFLAGS=0xfbf593b407ffc2e2 DR7 = 0x0000000000000400 [ 262.528328] *** Control State *** [ 262.538036] PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=000000e3 [ 262.549874] EntryControls=0000d1ff ExitControls=002fefff [ 262.557742] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 262.569262] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 262.579522] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 262.593876] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 262.603901] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 262.615638] reason=80000021 qualification=0000000000000000 [ 262.624804] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 262.635450] IDTVectoring: info=00000000 errcode=00000000 06:42:43 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 262.643610] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 262.665508] TSC Offset = 0xffffff7142b8a58a [ 262.672544] TPR Threshold = 0x00 [ 262.687046] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 262.696328] EPT pointer = 0x00000000a0ad301e [ 262.716288] Virtual processor ID = 0x0002 [ 262.724916] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 06:42:43 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 262.748754] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 262.765141] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 262.782893] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 262.795299] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 262.809468] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 262.817665] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 262.825008] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 262.833386] Interruptibility = 00000000 ActivityState = 00000000 [ 262.839852] *** Host State *** [ 262.844018] RIP = 0xffffffff81174990 RSP = 0xffff88808dc27998 [ 262.850278] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 262.862536] FSBase=00007fbbc5cdf700 GSBase=ffff8880aef00000 TRBase=fffffe0000003000 [ 262.874426] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 262.884062] CR0=0000000080050033 CR3=0000000089147000 CR4=00000000001426e0 [ 262.901447] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff862018e0 [ 262.951147] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 263.169327] *** Control State *** 06:42:44 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) [ 263.196668] PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=000000e3 [ 263.215021] audit: type=1326 audit(1567665764.029:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12758 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 263.218239] EntryControls=0000d1ff ExitControls=002fefff 06:42:44 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) r1 = inotify_init() preadv(r1, &(0x7f0000000040)=[{&(0x7f00000000c0)=""/215, 0xd7}, {&(0x7f00000001c0)=""/202, 0xca}, {}], 0x3, 0x0) getdents(r0, 0x0, 0x0) 06:42:44 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 263.249457] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 263.256763] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 263.268886] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 263.285988] reason=80000021 qualification=0000000000000000 [ 263.317431] IDTVectoring: info=00000000 errcode=00000000 [ 263.328063] TSC Offset = 0xffffff70fcd81804 [ 263.330946] audit: type=1326 audit(1567665764.169:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12790 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 263.337285] TPR Threshold = 0x00 [ 263.360641] EPT pointer = 0x00000000963bf01e 06:42:44 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 263.365152] Virtual processor ID = 0x0001 [ 263.406671] *** Guest State *** [ 263.410300] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 263.419338] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 263.428604] CR3 = 0x00000000fffbc000 [ 263.432797] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 263.439110] RFLAGS=0xfbf593b407ffc2e2 DR7 = 0x0000000000000400 [ 263.446218] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 263.453425] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 263.461712] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 263.469987] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 263.478290] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 263.486608] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 263.495013] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 06:42:44 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 263.503562] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 263.526542] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 263.555043] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 263.563418] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 263.572190] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 263.578980] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 263.587152] Interruptibility = 00000000 ActivityState = 00000000 [ 263.594143] *** Host State *** [ 263.597495] RIP = 0xffffffff81174990 RSP = 0xffff888068a57998 06:42:44 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0) [ 263.603727] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 263.627426] FSBase=00007fbbc5cdf700 GSBase=ffff8880aee00000 TRBase=fffffe0000003000 [ 263.637626] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 263.643849] CR0=0000000080050033 CR3=0000000085859000 CR4=00000000001426f0 [ 263.651313] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff862018e0 [ 263.651329] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 263.651333] *** Control State *** [ 263.651341] PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=000000e3 [ 263.675838] EntryControls=0000d1ff ExitControls=002fefff [ 263.681461] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 263.695021] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 263.702501] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 263.725161] reason=80000021 qualification=0000000000000000 [ 263.731632] IDTVectoring: info=00000000 errcode=00000000 [ 263.737134] TSC Offset = 0xffffff706f8cf1e0 [ 263.741704] TPR Threshold = 0x00 [ 263.745119] EPT pointer = 0x000000008a85d01e [ 263.749572] Virtual processor ID = 0x0001 06:42:44 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 264.052296] *** Guest State *** [ 264.055686] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 264.064776] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 264.073881] CR3 = 0x00000000fffbc000 [ 264.077657] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 264.083779] RFLAGS=0xfbf593b407ffc2e2 DR7 = 0x0000000000000400 [ 264.090586] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 06:42:44 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) [ 264.097396] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 264.111560] audit: type=1326 audit(1567665764.949:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12790 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 264.143637] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 06:42:45 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 264.154408] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 264.162655] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 264.170859] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 264.179028] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 264.189127] GDTR: limit=0x0000ffff, base=0x0000000000000000 06:42:45 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='maps\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(0xffffffffffffff9c, 0x0, 0xffffffffffffffe8) r1 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x6) openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/checkreqprot\x00', 0x100, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) setsockopt$inet_MCAST_LEAVE_GROUP(r1, 0x0, 0x2d, &(0x7f0000000140)={0xfffffffffffffff7, {{0x2, 0x4e23, @rand_addr=0x101}}}, 0x88) [ 264.214354] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 264.229021] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 264.237319] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 264.247506] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 264.257679] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 264.272734] Interruptibility = 00000000 ActivityState = 00000000 [ 264.279085] audit: type=1326 audit(1567665765.109:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12829 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 264.306786] *** Host State *** [ 264.310384] RIP = 0xffffffff81174990 RSP = 0xffff888059007998 [ 264.316409] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 264.323281] FSBase=00007fbbc5cdf700 GSBase=ffff8880aef00000 TRBase=fffffe0000034000 [ 264.331395] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 264.337331] CR0=0000000080050033 CR3=000000008bf73000 CR4=00000000001426e0 [ 264.344460] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff862018e0 [ 264.352466] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 264.358727] *** Control State *** 06:42:45 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, 0x0, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 264.374913] PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=000000e3 [ 264.390862] EntryControls=0000d1ff ExitControls=002fefff [ 264.405863] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 06:42:45 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 264.420825] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 264.427926] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 264.434987] reason=80000021 qualification=0000000000000000 [ 264.441963] IDTVectoring: info=00000000 errcode=00000000 [ 264.447532] TSC Offset = 0xffffff7016fff0c7 [ 264.452356] TPR Threshold = 0x00 [ 264.455801] EPT pointer = 0x00000000a8efb01e [ 264.461026] Virtual processor ID = 0x0001 06:42:45 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0) 06:42:45 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 06:42:45 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 06:42:45 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 264.952331] *** Guest State *** [ 264.956125] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 264.966137] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 264.975490] CR3 = 0x00000000fffbc000 [ 264.979475] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 264.986458] RFLAGS=0xfbf593b407ffc2e2 DR7 = 0x0000000000000400 [ 264.993305] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 06:42:45 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) [ 265.009807] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 265.023748] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 265.035095] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 265.046372] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 06:42:45 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, 0x0, 0x0, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 265.055160] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 265.063248] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 265.072270] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 265.076748] audit: type=1326 audit(1567665765.909:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12829 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:45 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='n\xb2\xbc\xc9\x96\xd4\xbc\x02\x9a\xf1\x13\xaa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe6\t\xe3\x87.~\xee\xc4\xb6\x06\xca\xae$\x8d\x8f}\xba6\x1a\xd7H\xd5\x88\xa0h\xa4?\xa2\x8c\x88@\xfbr\x0f\xc8)\x96/\xcd\x16}\x19\xe3\xb1IcX\xe3?\x80:8\xe1\xcas_\xa2\xc6\xec\x9ap\xe8\xfb\xe8[\x8d\x13\xc1\x9dR\xc7\xab(-\xbd;Y\x84\x97b\xa7\x80\xdf[\x9b&)D\xb2\x96e\xc0\xa1P\xa6K\xcc\xbd\x84c\xc9\xc2\xf0!|') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r0, 0x0, 0x0) [ 265.107538] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 265.116333] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 265.124710] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 265.133482] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 265.139997] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 265.156651] Interruptibility = 00000000 ActivityState = 00000000 [ 265.163699] *** Host State *** [ 265.164837] audit: type=1326 audit(1567665766.009:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12868 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 265.166980] RIP = 0xffffffff81174990 RSP = 0xffff88805b5cf998 [ 265.197892] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 06:42:46 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, 0x0, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 265.204496] FSBase=00007fbbc5cdf700 GSBase=ffff8880aef00000 TRBase=fffffe0000034000 [ 265.212999] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 265.219616] CR0=0000000080050033 CR3=00000000a8077000 CR4=00000000001426e0 [ 265.230846] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff862018e0 [ 265.237588] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 265.254837] *** Control State *** [ 265.258526] PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=000000e3 [ 265.268486] EntryControls=0000d1ff ExitControls=002fefff [ 265.276329] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 265.294338] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 265.303995] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 06:42:46 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 265.316011] reason=80000021 qualification=0000000000000000 [ 265.323969] IDTVectoring: info=00000000 errcode=00000000 [ 265.329731] TSC Offset = 0xffffff6f9c54c360 [ 265.338873] TPR Threshold = 0x00 [ 265.343452] EPT pointer = 0x0000000080f0b01e [ 265.348215] Virtual processor ID = 0x0001 06:42:46 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 265.424369] *** Guest State *** [ 265.442898] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 265.510932] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 265.530779] CR3 = 0x00000000fffbc000 [ 265.534765] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 265.546070] RFLAGS=0xfbf593b407ffc2e2 DR7 = 0x0000000000000400 [ 265.559063] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 265.569236] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 265.616931] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 265.641979] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 265.650679] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 265.665080] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 265.673357] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 265.686817] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 265.699088] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 265.711838] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 265.721748] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 265.731477] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 265.738437] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 265.746055] Interruptibility = 00000000 ActivityState = 00000000 [ 265.753881] *** Host State *** [ 265.794681] RIP = 0xffffffff81174990 RSP = 0xffff88809817f998 [ 265.802985] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 265.810595] FSBase=00007f46c6d59700 GSBase=ffff8880aef00000 TRBase=fffffe0000034000 [ 265.819132] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 265.827135] CR0=0000000080050033 CR3=00000000996de000 CR4=00000000001426e0 [ 265.834464] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff862018e0 06:42:46 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) [ 265.876749] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 265.936034] *** Control State *** [ 265.943407] PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=000000e3 [ 265.967961] EntryControls=0000d1ff ExitControls=002fefff [ 265.969538] audit: type=1326 audit(1567665766.799:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12868 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 266.017493] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 06:42:46 executing program 0: r0 = syz_open_dev$dspn(&(0x7f0000001940)='/dev/dsp#\x00', 0x0, 0x10080) setsockopt$inet_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000001980)='tls\x00', 0x4) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r1, 0x0, 0x0) 06:42:46 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, 0x0, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 266.081017] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 266.095466] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 266.119413] reason=80000021 qualification=0000000000000000 06:42:47 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, 0x0, 0x0, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 266.151335] IDTVectoring: info=00000000 errcode=00000000 [ 266.169287] audit: type=1326 audit(1567665766.999:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12895 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:47 executing program 3: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) r1 = inotify_init() preadv(r1, &(0x7f0000000040)=[{&(0x7f00000000c0)=""/215, 0xd7}, {&(0x7f00000001c0)=""/202, 0xca}, {}], 0x3, 0x0) getdents(r0, 0x0, 0x0) [ 266.204736] TSC Offset = 0xffffff6f5befdcc2 [ 266.209111] TPR Threshold = 0x00 [ 266.217915] EPT pointer = 0x00000000a61aa01e [ 266.222504] Virtual processor ID = 0x0002 [ 266.263256] audit: type=1326 audit(1567665767.099:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12909 comm="syz-executor.3" exe="/root/syz-executor.3" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:47 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 06:42:47 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 266.607096] *** Guest State *** [ 266.622273] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 266.631261] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 266.640536] CR3 = 0x00000000fffbc000 [ 266.646878] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 266.653104] RFLAGS=0xfbf593b407ffc2e2 DR7 = 0x0000000000000400 [ 266.659967] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 266.666840] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 266.675757] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 266.711973] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 266.720170] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 266.728670] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 266.736916] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 266.745114] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 266.753301] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 266.761497] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 266.769729] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 266.778389] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 266.785194] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 266.793078] Interruptibility = 00000000 ActivityState = 00000000 [ 266.799493] *** Host State *** [ 266.803036] RIP = 0xffffffff81174990 RSP = 0xffff888064247998 [ 266.809359] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 266.816007] FSBase=00007fbbc5cdf700 GSBase=ffff8880aef00000 TRBase=fffffe0000034000 [ 266.824176] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 266.830515] CR0=0000000080050033 CR3=0000000092896000 CR4=00000000001426e0 [ 266.837747] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff862018e0 [ 266.844678] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 266.851130] *** Control State *** [ 266.854931] PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=000000e3 [ 266.861846] EntryControls=0000d1ff ExitControls=002fefff [ 266.867627] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 266.874816] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 266.886165] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 266.892960] reason=80000021 qualification=0000000000000000 [ 266.899460] IDTVectoring: info=00000000 errcode=00000000 [ 266.905416] TSC Offset = 0xffffff6eb9eb9115 06:42:47 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, 0x0, 0x0, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 266.909986] TPR Threshold = 0x00 [ 266.913777] EPT pointer = 0x000000009fad401e [ 266.918415] Virtual processor ID = 0x0001 06:42:47 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 266.952685] audit: type=1326 audit(1567665767.789:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12895 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:47 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4), 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:47 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 267.135849] *** Guest State *** [ 267.148976] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 267.178384] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 267.211202] *** Guest State *** [ 267.213009] CR3 = 0x00000000fffbc000 [ 267.217744] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 267.218447] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 267.264297] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 267.267720] RFLAGS=0xfbf593b407ffc2e2 DR7 = 0x0000000000000400 [ 267.298178] CR3 = 0x00000000fffbc000 [ 267.320413] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 267.364017] RFLAGS=0xfbf593b407ffc2e2 DR7 = 0x0000000000000400 06:42:48 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) [ 267.424329] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 267.456132] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 267.461156] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 267.496864] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 267.534031] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 267.539586] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 267.556308] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 267.591765] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 267.598498] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 267.612736] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 267.631700] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 267.638656] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 267.640597] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 267.656692] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 267.657103] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 267.732918] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 267.738365] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 267.759923] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 06:42:48 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 267.778574] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 267.802557] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 267.819531] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 267.828543] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 267.842358] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 267.856693] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 267.872798] Interruptibility = 00000000 ActivityState = 00000000 [ 267.873091] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 267.887112] *** Host State *** [ 267.894852] RIP = 0xffffffff81174990 RSP = 0xffff88805ce67998 [ 267.907834] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 267.924616] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 06:42:48 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4), 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 267.932417] FSBase=00007f46c6d59700 GSBase=ffff8880aee00000 TRBase=fffffe0000003000 [ 267.945800] Interruptibility = 00000000 ActivityState = 00000000 [ 267.965847] *** Host State *** [ 267.974496] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 267.979865] RIP = 0xffffffff81174990 RSP = 0xffff8880620f7998 [ 267.987415] CR0=0000000080050033 CR3=000000008dc2e000 CR4=00000000001426f0 [ 268.025692] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff862018e0 [ 268.031707] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 268.040625] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 268.106047] *** Control State *** 06:42:49 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) [ 268.286759] FSBase=00007fbbc5cdf700 GSBase=ffff8880aef00000 TRBase=fffffe0000034000 [ 268.294493] PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=000000e3 [ 268.310682] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 268.319646] EntryControls=0000d1ff ExitControls=002fefff [ 268.329568] CR0=0000000080050033 CR3=000000008a774000 CR4=00000000001426e0 06:42:49 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_retries\x00', 0x2, 0x0) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f0000000040)={'team_slave_1\x00', 0x200}) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x7c774aac) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) getpeername$packet(0xffffffffffffffff, &(0x7f0000003040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000003080)=0xffffffffffffff9f) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x32, &(0x7f00000030c0)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, r4}, 0x14) ioctl$HCIINQUIRY(r3, 0x800448f0, &(0x7f00000001c0)={r4, 0x0, 0x4, 0x6, 0x80, 0x1f, 0xfe}) getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x8, &(0x7f0000000200), &(0x7f0000000300)=0x4) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r2, 0x0) r5 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r5, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) connect$inet6(r5, &(0x7f0000000140)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r6 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r5, 0x84, 0x6d, &(0x7f0000000280)={r7, 0x1c, "237a5c3ef6bb91546a94ff010000ffa95f92a726729beb47d32bc5b5"}, &(0x7f0000000100)=0x24) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r2, 0x84, 0x6c, &(0x7f0000000100)={r7, 0x6e, "cee5aa28e1b47b4acbaab0a5e165d712c140774e70202e397ef6585fd208d1fb9d31f8c86eaff11b5ab7dea175db0e7d7f5a91c1d5fbf5ee4d6fa325c4317b536a95f650a270f54a05733f15a124ebcc868f5fc75ea4a5b918fc6c7e344d0be3dd016e948d92278b0fd6beb8fd64"}, &(0x7f0000000180)=0x76) ioctl$KVM_INTERRUPT(r1, 0x4004ae86, &(0x7f00000000c0)=0x2) getdents(r0, 0x0, 0x0) [ 268.337095] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 268.347250] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff862018e0 [ 268.359042] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 268.365914] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 268.365919] *** Control State *** [ 268.365924] PinBased=0000003f CPUBased=b6a1edfa SecondaryExec=000000e3 06:42:49 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) [ 268.365931] EntryControls=0000d1ff ExitControls=002fefff [ 268.406365] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 268.427357] audit: type=1326 audit(1567665769.259:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12968 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 268.436478] reason=80000021 qualification=0000000000000000 [ 268.486152] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 268.497533] IDTVectoring: info=00000000 errcode=00000000 [ 268.504795] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 268.513317] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 268.523697] reason=80000021 qualification=0000000000000000 06:42:49 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) [ 268.534236] TSC Offset = 0xffffff6e67f7a809 [ 268.546008] IDTVectoring: info=00000000 errcode=00000000 [ 268.557558] TSC Offset = 0xffffff6e71afc4b3 [ 268.568261] TPR Threshold = 0x00 [ 268.571253] TPR Threshold = 0x00 [ 268.578188] EPT pointer = 0x00000000947cd01e 06:42:49 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x4800, 0x10e) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x4e24, 0x0, @remote, 0x1}, {0xa, 0x4e20, 0x100000001, @mcast2, 0x8001}, 0x0, [0x100000001, 0x64c5, 0x9, 0x8, 0x1f, 0x81, 0x4]}, 0x5c) syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)={[{@mft_zone_multiplier={'mft_zone_multiplier'}}, {@show_sys_files_no='show_sys_files=no'}, {@errors_recover='errors=recover'}, {@umask={'umask'}}, {@umask={'umask'}}, {@umask={'umask'}}, {@mft_zone_multiplier={'mft_zone_multiplier', 0x3d, 0x2}}, {@umask={'umask'}}]}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r1, 0x0) ioctl$RTC_RD_TIME(0xffffffffffffffff, 0x80247009, &(0x7f0000000140)) acct(&(0x7f0000000300)='./file1\x00') r2 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) r3 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f0000000280)={r5, 0x1c, "237a5c3ef6bb91546a94ff010000ffa95f92a726729beb47d32bc5b5"}, &(0x7f0000000100)=0x24) setsockopt$inet_sctp_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f0000000340)=@assoc_value={r5, 0x8001}, 0x8) ioctl$VIDIOC_TRY_FMT(r2, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) ioctl$KVM_SET_PIT2(r2, 0x4070aea0, &(0x7f00000001c0)={[{0x3f, 0x37c, 0x8ddb, 0x13, 0x79, 0x10000, 0x3, 0x6, 0xff, 0x4, 0x2, 0x885e, 0x7}, {0x6, 0x8, 0x7, 0xcb3, 0x20, 0x6, 0x1, 0x6, 0x5, 0x7, 0x4b6, 0x2, 0x7f}, {0x4, 0x9, 0x99d, 0xb4f2, 0xff, 0x576e, 0x2, 0x2418976f, 0x7, 0x2, 0x5, 0xb2, 0x1}], 0xfff}) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0xc0305302, &(0x7f0000000040)={0x0, 0x32, 0x100000000, 0x80000000, 0x0, 0xfffffffeffffffff}) [ 268.586544] Virtual processor ID = 0x0001 [ 268.592672] EPT pointer = 0x0000000086ce601e [ 268.613999] Virtual processor ID = 0x0002 06:42:49 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 06:42:49 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:49 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x4800, 0x10e) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x4e24, 0x0, @remote, 0x1}, {0xa, 0x4e20, 0x100000001, @mcast2, 0x8001}, 0x0, [0x100000001, 0x64c5, 0x9, 0x8, 0x1f, 0x81, 0x4]}, 0x5c) syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)={[{@mft_zone_multiplier={'mft_zone_multiplier'}}, {@show_sys_files_no='show_sys_files=no'}, {@errors_recover='errors=recover'}, {@umask={'umask'}}, {@umask={'umask'}}, {@umask={'umask'}}, {@mft_zone_multiplier={'mft_zone_multiplier', 0x3d, 0x2}}, {@umask={'umask'}}]}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r1, 0x0) ioctl$RTC_RD_TIME(0xffffffffffffffff, 0x80247009, &(0x7f0000000140)) acct(&(0x7f0000000300)='./file1\x00') r2 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) r3 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f0000000280)={r5, 0x1c, "237a5c3ef6bb91546a94ff010000ffa95f92a726729beb47d32bc5b5"}, &(0x7f0000000100)=0x24) setsockopt$inet_sctp_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f0000000340)=@assoc_value={r5, 0x8001}, 0x8) ioctl$VIDIOC_TRY_FMT(r2, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) ioctl$KVM_SET_PIT2(r2, 0x4070aea0, &(0x7f00000001c0)={[{0x3f, 0x37c, 0x8ddb, 0x13, 0x79, 0x10000, 0x3, 0x6, 0xff, 0x4, 0x2, 0x885e, 0x7}, {0x6, 0x8, 0x7, 0xcb3, 0x20, 0x6, 0x1, 0x6, 0x5, 0x7, 0x4b6, 0x2, 0x7f}, {0x4, 0x9, 0x99d, 0xb4f2, 0xff, 0x576e, 0x2, 0x2418976f, 0x7, 0x2, 0x5, 0xb2, 0x1}], 0xfff}) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0xc0305302, &(0x7f0000000040)={0x0, 0x32, 0x100000000, 0x80000000, 0x0, 0xfffffffeffffffff}) [ 268.669398] ntfs: (device loop4): ntfs_fill_super(): Unable to determine device size. 06:42:49 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4), 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 269.295735] kauditd_printk_skb: 1 callbacks suppressed [ 269.295771] audit: type=1326 audit(1567665770.129:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=12968 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:50 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 06:42:50 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x4800, 0x10e) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x4e24, 0x0, @remote, 0x1}, {0xa, 0x4e20, 0x100000001, @mcast2, 0x8001}, 0x0, [0x100000001, 0x64c5, 0x9, 0x8, 0x1f, 0x81, 0x4]}, 0x5c) syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)={[{@mft_zone_multiplier={'mft_zone_multiplier'}}, {@show_sys_files_no='show_sys_files=no'}, {@errors_recover='errors=recover'}, {@umask={'umask'}}, {@umask={'umask'}}, {@umask={'umask'}}, {@mft_zone_multiplier={'mft_zone_multiplier', 0x3d, 0x2}}, {@umask={'umask'}}]}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r1, 0x0) ioctl$RTC_RD_TIME(0xffffffffffffffff, 0x80247009, &(0x7f0000000140)) acct(&(0x7f0000000300)='./file1\x00') r2 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) r3 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f0000000280)={r5, 0x1c, "237a5c3ef6bb91546a94ff010000ffa95f92a726729beb47d32bc5b5"}, &(0x7f0000000100)=0x24) setsockopt$inet_sctp_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f0000000340)=@assoc_value={r5, 0x8001}, 0x8) ioctl$VIDIOC_TRY_FMT(r2, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) ioctl$KVM_SET_PIT2(r2, 0x4070aea0, &(0x7f00000001c0)={[{0x3f, 0x37c, 0x8ddb, 0x13, 0x79, 0x10000, 0x3, 0x6, 0xff, 0x4, 0x2, 0x885e, 0x7}, {0x6, 0x8, 0x7, 0xcb3, 0x20, 0x6, 0x1, 0x6, 0x5, 0x7, 0x4b6, 0x2, 0x7f}, {0x4, 0x9, 0x99d, 0xb4f2, 0xff, 0x576e, 0x2, 0x2418976f, 0x7, 0x2, 0x5, 0xb2, 0x1}], 0xfff}) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0xc0305302, &(0x7f0000000040)={0x0, 0x32, 0x100000000, 0x80000000, 0x0, 0xfffffffeffffffff}) 06:42:50 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:50 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x4800, 0x10e) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x4e24, 0x0, @remote, 0x1}, {0xa, 0x4e20, 0x100000001, @mcast2, 0x8001}, 0x0, [0x100000001, 0x64c5, 0x9, 0x8, 0x1f, 0x81, 0x4]}, 0x5c) syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)={[{@mft_zone_multiplier={'mft_zone_multiplier'}}, {@show_sys_files_no='show_sys_files=no'}, {@errors_recover='errors=recover'}, {@umask={'umask'}}, {@umask={'umask'}}, {@umask={'umask'}}, {@mft_zone_multiplier={'mft_zone_multiplier', 0x3d, 0x2}}, {@umask={'umask'}}]}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r1, 0x0) ioctl$RTC_RD_TIME(0xffffffffffffffff, 0x80247009, &(0x7f0000000140)) acct(&(0x7f0000000300)='./file1\x00') r2 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) r3 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f0000000280)={r5, 0x1c, "237a5c3ef6bb91546a94ff010000ffa95f92a726729beb47d32bc5b5"}, &(0x7f0000000100)=0x24) setsockopt$inet_sctp_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f0000000340)=@assoc_value={r5, 0x8001}, 0x8) ioctl$VIDIOC_TRY_FMT(r2, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) ioctl$KVM_SET_PIT2(r2, 0x4070aea0, &(0x7f00000001c0)={[{0x3f, 0x37c, 0x8ddb, 0x13, 0x79, 0x10000, 0x3, 0x6, 0xff, 0x4, 0x2, 0x885e, 0x7}, {0x6, 0x8, 0x7, 0xcb3, 0x20, 0x6, 0x1, 0x6, 0x5, 0x7, 0x4b6, 0x2, 0x7f}, {0x4, 0x9, 0x99d, 0xb4f2, 0xff, 0x576e, 0x2, 0x2418976f, 0x7, 0x2, 0x5, 0xb2, 0x1}], 0xfff}) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0xc0305302, &(0x7f0000000040)={0x0, 0x32, 0x100000000, 0x80000000, 0x0, 0xfffffffeffffffff}) 06:42:50 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:50 executing program 0: r0 = gettid() ptrace$setopts(0x4200, r0, 0x0, 0x100000) tkill(r0, 0x38) r1 = perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x100000000, 0x4, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x43}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000500)={'syz'}, &(0x7f0000000380)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce0000b4ec24c53d3d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff3c009d308bd73f4772539", 0xc0, 0xfffffffffffffffe) r3 = openat$dlm_control(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/dlm-control\x00', 0x8000, 0x0) getsockopt$EBT_SO_GET_ENTRIES(r3, 0x0, 0x81, &(0x7f0000000900)={'broute\x00', 0x0, 0x4, 0x78, [], 0x7, &(0x7f0000000800)=[{}, {}, {}, {}, {}, {}, {}], &(0x7f0000000880)=""/120}, &(0x7f0000000540)=0x78) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000440)='/dev/snapshot\x00', 0x100, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r4, 0xc08c5335, &(0x7f0000000740)={0xfb, 0x5, 0x4, 'queue0\x00', 0x8}) r5 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000100)='\x00', 0x1, 0xfffffffffffffffd) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000180)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000140)={0xffffffffffffffff}, 0x0, 0x4}}, 0x20) r7 = semget(0x2, 0x2, 0x400) semctl$GETALL(r7, 0x0, 0xd, &(0x7f0000000b00)=""/218) accept4$vsock_stream(r3, &(0x7f0000000ac0)={0x28, 0x0, 0x2710, @host}, 0x10, 0x80000) r8 = openat$cachefiles(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/cachefiles\x00', 0x4000, 0x0) ioctl$LOOP_SET_CAPACITY(r8, 0x4c07) setsockopt$IP_VS_SO_SET_STOPDAEMON(r8, 0x0, 0x48c, &(0x7f0000000a80)={0x0, 'bridge0\x00'}, 0x18) setsockopt$inet6_tcp_TCP_ULP(r8, 0x6, 0x1f, &(0x7f0000000480)='tls\x00', 0x4) write$RDMA_USER_CM_CMD_CONNECT(r1, &(0x7f0000000600)={0x6, 0x118, 0xfa00, {{0x400, 0x200000000000, "685b29fb6934c6501159bee9d36d66d309f3e25752f19a0f3c2568675f3ee22738a893e6a85d0efb29eec6da2b6512ba60e4a01167611aa141724a5b14fb5ffe58170d11ed90fbba8a821a796a49c22aece02d3a286226ff7d3e089db518bdd774cfa3c3343ea55d168542101769377940ffee52d06684733eb8531d95789db754d87004fc795e78c49e69538ffc8b240e07c5ea1282e044b5a572ea149b50f839f69359488ece77d04d018e795e68653b5b3d4dba84df921f406c0fa0f03caffaa6002df8278d7984c36f61fc9d5f255d9d17733fb9f829c18cedd7c4ff3941cc6198be35af3d8d83bc34b742ec4feae43717dbcaa9c644cffb41770be838da", 0x4f, 0x48ad, 0x7, 0x7fff, 0x1e5, 0x1, 0x7fffffff}, r6}}, 0x120) keyctl$dh_compute(0x17, &(0x7f0000000040)={r2, r2, r5}, &(0x7f0000000280)=""/243, 0xf3, &(0x7f0000000240)={&(0x7f0000000080)={'rmd320-generic\x00'}}) ptrace$cont(0x18, r0, 0x0, 0x0) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r9, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r9, 0x0) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r9, 0x54a3) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) r10 = syz_open_procfs(r0, &(0x7f0000000000)='net\x00k\xc2Nj\x14\x9d\xce\x8f\a\x161\xf0\xde\xce\xe0\xdc,\xb5l\xa2\xe1\x9b\xd3') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r10, 0x0, 0x0) [ 270.063676] ntfs: (device loop4): ntfs_fill_super(): Unable to determine device size. 06:42:50 executing program 0: getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040)={0x0}, &(0x7f00000000c0)=0xc) r1 = syz_open_procfs(r0, &(0x7f0000000000)='net\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r1, 0x0, 0x0) [ 270.211525] audit: type=1326 audit(1567665771.039:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=13058 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 270.259530] ntfs: (device loop3): ntfs_fill_super(): Unable to determine device size. 06:42:51 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 06:42:51 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:51 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:51 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x4800, 0x10e) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x4e24, 0x0, @remote, 0x1}, {0xa, 0x4e20, 0x100000001, @mcast2, 0x8001}, 0x0, [0x100000001, 0x64c5, 0x9, 0x8, 0x1f, 0x81, 0x4]}, 0x5c) syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)={[{@mft_zone_multiplier={'mft_zone_multiplier'}}, {@show_sys_files_no='show_sys_files=no'}, {@errors_recover='errors=recover'}, {@umask={'umask'}}, {@umask={'umask'}}, {@umask={'umask'}}, {@mft_zone_multiplier={'mft_zone_multiplier', 0x3d, 0x2}}, {@umask={'umask'}}]}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r1, 0x0) ioctl$RTC_RD_TIME(0xffffffffffffffff, 0x80247009, &(0x7f0000000140)) acct(&(0x7f0000000300)='./file1\x00') r2 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) r3 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f0000000280)={r5, 0x1c, "237a5c3ef6bb91546a94ff010000ffa95f92a726729beb47d32bc5b5"}, &(0x7f0000000100)=0x24) setsockopt$inet_sctp_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f0000000340)=@assoc_value={r5, 0x8001}, 0x8) ioctl$VIDIOC_TRY_FMT(r2, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) ioctl$KVM_SET_PIT2(r2, 0x4070aea0, &(0x7f00000001c0)={[{0x3f, 0x37c, 0x8ddb, 0x13, 0x79, 0x10000, 0x3, 0x6, 0xff, 0x4, 0x2, 0x885e, 0x7}, {0x6, 0x8, 0x7, 0xcb3, 0x20, 0x6, 0x1, 0x6, 0x5, 0x7, 0x4b6, 0x2, 0x7f}, {0x4, 0x9, 0x99d, 0xb4f2, 0xff, 0x576e, 0x2, 0x2418976f, 0x7, 0x2, 0x5, 0xb2, 0x1}], 0xfff}) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0xc0305302, &(0x7f0000000040)={0x0, 0x32, 0x100000000, 0x80000000, 0x0, 0xfffffffeffffffff}) [ 270.990608] audit: type=1326 audit(1567665771.819:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=13058 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 271.028248] ntfs: (device loop4): ntfs_fill_super(): Unable to determine device size. 06:42:51 executing program 0: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = gettid() r2 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r3 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r3, 0x14) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffee, r0, 0x1ffffe, 0x2) r4 = gettid() ptrace$setopts(0x4206, r4, 0x0, 0x0) tkill(r4, 0x38) ptrace$cont(0x1f, r4, 0x0, 0x0) r5 = dup(0xffffffffffffffff) write$FUSE_NOTIFY_POLL(r5, &(0x7f0000000040)={0x18, 0x1, 0x0, {0x49}}, 0x18) ptrace$setregs(0xd, r4, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r4, 0x0, 0x0) r6 = syz_open_procfs(r4, &(0x7f0000000000)='personality\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r6, 0x0, 0x0) 06:42:51 executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x4800, 0x10e) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x4e24, 0x0, @remote, 0x1}, {0xa, 0x4e20, 0x100000001, @mcast2, 0x8001}, 0x0, [0x100000001, 0x64c5, 0x9, 0x8, 0x1f, 0x81, 0x4]}, 0x5c) syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)={[{@mft_zone_multiplier={'mft_zone_multiplier'}}, {@show_sys_files_no='show_sys_files=no'}, {@errors_recover='errors=recover'}, {@umask={'umask'}}, {@umask={'umask'}}, {@umask={'umask'}}, {@mft_zone_multiplier={'mft_zone_multiplier', 0x3d, 0x2}}, {@umask={'umask'}}]}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r1, 0x0) ioctl$RTC_RD_TIME(0xffffffffffffffff, 0x80247009, &(0x7f0000000140)) acct(&(0x7f0000000300)='./file1\x00') r2 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) r3 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f0000000280)={r5, 0x1c, "237a5c3ef6bb91546a94ff010000ffa95f92a726729beb47d32bc5b5"}, &(0x7f0000000100)=0x24) setsockopt$inet_sctp_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f0000000340)=@assoc_value={r5, 0x8001}, 0x8) ioctl$VIDIOC_TRY_FMT(r2, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) ioctl$KVM_SET_PIT2(r2, 0x4070aea0, &(0x7f00000001c0)={[{0x3f, 0x37c, 0x8ddb, 0x13, 0x79, 0x10000, 0x3, 0x6, 0xff, 0x4, 0x2, 0x885e, 0x7}, {0x6, 0x8, 0x7, 0xcb3, 0x20, 0x6, 0x1, 0x6, 0x5, 0x7, 0x4b6, 0x2, 0x7f}, {0x4, 0x9, 0x99d, 0xb4f2, 0xff, 0x576e, 0x2, 0x2418976f, 0x7, 0x2, 0x5, 0xb2, 0x1}], 0xfff}) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0xc0305302, &(0x7f0000000040)={0x0, 0x32, 0x100000000, 0x80000000, 0x0, 0xfffffffeffffffff}) 06:42:52 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 06:42:52 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:52 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 271.504197] ntfs: (device loop3): ntfs_fill_super(): Unable to determine device size. 06:42:52 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') r1 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r1, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000000)=[@in={0x2, 0x4e20, @remote}, @in6={0xa, 0x4e20, 0xffffffffffff8000, @local, 0xee0c}, @in6={0xa, 0x4e22, 0x4, @dev={0xfe, 0x80, [], 0x27}, 0x6f}], 0x48) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r0, 0x0, 0x0) 06:42:52 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x4800, 0x10e) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x4e24, 0x0, @remote, 0x1}, {0xa, 0x4e20, 0x100000001, @mcast2, 0x8001}, 0x0, [0x100000001, 0x64c5, 0x9, 0x8, 0x1f, 0x81, 0x4]}, 0x5c) syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)={[{@mft_zone_multiplier={'mft_zone_multiplier'}}, {@show_sys_files_no='show_sys_files=no'}, {@errors_recover='errors=recover'}, {@umask={'umask'}}, {@umask={'umask'}}, {@umask={'umask'}}, {@mft_zone_multiplier={'mft_zone_multiplier', 0x3d, 0x2}}, {@umask={'umask'}}]}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r1, 0x0) ioctl$RTC_RD_TIME(0xffffffffffffffff, 0x80247009, &(0x7f0000000140)) acct(&(0x7f0000000300)='./file1\x00') r2 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) r3 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f0000000280)={r5, 0x1c, "237a5c3ef6bb91546a94ff010000ffa95f92a726729beb47d32bc5b5"}, &(0x7f0000000100)=0x24) setsockopt$inet_sctp_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f0000000340)=@assoc_value={r5, 0x8001}, 0x8) ioctl$VIDIOC_TRY_FMT(r2, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) ioctl$KVM_SET_PIT2(r2, 0x4070aea0, &(0x7f00000001c0)={[{0x3f, 0x37c, 0x8ddb, 0x13, 0x79, 0x10000, 0x3, 0x6, 0xff, 0x4, 0x2, 0x885e, 0x7}, {0x6, 0x8, 0x7, 0xcb3, 0x20, 0x6, 0x1, 0x6, 0x5, 0x7, 0x4b6, 0x2, 0x7f}, {0x4, 0x9, 0x99d, 0xb4f2, 0xff, 0x576e, 0x2, 0x2418976f, 0x7, 0x2, 0x5, 0xb2, 0x1}], 0xfff}) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0xc0305302, &(0x7f0000000040)={0x0, 0x32, 0x100000000, 0x80000000, 0x0, 0xfffffffeffffffff}) [ 272.072138] audit: type=1326 audit(1567665772.909:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=13134 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:53 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:53 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) [ 272.297986] ntfs: (device loop4): ntfs_fill_super(): Unable to determine device size. 06:42:53 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, 0x0, 0x0, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:53 executing program 3: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = gettid() r2 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r3 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r3, 0x14) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffee, r0, 0x1ffffe, 0x2) r4 = gettid() ptrace$setopts(0x4206, r4, 0x0, 0x0) tkill(r4, 0x38) ptrace$cont(0x1f, r4, 0x0, 0x0) r5 = dup(0xffffffffffffffff) write$FUSE_NOTIFY_POLL(r5, &(0x7f0000000040)={0x18, 0x1, 0x0, {0x49}}, 0x18) ptrace$setregs(0xd, r4, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r4, 0x0, 0x0) r6 = syz_open_procfs(r4, &(0x7f0000000000)='personality\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r6, 0x0, 0x0) [ 272.845267] audit: type=1326 audit(1567665773.679:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=13134 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:53 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vga_arbiter\x00', 0x40, 0x0) getsockopt$bt_l2cap_L2CAP_LM(r1, 0x6, 0x3, &(0x7f0000000200), &(0x7f0000000240)=0x4) getdents(r0, 0x0, 0x0) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r0, 0x0, 0x61, &(0x7f0000000000)={'filter\x00', 0x4}, 0x68) r2 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/zero\x00', 0x101000, 0x0) write$P9_RREADDIR(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="c500000029020000000000160300000001000000001500004000000000000000fa07002e2f66696c6530c90400000003ffffffffffffff03000000000000000507002e2f66696c653001000000000000100000000000007d07002e2f66696c65302003000000050000000000000181000000000000000207002e2f66696c65300203000000060000000000000001000000000000000007002e2f66696c653004010000000500000000000000bc000009000000000007002e2f66696c6530"], 0xc5) 06:42:54 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:54 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 06:42:54 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, 0x0, 0x0, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:54 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x4800, 0x10e) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x4e24, 0x0, @remote, 0x1}, {0xa, 0x4e20, 0x100000001, @mcast2, 0x8001}, 0x0, [0x100000001, 0x64c5, 0x9, 0x8, 0x1f, 0x81, 0x4]}, 0x5c) syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)={[{@mft_zone_multiplier={'mft_zone_multiplier'}}, {@show_sys_files_no='show_sys_files=no'}, {@errors_recover='errors=recover'}, {@umask={'umask'}}, {@umask={'umask'}}, {@umask={'umask'}}, {@mft_zone_multiplier={'mft_zone_multiplier', 0x3d, 0x2}}, {@umask={'umask'}}]}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r1, 0x0) ioctl$RTC_RD_TIME(0xffffffffffffffff, 0x80247009, &(0x7f0000000140)) acct(&(0x7f0000000300)='./file1\x00') r2 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) r3 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) connect$inet6(r3, &(0x7f0000000140)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f0000000280)={r5, 0x1c, "237a5c3ef6bb91546a94ff010000ffa95f92a726729beb47d32bc5b5"}, &(0x7f0000000100)=0x24) setsockopt$inet_sctp_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f0000000340)=@assoc_value={r5, 0x8001}, 0x8) ioctl$VIDIOC_TRY_FMT(r2, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) ioctl$KVM_SET_PIT2(r2, 0x4070aea0, &(0x7f00000001c0)={[{0x3f, 0x37c, 0x8ddb, 0x13, 0x79, 0x10000, 0x3, 0x6, 0xff, 0x4, 0x2, 0x885e, 0x7}, {0x6, 0x8, 0x7, 0xcb3, 0x20, 0x6, 0x1, 0x6, 0x5, 0x7, 0x4b6, 0x2, 0x7f}, {0x4, 0x9, 0x99d, 0xb4f2, 0xff, 0x576e, 0x2, 0x2418976f, 0x7, 0x2, 0x5, 0xb2, 0x1}], 0xfff}) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r1, 0xc0305302, &(0x7f0000000040)={0x0, 0x32, 0x100000000, 0x80000000, 0x0, 0xfffffffeffffffff}) 06:42:54 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 06:42:54 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x04') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r0, 0x0, 0x0) 06:42:54 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, 0x0, 0x0, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:54 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:54 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 06:42:54 executing program 3: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x4000, 0x0) getsockopt$bt_sco_SCO_CONNINFO(r0, 0x11, 0x2, &(0x7f0000000080)=""/84, &(0x7f0000000100)=0x54) syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)={[{@mft_zone_multiplier={'mft_zone_multiplier'}}, {@show_sys_files_no='show_sys_files=no'}, {@errors_recover='errors=recover'}, {@umask={'umask'}}, {@umask={'umask'}}, {@umask={'umask'}}, {@mft_zone_multiplier={'mft_zone_multiplier', 0x3d, 0x2}}, {@umask={'umask'}}]}) 06:42:55 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) r1 = accept4(0xffffffffffffffff, &(0x7f00000000c0)=@sco, &(0x7f0000000040)=0x80, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000d90000/0x3000)=nil, 0x3000, 0x2689ab045a6447c0, 0x51, r1, 0xfffffffffffffffe) r3 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r3, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r3, 0x84, 0x1a, &(0x7f0000000140)={0x0, 0x33, "50ea7c165823a8537127643b80856524031284bc4004d356909d289ecbbf694452e88ae69b54a31f1ac036ca2e38a9a2ee97f2"}, &(0x7f0000000180)=0x3b) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f00000001c0)={r4, 0x6, 0x10}, &(0x7f0000000240)=0xc) 06:42:55 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) r1 = accept4(0xffffffffffffffff, &(0x7f00000000c0)=@sco, &(0x7f0000000040)=0x80, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000d90000/0x3000)=nil, 0x3000, 0x2689ab045a6447c0, 0x51, r1, 0xfffffffffffffffe) r3 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r3, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r3, 0x84, 0x1a, &(0x7f0000000140)={0x0, 0x33, "50ea7c165823a8537127643b80856524031284bc4004d356909d289ecbbf694452e88ae69b54a31f1ac036ca2e38a9a2ee97f2"}, &(0x7f0000000180)=0x3b) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f00000001c0)={r4, 0x6, 0x10}, &(0x7f0000000240)=0xc) 06:42:55 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:55 executing program 0: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = syz_open_procfs(r0, &(0x7f0000000000)='netL\xccr\xcet\x12\xfd\xd6\x14W\xf77\xa8\x82\xb2\x00') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r1, 0x0, 0x0) [ 274.661111] kauditd_printk_skb: 5 callbacks suppressed [ 274.661119] audit: type=1326 audit(1567665775.499:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=13209 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 274.759641] audit: type=1326 audit(1567665775.589:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=13248 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:55 executing program 4: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x04') prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r0, 0x0, 0x0) 06:42:55 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 06:42:55 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:56 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) r1 = accept4(0xffffffffffffffff, &(0x7f00000000c0)=@sco, &(0x7f0000000040)=0x80, 0x80000) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000d90000/0x3000)=nil, 0x3000, 0x2689ab045a6447c0, 0x51, r1, 0xfffffffffffffffe) r3 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r3, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r3, 0x84, 0x1a, &(0x7f0000000140)={0x0, 0x33, "50ea7c165823a8537127643b80856524031284bc4004d356909d289ecbbf694452e88ae69b54a31f1ac036ca2e38a9a2ee97f2"}, &(0x7f0000000180)=0x3b) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f00000001c0)={r4, 0x6, 0x10}, &(0x7f0000000240)=0xc) 06:42:56 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 275.499725] audit: type=1326 audit(1567665776.329:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=13265 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:56 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net\x00') socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) getdents(r0, 0x0, 0x0) [ 275.561007] audit: type=1326 audit(1567665776.399:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=13248 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 275.647688] audit: type=1326 audit(1567665776.479:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=13281 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 06:42:56 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:56 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) r2 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 06:42:56 executing program 3: syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)={[{@mft_zone_multiplier={'mft_zone_multiplier'}}, {@show_sys_files_no='show_sys_files=no'}, {@errors_recover='errors=recover'}, {@umask={'umask'}}, {@umask={'umask'}}, {@umask={'umask'}}, {@mft_zone_multiplier={'mft_zone_multiplier', 0x3d, 0x2}}, {@umask={'umask'}}]}) rmdir(&(0x7f0000000080)='./file0\x00') ioctl$sock_proto_private(0xffffffffffffffff, 0x89e3, &(0x7f00000000c0)="c3a9bac0cff2ea9cb01d24aaea33f3ec9247c1099b7b04ded7a76988472eef5c40c586fecf19bee825bf8a3d0c7dce66eef63af4acdd890eae42cc1cba3d9efdbf98ae0b471f3de9d5ea6f841ab5457c7aaaf3c7030f2f0c2365935e130f0040fb5fb1b6ebc947dace1f0e99eba03c365e0607bbab75f52a144029353c73970785726c321b8317ac7513931d65732c2ddc638b503fac13206623c51c1ed3da") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r0, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r1, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) r2 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, &(0x7f0000000280)={r4, 0x1c, "237a5c3ef6bb91546a94ff010000ffa95f92a726729beb47d32bc5b5"}, &(0x7f0000000100)=0x24) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000180)={r4, @in={{0x2, 0x4e24, @broadcast}}}, &(0x7f0000000240)=0x84) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000280)={r5, 0x4}, &(0x7f00000002c0)=0x8) [ 276.094575] ntfs: (device loop3): ntfs_fill_super(): Unable to determine device size. 06:42:57 executing program 4: syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)={[{@mft_zone_multiplier={'mft_zone_multiplier'}}, {@show_sys_files_no='show_sys_files=no'}, {@errors_recover='errors=recover'}, {@umask={'umask'}}, {@umask={'umask'}}, {@umask={'umask'}}, {@mft_zone_multiplier={'mft_zone_multiplier', 0x3d, 0x2}}, {@umask={'umask'}}]}) rmdir(&(0x7f0000000080)='./file0\x00') ioctl$sock_proto_private(0xffffffffffffffff, 0x89e3, &(0x7f00000000c0)="c3a9bac0cff2ea9cb01d24aaea33f3ec9247c1099b7b04ded7a76988472eef5c40c586fecf19bee825bf8a3d0c7dce66eef63af4acdd890eae42cc1cba3d9efdbf98ae0b471f3de9d5ea6f841ab5457c7aaaf3c7030f2f0c2365935e130f0040fb5fb1b6ebc947dace1f0e99eba03c365e0607bbab75f52a144029353c73970785726c321b8317ac7513931d65732c2ddc638b503fac13206623c51c1ed3da") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r0, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r1, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) r2 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, &(0x7f0000000280)={r4, 0x1c, "237a5c3ef6bb91546a94ff010000ffa95f92a726729beb47d32bc5b5"}, &(0x7f0000000100)=0x24) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000180)={r4, @in={{0x2, 0x4e24, @broadcast}}}, &(0x7f0000000240)=0x84) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000280)={r5, 0x4}, &(0x7f00000002c0)=0x8) 06:42:57 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:57 executing program 0: syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)={[{@mft_zone_multiplier={'mft_zone_multiplier'}}, {@show_sys_files_no='show_sys_files=no'}, {@errors_recover='errors=recover'}, {@umask={'umask'}}, {@umask={'umask'}}, {@umask={'umask'}}, {@mft_zone_multiplier={'mft_zone_multiplier', 0x3d, 0x2}}, {@umask={'umask'}}]}) rmdir(&(0x7f0000000080)='./file0\x00') ioctl$sock_proto_private(0xffffffffffffffff, 0x89e3, &(0x7f00000000c0)="c3a9bac0cff2ea9cb01d24aaea33f3ec9247c1099b7b04ded7a76988472eef5c40c586fecf19bee825bf8a3d0c7dce66eef63af4acdd890eae42cc1cba3d9efdbf98ae0b471f3de9d5ea6f841ab5457c7aaaf3c7030f2f0c2365935e130f0040fb5fb1b6ebc947dace1f0e99eba03c365e0607bbab75f52a144029353c73970785726c321b8317ac7513931d65732c2ddc638b503fac13206623c51c1ed3da") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r0, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r1, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) r2 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, &(0x7f0000000280)={r4, 0x1c, "237a5c3ef6bb91546a94ff010000ffa95f92a726729beb47d32bc5b5"}, &(0x7f0000000100)=0x24) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000180)={r4, @in={{0x2, 0x4e24, @broadcast}}}, &(0x7f0000000240)=0x84) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000280)={r5, 0x4}, &(0x7f00000002c0)=0x8) [ 276.447781] audit: type=1326 audit(1567665777.279:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=13281 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c6ba code=0x0 [ 276.481466] ntfs: (device loop4): ntfs_fill_super(): Unable to determine device size. [ 276.547858] ntfs: (device loop0): ntfs_fill_super(): Unable to determine device size. 06:42:57 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:57 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 06:42:57 executing program 3: syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)={[{@mft_zone_multiplier={'mft_zone_multiplier'}}, {@show_sys_files_no='show_sys_files=no'}, {@errors_recover='errors=recover'}, {@umask={'umask'}}, {@umask={'umask'}}, {@umask={'umask'}}, {@mft_zone_multiplier={'mft_zone_multiplier', 0x3d, 0x2}}, {@umask={'umask'}}]}) rmdir(&(0x7f0000000080)='./file0\x00') ioctl$sock_proto_private(0xffffffffffffffff, 0x89e3, &(0x7f00000000c0)="c3a9bac0cff2ea9cb01d24aaea33f3ec9247c1099b7b04ded7a76988472eef5c40c586fecf19bee825bf8a3d0c7dce66eef63af4acdd890eae42cc1cba3d9efdbf98ae0b471f3de9d5ea6f841ab5457c7aaaf3c7030f2f0c2365935e130f0040fb5fb1b6ebc947dace1f0e99eba03c365e0607bbab75f52a144029353c73970785726c321b8317ac7513931d65732c2ddc638b503fac13206623c51c1ed3da") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r0, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r1, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) r2 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, &(0x7f0000000280)={r4, 0x1c, "237a5c3ef6bb91546a94ff010000ffa95f92a726729beb47d32bc5b5"}, &(0x7f0000000100)=0x24) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000180)={r4, @in={{0x2, 0x4e24, @broadcast}}}, &(0x7f0000000240)=0x84) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000280)={r5, 0x4}, &(0x7f00000002c0)=0x8) 06:42:58 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:58 executing program 0: syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)={[{@mft_zone_multiplier={'mft_zone_multiplier'}}, {@show_sys_files_no='show_sys_files=no'}, {@errors_recover='errors=recover'}, {@umask={'umask'}}, {@umask={'umask'}}, {@umask={'umask'}}, {@mft_zone_multiplier={'mft_zone_multiplier', 0x3d, 0x2}}, {@umask={'umask'}}]}) rmdir(&(0x7f0000000080)='./file0\x00') ioctl$sock_proto_private(0xffffffffffffffff, 0x89e3, &(0x7f00000000c0)="c3a9bac0cff2ea9cb01d24aaea33f3ec9247c1099b7b04ded7a76988472eef5c40c586fecf19bee825bf8a3d0c7dce66eef63af4acdd890eae42cc1cba3d9efdbf98ae0b471f3de9d5ea6f841ab5457c7aaaf3c7030f2f0c2365935e130f0040fb5fb1b6ebc947dace1f0e99eba03c365e0607bbab75f52a144029353c73970785726c321b8317ac7513931d65732c2ddc638b503fac13206623c51c1ed3da") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r0, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r1, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) r2 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, &(0x7f0000000280)={r4, 0x1c, "237a5c3ef6bb91546a94ff010000ffa95f92a726729beb47d32bc5b5"}, &(0x7f0000000100)=0x24) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000180)={r4, @in={{0x2, 0x4e24, @broadcast}}}, &(0x7f0000000240)=0x84) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000280)={r5, 0x4}, &(0x7f00000002c0)=0x8) [ 277.458671] ntfs: (device loop3): ntfs_fill_super(): Unable to determine device size. 06:42:58 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r1, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) openat$cgroup_ro(r1, &(0x7f0000000040)='cpuacct.stat\x00', 0x0, 0x0) 06:42:58 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:58 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 06:42:59 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r1, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) openat$cgroup_ro(r1, &(0x7f0000000040)='cpuacct.stat\x00', 0x0, 0x0) 06:42:59 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:59 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ubi_ctrl\x00', 0x2000, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x46, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="280000001000010800"/20, @ANYBLOB="142d3843bec9658a5ff14d8d0683615893245af49bb3a627748b51423e499657a6046c1f1cee21d2792e091ff7e340ea337e1fbb2e1c0b4f3a5605a1ae67bf03bd10162cc845428d264ddec8ad5dcb30d0c6c5909477421cd473f2e79413a307e59c0aba0bb0381c78c0d7168dec8f033f82dbb65ee595ac2adbecfac675c9b6f977ae66b4dbcd5f87160a4454862326abf6ea95810240c878b5e2ba42f09ec207d998f81bcc1441e052378b7bf2dcf706368f8275f8fd83d131bd68fcf66d75933f9be409e545aea9682fe07e", @ANYRESHEX=r0], 0x3}}, 0x8000) socket$netlink(0x10, 0x3, 0x9) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000040)=0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r3, 0x0) perf_event_open(&(0x7f00000000c0)={0x3, 0x70, 0x7, 0x6, 0x7, 0x7, 0x0, 0xb7, 0x82c20, 0x1, 0xffffffffffffff74, 0x4, 0x6, 0x779b, 0x2, 0x9a99, 0x0, 0x5, 0x7, 0x401, 0x3f, 0x7, 0x3ff, 0x8001, 0x7, 0x60, 0x922e, 0x9, 0x5, 0x4, 0x6, 0xd60, 0xffff, 0x1000, 0x956, 0x6, 0x80000000, 0x3, 0x0, 0x1, 0x0, @perf_config_ext={0x3, 0xfff}, 0x1, 0x97a, 0x1000, 0x0, 0x0, 0x604, 0x7}, r2, 0x4, r3, 0xa) 06:42:59 executing program 3: syz_mount_image$ntfs(&(0x7f0000000000)='ntfs\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000640)={[{@mft_zone_multiplier={'mft_zone_multiplier'}}, {@show_sys_files_no='show_sys_files=no'}, {@errors_recover='errors=recover'}, {@umask={'umask'}}, {@umask={'umask'}}, {@umask={'umask'}}, {@mft_zone_multiplier={'mft_zone_multiplier', 0x3d, 0x2}}, {@umask={'umask'}}]}) rmdir(&(0x7f0000000080)='./file0\x00') ioctl$sock_proto_private(0xffffffffffffffff, 0x89e3, &(0x7f00000000c0)="c3a9bac0cff2ea9cb01d24aaea33f3ec9247c1099b7b04ded7a76988472eef5c40c586fecf19bee825bf8a3d0c7dce66eef63af4acdd890eae42cc1cba3d9efdbf98ae0b471f3de9d5ea6f841ab5457c7aaaf3c7030f2f0c2365935e130f0040fb5fb1b6ebc947dace1f0e99eba03c365e0607bbab75f52a144029353c73970785726c321b8317ac7513931d65732c2ddc638b503fac13206623c51c1ed3da") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r0, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r1, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) r2 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, &(0x7f0000000280)={r4, 0x1c, "237a5c3ef6bb91546a94ff010000ffa95f92a726729beb47d32bc5b5"}, &(0x7f0000000100)=0x24) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000180)={r4, @in={{0x2, 0x4e24, @broadcast}}}, &(0x7f0000000240)=0x84) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000280)={r5, 0x4}, &(0x7f00000002c0)=0x8) 06:42:59 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:59 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f00000001c0), &(0x7f0000000240)=0x40) bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 06:42:59 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:59 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:42:59 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:00 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:00 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:00 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 06:43:00 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r0, 0x0) r1 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x7) ioctl$TCSETXF(r1, 0x5434, &(0x7f0000000080)={0x4, 0x1, [0x4, 0xff, 0x578, 0x80000001, 0x1], 0x7}) r2 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) r3 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r4 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x0, 0x0, 0x0}) 06:43:00 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r0, 0x0) r1 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x7) ioctl$TCSETXF(r1, 0x5434, &(0x7f0000000080)={0x4, 0x1, [0x4, 0xff, 0x578, 0x80000001, 0x1], 0x7}) r2 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) r3 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r4 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x0, 0x0, 0x0}) 06:43:00 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:00 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r0, 0x0) r1 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x7) ioctl$TCSETXF(r1, 0x5434, &(0x7f0000000080)={0x4, 0x1, [0x4, 0xff, 0x578, 0x80000001, 0x1], 0x7}) r2 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) r3 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000012000)={0x4, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r4 = syz_open_dev$binder(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000012000)={0x1, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="05"], 0x0, 0x0, 0x0}) 06:43:00 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:01 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 06:43:01 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:01 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:01 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:01 executing program 0 (fault-call:7 fault-nth:0): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) 06:43:01 executing program 4 (fault-call:3 fault-nth:0): r0 = syz_open_procfs(0x0, &(0x7f0000000200)='\x00\x00\x00\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w^2\f\xe5\xcc`\xa0\xce\xf0D\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aul>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf0\xc1\xfb\xae\xb5\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa0\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|\xff\xb5\v\x93\x7f\xbc\x1a\x7f\xa90xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 06:43:02 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) r3 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r3, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) ioctl$SIOCX25GFACILITIES(r3, 0x89e2, &(0x7f0000000100)) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 281.494594] vivid-009: kernel_thread() failed 06:43:02 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:02 executing program 4: syz_open_procfs(0x0, &(0x7f0000000200)='\x00\x00\x00\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w^2\f\xe5\xcc`\xa0\xce\xf0D\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aul>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf0\xc1\xfb\xae\xb5\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa0\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|\xff\xb5\v\x93\x7f\xbc\x1a\x7f\xa90xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:02 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:02 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='\x00\x00\x00\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w^2\f\xe5\xcc`\xa0\xce\xf0D\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aul>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf0\xc1\xfb\xae\xb5\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa0\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|\xff\xb5\v\x93\x7f\xbc\x1a\x7f\xa90xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 06:43:03 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:03 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r2, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) r3 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r3, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r4, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r4, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r4, 0xae80, 0x0) 06:43:03 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:03 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r2, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) r3 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r3, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r4, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r4, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r4, 0xae80, 0x0) 06:43:03 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_NR_MMU_PAGES(0xffffffffffffffff, 0xae44, 0x2) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) syz_open_dev$sndtimer(&(0x7f0000000180)='/dev/snd/timer\x00', 0x0, 0x20000) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) r3 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r3, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) r4 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r4, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) r5 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r5, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) poll(&(0x7f0000000200)=[{r3, 0x2000}, {r4}, {r5, 0x8}, {0xffffffffffffffff, 0x8000}], 0x4, 0xfffffffffffffffb) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000100)=0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) 06:43:03 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x111102, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000300)='/dev/null\x00', 0xd5c7c14e11610d27, 0x0) r2 = socket$inet(0x2, 0x2, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0}, &(0x7f00000001c0)=0xc) syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)={[{@uid={'uid', 0x3d, r3}}]}) r4 = syz_open_dev$vcsa(0x0, 0x0, 0x2000) r5 = socket$inet_tcp(0x2, 0x1, 0x0) fstat(r5, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setregid(r6, 0x0) write$P9_RSTATu(r4, &(0x7f0000000240)={0x80, 0x7d, 0x0, {{0x0, 0x50, 0xfffffffffffffffe, 0x1, {0x82, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x9, '/dev/sg#\x00', 0x0, '', 0xb, '/dev/vcsa#\x00', 0x9, 'fdinfo/3\x00'}, 0x1b, 'eth0cgroupsecurity&%fvmnet1', 0xee00, r6}}, 0x80) write$P9_RSTATu(r1, &(0x7f0000000380)={0x74, 0x7d, 0x1, {{0x0, 0x58, 0x6d, 0x100000000, {0x84, 0x4, 0x5}, 0x4000000, 0x7ff, 0x2, 0x800, 0x9, '!system$$', 0x9, '/dev/kvm\x00', 0xc, 'nodevsystem:', 0x7, '^system'}, 0x7, '(vmnet1', r3, r6}}, 0x74) r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r7, 0x4068aea3, &(0x7f0000000240)={0x79}) r8 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r8, 0xc0d05605, &(0x7f0000000d40)={0xb, @sdr={0x42323151, 0x7}}) ioctl$KVM_IRQ_LINE(r8, 0x4008ae61, &(0x7f0000000180)={0x0, 0x10001}) r9 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r10, &(0x7f0000000040)=ANY=[], 0x7c774aac) r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000000c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000fefff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001000000b7050000220000006a0a00fe00000000850000000b000000b7000000000000009500000000000000"], &(0x7f0000000340)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r11, 0xfeffffff00000000, 0x10, 0x0, &(0x7f0000000140)="5ae02efc441a80536af0d1d96ac717fa", 0x0}, 0x28) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r10, 0x0) ioctl$LOOP_CHANGE_FD(r10, 0x4c06, r9) ioctl$KVM_SET_VAPIC_ADDR(r9, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r9, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0x10}) ioctl$KVM_SET_MP_STATE(r9, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r9, 0xae80, 0x0) sysfs$3(0x3) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x807b88ad52cc2e3, 0x0) 06:43:03 executing program 4: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = syz_open_procfs(r0, &(0x7f0000000200)='net/sctp\x00') r2 = openat$cgroup_ro(r1, &(0x7f00000001c0)='mem\x00\x01y7swaS.cur\x89\xc9B\xab\xe3\xfarent\x00', 0x0, 0x0) preadv(r2, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c) munlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000) 06:43:04 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='\x00\x00\x00\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w^2\f\xe5\xcc`\xa0\xce\xf0D\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aul>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf0\xc1\xfb\xae\xb5\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa0\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|\xff\xb5\v\x93\x7f\xbc\x1a\x7f\xa90xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 06:43:04 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:04 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='\x00\x00\x00\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w^2\f\xe5\xcc`\xa0\xce\xf0D\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aul>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf0\xc1\xfb\xae\xb5\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa0\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|\xff\xb5\v\x93\x7f\xbc\x1a\x7f\xa90xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:04 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = syz_open_dev$swradio(0x0, 0x1, 0x2) read$rfkill(r3, &(0x7f00000001c0), 0x8) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000000)={0x3b, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x1, 'sh\x00', 0x4, 0x69, 0x21}, 0x2c) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180)='TIPCv2\x00') sendmsg$TIPC_NL_MEDIA_SET(r3, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000200)={&(0x7f0000000400)={0x50, r4, 0x400, 0x70bd2a, 0x25dfdbff, {}, [@TIPC_NLA_NODE={0x10, 0x6, [@TIPC_NLA_NODE_ADDR={0x0, 0x1, 0xc415}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_LINK={0x24, 0x4, [@TIPC_NLA_LINK_PROP={0x0, 0x7, [@TIPC_NLA_PROP_PRIO={0xfffffffffffffe40, 0x1, 0x11}, @TIPC_NLA_PROP_PRIO={0x0, 0x1, 0x17}, @TIPC_NLA_PROP_WIN={0x0, 0x3, 0x6}, @TIPC_NLA_PROP_PRIO={0x0, 0x1, 0xf}]}, @TIPC_NLA_LINK_NAME={0x246, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_SOCK={0x8, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x20}, 0x40000) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) 06:43:04 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x111102, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000300)='/dev/null\x00', 0xd5c7c14e11610d27, 0x0) r2 = socket$inet(0x2, 0x2, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0}, &(0x7f00000001c0)=0xc) syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)={[{@uid={'uid', 0x3d, r3}}]}) r4 = syz_open_dev$vcsa(0x0, 0x0, 0x2000) r5 = socket$inet_tcp(0x2, 0x1, 0x0) fstat(r5, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setregid(r6, 0x0) write$P9_RSTATu(r4, &(0x7f0000000240)={0x80, 0x7d, 0x0, {{0x0, 0x50, 0xfffffffffffffffe, 0x1, {0x82, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x9, '/dev/sg#\x00', 0x0, '', 0xb, '/dev/vcsa#\x00', 0x9, 'fdinfo/3\x00'}, 0x1b, 'eth0cgroupsecurity&%fvmnet1', 0xee00, r6}}, 0x80) write$P9_RSTATu(r1, &(0x7f0000000380)={0x74, 0x7d, 0x1, {{0x0, 0x58, 0x6d, 0x100000000, {0x84, 0x4, 0x5}, 0x4000000, 0x7ff, 0x2, 0x800, 0x9, '!system$$', 0x9, '/dev/kvm\x00', 0xc, 'nodevsystem:', 0x7, '^system'}, 0x7, '(vmnet1', r3, r6}}, 0x74) r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r7, 0x4068aea3, &(0x7f0000000240)={0x79}) r8 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r8, 0xc0d05605, &(0x7f0000000d40)={0xb, @sdr={0x42323151, 0x7}}) ioctl$KVM_IRQ_LINE(r8, 0x4008ae61, &(0x7f0000000180)={0x0, 0x10001}) r9 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r10, &(0x7f0000000040)=ANY=[], 0x7c774aac) r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000000c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000fefff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001000000b7050000220000006a0a00fe00000000850000000b000000b7000000000000009500000000000000"], &(0x7f0000000340)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r11, 0xfeffffff00000000, 0x10, 0x0, &(0x7f0000000140)="5ae02efc441a80536af0d1d96ac717fa", 0x0}, 0x28) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r10, 0x0) ioctl$LOOP_CHANGE_FD(r10, 0x4c06, r9) ioctl$KVM_SET_VAPIC_ADDR(r9, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r9, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0x10}) ioctl$KVM_SET_MP_STATE(r9, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r9, 0xae80, 0x0) sysfs$3(0x3) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x807b88ad52cc2e3, 0x0) 06:43:04 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd], 0x38cd017235f98e10, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) 06:43:04 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) getpid() r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 06:43:04 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:05 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79, 0x0, [0x0, 0x0, 0x4]}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) 06:43:05 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcs\x00', 0x80200, 0x0) getsockname$llc(r3, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f0000000200)=0x10) 06:43:05 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x0, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:05 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r2, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) r3 = accept$alg(r2, 0x0, 0x0) accept(r3, &(0x7f00000002c0)=@vsock={0x28, 0x0, 0x0, @my}, &(0x7f0000000200)=0x80) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r4, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x1) ioctl$KVM_SET_VAPIC_ADDR(r5, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000000)={[], 0x10e001, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r5, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r5, 0xae80, 0x0) r6 = syz_open_dev$swradio(&(0x7f0000000100)='/dev/swradio#\x00', 0x0, 0x2) ioctl$sock_inet_sctp_SIOCINQ(r6, 0x541b, &(0x7f0000000180)) 06:43:05 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x111102, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000300)='/dev/null\x00', 0xd5c7c14e11610d27, 0x0) r2 = socket$inet(0x2, 0x2, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0}, &(0x7f00000001c0)=0xc) syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)={[{@uid={'uid', 0x3d, r3}}]}) r4 = syz_open_dev$vcsa(0x0, 0x0, 0x2000) r5 = socket$inet_tcp(0x2, 0x1, 0x0) fstat(r5, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setregid(r6, 0x0) write$P9_RSTATu(r4, &(0x7f0000000240)={0x80, 0x7d, 0x0, {{0x0, 0x50, 0xfffffffffffffffe, 0x1, {0x82, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x9, '/dev/sg#\x00', 0x0, '', 0xb, '/dev/vcsa#\x00', 0x9, 'fdinfo/3\x00'}, 0x1b, 'eth0cgroupsecurity&%fvmnet1', 0xee00, r6}}, 0x80) write$P9_RSTATu(r1, &(0x7f0000000380)={0x74, 0x7d, 0x1, {{0x0, 0x58, 0x6d, 0x100000000, {0x84, 0x4, 0x5}, 0x4000000, 0x7ff, 0x2, 0x800, 0x9, '!system$$', 0x9, '/dev/kvm\x00', 0xc, 'nodevsystem:', 0x7, '^system'}, 0x7, '(vmnet1', r3, r6}}, 0x74) r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r7, 0x4068aea3, &(0x7f0000000240)={0x79}) r8 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r8, 0xc0d05605, &(0x7f0000000d40)={0xb, @sdr={0x42323151, 0x7}}) ioctl$KVM_IRQ_LINE(r8, 0x4008ae61, &(0x7f0000000180)={0x0, 0x10001}) r9 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r10, &(0x7f0000000040)=ANY=[], 0x7c774aac) r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000000c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000fefff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001000000b7050000220000006a0a00fe00000000850000000b000000b7000000000000009500000000000000"], &(0x7f0000000340)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r11, 0xfeffffff00000000, 0x10, 0x0, &(0x7f0000000140)="5ae02efc441a80536af0d1d96ac717fa", 0x0}, 0x28) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r10, 0x0) ioctl$LOOP_CHANGE_FD(r10, 0x4c06, r9) ioctl$KVM_SET_VAPIC_ADDR(r9, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r9, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0x10}) ioctl$KVM_SET_MP_STATE(r9, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r9, 0xae80, 0x0) sysfs$3(0x3) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x807b88ad52cc2e3, 0x0) 06:43:05 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:05 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 06:43:05 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='\x00\x00\x00\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w^2\f\xe5\xcc`\xa0\xce\xf0D\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aul>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf0\xc1\xfb\xae\xb5\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa0\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|\xff\xb5\v\x93\x7f\xbc\x1a\x7f\xa90x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:06 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='\x00\x00\x00\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w^2\f\xe5\xcc`\xa0\xce\xf0D\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aul>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf0\xc1\xfb\xae\xb5\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa0\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|\xff\xb5\v\x93\x7f\xbc\x1a\x7f\xa90x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:06 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(0x0) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, &(0x7f00000002c0)) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:06 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='\x00\x00\x00\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w^2\f\xe5\xcc`\xa0\xce\xf0D\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aul>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf0\xc1\xfb\xae\xb5\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa0\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|\xff\xb5\v\x93\x7f\xbc\x1a\x7f\xa90xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 06:43:06 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, 0x0) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:07 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_open_dev$swradio(0x0, 0x1, 0x2) r3 = syz_open_dev$swradio(0x0, 0x1, 0x2) read$rfkill(r3, &(0x7f00000001c0), 0x8) setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000000)={0x3b, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x1, 'sh\x00', 0x4, 0x69, 0x21}, 0x2c) r4 = fcntl$dupfd(0xffffffffffffffff, 0x0, r3) ioctl$PIO_UNIMAP(r4, 0x4b67, &(0x7f0000000180)={0x5, &(0x7f0000000100)=[{0x8001, 0xfffffffffffffffd}, {0x1, 0x7f}, {0x7f, 0xfffffffffffff999}, {0x0, 0x9}, {0x9, 0x85d}]}) read$rfkill(r2, &(0x7f00000001c0), 0x8) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r5 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000002c0)='/selinux/policy\x00', 0x0, 0x0) ioctl$UI_SET_PHYS(r5, 0x4008556c, &(0x7f0000000300)='syz1\x00') setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000000)={0x3b, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x1, 'sh\x00', 0x4, 0x69, 0x21}, 0x2c) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x81, 0x0, [0x0, 0xfffffffffffffffe, 0x4]}) r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r6, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x5000, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r6, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r6, 0xae80, 0x0) 06:43:07 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:07 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x111102, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000300)='/dev/null\x00', 0xd5c7c14e11610d27, 0x0) r2 = socket$inet(0x2, 0x2, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0}, &(0x7f00000001c0)=0xc) syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)={[{@uid={'uid', 0x3d, r3}}]}) r4 = syz_open_dev$vcsa(0x0, 0x0, 0x2000) r5 = socket$inet_tcp(0x2, 0x1, 0x0) fstat(r5, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setregid(r6, 0x0) write$P9_RSTATu(r4, &(0x7f0000000240)={0x80, 0x7d, 0x0, {{0x0, 0x50, 0xfffffffffffffffe, 0x1, {0x82, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x9, '/dev/sg#\x00', 0x0, '', 0xb, '/dev/vcsa#\x00', 0x9, 'fdinfo/3\x00'}, 0x1b, 'eth0cgroupsecurity&%fvmnet1', 0xee00, r6}}, 0x80) write$P9_RSTATu(r1, &(0x7f0000000380)={0x74, 0x7d, 0x1, {{0x0, 0x58, 0x6d, 0x100000000, {0x84, 0x4, 0x5}, 0x4000000, 0x7ff, 0x2, 0x800, 0x9, '!system$$', 0x9, '/dev/kvm\x00', 0xc, 'nodevsystem:', 0x7, '^system'}, 0x7, '(vmnet1', r3, r6}}, 0x74) r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r7, 0x4068aea3, &(0x7f0000000240)={0x79}) r8 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r8, 0xc0d05605, &(0x7f0000000d40)={0xb, @sdr={0x42323151, 0x7}}) ioctl$KVM_IRQ_LINE(r8, 0x4008ae61, &(0x7f0000000180)={0x0, 0x10001}) r9 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r10, &(0x7f0000000040)=ANY=[], 0x7c774aac) r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000000c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000fefff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001000000b7050000220000006a0a00fe00000000850000000b000000b7000000000000009500000000000000"], &(0x7f0000000340)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r11, 0xfeffffff00000000, 0x10, 0x0, &(0x7f0000000140)="5ae02efc441a80536af0d1d96ac717fa", 0x0}, 0x28) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r10, 0x0) ioctl$LOOP_CHANGE_FD(r10, 0x4c06, r9) ioctl$KVM_SET_VAPIC_ADDR(r9, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r9, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0x10}) ioctl$KVM_SET_MP_STATE(r9, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r9, 0xae80, 0x0) sysfs$3(0x3) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x807b88ad52cc2e3, 0x0) [ 286.379440] *** Guest State *** [ 286.396751] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 286.460312] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 286.480704] CR3 = 0x00000000fffbc000 [ 286.488749] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 286.502296] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 286.515678] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 286.529861] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 286.548259] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 286.566105] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 286.583327] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 06:43:07 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, 0x0) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:07 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r4+30000000}, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) [ 286.607055] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 286.632899] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 286.665681] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 286.695013] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 286.714624] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 286.732230] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 286.756568] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 286.769390] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 286.779008] Interruptibility = 00000000 ActivityState = 00000000 [ 286.785414] *** Host State *** [ 286.788676] RIP = 0xffffffff81174990 RSP = 0xffff888062677998 [ 286.795409] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 286.802098] FSBase=00007fc31c71d700 GSBase=ffff8880aef00000 TRBase=fffffe0000003000 [ 286.810189] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 286.816317] CR0=0000000080050033 CR3=00000000653f8000 CR4=00000000001426e0 [ 286.824381] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff862018e0 [ 286.834759] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 286.849356] *** Control State *** 06:43:07 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='\x00\x00\x00\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w^2\f\xe5\xcc`\xa0\xce\xf0D\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aul>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf0\xc1\xfb\xae\xb5\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa0\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|\xff\xb5\v\x93\x7f\xbc\x1a\x7f\xa90x0) r2 = creat(&(0x7f0000000040)='./file0\x00', 0x80) r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000140)='/dev/btrfs-control\x00', 0x222802, 0x0) io_submit(r1, 0x2, &(0x7f0000000480)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x6, 0x9, 0xffffffffffffffff, &(0x7f0000000300)="b6df469ec6f7111890a7d87820738b2c42a198308d30124fd4efbe52a0a38e9dbc08392a14f93b3104525b756d7bc08d47cca2eb7fb08d0cd3061d95a67e51280dca278dda313ab37c316e520a9fb58e7f78d38c2058e4774f9b10b6a75f121089eb1ee456aabe61c699417d77fd709c105f2bd7089e2d4eae3d973ac578a99dc8e7d45d1c72465ffe13cedfff2011117e720c6824c2d1a308f481e045253a68c408aff186315e2026f36550234710b4578c444b15070d567e17d8775cc645a34b16f13760ec2c2dc52b476b1ed2ccf8be900888a31822ca6c", 0xd9, 0x0, 0x0, 0x0, r2}, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x7, 0x1, r3, &(0x7f0000000400)="73c6f69c18d1b9bd85644aa2656fdbc96754b7fae537ea4b774b91141716d5dfa44daaeeddee25b468156aad8ef9ebfd5c62412f98f3b8d33bc8233e97", 0x3d, 0x9}]) r4 = openat$cgroup_ro(r0, &(0x7f00000001c0)='mem\x00\x01y7swaS.cur\x89\xc9B\xab\xe3\xfarent\x00', 0x0, 0x0) preadv(r4, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c) munlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000) 06:43:07 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x111102, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000300)='/dev/null\x00', 0xd5c7c14e11610d27, 0x0) r2 = socket$inet(0x2, 0x2, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0}, &(0x7f00000001c0)=0xc) syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)={[{@uid={'uid', 0x3d, r3}}]}) r4 = syz_open_dev$vcsa(0x0, 0x0, 0x2000) r5 = socket$inet_tcp(0x2, 0x1, 0x0) fstat(r5, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setregid(r6, 0x0) write$P9_RSTATu(r4, &(0x7f0000000240)={0x80, 0x7d, 0x0, {{0x0, 0x50, 0xfffffffffffffffe, 0x1, {0x82, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x9, '/dev/sg#\x00', 0x0, '', 0xb, '/dev/vcsa#\x00', 0x9, 'fdinfo/3\x00'}, 0x1b, 'eth0cgroupsecurity&%fvmnet1', 0xee00, r6}}, 0x80) write$P9_RSTATu(r1, &(0x7f0000000380)={0x74, 0x7d, 0x1, {{0x0, 0x58, 0x6d, 0x100000000, {0x84, 0x4, 0x5}, 0x4000000, 0x7ff, 0x2, 0x800, 0x9, '!system$$', 0x9, '/dev/kvm\x00', 0xc, 'nodevsystem:', 0x7, '^system'}, 0x7, '(vmnet1', r3, r6}}, 0x74) r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r7, 0x4068aea3, &(0x7f0000000240)={0x79}) r8 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r8, 0xc0d05605, &(0x7f0000000d40)={0xb, @sdr={0x42323151, 0x7}}) ioctl$KVM_IRQ_LINE(r8, 0x4008ae61, &(0x7f0000000180)={0x0, 0x10001}) r9 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r10, &(0x7f0000000040)=ANY=[], 0x7c774aac) r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000000c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000fefff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001000000b7050000220000006a0a00fe00000000850000000b000000b7000000000000009500000000000000"], &(0x7f0000000340)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r11, 0xfeffffff00000000, 0x10, 0x0, &(0x7f0000000140)="5ae02efc441a80536af0d1d96ac717fa", 0x0}, 0x28) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r10, 0x0) ioctl$LOOP_CHANGE_FD(r10, 0x4c06, r9) ioctl$KVM_SET_VAPIC_ADDR(r9, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r9, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0x10}) ioctl$KVM_SET_MP_STATE(r9, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r9, 0xae80, 0x0) sysfs$3(0x3) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x807b88ad52cc2e3, 0x0) [ 286.960408] PinBased=0000003f CPUBased=b699edfe SecondaryExec=000000e2 [ 287.009448] EntryControls=0000d1ff ExitControls=002fefff [ 287.029670] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 06:43:07 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200), 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 287.054008] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 287.121715] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 287.144400] *** Guest State *** [ 287.147760] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 287.149573] reason=80000021 qualification=0000000000000000 [ 287.195468] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 287.206751] IDTVectoring: info=00000000 errcode=00000000 [ 287.224355] TSC Offset = 0xffffff6422a6f1f3 [ 287.228016] CR3 = 0x00000000fffbc000 [ 287.245503] EPT pointer = 0x00000000a086e01e [ 287.249904] RSP = 0x0000000000000000 RIP = 0x000000000000fff0 [ 287.257842] Virtual processor ID = 0x0001 [ 287.271650] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 287.277665] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 287.277674] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 06:43:08 executing program 4: ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)) r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0xa69868eb2f655e4f, 0x0) setsockopt$inet6_udp_encap(r1, 0x11, 0x64, &(0x7f0000000080)=0x3, 0x4) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) r2 = syz_open_procfs(r0, &(0x7f0000000300)='pagemap\x00') r3 = openat$cgroup_ro(r2, &(0x7f00000001c0)='mem\x00\x01y7swaS.cur\x89\xc9B\xab\xe3\xfarent\x00', 0x0, 0x0) preadv(r3, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c) munlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000) [ 287.277687] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 287.277700] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 287.277711] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 287.277722] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 06:43:08 executing program 4: openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='mem\x00\x01y7swaS.cur\x89\xc9B\xab\xe3\xfarent\x00', 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001340)=[{&(0x7f0000000040)=""/120, 0x78}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/184, 0xb8}, {&(0x7f0000000140)=""/2, 0x2}, {&(0x7f00000012c0)=""/65, 0x41}], 0x5, 0x2000107c) munlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000) r0 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) write$P9_RSETATTR(r0, &(0x7f0000000000)={0x7, 0x1b, 0x2}, 0x7) 06:43:08 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, 0x0) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 287.447600] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 06:43:08 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) [ 287.501776] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 287.571265] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 287.610758] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 287.633249] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 287.642903] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 287.649797] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 287.657994] Interruptibility = 00000000 ActivityState = 00000000 [ 287.664466] *** Host State *** [ 287.667898] RIP = 0xffffffff81174990 RSP = 0xffff88805ab47998 [ 287.675264] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 287.687570] FSBase=00007fc31c6da700 GSBase=ffff8880aef00000 TRBase=fffffe0000003000 [ 287.696069] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 287.702457] CR0=0000000080050033 CR3=00000000653f8000 CR4=00000000001426e0 [ 287.709815] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff862018e0 [ 287.727491] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 287.835525] *** Control State *** [ 287.874608] PinBased=0000003f CPUBased=b699edfe SecondaryExec=000000e2 [ 287.889637] EntryControls=0000d1ff ExitControls=002fefff [ 287.899730] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 287.922201] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 287.929678] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 287.948348] reason=80000021 qualification=0000000000000000 [ 287.967971] IDTVectoring: info=00000000 errcode=00000000 06:43:08 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='\x00\x00\x00\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w^2\f\xe5\xcc`\xa0\xce\xf0D\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aul>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf0\xc1\xfb\xae\xb5\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa0\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|\xff\xb5\v\x93\x7f\xbc\x1a\x7f\xa90xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200), 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 287.975167] TSC Offset = 0xffffff63b92c4620 [ 287.979633] EPT pointer = 0x000000009997d01e [ 287.984913] Virtual processor ID = 0x0002 06:43:08 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = syz_open_dev$swradio(0x0, 0x1, 0x2) read$rfkill(r2, &(0x7f00000001c0), 0x8) setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000000)={0x3b, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x1, 'sh\x00', 0x4, 0x69, 0x21}, 0x2c) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000100)={0x1, 0x9, 0x0, 0x0, 0x3, 0x1000, 0x81, 0x0, 0x100000000, 0x6, 0x1, 0x7f332b6, 0x0, 0x3, 0x10001, 0x4, 0x31b5, 0x3, 0x3}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r3, 0xae80, 0x0) 06:43:09 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='\x00\x00\x00\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w^2\f\xe5\xcc`\xa0\xce\xf0D\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aul>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf0\xc1\xfb\xae\xb5\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa0\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|\xff\xb5\v\x93\x7f\xbc\x1a\x7f\xa90xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:09 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x111102, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000300)='/dev/null\x00', 0xd5c7c14e11610d27, 0x0) r2 = socket$inet(0x2, 0x2, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0}, &(0x7f00000001c0)=0xc) syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)={[{@uid={'uid', 0x3d, r3}}]}) r4 = syz_open_dev$vcsa(0x0, 0x0, 0x2000) r5 = socket$inet_tcp(0x2, 0x1, 0x0) fstat(r5, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setregid(r6, 0x0) write$P9_RSTATu(r4, &(0x7f0000000240)={0x80, 0x7d, 0x0, {{0x0, 0x50, 0xfffffffffffffffe, 0x1, {0x82, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x9, '/dev/sg#\x00', 0x0, '', 0xb, '/dev/vcsa#\x00', 0x9, 'fdinfo/3\x00'}, 0x1b, 'eth0cgroupsecurity&%fvmnet1', 0xee00, r6}}, 0x80) write$P9_RSTATu(r1, &(0x7f0000000380)={0x74, 0x7d, 0x1, {{0x0, 0x58, 0x6d, 0x100000000, {0x84, 0x4, 0x5}, 0x4000000, 0x7ff, 0x2, 0x800, 0x9, '!system$$', 0x9, '/dev/kvm\x00', 0xc, 'nodevsystem:', 0x7, '^system'}, 0x7, '(vmnet1', r3, r6}}, 0x74) r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r7, 0x4068aea3, &(0x7f0000000240)={0x79}) r8 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r8, 0xc0d05605, &(0x7f0000000d40)={0xb, @sdr={0x42323151, 0x7}}) ioctl$KVM_IRQ_LINE(r8, 0x4008ae61, &(0x7f0000000180)={0x0, 0x10001}) r9 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r10, &(0x7f0000000040)=ANY=[], 0x7c774aac) r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000000c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000fefff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001000000b7050000220000006a0a00fe00000000850000000b000000b7000000000000009500000000000000"], &(0x7f0000000340)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r11, 0xfeffffff00000000, 0x10, 0x0, &(0x7f0000000140)="5ae02efc441a80536af0d1d96ac717fa", 0x0}, 0x28) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r10, 0x0) ioctl$LOOP_CHANGE_FD(r10, 0x4c06, r9) ioctl$KVM_SET_VAPIC_ADDR(r9, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r9, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0x10}) ioctl$KVM_SET_MP_STATE(r9, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r9, 0xae80, 0x0) sysfs$3(0x3) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x807b88ad52cc2e3, 0x0) 06:43:09 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 06:43:09 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='\x00\x00\x00\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w^2\f\xe5\xcc`\xa0\xce\xf0D\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aul>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf0\xc1\xfb\xae\xb5\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa0\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|\xff\xb5\v\x93\x7f\xbc\x1a\x7f\xa90xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200), 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:09 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:09 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='\x00\x00\x00\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w^2\f\xe5\xcc`\xa0\xce\xf0D\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aul>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf0\xc1\xfb\xae\xb5\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa0\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|\xff\xb5\v\x93\x7f\xbc\x1a\x7f\xa90x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f0000000280)={r5, 0x1c, "237a5c3ef6bb91546a94ff010000ffa95f92a726729beb47d32bc5b5"}, &(0x7f0000000100)=0x24) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000300)={r5, @in6={{0xa, 0x4e24, 0x2, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, &(0x7f0000000140)=0x84) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f00000003c0)={r6, 0x2bb}, &(0x7f0000000400)=0x8) ioctl$VIDIOC_QUERYCTRL(r2, 0xc0445624, &(0x7f0000000040)={0x1, 0x9250fcd79004fb6f, "7813ad80b433d8aecdcaa39af660a80b0a7641dd065ad6644852197b162416b5", 0x1f, 0x0, 0x1, 0x2, 0x8}) 06:43:10 executing program 0: r0 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000340)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r1, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000380)={{{@in=@dev, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in6}}, &(0x7f0000000480)=0xe8) ioctl$TUNSETOWNER(r0, 0x400454cc, r2) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r4, 0x4068aea3, &(0x7f0000000240)={0x79}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_open_dev$audion(&(0x7f0000000200)='/dev/audio#\x00', 0xe1d, 0x400) r6 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r6, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) ioctl$KVM_SET_VAPIC_ADDR(r6, 0x4004ae86, &(0x7f0000000180)=0x3000) r7 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r7, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a610434d2b24e5a5ac0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) r8 = inotify_init1(0x0) r9 = inotify_add_watch(r8, &(0x7f00000000c0)='./file0\x00', 0xa400295c) inotify_rm_watch(r8, r9) inotify_rm_watch(r7, r9) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) r10 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r10, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b4b9e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r10, 0xc0505405, &(0x7f00000002c0)={{0x0, 0x3, 0x80, 0x6, 0xc5d}, 0x10000, 0x11862957, 0x9}) ioctl$KVM_SET_MP_STATE(r5, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r5, 0xae80, 0x0) 06:43:10 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x0, 0x0, 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:10 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 06:43:10 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:10 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:10 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='\x00\x00\x00\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w^2\f\xe5\xcc`\xa0\xce\xf0D\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aul>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf0\xc1\xfb\xae\xb5\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa0\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|\xff\xb5\v\x93\x7f\xbc\x1a\x7f\xa90xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x0, 0x0, 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:10 executing program 4: syz_open_procfs(0x0, &(0x7f0000000200)='\x00\x00\x00\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w^2\f\xe5\xcc`\xa0\xce\xf0D\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aul>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf0\xc1\xfb\xae\xb5\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa0\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|\xff\xb5\v\x93\x7f\xbc\x1a\x7f\xa90xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 06:43:10 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) lsetxattr$security_capability(&(0x7f0000000200)='./file0\x00', &(0x7f00000002c0)='security.capability\x00', &(0x7f0000000300)=@v2={0x2000000, [{0x1f, 0xffffffffffff0001}, {0x7, 0xa9c}]}, 0x14, 0x2) r3 = syz_open_dev$dspn(&(0x7f0000000400)='/dev/dsp#\x00', 0x4, 0x80000) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r3, 0x110, 0x4, &(0x7f0000000440), 0x4) r4 = syz_open_dev$vcsn(&(0x7f00000003c0)='/dev/vcs#\x00', 0xab9, 0x2000) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$DRM_IOCTL_FREE_BUFS(r4, 0x4010641a, &(0x7f00000004c0)={0x3, &(0x7f0000000480)=[0x1f, 0x1000, 0x7ff]}) r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000500)='/dev/snapshot\x00', 0x400000, 0x0) ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(r5, 0xc008551b, &(0x7f0000000380)=ANY=[@ANYBLOB="d100000024000000f4270000e0070800cb090800010024bb734f179e93ff000000000000ff00000000000000"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) r6 = syz_open_dev$sndpcmp(&(0x7f0000000100)='/dev/snd/pcmC#D#p\x00', 0x20, 0x90200) ioctl$DRM_IOCTL_ADD_BUFS(r6, 0xc0206416, &(0x7f0000000180)={0x7, 0x5, 0x80000000, 0x8, 0x0, 0x1}) 06:43:11 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) r3 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r3, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) r4 = syz_open_dev$swradio(0x0, 0x1, 0x2) read$rfkill(r4, &(0x7f00000001c0), 0x8) r5 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000180)='/dev/qat_adf_ctl\x00', 0x804000, 0x0) ioctl$VFIO_IOMMU_GET_INFO(r5, 0x3b70, &(0x7f0000000200)={0x10}) setsockopt$IP_VS_SO_SET_ADD(r4, 0x0, 0x482, &(0x7f0000000000)={0x3b, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x1, 'sh\x00', 0x4, 0x69, 0x21}, 0x2c) getpeername$packet(0xffffffffffffffff, &(0x7f0000003040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000003080)=0xffffffffffffff9f) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x32, &(0x7f00000030c0)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, r6}, 0x14) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8936, &(0x7f0000000100)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x4f, r6}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000300)={{&(0x7f0000ffd000/0x1000)=nil, 0x1000}, 0x3}) r7 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r7, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) ioctl$int_in(r7, 0x5421, &(0x7f00000002c0)=0x9) ioctl$KVM_RUN(r2, 0xae80, 0x0) 06:43:11 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, 0x0) fcntl$setpipe(r4, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 290.568117] *** Guest State *** [ 290.575762] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 290.596169] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 06:43:11 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='\x00\x00\x00\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w^2\f\xe5\xcc`\xa0\xce\xf0D\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aul>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf0\xc1\xfb\xae\xb5\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa0\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|\xff\xb5\v\x93\x7f\xbc\x1a\x7f\xa90xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) [ 290.759846] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 290.768402] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 290.777334] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 290.785952] GDTR: limit=0x0000ffff, base=0x0000000000000000 06:43:11 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x0, 0x0, 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 290.813454] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 290.827600] IDTR: limit=0x0000ffff, base=0x0000000000000000 06:43:11 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='\x00\x00\x00\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w^2\f\xe5\xcc`\xa0\xce\xf0D\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aul>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf0\xc1\xfb\xae\xb5\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa0\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|\xff\xb5\v\x93\x7f\xbc\x1a\x7f\xa90xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) [ 290.937282] *** Host State *** [ 290.945566] RIP = 0xffffffff81174990 RSP = 0xffff888060af7998 [ 290.970214] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 06:43:11 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='\x00\x00\x00\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w^2\f\xe5\xcc`\xa0\xce\xf0D\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aul>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf0\xc1\xfb\xae\xb5\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa0\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|\xff\xb5\v\x93\x7f\xbc\x1a\x7f\xa90xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, 0x0) fcntl$setpipe(r4, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:12 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) [ 291.526032] *** Guest State *** [ 291.529870] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 291.543557] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 291.561293] CR3 = 0x00000000fffbc000 [ 291.569544] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 291.596513] RFLAGS=0xfbf593b407ffc2e2 DR7 = 0x0000000000000400 [ 291.604175] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 291.618795] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 291.627775] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 291.641251] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 291.653907] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 291.663758] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 291.676458] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 291.691845] GDTR: limit=0x0000ffff, base=0x0000000000000000 06:43:12 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, 0x0, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) [ 291.725382] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 291.743132] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 291.751716] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 291.762560] EFER = 0x0000000000000000 PAT = 0x0007040600070406 06:43:12 executing program 3: syz_open_procfs(0x0, &(0x7f0000000200)='\x00\x00\x00\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w^2\f\xe5\xcc`\xa0\xce\xf0D\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aul>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf0\xc1\xfb\xae\xb5\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa0\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|\xff\xb5\v\x93\x7f\xbc\x1a\x7f\xa90xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, 0x0) fcntl$setpipe(r4, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:13 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 06:43:13 executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000100)='/dev/dri/card#\x00', 0x3, 0x8100) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r2, 0x4068aea3, &(0x7f0000000240)={0x79}) r3 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r3, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r4, 0x4004ae86, &(0x7f00000000c0)) r5 = gettid() ptrace$setopts(0x4206, r5, 0x0, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r6, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r6, 0x0) r7 = openat(r6, &(0x7f0000000180)='./file0\x00', 0x401c0, 0x40) ioctl$VIDIOC_G_CTRL(r7, 0xc008561b, &(0x7f0000000200)={0x7, 0x8}) tkill(r5, 0x38) ptrace$cont(0x18, r5, 0x0, 0x0) ptrace$setregs(0xd, r5, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r5, 0x0, 0x0) fcntl$setown(r0, 0x8, r5) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) pipe2(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}, 0x82000) getpeername$ax25(r8, &(0x7f0000000440)={{0x3, @rose}, [@null, @remote, @remote, @bcast, @null, @default, @rose, @rose]}, &(0x7f00000004c0)=0x48) ioctl$KVM_SET_MP_STATE(r4, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r4, 0xae80, 0x0) 06:43:13 executing program 3: syz_open_procfs(0x0, &(0x7f0000000200)='\x00\x00\x00\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w^2\f\xe5\xcc`\xa0\xce\xf0D\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aul>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf0\xc1\xfb\xae\xb5\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa0\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|\xff\xb5\v\x93\x7f\xbc\x1a\x7f\xa90xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, 0x0, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:13 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = gettid() ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x38) ptrace$cont(0x18, r3, 0x0, 0x0) ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r3, 0x0, 0x0) r4 = getpgid(r3) r5 = syz_open_procfs(r4, &(0x7f0000000100)='task\x00') ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$sock_x25_SIOCDELRT(r5, 0x890c, &(0x7f00000002c0)={@remote={[], 0x0}, 0xe, 'vxcan1\x00'}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff1c, 0x0, 0x1000], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) 06:43:13 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='\x00\x00\x00\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w^2\f\xe5\xcc`\xa0\xce\xf0D\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aul>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf0\xc1\xfb\xae\xb5\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa0\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|\xff\xb5\v\x93\x7f\xbc\x1a\x7f\xa90xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, 0x0) fcntl$setpipe(r4, 0x407, 0x0) write(r4, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:14 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 06:43:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)=0x4) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x200, 0xca52, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x800000000], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000080)={0x7, 0x401}) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f00000017c0)='/dev/vcs\x00', 0x400000, 0x0) ioctl$KVM_GET_CPUID2(r3, 0xc008ae91, &(0x7f0000001800)={0x5, 0x0, [{}, {}, {}, {}, {}]}) r4 = syz_open_dev$vcsn(&(0x7f0000000180)='/dev/vcs#\x00', 0x100, 0x10000) sendmsg$alg(r4, &(0x7f0000001780)={0x0, 0x0, &(0x7f00000016c0)=[{&(0x7f0000000380)="a8915189e583a61bcf12430ed55c5c0a4a07e1ad1af0a6d5f60c30f1b79aca8499c6de6edbf20e2eb704a08a13c13adcadae8260c0e2d229cba4ae004de961ca6ac025b2e2ba366d209244657f6a937478120fde4cd22ee4dc3534c82c1043b29cb4dd02", 0x64}, {&(0x7f0000000400)="cec7af924cdb6375ff0ed33c3aa26134104f820ca64e53c04c2a9d53295b8775041ccf856368aa4e2af01ee9ee5afeca8e1710e007ea9e00725b999dad8be58bb5bb2374c1f96610e1915134ad37a237962a287af32990159e6d980779355ac3b02c2c255db7b1e4fbb9d7e223dd088748a4906cab", 0x75}, {&(0x7f0000000480)="20061308e709f8639386a96cc813d83f89e554cb1cf656e5008a2cb11b2ab84247f48f2b76a5df2851da7c84c85ca454e5b48aa170ef6e5394c856761d694d0681a35bcac4cd2b7636bfc3a1d2755662ac96c5ad696dea916dfce6ded3b353780ea02a8c3793e73336aa29e1e752cadcc42c2acd40b323352f4f86bab3e2bebabaf65b1163e6f6c6f9467ea817ba12c18e6b09ec889b6bfa18c94580177bd78f6720a988874a7bc694470a016828e6aee4a66c81f5e284aa266b8149b674938bced676476785d3ff0c5f8f0741eb45546815be893b90d3f32b42e99aa1ab17be48018a0f7cec106ef42daa2b66", 0xed}, {&(0x7f0000000200)="adcaa130458a60ae87f50447", 0xc}, {&(0x7f0000000580)="4ce5ba7fd157a0a045fba9bcbcb848614c65a3fb386298fee87bbc532515e619235aa903bbebce1ae5dc5c0194d9794918645515678235495b80b6b62f593b042a2865f1d529cc9fcf77fee694b07e74fb22c05924116fb733f649a954e8230f0f32a35d31de09fb9a7f7d2dd9f87fbbc88fe20c64c2b4d46d5e95908cdf33642f84567db4b2c45a3f054193948f0f3ec905c2d8092c548dcbbd05777060b18496", 0xa1}, {&(0x7f0000000640)="77c77baa9ab11d69cf93d9b6b33d15a20a496a1da59139f50b4e518ab019a5cc1f63af18f1cbb8b0e6c821080804e1e654943ab4b7dc41935834522ef8f11cf3c11dd905a1bbdbd436", 0x49}, {&(0x7f00000006c0)="17cc1b3dc5b1dd2021bd7639517ababd8e364b1ecb8bcdff65ca577a67af43ffcc3d04a46d2c556a2f5d0c89c3a65648d3a8ff41a9c44724b3a49e31151f7bf6fbb4acdeb0f28e06b01005d7f5be6a8ee785fc5c8f9cddf9f988addb14e60b1f00e3004714b33254e874076a923a806b950136c9412d0ad34abaa0b57268c16298f5866f7a2835effb25ac2e4804b1c102bd1f0e8309a2dc2548da1958e8848849e30ff7eea42017ee085cb8b0fddd15c06c618c9dd758cac38b81a749e5b713312c2002b3e4b10c179798fb3d83e751c45468a2d99d309e534fbb1bdd5d192e4fdc43720cd387e54741517263c887dbc2fe60f2493b8a01adfe5aeaab124614bc63fa087c5c88d41e6a005becb14d94883876a4c5102da4b568c878a17a6069a134a3cc13ad107826d04ca031db43cfcea3b34c0cf3ff54768eed13cbaeecabb0e867887c39973b50f68e39d2c0373a3efc3fbb5a9c03fcfadeba313ef200773cb2272da219fd8c81ef8df475c5885805bb62d19eb45478509130c422da9ccdd138fd6f2bd92bf24e070dc5cb5881e4bd42f9425a49431bcc58264108c24dc92557d28691b953fd5ddcff097393edaeb1afd4e521ba44f08fedeef0682e72d83881c6859e0c8f8bc10c35d58f6df4c646d58a51e0bce04c8c95c472f3bc3eafe1a760cc648e729efce8e047fa11c148b2a659f824d02dc7ea89d4e602730750e184d7691f9ec855beb275cb4b5d97dc6f11ac72d0f70722853bd4d0efc56800d19eda80ee2f2dd335ef5dd3c6f30410824700c230c2c60144de81336952e34bd3af8908e046a7b731b82246471edde49ccddb28a5563e39f62bcac4afd7e14e065a3a046d38bd24b971170babf9b08ead87d0f2b870196257d869f4a3b9c554950a5fd0fef41f83d65c1bf46b79226f75d079a63372fedf97ed3822e5474f7d996921aa34e94ff42bd12f1bff7351354f22b361236eb24d860ab713ef7fb3ee91b1f6e999540f2c649757812be89a08da6e4b07b2a8e0d94662c2a83e51d08dbccd44047a16abdc7138c40d77a47e406c00b5e4d6066b97e6d60238307e990b2cc29e479c45e81ccf474285e4df89c8bd4211744177698ce1405abfb00271c8098f145f5782041fb91e361253d6162d543940b41e1fcd8123f00a3b31e02254edc6b90d96b8a80e439551e4fcf02da64a33a2d3436a4855b58ca3cd588e329a4797d657852e2a5ca4f687b776fc6b6a867dffff159adc728c82e9b8860c6252c35154e3a0c9e83f33a3799ad0e68893f748566bc3fd489612c36fe6a25724d357dc58f6dfcaad4ed525260be31c818e79d8257b4637e549d2e6036d0e00ea8de7764f567a21fb343c13fe2dd877d7b8a9f483959eedcc5fbe955b7a5bc7b56b40d7dd76e1dd9b2ee153278d00bf358dd0b50f9f4dbd317834977acdcfc56ea4983f87479d2904c873e5e076cc1d2c4abb01a7c002e0357709be37abb456b7c14a83c7b081d0032b981616e92ca5c9b79d93e1f51c38ce91b47e912acf9186f8d4b506a44390bdca6a0338044cf228d5fa46bededec37f9398187c535704410f2b219dc2710cc007082b57ee2bef6aa1abf40aa64f8c51b09878c6767cdefc3d0861feed2f426e1261ea55b0ac8a1de599c41385a666ca2c1db5d7e2edb4325c43815037b26bb47a4e3409b7057f3cc1a03305fe4c1e04a37a9fe9d5e2c56b87e9b4dd92b3045b9fbbe9f2af66be8f9815b76908c69384520ca607a2e69dcc6cc308c48189bd71a2bcd989c7f47d362b3bba7e10e8dfbc321b19760dd4503ccff7f16044899db15d4964b3794021fabdc64ba0abb650778ad32bf8d0f67f0bbefcb1ea4014120d990e613f63934e5f922f958a7a5961aa498d5bbe543bfc338584e2985b0bc8143fca798b08cf4dd2f2f98a99dcabaf28a3a16d3b6882e6fe5497998e5b23c7df4fdada9d6033e0ccfe513d95df39db98a14762ea07f09cb77331c054622854ab0bcece8a194d930b517748161c0cfdc491036c258690cedf0aab52d2a93d4e750ec26f99d3d31b5b7c90e55494a2fbc16a06f102624537198458768b8a2d777ba89a01565fd14e2ff204e8b4f22c9077e821a4a178bbc91052e9699b09d1aed2b8f68541d8896f31c4b51a74887ed25383662bc02c1e18518e0794b15edb962e92574225592955dfb6a71c6da77b6ee783434dd1c17a2bafe23315a11bccb184b39dd159d148cd38b4b27f47882ee072cb2f6adc9a2a49b9a0690c0c6c58f48f8b9db5e8bf13708a033b9482e6193d4049d644465bcd3df16a3180d13606af779c8982e40886af31b9553e59903c583fe80d118552b7eaa2178118ed16af3d0631b85d4c16adba54550712b5709af6e5608960f859abd38bdf067dec5aadcac72e953b707179b8a3da516a30b06dbce10d263ec2f1d7142a869d2ea7c6a06202c9955de02e51afd9c578631cdb177e2713216077d33dce8b375302d6e3359ba2d9d276544e03d8aea917fdef41709cdbf06dcd682e8dbbcb7445065127f4334ca1b870e2c5ac5bdaf1c20c92fe7ddf39a8314017071e94ddc86a85af20abd70ea26c35fc387f09c3c49a9c1d68af5003905aa5733f6f153afbbd7700d045a0832ea5b931d0186175f45ae81df44b1527aba513c2bd10504082f59bd80b83ca9a8aad89bd877cc8fab7b6d22c87877d3a4bc78152da87926d2d6b407f6da349f24e4a4d7419a0167dd1ad0c9347785a87938c76b18713e03fd9379f6ec138ae35afda1568c7a77ec6846aa05a9809d56d699cd1a4f258780d3a73dfc653774d0bbbe8c49ef5d2a4137bc3330de1a13904492b7f64d1cb09230a86ccc5452fc389f6e2ac7ac566491f027f6a1fe3e1f92ca545f7fde51ce2e25afce9a62c8fe5aa9d5f06a03b49e8375c5a9a9af322b59d5293bbd227fdc6df33674e97bf75f887d4a988a0e9554d86e2b11f77dcb122c02f470eaeb701905cac2e35a6ee168209f9169b7efdaea0d9ef1632007fa29824e95965e550e969f07c880c46f88a7aa77fedca6ceb13ef07e89e624254796b4dddd77e4a38b22baa2ecd58edf9390b31d81c21539ba7c04720acb2c9ae4e151521b826e89f635ab6e7deb978eb3c08e624487536c5f89de47b6db98587fe79f70cf32071360599e8f8053bd761488171f7eb80d92aa289326379cc7002abb63519cc6d1755e074bc9494b14abd1fa76abca67795118b1f5e2b1d3b3d5f3b15241356db062698f12926806cc5ccada928c2e1b569769ec0bc33c42d9914e970f3d1db22f87850736ed58a02603b56247e33af74e924d7d68c57968429ae3e9d0ca835215cddb8e085dae58803ad7753fb92a69b5cb18faf3a73a91d76168af17276c77fc90bb87a151ef56759f5b3ef3adc593c2b92abc35bb2891b0ac3d8c422d9c005d18b80f0b8726d4e83ee2b870db913d3b7ca4175f045cbeac09d493c9c8b7e9060c2b0e1bb0598ad830e4ed143badaeaf60100d84f11cffcaec40063b38b370b324615381fda1745c409519803a595b1a8eeffff519fca31c35edf82cc39783d5a61bd0fb69da4f93a134c9e0480664187b86c5e4669a027f8c218a63bf73258fea8f2cbf996ca8bfc760e71c4fe29bfa2ada45f7593c6da05cea11b12c49385a8c1eeabfb2f138b801161f52bdb967a18cb1c63ee320998e402755a6eaab21445b42dfbe012245bc95972c794ee54b0e7c227d7e30545046ce4a7a4f94189a3817993720a375d504905fc358fd27d67bb12f3f0d76fb8905b7baa5141ce972b6428588bf6c30120db80bc5f99cc6260ee27d907d36991e42a3411ebb754c8c18bb85b9e211e7a71d9d71f5236b326fd8d0f6289d1d137982d26a772ba9d20c03ae06af155d81d16f4393ea7e3a156a4f646351c20be3c5a993e749f75da23e0e95a1aa92e1ef7b82afc69105be95accd90221043063506da7892961bfbda64ee0ea1222452522191234cafecb846c681df746d647674f5013faef067db81e9af5a7468d577bce9e3b4d4f1312fd446daf4a4a200f74fc848e2cc8970ef848add0f940d8f883e3545604a9df1715224826d0d48c26fe4e62bb056e96dbeaca5ad67fb450fe63720ad1198dcf66daf7f31a1f3a50a6ce64f7643376ef066bf575e00b8662c6617219ccb2a02984f14281503bfee4e38c472bcf1a1dc908ceeebe3ea6085ee1b8f29492a1880d7e5ef025731a689512cb3cf08864c892c9fd32f008468a78a8c639908ee015e24f14d94c52e6a3c6a4def427daccfd6180a3a7282f7736ed8e8d0cc048c5c6825989aedbab2bcf0aeff909b8557439059cda79bb8e89e3dc09c811d47cf55b6c1c9aa79d4fe1c262331421d0dd12987e89038f9faf332f65b15ead145a6593f2ab1369c688f4a7972c22ac92fc1bd01c4c8b3b9fce6d5a00beb36e3798dacacd17753acf653c57864299aadc166eabe5d74a6d21f1189ccd22f18a4ad8ca76339504aa6c087bdf29e3c53e77d97335a094fa5f9fb408cb3580b95ae508c528a1cb9de50e41fc6f7494cffa571b410d0ed4360688357d37dff707e8118541e2b1b85c7ed580657eeb6427bd5e793945814e0802719e078d72cd6f1b86f6849957654665ed03fc3661e86157950c393257b1e7403d74aa719a89a5fecfa8962c962ee204964f087e0957207236f559b17ed7214b399307caf129696be28f75c76fb9c3d707cbf112b4ae40613efa246816093c5ae27dbad3173a502a16091cba7b20dfa786e6e4504f24edb94752cf0409cdcff45221a29ed5b624dad78e662b2c05a75714a1ef718a640f2115c1c13b8a8abec41bba785f9cac64b2bd10e16c766944b38b1837efe33572419d45c8d0f3ebb39ea0144e0836a5b2637ac42886489dd9670feaff29daaa7c3de811d15d369a144ab60881d567f77823505bc5212423f67f2c59090a5dde456aa416f4d8bd9c82b7555534b57d4fd6318e780608ac5b45fb1c91d857334131667fb96c74a0c25abc46f9895efcc35a7a2347ac62b649f4689079738f5427d1d0cee9c56034651ca0423c57675fc249b404d77d672fdcc746be54fc9ddcbc6559f3475807906debb4e04d5569bb7be8d1ef1f1006b72ae388acc8218177f62e7805e3077d3a1ec707d6fd1cd1dfdd31ae020c19515d927caa9f7ef1ad8ecfbfdd304bc76cc8067f62e69e85cc7a5375e39d0b1c2e5824325b14fd7dda92b1cd3590d0a860f579f9e462be479da042e2869c02d8bb7c07557a2795bce63558514460959545d3d3d978357c4500e78e18b4d6c2dc9e74acd4e4b0f35f081700a2543abe06aaf96e91177045f5d72c4e6890436e8c276dc147efbfd0345e98438d4d0a02ada69da6bbe5b0245c0ed7ec9b166f45e10e3f3da869fd4268fef3ccbdb1966554bb36ed4f7c9d0eb153875c0fe25510cb771891e3f121a7bb43cb877fa72d3d1dffb538de39e5c5e26f6a4bd8ec5078e1b06cd7d3d9b7dc84b7511cd27edd285168b89e6a21fd573abb0a1cf4fe209b109eac1d225d57df7b2629ff4f67a35cbe97287fdeb63ea648e3d6f73ba26ca51237258cdd862dd7b0397abbb4b3dec1733238957e14d9cfd09415e3dce43fac8a2480d5207fca460f97c28efb29d96b07e2884cfba79cca34929c5a3328d3c6c1c14a7a2bee1a24eed064f7af2e7597fe66293270f09e2852fcb47cb25f651b2a7c143d211c2fa835d90c9f9005d50b3f80132160e7040ed96a034ba608123389f544760dcbd0af4e37b8542a842840a218a854885f717e18cff66cf0", 0x1000}], 0x7, &(0x7f0000001740)=[@assoc={0x18, 0x117, 0x4, 0x9}], 0x18, 0x6004000}, 0x20008810) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r5, 0x40605346, &(0x7f0000000000)={0x3f, 0x0, {0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x3, 0x81}}) ioctl$int_in(r5, 0x5421, &(0x7f0000000100)=0xfff) 06:43:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) sysfs$3(0x3) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r2, 0xae80, 0x0) 06:43:14 executing program 3: syz_open_procfs(0x0, &(0x7f0000000200)='\x00\x00\x00\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w^2\f\xe5\xcc`\xa0\xce\xf0D\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aul>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf0\xc1\xfb\xae\xb5\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa0\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|\xff\xb5\v\x93\x7f\xbc\x1a\x7f\xa90xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, 0x0, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = syz_open_dev$audion(&(0x7f0000000100)='/dev/audio#\x00', 0xffffffff, 0x800) setsockopt$inet_int(r2, 0x0, 0x13, &(0x7f0000000180)=0x9, 0x4) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4004ae86, &(0x7f00000000c0)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r3, 0xae80, 0x0) 06:43:14 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='\x00\x00\x00\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w^2\f\xe5\xcc`\xa0\xce\xf0D\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aul>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf0\xc1\xfb\xae\xb5\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa0\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|\xff\xb5\v\x93\x7f\xbc\x1a\x7f\xa90xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 06:43:14 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, 0x0) fcntl$setpipe(r4, 0x407, 0x0) write(r4, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) r3 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x4}, {}, {0x7, 0xffffffff}]}}) r4 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r4, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) ioctl$NBD_SET_SOCK(r3, 0xab00, r4) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x9624, 0xfffffffffffffffd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2000000000000, 0x0, 0x4, 0x2, 0x177, 0xfffffffffffffffe, 0x0, 0x7f, 0xfffffffffffffffd, 0x6], 0x102004, 0x11000}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$UFFDIO_WAKE(0xffffffffffffffff, 0x8010aa02, &(0x7f0000000100)={&(0x7f0000ffa000/0x4000)=nil, 0x4000}) r5 = accept4$inet(0xffffffffffffffff, 0x0, &(0x7f0000000180), 0x100000) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_NMI(r2, 0xae9a) setsockopt$inet_sctp_SCTP_INITMSG(r5, 0x84, 0x2, &(0x7f0000000200)={0xe21, 0xba20, 0x1, 0x4}, 0x8) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r6, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r6, 0x0) r7 = dup2(r6, 0xffffffffffffffff) recvfrom$inet6(r7, &(0x7f0000000380)=""/241, 0xf1, 0x40010080, 0x0, 0x0) r8 = socket$inet6_sctp(0xa, 0x5887d3479ab9dbae, 0x84) openat$urandom(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/urandom\x00', 0x2000, 0x0) readv(r8, &(0x7f0000000640)=[{&(0x7f0000000000)=""/172, 0xac}, {&(0x7f0000000480)=""/180, 0xb4}, {&(0x7f0000000200)}, {&(0x7f0000000540)=""/131, 0x83}, {&(0x7f0000000600)=""/57, 0x39}], 0x5) [ 294.144210] vivid-008: kernel_thread() failed 06:43:15 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='\x00\x00\x00\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w^2\f\xe5\xcc`\xa0\xce\xf0D\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aul>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf0\xc1\xfb\xae\xb5\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa0\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|\xff\xb5\v\x93\x7f\xbc\x1a\x7f\xa90xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140), &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:15 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_LINKINFO={0x20, 0x12, @ip6gretap={{0x10, 0x1, 'ip6gretap\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_SPORT={0x8, 0xe, 0x2}]]}}}]}, 0x40}}, 0x0) 06:43:15 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='\x00\x00\x00\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w^2\f\xe5\xcc`\xa0\xce\xf0D\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aul>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf0\xc1\xfb\xae\xb5\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa0\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|\xff\xb5\v\x93\x7f\xbc\x1a\x7f\xa90xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 06:43:15 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140), &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:15 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_LINKINFO={0x20, 0x12, @ip6gretap={{0x10, 0x1, 'ip6gretap\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_SPORT={0x8, 0xe, 0x2}]]}}}]}, 0x40}}, 0x0) 06:43:15 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, 0x0) fcntl$setpipe(r4, 0x407, 0x0) write(r4, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:15 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000200)='\x00\x00\x00\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w^2\f\xe5\xcc`\xa0\xce\xf0D\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aul>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf0\xc1\xfb\xae\xb5\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa0\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|\xff\xb5\v\x93\x7f\xbc\x1a\x7f\xa90x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000300)=0x14) sendmsg$can_raw(r2, &(0x7f0000000400)={&(0x7f0000000340)={0x1d, r6}, 0x10, &(0x7f00000003c0)={&(0x7f0000000380)=@can={{0x2, 0xfd, 0xd050000000000000, 0xfff}, 0x6, 0x1, 0x0, 0x0, "742a4236f9ee3294"}, 0x10}, 0x1, 0x0, 0x0, 0x4}, 0x4008002) r7 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) ioctl$sock_SIOCGIFCONF(r2, 0x8912, &(0x7f00000004c0)=@req={0x28, &(0x7f0000000480)={'veth0_to_hsr\x00', @ifru_settings={0xffffffff, 0x8, @fr_pvc_info=&(0x7f0000000440)={0x20, 'tunl0\x00'}}}}) sendmsg$nl_generic(r7, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) setsockopt$netlink_NETLINK_PKTINFO(r0, 0x10e, 0x3, &(0x7f0000000800)=0xffff, 0x4) ioctl$TIOCSSOFTCAR(r7, 0x541a, &(0x7f0000000000)=0x7) preadv(r1, &(0x7f0000000180)=[{&(0x7f00000000c0)=""/81, 0x20000111}], 0x1, 0x2000107c) munlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000) 06:43:15 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_LINKINFO={0x20, 0x12, @ip6gretap={{0x10, 0x1, 'ip6gretap\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_SPORT={0x8, 0xe, 0x2}]]}}}]}, 0x40}}, 0x0) 06:43:15 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_LINKINFO={0x20, 0x12, @ip6gretap={{0x10, 0x1, 'ip6gretap\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_SPORT={0x8, 0xe, 0x2}]]}}}]}, 0x40}}, 0x0) 06:43:16 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @ip6gretap={{0x10, 0x1, 'ip6gretap\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_SPORT={0x8, 0xe, 0x2}]]}}}]}, 0x40}}, 0x0) 06:43:16 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79, 0x0, [0x0, 0x0, 0xfffffffffffffffd]}) r2 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r2, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841baabfba7549c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78730f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) r3 = syz_open_pts(r2, 0x402400) ioctl$PIO_FONT(r3, 0x4b61, &(0x7f0000000200)="b4d23c26fd5d1caa0468e9") r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r4, 0x4004ae86, &(0x7f00000000c0)) setxattr$security_evm(&(0x7f0000000840)='./file0\x00', &(0x7f00000004c0)='security.evm\x00', &(0x7f0000000800)=@sha1={0x1, "80f67419a334e3bfdb0933c597599e296d9de514"}, 0x15, 0x1) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000000)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x2], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r4, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) r5 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$TIOCLINUX5(0xffffffffffffffff, 0x541c, &(0x7f0000000440)={0x5, 0x2, 0x7, 0x20, 0x2}) write$RDMA_USER_CM_CMD_GET_EVENT(r5, &(0x7f0000000180)={0xc, 0x8, 0xfa00, {&(0x7f00000002c0)}}, 0x10) ioctl$KVM_RUN(r4, 0xae80, 0x0) 06:43:16 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @ip6gretap={{0x10, 0x1, 'ip6gretap\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_SPORT={0x8, 0xe, 0x2}]]}}}]}, 0x40}}, 0x0) 06:43:16 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 06:43:16 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @ip6gretap={{0x10, 0x1, 'ip6gretap\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_SPORT={0x8, 0xe, 0x2}]]}}}]}, 0x40}}, 0x0) 06:43:16 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140), &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:16 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, 0x0) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200), 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:16 executing program 3: ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r0}, [@IFLA_LINKINFO={0x20, 0x12, @ip6gretap={{0x10, 0x1, 'ip6gretap\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_SPORT={0x8, 0xe, 0x2}]]}}}]}, 0x40}}, 0x0) 06:43:16 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[], 0x7c774aac) memfd_create(&(0x7f0000000380)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x0) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r0, 0x0) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000100)={0x0, 0x2}, 0x8) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r2, 0x4068aea3, &(0x7f0000000240)={0x79}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4004ae86, &(0x7f00000000c0)) r4 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/avc/hash_stats\x00', 0x0, 0x0) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r4, 0x29, 0xd2, &(0x7f0000000300)={{0xa, 0x4e20, 0x1, @rand_addr="705a5ef877c191669596adf4bffd3d55", 0xaa}, {0xa, 0x4e24, 0x5, @dev={0xfe, 0x80, [], 0x11}, 0x7ff}, 0x3, [0x869, 0x3, 0xfff, 0x400, 0x7fffffff, 0x8, 0x1]}, 0x5c) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000000)={[], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r3, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) ioctl$KVM_RUN(r3, 0xae80, 0x0) 06:43:16 executing program 3: ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r0}, [@IFLA_LINKINFO={0x20, 0x12, @ip6gretap={{0x10, 0x1, 'ip6gretap\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_SPORT={0x8, 0xe, 0x2}]]}}}]}, 0x40}}, 0x0) 06:43:16 executing program 3: ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r0}, [@IFLA_LINKINFO={0x20, 0x12, @ip6gretap={{0x10, 0x1, 'ip6gretap\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_SPORT={0x8, 0xe, 0x2}]]}}}]}, 0x40}}, 0x0) 06:43:17 executing program 4: r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/policy\x00', 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) r2 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x8, 0x40) sendmsg$nl_generic(r2, &(0x7f0000000140)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x82200040}, 0xc, &(0x7f0000000100)={&(0x7f0000000e40)=ANY=[@ANYBLOB="1c0200003d00020425bd7000fcdbdf250500000004008f00d2a52d6853f245e28abfdd1d04e6206126610fccab2ee87b37fe0f2fc700f967513a1cf784e90c892e63e415fac1a6b6782dbc44ae379b5bb1ea112517f648c7f7da331f5feda071bc1a0327c4b11d6243e112b373762142c828f720bd4ee289a55088657e00f8a30194cac8aff84660cb1292729131794c0ece572ca3705d036b51cdc7c6baaeebaad74eb12b589e974cf67c5eae1e3c962ab184e75f43fef54343a9a85aa6663d140c87573c55c2bc65cc25744c80070bdaa9022ab0b1817bdf58ca96cb0959dd1d4841faabfba76a9c48f6d111256b08aaae065e0800660073680000396556e9d2c97f044eae74e6587e275beda32b1c08002c0001000000393b70f63c5fc50dd8f596123e73d657eed02d9a0fae818e5bf7230ce1215edc211000115e680693fa26549094cfab2b94637203b96ba781657c3c160d821130483c2b61a82a59e51ab90fc621a2c89828cb6302d41bd90723461fe978eda5306b00aadebd66feadcc31e2d68497928a31e62820d6b89a858cf4ed2202f10c36085417c4216e3634a18e0780004ea991e4c06773a442ea14f7057cbb4def43b0c6e0a1a0c78cfb9bf201d3ac3e7661521917da133d95c42bce453e1d75fcca55eeea010c8341beb5f6de097515748bf375e937e0b9e8197f63893f55e6f657956a634c735a83e94af16bfc9ef6cdda44feb84bc4e768c8786ca8000000000000000000005dec2bee03ed6a94b49a6f3b70da972cca07c229bf8adb2fad0304e4a322554fb079e70d81a51ca263a77388dc3016f7d1453d49025ea36dcf0d53f63677061239f93ad42de38837240f0ea8f0bc92298a1210982934bbbbf3776fec5a0cb78f30f22474ba478de23a4de8e6b25bab6a50c0d25c670494453e6fefad61e76f07b7adf2c796201206e32fabb6ffc638b237dce05501ec5a68cc6318d00033b0dbd42c35d6fc2bc227be30a592c7f1e0a988a26639c58ccd97d1eb474caa18d5b75a47c0b910e6ff7029a59d77d9819c1290848fbbda8984911d8731ff835f3efa2ac90c07cec4eaa90d497fcb48108ef5476530f78c31e00c84304b6f77d927e2a26a44b1841468a6abdab4a2117da8bdcc6231d50241444ca8a1d5a548660b406232bee2a6aae83602d07365df2ab851c7087f21c8d269ce1726573492d722704359568b"], 0x21c}, 0x1, 0x0, 0x0, 0xc081}, 0x10080001) r3 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r3, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) r4 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r4, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) r5 = syz_open_dev$swradio(0x0, 0x1, 0x2) read$rfkill(r5, &(0x7f00000001c0), 0x8) setsockopt$IP_VS_SO_SET_ADD(r5, 0x0, 0x482, &(0x7f0000000000)={0x3b, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x1, 'sh\x00', 0x4, 0x69, 0x21}, 0x2c) r6 = syz_open_dev$swradio(0x0, 0x1, 0x2) read$rfkill(r6, &(0x7f00000001c0), 0x8) setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x482, &(0x7f0000000000)={0x3b, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x1, 'sh\x00', 0x4, 0x69, 0x21}, 0x2c) r7 = syz_open_dev$swradio(&(0x7f0000000c80)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_TRY_FMT(r7, 0xc0d05605, &(0x7f0000000d40)={0xb, @pix_mp={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {0x7, 0xffffffff}]}}) write$binfmt_script(r2, &(0x7f0000000540)=ANY=[@ANYRESOCT, @ANYRESOCT, @ANYRES16, @ANYRES64=0x0, @ANYPTR=&(0x7f0000000100)=ANY=[@ANYRESHEX=0x0, @ANYRES32, @ANYRES32=r3, @ANYRESHEX=r4, @ANYRES64=r5, @ANYRESDEC=r0, @ANYRES16, @ANYRES32=r6, @ANYRESDEC=0x0], @ANYRES64=0x0, @ANYRES16=r7, @ANYBLOB="6617e651f960b6ff133c5b8277d1dc61a2a1a35bf5d809085a1fe91fa49ba64b898f4604d4562fae116f6fd326280c265375fe3b852f3bd09fd503817c4b9a5d92fad936c7acc4a15189cd96b8d099b03875d4a0c8b5f69ba306fdbd3a4ff73ff0d83ac652268c445db838bc28428120b741cd305100720b157ca728b8a605e89218fe3f70a04bb1bc8cc3c5b9ab4decf42285fe2b66abba18cce7388d36b3af18fdfbba9ebf05426d3ac73ac7a9a931d45ed6c1299604d5d62407015dc96859c70631e12d44a21aacc1afd12eedef244e40179ad4d34d4e962e71d3f646a85bfa9d5a256956228b78fa6ee0fe37d57f39b0f28579b6d233b1bed84a358b9e8b7fc7da38d56eee970c3e7c39a82e645fa811e924d4c88a1f1b95d9a301cbc7f60192193cca1f254c4e529f98b20b9bfbc7", @ANYRES16], 0x17d) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r1, 0x0) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000080)=0x8000000000002, 0x4) syz_open_procfs(0x0, &(0x7f0000000200)='\x00\x00\x00\x00\x00\xe8\xee\xc9\x96\xc2;\xaf\t\xa8M*\xe4;~y\xb2\xb3\xba\b;/\xb6&\xa5\xaa\xcec\x1e\x8a;\xea;P\xb5w^2\f\xe5\xcc`\xa0\xce\xf0D\x19v\xb9I\xdf\xfe\x13\xd9\x1a\xd6;+\x16\x05\x1aul>\x82@\x0f\xdf\xcd\x99\x9a\x13\xe2[F\xf0\xc1\xfb\xae\xb5\xb5\x1f\xf3\xe9\xd5\xbf\x13k\xbc)\xa1nbx\x9c\x02\xa6p?\x12\x89\nAr\xe9Q\xb0\x80Q\x8e\xf2\xf0yX\x9b\x96\xa4\x8b\x01f\xe0\x04\xbd\x93K!\xa0D-\xfc\x12\x02\xe2\xb5WQ\xb4\xb1\xf2\x16)\xc8\b\xc2\x99\x9a\xd9\xa6p\xedK\xb5\x8b\xe8\xbf\xa0\xa1\x13\xd78Mt$\x06\xb6c\xd0Y\x05\xd1l\x98|\xff\xb5\v\x93\x7f\xbc\x1a\x7f\xa90x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_LINKINFO={0x20, 0x12, @ip6gretap={{0x10, 0x1, 'ip6gretap\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_SPORT={0x8, 0xe, 0x2}]]}}}]}, 0x40}}, 0x0) 06:43:17 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_LINKINFO={0x20, 0x12, @ip6gretap={{0x10, 0x1, 'ip6gretap\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_SPORT={0x8, 0xe, 0x2}]]}}}]}, 0x40}}, 0x0) 06:43:17 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_LINKINFO={0x20, 0x12, @ip6gretap={{0x10, 0x1, 'ip6gretap\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_SPORT={0x8, 0xe, 0x2}]]}}}]}, 0x40}}, 0x0) 06:43:17 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200)={0x0, r5+30000000}, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 06:43:17 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @ip6gretap={{0x10, 0x1, 'ip6gretap\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_SPORT={0x8, 0xe, 0x2}]]}}}]}, 0x40}}, 0x0) 06:43:17 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, &(0x7f0000000440)) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, 0x0, 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:17 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(arc4)\x00'}, 0x58) accept$alg(r0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0xff}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) recvmmsg(r2, &(0x7f0000008880), 0x400000000000249, 0x44000102, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_TIMER_IOCTL_PVERSION(0xffffffffffffffff, 0x80045400, 0x0) fcntl$setpipe(r4, 0x407, 0x0) write(r4, &(0x7f0000000340), 0x41395527) clock_gettime(0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b7}, &(0x7f0000000200), 0x0) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) 06:43:17 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @ip6gretap={{0x10, 0x1, 'ip6gretap\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_SPORT={0x8, 0xe, 0x2}]]}}}]}, 0x40}}, 0x0) 06:43:17 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @ip6gretap={{0x10, 0x1, 'ip6gretap\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_SPORT={0x8, 0xe, 0x2}]]}}}]}, 0x40}}, 0x0) 06:43:17 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79, 0x0, [0x2ead350c, 0x0, 0x0, 0xffffffffffffffff]}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4004ae86, &(0x7f00000000c0)) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r3, 0x0) dup(r3) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00\x84\xe0\xda\x82a\xbe\x18O\x17\x1b\\\x143\x06v\x9b=>\xc1\xd9\x06\x00\x05\xf7\xae\xce\xbeA,j5\xac\xf5\xf0&\xc5$\x951QC\x87\x9f\xe0};\xac\xb7k>0\xce\xcd~\xd766*\fo=Cg&[\x8b\xe2\xbd\xe9\x16\xc6\x1e\x97e]\xb0\xed\xe7I\x18\x96RS\x10\x8cyr\xb7\xcf', 0x275a, 0x0) write$binfmt_script(r4, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x800007, 0x8012, r4, 0x0) syz_open_dev$video(&(0x7f0000000200)='/dev/video#\x00', 0x2, 0x10300) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_INFO(r4, 0xc0bc5310, &(0x7f00000002c0)) ioctl$PPPIOCCONNECT(r3, 0x4004743a, &(0x7f0000000180)=0x4) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000000)={[0x8000, 0x0, 0x1, 0x0, 0x2], 0x0, 0xfbf593b407ffc2e0}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000001c0)=0xffaa6b7cde36681b) syz_open_dev$audion(&(0x7f0000000100)='/dev/audio#\x00', 0x1d4, 0x282000) ioctl$KVM_RUN(r2, 0xae80, 0x0) 06:43:17 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r1}, [@IFLA_LINKINFO={0x20, 0x12, @ip6gretap={{0x10, 0x1, 'ip6gretap\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_ENCAP_SPORT={0x8, 0xe, 0x2}]]}}}]}, 0x40}}, 0x0) [ 297.309835] *** Guest State *** [ 297.318089] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7 [ 297.338156] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 297.355547] CR3 = 0x00000000fffbc000 [ 297.369398] RSP = 0x0000000000000000 RIP = 0x0000000000000000 [ 297.376490] RFLAGS=0xfbf593b407ffc2e2 DR7 = 0x0000000000000400 [ 297.383402] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 297.390886] CS: sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000 [ 297.399057] DS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 297.407578] SS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 297.415859] ES: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 297.424362] FS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 297.432847] GS: sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000 [ 297.450638] GDTR: limit=0x0000ffff, base=0x0000000000000000 [ 297.467529] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000 [ 297.483112] IDTR: limit=0x0000ffff, base=0x0000000000000000 [ 297.492196] TR: sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000 [ 297.500655] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 297.510961] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 297.518547] Interruptibility = 00000000 ActivityState = 00000000 [ 297.525086] *** Host State *** [ 297.529123] RIP = 0xffffffff81174990 RSP = 0xffff88805de07998 [ 297.535275] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 297.541793] FSBase=00007fc31c6b9700 GSBase=ffff8880aef00000 TRBase=fffffe0000034000 [ 297.549664] GDTBase=fffffe0000032000 IDTBase=fffffe0000000000 [ 297.555677] CR0=0000000080050033 CR3=00000000a9d9d000 CR4=00000000001426e0 [ 297.563348] Sysenter RSP=fffffe0000033200 CS:RIP=0010:ffffffff862018e0 [ 297.570121] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 297.576239] *** Control State *** [ 297.579739] PinBased=0000003f CPUBased=b699edfe SecondaryExec=000000e2 [ 297.586529] EntryControls=0000d1ff ExitControls=002fefff [ 297.592174] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 297.599150] VMEntry: intr_info=80000000 errcode=00000000 ilen=00000000 [ 297.605912] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 297.614258] reason=80000021 qualification=0000000000000000 [ 297.620761] IDTVectoring: info=00000000 errcode=00000000 [ 297.626413] TSC Offset = 0xffffff5e5ef287e5 [ 297.630877] EPT pointer = 0x000000009a3da01e [ 297.635284] Virtual processor ID = 0x0001 [ 571.350292] INFO: task syz-executor.4:14245 blocked for more than 140 seconds. [ 571.357758] Not tainted 4.14.141 #37 [ 571.362060] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 571.370081] syz-executor.4 D27584 14245 6879 0x00000004 [ 571.375741] Call Trace: [ 571.378394] __schedule+0x7b8/0x1cd0 [ 571.382175] ? mark_held_locks+0xb1/0x100 [ 571.386325] ? pci_mmcfg_check_reserved+0x150/0x150 [ 571.391386] ? trace_hardirqs_on+0x10/0x10 [ 571.395613] schedule+0x92/0x1c0 [ 571.398961] schedule_timeout+0x93b/0xe10 [ 571.403807] ? wait_for_completion+0x274/0x420 [ 571.408449] ? find_held_lock+0x35/0x130 [ 571.412548] ? usleep_range+0x130/0x130 [ 571.416526] ? _raw_spin_unlock_irq+0x28/0x90 [ 571.421070] ? trace_hardirqs_on_caller+0x400/0x590 [ 571.426089] wait_for_completion+0x27c/0x420 [ 571.430566] ? try_to_wake_up+0xa8/0xf90 [ 571.434628] ? wait_for_completion_interruptible+0x490/0x490 [ 571.440479] ? wake_up_q+0xf0/0xf0 [ 571.444037] kthread_stop+0xda/0x650 [ 571.447803] sdr_cap_stop_streaming+0x1fc/0x320 [ 571.452519] ? sdr_cap_buf_queue+0x230/0x230 [ 571.456974] __vb2_queue_cancel+0xa3/0x890 [ 571.461275] ? lock_downgrade+0x6e0/0x6e0 [ 571.465424] vb2_core_streamoff+0x52/0x110 [ 571.469661] __vb2_cleanup_fileio+0x78/0x150 [ 571.474125] vb2_core_queue_release+0x1d/0x80 [ 571.478625] _vb2_fop_release+0x1cf/0x2a0 [ 571.482882] vb2_fop_release+0x75/0xc0 [ 571.487116] vivid_fop_release+0x180/0x3f0 [ 571.491404] ? vivid_remove+0x3d0/0x3d0 [ 571.495455] ? dev_debug_store+0xe0/0xe0 [ 571.499567] v4l2_release+0xf9/0x190 [ 571.503323] __fput+0x275/0x7a0 [ 571.506602] ____fput+0x16/0x20 [ 571.509867] task_work_run+0x114/0x190 [ 571.513992] exit_to_usermode_loop+0x1da/0x220 [ 571.518592] do_syscall_64+0x4bc/0x640 [ 571.522524] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 571.527371] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 571.533058] RIP: 0033:0x459879 [ 571.536339] RSP: 002b:00007fbbc5cdec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 571.544129] RAX: 0000000000000008 RBX: 0000000000000003 RCX: 0000000000459879 [ 571.551455] RDX: 0000000000000008 RSI: 00000000200001c0 RDI: 0000000000000008 [ 571.558722] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 571.566024] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fbbc5cdf6d4 [ 571.573319] R13: 00000000004c6cf9 R14: 00000000004dc070 R15: 00000000ffffffff [ 571.580655] [ 571.580655] Showing all locks held in the system: [ 571.587057] 1 lock held by khungtaskd/1012: [ 571.591502] #0: (tasklist_lock){.+.+}, at: [] debug_show_all_locks+0x7f/0x21f [ 571.600588] 1 lock held by rsyslogd/6705: [ 571.604728] #0: (&f->f_pos_lock){+.+.}, at: [] __fdget_pos+0xab/0xd0 [ 571.613066] 2 locks held by getty/6828: [ 571.617027] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 571.625759] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 571.635087] 2 locks held by getty/6829: [ 571.639039] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 571.647745] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 571.657083] 2 locks held by getty/6830: [ 571.661116] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 571.669794] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 571.679207] 2 locks held by getty/6831: [ 571.683369] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 571.692095] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 571.702108] 2 locks held by getty/6832: [ 571.706067] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 571.714806] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 571.724161] 2 locks held by getty/6833: [ 571.728138] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 571.736844] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 571.746167] 2 locks held by getty/6834: [ 571.750184] #0: (&tty->ldisc_sem){++++}, at: [] ldsem_down_read+0x33/0x40 [ 571.758871] #1: (&ldata->atomic_read_lock){+.+.}, at: [] n_tty_read+0x1e6/0x17b0 [ 571.768277] [ 571.769900] ============================================= [ 571.769900] [ 571.777183] NMI backtrace for cpu 1 [ 571.780910] CPU: 1 PID: 1012 Comm: khungtaskd Not tainted 4.14.141 #37 [ 571.787563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 571.797032] Call Trace: [ 571.799688] dump_stack+0x138/0x197 [ 571.803324] nmi_cpu_backtrace.cold+0x57/0x94 [ 571.808068] ? irq_force_complete_move.cold+0x7d/0x7d [ 571.813259] nmi_trigger_cpumask_backtrace+0x141/0x189 [ 571.818524] arch_trigger_cpumask_backtrace+0x14/0x20 [ 571.823701] watchdog+0x5e7/0xb90 [ 571.827139] kthread+0x319/0x430 [ 571.830486] ? hungtask_pm_notify+0x50/0x50 [ 571.834783] ? kthread_create_on_node+0xd0/0xd0 [ 571.839430] ret_from_fork+0x24/0x30 [ 571.843256] Sending NMI from CPU 1 to CPUs 0: [ 571.847804] NMI backtrace for cpu 0 skipped: idling at pc 0xffffffff861bfd4e [ 571.848825] Kernel panic - not syncing: hung_task: blocked tasks [ 571.861140] CPU: 1 PID: 1012 Comm: khungtaskd Not tainted 4.14.141 #37 [ 571.867792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 571.877134] Call Trace: [ 571.879724] dump_stack+0x138/0x197 [ 571.883342] panic+0x1f2/0x426 [ 571.886522] ? add_taint.cold+0x16/0x16 [ 571.890536] ? ___preempt_schedule+0x16/0x18 [ 571.894933] watchdog+0x5f8/0xb90 [ 571.898372] kthread+0x319/0x430 [ 571.901718] ? hungtask_pm_notify+0x50/0x50 [ 571.906015] ? kthread_create_on_node+0xd0/0xd0 [ 571.910664] ret_from_fork+0x24/0x30 [ 571.916096] Kernel Offset: disabled [ 571.919727] Rebooting in 86400 seconds..