[....] Starting OpenBSD Secure Shell server: sshd[ 28.887028] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 32.508839] random: sshd: uninitialized urandom read (32 bytes read) [ 32.818135] kauditd_printk_skb: 9 callbacks suppressed [ 32.818143] audit: type=1400 audit(1568244423.363:35): avc: denied { map } for pid=6841 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 32.874434] random: sshd: uninitialized urandom read (32 bytes read) [ 33.491769] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.218' (ECDSA) to the list of known hosts. [ 39.080317] random: sshd: uninitialized urandom read (32 bytes read) 2019/09/11 23:27:09 fuzzer started [ 39.277319] audit: type=1400 audit(1568244429.823:36): avc: denied { map } for pid=6851 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 39.903239] random: cc1: uninitialized urandom read (8 bytes read) 2019/09/11 23:27:11 dialing manager at 10.128.0.105:37913 2019/09/11 23:27:11 syscalls: 2466 2019/09/11 23:27:11 code coverage: enabled 2019/09/11 23:27:11 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/09/11 23:27:11 extra coverage: extra coverage is not supported by the kernel 2019/09/11 23:27:11 setuid sandbox: enabled 2019/09/11 23:27:11 namespace sandbox: enabled 2019/09/11 23:27:11 Android sandbox: /sys/fs/selinux/policy does not exist 2019/09/11 23:27:11 fault injection: enabled 2019/09/11 23:27:11 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/09/11 23:27:11 net packet injection: enabled 2019/09/11 23:27:11 net device setup: enabled [ 41.574091] random: crng init done 23:29:04 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ppp\x00', 0x0, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58) r3 = accept(r2, 0x0, 0x0) dup2(r1, r3) 23:29:04 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000080)={[{0x2b, 'pids'}]}, 0x6) 23:29:04 executing program 3: perf_event_open(&(0x7f0000000400)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='/group.stat\x00', 0x2761, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) [ 153.813128] audit: type=1400 audit(1568244544.363:37): avc: denied { map } for pid=6851 comm="syz-fuzzer" path="/root/syzkaller-shm439808498" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 23:29:04 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x3c) setsockopt$inet6_buf(r0, 0x29, 0x46, &(0x7f0000000140)="f51be8be", 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) writev(r0, &(0x7f0000000400)=[{&(0x7f0000000480)="a9", 0x1}], 0x1) 23:29:04 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0x4, &(0x7f0000000400)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x48, 0x1c, 0x11, 0x1a001000000}, [@ldst={0x7, 0x5, 0xb}]}, &(0x7f0000000080)='GPL\x00', 0x4, 0x3f7, &(0x7f000000cf3d)=""/195}, 0x48) 23:29:04 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [0x0]}, &(0x7f00000000c0)=0xfe10) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x7b, &(0x7f0000000100)={r2}, &(0x7f0000000180)=0x14) [ 153.848862] audit: type=1400 audit(1568244544.373:38): avc: denied { map } for pid=6868 comm="syz-executor.5" path="/sys/kernel/debug/kcov" dev="debugfs" ino=1122 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 154.120927] IPVS: ftp: loaded support on port[0] = 21 [ 154.939674] chnl_net:caif_netlink_parms(): no params data found [ 154.951428] IPVS: ftp: loaded support on port[0] = 21 [ 154.976834] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.983773] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.990891] device bridge_slave_0 entered promiscuous mode [ 154.997876] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.004792] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.012061] device bridge_slave_1 entered promiscuous mode [ 155.030501] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 155.039214] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 155.055381] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 155.062713] team0: Port device team_slave_0 added [ 155.068337] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 155.075674] team0: Port device team_slave_1 added [ 155.081084] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 155.089830] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 155.152201] device hsr_slave_0 entered promiscuous mode [ 155.220344] device hsr_slave_1 entered promiscuous mode [ 155.282359] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 155.291744] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 155.313417] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.319863] bridge0: port 2(bridge_slave_1) entered forwarding state [ 155.326813] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.333190] bridge0: port 1(bridge_slave_0) entered forwarding state [ 155.351950] IPVS: ftp: loaded support on port[0] = 21 [ 155.413657] chnl_net:caif_netlink_parms(): no params data found [ 155.437998] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 155.444774] 8021q: adding VLAN 0 to HW filter on device bond0 [ 155.468469] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.475253] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.482649] device bridge_slave_0 entered promiscuous mode [ 155.489258] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.495786] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.502658] device bridge_slave_1 entered promiscuous mode [ 155.518228] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 155.535861] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 155.544815] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 155.553431] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 155.561417] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.578515] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.601395] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 155.608463] team0: Port device team_slave_0 added [ 155.615380] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 155.621540] 8021q: adding VLAN 0 to HW filter on device team0 [ 155.627847] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 155.635537] team0: Port device team_slave_1 added [ 155.636274] IPVS: ftp: loaded support on port[0] = 21 [ 155.640882] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 155.662316] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 155.669901] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 155.677673] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.684033] bridge0: port 1(bridge_slave_0) entered forwarding state [ 155.715289] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 155.722955] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.729280] bridge0: port 2(bridge_slave_1) entered forwarding state [ 155.802590] device hsr_slave_0 entered promiscuous mode [ 155.860349] device hsr_slave_1 entered promiscuous mode [ 155.900751] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 155.907921] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 155.937393] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 155.964423] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 155.976430] chnl_net:caif_netlink_parms(): no params data found [ 155.982764] IPVS: ftp: loaded support on port[0] = 21 [ 155.996260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 156.004462] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 156.012457] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 156.022677] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 156.031810] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 156.044729] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 156.053560] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 156.063072] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 156.111578] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 156.119136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 156.166690] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.173579] bridge0: port 1(bridge_slave_0) entered disabled state [ 156.180821] device bridge_slave_0 entered promiscuous mode [ 156.188479] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 156.213343] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.219713] bridge0: port 2(bridge_slave_1) entered disabled state [ 156.227515] device bridge_slave_1 entered promiscuous mode [ 156.233757] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 156.242462] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 156.254622] chnl_net:caif_netlink_parms(): no params data found [ 156.283233] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 156.289248] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 156.299871] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 156.309047] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 156.357936] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.365328] bridge0: port 1(bridge_slave_0) entered disabled state [ 156.372845] device bridge_slave_0 entered promiscuous mode [ 156.373106] IPVS: ftp: loaded support on port[0] = 21 [ 156.395781] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 156.404616] team0: Port device team_slave_0 added [ 156.410682] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 156.417724] team0: Port device team_slave_1 added [ 156.423437] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.429787] bridge0: port 2(bridge_slave_1) entered disabled state [ 156.436906] device bridge_slave_1 entered promiscuous mode [ 156.449127] 8021q: adding VLAN 0 to HW filter on device bond0 [ 156.457874] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 156.465360] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 156.477154] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 156.486830] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 156.519266] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 156.528398] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 156.592100] device hsr_slave_0 entered promiscuous mode [ 156.640554] device hsr_slave_1 entered promiscuous mode [ 156.692855] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 156.699217] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 156.706470] team0: Port device team_slave_0 added [ 156.715283] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 156.724040] team0: Port device team_slave_1 added [ 156.755894] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 156.764348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 156.771523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 156.781550] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 156.789379] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 156.795715] 8021q: adding VLAN 0 to HW filter on device team0 [ 156.804464] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 156.817020] chnl_net:caif_netlink_parms(): no params data found [ 156.830903] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 156.844758] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 156.854668] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 156.872139] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 156.879886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 156.888156] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.894626] bridge0: port 1(bridge_slave_0) entered forwarding state [ 156.907495] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 156.926677] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 156.953580] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 156.962020] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 156.970307] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.976677] bridge0: port 2(bridge_slave_1) entered forwarding state [ 156.997700] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 157.043288] device hsr_slave_0 entered promiscuous mode [ 157.070586] device hsr_slave_1 entered promiscuous mode [ 157.158298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 157.168268] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 157.176534] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 157.188179] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 157.195079] bridge0: port 1(bridge_slave_0) entered blocking state 23:29:07 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000340)='/dev/loop#\x00', 0x40, 0x0) ioctl$BLKFLSBUF(r0, 0x1261, 0x0) [ 157.202685] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.209596] device bridge_slave_0 entered promiscuous mode [ 157.216286] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 157.232237] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 157.247189] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready 23:29:07 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10) sendto$inet(r1, &(0x7f0000000080), 0xffffffffffffff02, 0x420ffe0, 0x0, 0xfffffffffffffd37) [ 157.267578] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.275145] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.283152] device bridge_slave_1 entered promiscuous mode [ 157.289392] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 157.304754] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 157.312546] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 157.322287] chnl_net:caif_netlink_parms(): no params data found [ 157.343415] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready 23:29:07 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x9, &(0x7f0000000000)=0x20000005, 0x4) [ 157.363845] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 157.383143] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 157.408087] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 157.416076] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 157.426363] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 157.434546] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 157.458422] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 157.466952] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 157.476070] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready 23:29:08 executing program 5: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r3, &(0x7f0000000140)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) vmsplice(r1, &(0x7f0000000a00)=[{&(0x7f0000000240)="ce", 0x1}, {&(0x7f0000000340)="97", 0x1}], 0x2, 0x0) splice(r0, 0x0, r2, 0x0, 0xe211, 0x0) [ 157.509355] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 157.521633] team0: Port device team_slave_0 added [ 157.527002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 157.538857] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 157.548766] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready 23:29:08 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x296, 0x0, 0x0, 0x0, 0x4ce]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 157.555466] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 157.574996] 8021q: adding VLAN 0 to HW filter on device bond0 [ 157.584506] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.586772] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 157.600803] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.620744] device bridge_slave_0 entered promiscuous mode [ 157.632237] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 157.640345] team0: Port device team_slave_1 added [ 157.650981] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 157.657656] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.665120] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.672278] device bridge_slave_1 entered promiscuous mode [ 157.685687] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 157.693373] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 157.708782] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 157.718196] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 157.758846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 157.766945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 157.775836] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 157.785817] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 157.793436] 8021q: adding VLAN 0 to HW filter on device team0 23:29:08 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000003e00050100040000000000000a000000"], 0x14}}, 0x0) [ 157.806317] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 157.843483] device hsr_slave_0 entered promiscuous mode [ 157.861167] device hsr_slave_1 entered promiscuous mode [ 157.898466] 8021q: adding VLAN 0 to HW filter on device bond0 [ 157.908586] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 157.918483] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 157.926300] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 157.941673] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 157.955532] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 157.966130] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 157.977435] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 157.986178] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready 23:29:08 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x0, 0x5) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000040)="53000000c659ca807737f400000000800000170800000000000020200000000000000000bfbbb18016410f67f8ed2fbda6599591076756fcb9ff7daf0bdd7cfa3d4ade61ccb14424af8c63ab6fd1845b0c90c78bf8059655", 0x58}], 0x1) ioctl$SG_GET_REQUEST_TABLE(r0, 0x2286, &(0x7f0000000240)) [ 158.007306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 158.015484] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 158.023479] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.029881] bridge0: port 1(bridge_slave_0) entered forwarding state [ 158.037399] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 158.046818] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 158.070927] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.077329] bridge0: port 2(bridge_slave_1) entered forwarding state [ 158.089595] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 158.097470] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 158.109117] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 23:29:08 executing program 0: ioctl$LOOP_CLR_FD(0xffffffffffffffff, 0x4c01) io_cancel(0x0, 0x0, 0x0) prctl$PR_GET_NAME(0x10, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x20000000fb], 0x1f004, 0x485}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 158.116577] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 158.130138] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 158.139105] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 158.176384] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 158.189372] team0: Port device team_slave_0 added [ 158.200717] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 158.209134] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 158.217566] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 158.226784] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 158.237808] 8021q: adding VLAN 0 to HW filter on device team0 [ 158.245885] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 158.260091] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 158.268184] team0: Port device team_slave_1 added [ 158.273555] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 158.280644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 158.288221] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 158.297895] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 158.305854] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 158.313606] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 158.321428] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 158.328332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 158.336252] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 158.343974] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.350386] bridge0: port 1(bridge_slave_0) entered forwarding state [ 158.357213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 158.364771] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 158.372257] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 158.379953] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 158.405885] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 158.414109] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 158.422235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 158.429700] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 158.437873] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 158.445674] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 158.453349] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.459675] bridge0: port 2(bridge_slave_1) entered forwarding state [ 158.523476] device hsr_slave_0 entered promiscuous mode [ 158.571662] device hsr_slave_1 entered promiscuous mode [ 158.612199] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 158.618243] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 158.627073] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 158.635460] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 158.655461] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 158.673065] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 158.682925] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 158.695856] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 158.703262] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 158.713937] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 158.725575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 158.733736] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 158.742729] 8021q: adding VLAN 0 to HW filter on device bond0 [ 158.752489] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 158.759732] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 158.767503] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 158.775107] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 158.785663] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 158.794869] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 158.804178] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 158.812528] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 158.823051] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 158.831081] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 158.837952] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 158.845778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 158.854431] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 158.863331] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 158.869400] 8021q: adding VLAN 0 to HW filter on device team0 [ 158.878150] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 158.887694] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 158.896928] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 158.912792] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 158.919184] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 158.932973] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 158.942892] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 158.954145] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 158.961906] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.968234] bridge0: port 1(bridge_slave_0) entered forwarding state [ 158.977167] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 158.988343] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 158.998211] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 159.005543] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 159.013667] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 159.021429] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.027958] bridge0: port 2(bridge_slave_1) entered forwarding state [ 159.044352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 159.057288] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 159.067489] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 159.078937] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 159.087299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 159.095755] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 159.104050] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 159.112556] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 159.124921] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready 23:29:09 executing program 3: syz_mount_image$ext4(&(0x7f0000000140)='ext3\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0xf, &(0x7f0000000400)=[{&(0x7f0000000440)="25befc8b31cf43b30234fa0095e0612687463915e39802a9d8aea872943afd874e2f98b579a7186270146d0e0206e73ba8c63cd7dcc6760353effc7b171ed217460344db4506aa5e391360a822ab68be96f427be581828de39e78596db0189732938", 0x62, 0x400}], 0x0, 0x0) [ 159.134617] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 159.143397] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 159.155501] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 159.166455] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 159.184351] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 159.195610] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 159.214843] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 159.229682] 8021q: adding VLAN 0 to HW filter on device bond0 [ 159.252100] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 159.260398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 159.268166] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 159.278286] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 159.289045] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 159.295923] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 159.310422] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 159.319077] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 159.325325] 8021q: adding VLAN 0 to HW filter on device team0 [ 159.331960] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 159.338968] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 159.354102] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 159.366085] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 159.374084] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 159.382266] bridge0: port 1(bridge_slave_0) entered blocking state [ 159.388649] bridge0: port 1(bridge_slave_0) entered forwarding state [ 159.397919] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 159.407254] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 159.414940] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 159.426113] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 159.434324] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 159.442429] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.448815] bridge0: port 2(bridge_slave_1) entered forwarding state [ 159.457412] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 159.465315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 159.477500] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 159.487685] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 159.499686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 159.512448] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 159.520392] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 159.528011] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 23:29:10 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_genetlink_get_family_id$tipc(0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x20000000fb], 0x1f004, 0x485}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 159.538676] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 159.553536] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 159.560859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 159.568836] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 159.593622] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 159.601066] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 159.608266] audit: type=1400 audit(1568244550.153:39): avc: denied { create } for pid=6985 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 159.634535] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 159.643137] audit: type=1400 audit(1568244550.153:40): avc: denied { write } for pid=6985 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 159.669414] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 159.678037] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 159.691485] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 159.710761] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 159.716861] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 159.756046] audit: type=1400 audit(1568244550.153:41): avc: denied { read } for pid=6985 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 23:29:10 executing program 2: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) chdir(&(0x7f0000000300)='./file0\x00') symlink(&(0x7f0000000140)='..', &(0x7f00000000c0)='./file0\x00') chroot(&(0x7f0000000180)='./file0/file0\x00') mount(&(0x7f0000000000)=@filename='./file0\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x2841806, 0x0) umount2(&(0x7f00000001c0)='./file0/file0\x00', 0x0) [ 159.809021] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 159.828227] 8021q: adding VLAN 0 to HW filter on device batadv0 23:29:12 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x3, 0x2) r4 = dup(r3) syz_kvm_setup_cpu$x86(r4, r2, &(0x7f000001c000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) 23:29:12 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070") syz_emit_ethernet(0x32, &(0x7f0000000000)={@remote, @empty, [], {@arp={0x8100, @generic={0x0, 0x88ca, 0x6, 0x0, 0x0, @dev, "", @broadcast, "60e72a375db887d65b2dcd6cdc3418ac"}}}}, 0x0) 23:29:12 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, @perf_bp={0x0, 0xe5ec6dbb42ddd7db}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = inotify_init1(0x0) r1 = getpid() fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000100)={0x0, 0x0}) kcmp(r2, r1, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) 23:29:12 executing program 3: sendmsg$SEG6_CMD_GET_TUNSRC(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000780)=ANY=[@ANYBLOB="fc7c1c", @ANYRES16=0x0, @ANYBLOB="fef19204815a87be0fd7b838ee9cbdbee386bb6c07aa57da13f28cbc1173b7b5451913bd5d7866cb75136133681de4a95fcfe1c3bf168a36adc967af4346b9d1cb4b42724fe77aed81633647d77e8f3d4959ae42caa10dbc26c5ad83e1e93821fd31cd1d922caa3503edf390cf81e9c9f79a3eca759e661d6b6c131a070c436c959312625df95c834aadf0c37982aa99836d878d97fc6cce9a9d9f279648574300b450fe0e78373812000000000000006f5d62c86aca86a09dce0c8b0700c12ad99dad672056955c11b7ca3c49b9739d088c2eb0c008f628790ec8ebc30285dad91d50bcce0adf55b413006e1bddcc726c3f26aa82425c894e45c3981b85d539047cc9f05cc7252272eada83a203bbbc2317faaa9296d6d19c5b28945da72ec04111fa489070fe636914c3c43f8150a0b6898f36d990369367563bb6512a4be66fc098ba9cc92a9a1eb6392cf015c8e22e7462b2fb48c8dc13daab8ab136babf407ad7df786658fc3cd9105ae606a951b7ec93b1e0d1ea95ec1ac4ddb26766d3296217b97ba47d9d7570efcc239434b1ad319e39d15a1cde4e5219668aeaa48d130aae7c7a664b1dde9e68a4161a34afae4889c2104e23a106"], 0x3}}, 0x0) ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, &(0x7f0000000000)={0x7, 0x100}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 23:29:12 executing program 1: r0 = socket$inet(0x10, 0x2, 0x4) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)}, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0) fremovexattr(0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='net/fib_trie\x00') preadv(r1, &(0x7f0000000480), 0x100000000000022c, 0x6c00000000000000) socket$inet6(0xa, 0x2, 0x0) r2 = syz_open_procfs(0x0, 0x0) getpid() getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000740)={0x3, 0x0, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r5, 0xae80, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) execveat(r2, 0x0, &(0x7f0000000480)=[0x0], &(0x7f0000000640)=[0x0, 0x0, 0x0], 0x0) 23:29:12 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c) 23:29:12 executing program 3: ioctl$LOOP_CLR_FD(0xffffffffffffffff, 0x4c01) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x20000000fb], 0x1f004, 0x485}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 162.042057] hrtimer: interrupt took 38453 ns 23:29:12 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10) setsockopt$inet_mtu(r0, 0x0, 0xa, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000280)='veth0_to_bond\x00', 0x10) sendto$inet(r0, &(0x7f0000000080), 0xffffffffffffff02, 0x420ffe0, 0x0, 0xfffffffffffffd37) 23:29:12 executing program 5: prctl$PR_GET_NAME(0x10, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) getpid() socketpair$unix(0x1, 0x200400000000003, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000140)=@abs={0x0, 0x0, 0xfffffffffffffffe}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x924924924924c31, 0x0) close(r0) 23:29:12 executing program 4: prctl$PR_GET_NAME(0x10, 0x0) syz_genetlink_get_family_id$tipc(0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x20000000fb], 0x1f004, 0x485}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 23:29:12 executing program 3: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=ANY=[@ANYBLOB="021600000200000000000000eede3def"], 0x10}}, 0x0) 23:29:12 executing program 0: prctl$PR_SET_THP_DISABLE(0x29, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x2, @perf_bp={0x0, 0xe5ec6dbb42ddd7db}, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$ndb(0x0, 0x0, 0x0) r0 = inotify_init1(0x0) r1 = getpid() fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000100)={0x0, 0x0}) kcmp(r2, r1, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) 23:29:12 executing program 5: prctl$PR_GET_NAME(0x10, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0) prlimit64(0x0, 0x0, 0x0, 0x0) getpid() socketpair$unix(0x1, 0x200400000000003, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000140)=@abs={0x0, 0x0, 0xfffffffffffffffe}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x924924924924c31, 0x0) close(r0) 23:29:12 executing program 4: 23:29:13 executing program 0: socket$packet(0x11, 0x0, 0x300) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070") syz_emit_ethernet(0x32, &(0x7f0000000000)={@remote, @empty, [], {@arp={0x8100, @generic={0x0, 0x88ca, 0x6, 0x0, 0x0, @dev, "", @broadcast, "60e72a375db887d65b2dcd6cdc3418ac"}}}}, 0x0) 23:29:13 executing program 5: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400add427323b470c458c560a", 0x11}], 0x1) r2 = socket$netlink(0x10, 0x3, 0x4) write$binfmt_misc(r1, &(0x7f00000036c0)=ANY=[@ANYPTR=&(0x7f0000003600)=ANY=[@ANYRES16, @ANYPTR=&(0x7f0000000140)=ANY=[@ANYPTR64, @ANYRES64], @ANYRES16, @ANYRES16, @ANYRESOCT, @ANYRESDEC], @ANYPTR=&(0x7f0000003440)=ANY=[@ANYBLOB="76a47a8b3198c6e32d1c744f4dc050d6ebb0c187f4ebb518e934649ab83626bcb28573f71facfe7de694b9274d5750ea382689fb70fd6af96167f6ea3e1131cfe8c58495e96aaab5bd4824338e6cf574ba07b14711ce8440c9", @ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYPTR, @ANYRES16=0x0, @ANYPTR64, @ANYRES32, @ANYPTR], @ANYPTR64, @ANYPTR64=&(0x7f0000003680)=ANY=[@ANYPTR64, @ANYRESOCT, @ANYRESDEC, @ANYPTR], @ANYPTR64=&(0x7f0000003500)=ANY=[@ANYBLOB="368517de49a47b24b11ce68717ce48f3a0e91561e8d8406c4017c747ee830ffa7f708e6ce33361b759581cb6ba27984c65a21844ae22d3a18d858f7a79371c5b63f5becd0795d5da3f3f9e8c", @ANYRES16]], @ANYRESHEX, @ANYRESOCT], 0xfee3) splice(r0, 0x0, r2, 0x0, 0x20000000010006, 0x0) [ 162.529958] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7076 comm=syz-executor.5 [ 162.555289] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7076 comm=syz-executor.5 [ 162.574295] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7076 comm=syz-executor.5 [ 162.592798] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7076 comm=syz-executor.5 [ 162.605777] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7076 comm=syz-executor.5 [ 162.618648] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7076 comm=syz-executor.5 [ 162.634497] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7076 comm=syz-executor.5 [ 162.647003] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7076 comm=syz-executor.5 [ 162.659621] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7076 comm=syz-executor.5 [ 162.672115] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7076 comm=syz-executor.5 23:29:13 executing program 1: r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl(r2, 0x1000008912, &(0x7f0000000140)="11dca50d5e0bcfe47bf070") ptrace$cont(0x20, r1, 0x0, 0x0) 23:29:13 executing program 2: bind$inet(0xffffffffffffffff, 0x0, 0x0) prctl$PR_CAPBSET_READ(0x17, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = inotify_init1(0x0) r1 = getpid() fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000100)={0x0, 0x0}) kcmp(r2, r1, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) 23:29:13 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") r1 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0) r2 = syz_open_dev$usbmon(0x0, 0x0, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x400300, 0x0, 0x8012, r2, 0x0) mmap(&(0x7f0000a05000/0x400000)=nil, 0x400300, 0x0, 0x8012, r1, 0x0) 23:29:13 executing program 4: connect$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000340)='/dev/loop#\x00', 0x40, 0x0) ioctl$BLKFLSBUF(r0, 0x1261, 0x0) 23:29:13 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2}) write$eventfd(r2, &(0x7f0000000000), 0x8) 23:29:13 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x9, &(0x7f0000000000)=0x20000005, 0x4) 23:29:13 executing program 1: r0 = getpgrp(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3f) ptrace$cont(0x20, r1, 0x0, 0x0) ptrace$cont(0x9, r1, 0x0, 0x0) 23:29:13 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @broadcast}, 0x10) prctl$PR_CAPBSET_READ(0x17, 0x0) setsockopt$sock_int(r0, 0x1, 0x4, &(0x7f00000000c0)=0x3ff, 0x4) sendto$inet(r0, 0x0, 0x0, 0x20000000, &(0x7f0000000340)={0x2, 0x4e20}, 0x10) prctl$PR_SET_THP_DISABLE(0x29, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x2, @perf_bp={&(0x7f0000000040), 0xe5ec6dbb42ddd7db}, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x20000) r2 = inotify_init1(0x0) r3 = getpid() fcntl$setown(r2, 0x8, 0xffffffffffffffff) fcntl$getownex(r2, 0x10, &(0x7f0000000100)={0x0, 0x0}) kcmp(r4, r3, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000140)={[], 0x6, 0x8, 0x5, 0x7fffffff, 0x9, r3}) sendto$inet(r0, &(0x7f0000000080)="e3", 0xffffffffffffff30, 0x4044050, 0x0, 0x105) 23:29:13 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @broadcast}, 0x10) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0xca) sendto$inet(r0, 0x0, 0x0, 0x20000000, &(0x7f0000000340)={0x2, 0x4e20}, 0x10) prctl$PR_SET_THP_DISABLE(0x29, 0x1) sendto$inet(r0, &(0x7f0000000080)="e3", 0xffffffffffffff30, 0x4044050, 0x0, 0x105) [ 162.896020] audit: type=1400 audit(1568244553.443:42): avc: denied { map } for pid=7097 comm="syz-executor.3" path="/dev/usbmon0" dev="devtmpfs" ino=14978 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usbmon_device_t:s0 tclass=chr_file permissive=1 23:29:13 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, &(0x7f00000002c0)='\f', 0x10003, 0x0, 0x0, 0x0) 23:29:13 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0}) 23:29:13 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x9, &(0x7f0000000000)=0x20000005, 0x4) 23:29:13 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x9, &(0x7f0000000000)=0x20000005, 0x4) 23:29:13 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") r1 = inotify_init1(0x0) r2 = getpid() fcntl$setown(r1, 0x8, 0xffffffffffffffff) fcntl$getownex(r1, 0x10, &(0x7f0000000100)={0x0, 0x0}) kcmp(r3, r2, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) 23:29:13 executing program 5: sendmsg$SEG6_CMD_GET_TUNSRC(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB="fc7c1c", @ANYRES16=0x0, @ANYBLOB="fe0d920481"], 0x3}}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x4) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x296, 0x0, 0x0, 0x0, 0x4ce]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 23:29:13 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @broadcast}, 0x10) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") sendto$inet(r0, 0x0, 0x0, 0x20000000, &(0x7f0000000340)={0x2, 0x4e20}, 0x10) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0x4) sendto$inet(r0, &(0x7f0000000080)="e3", 0x1, 0x0, 0x0, 0x0) 23:29:13 executing program 2: prctl$PR_GET_DUMPABLE(0x3) getdents64(0xffffffffffffffff, &(0x7f00000004c0)=""/141, 0x8d) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, &(0x7f0000000000)={0x0, @aes256, 0x2, "0cde737c8ea91285"}) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000180), 0x8) mmap(&(0x7f0000000000/0xddf000)=nil, 0xddf000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 23:29:13 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = eventfd(0x0) ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000040)={r4}) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r4}) 23:29:13 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10) 23:29:13 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @broadcast}, 0x10) prctl$PR_CAPBSET_READ(0x17, 0x0) setsockopt$sock_int(r0, 0x1, 0x4, &(0x7f00000000c0)=0x3ff, 0x4) sendto$inet(r0, 0x0, 0x0, 0x20000000, &(0x7f0000000340)={0x2, 0x4e20}, 0x10) prctl$PR_SET_THP_DISABLE(0x29, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x2, @perf_bp={&(0x7f0000000040), 0xe5ec6dbb42ddd7db}, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x20000) r2 = inotify_init1(0x0) r3 = getpid() fcntl$setown(r2, 0x8, 0xffffffffffffffff) fcntl$getownex(r2, 0x10, &(0x7f0000000100)={0x0, 0x0}) kcmp(r4, r3, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000140)={[], 0x6, 0x8, 0x5, 0x7fffffff, 0x9, r3}) sendto$inet(r0, &(0x7f0000000080)="e3", 0xffffffffffffff30, 0x4044050, 0x0, 0x105) 23:29:13 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)}, 0x0) r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fremovexattr(r0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='net/fib_trie\x00') preadv(r1, &(0x7f0000000480), 0x100000000000022c, 0x0) socket$inet6(0xa, 0x2, 0x0) getpid() getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000740)={0x3, 0x0, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) execveat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000480)=[0x0], &(0x7f0000000640)=[0x0, 0x0, 0x0], 0x0) 23:29:13 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x2}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000100)=0x1, 0x4) listen(r1, 0x0) sendto$inet6(r0, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) [ 163.293754] kvm [7145]: vcpu0, guest rIP: 0x8a disabled perfctr wrmsr: 0x187 data 0x4d00000040f [ 163.317027] irq bypass consumer (token ffff88808e39ca80) registration fails: -16 [ 163.405995] kvm [7145]: vcpu0, guest rIP: 0x8a ignored wrmsr: 0x11e data 0x4d00000040f [ 163.423416] TCP: request_sock_TCPv6: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. 23:29:14 executing program 1: syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x0, 0x0) sendmsg$SEG6_CMD_GET_TUNSRC(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB="fc7c1c", @ANYRES16=0x0, @ANYBLOB="fe0d920481"], 0x3}}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x4) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x296, 0x0, 0x0, 0x0, 0x4ce]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 23:29:14 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_cancel(0x0, 0x0, &(0x7f0000000680)) syz_genetlink_get_family_id$tipc(0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x20000000fb], 0x1f004, 0x485}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 163.490851] kvm [7145]: vcpu0, guest rIP: 0x8a disabled perfctr wrmsr: 0x186 data 0x4d00000040f 23:29:14 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @broadcast}, 0x10) prctl$PR_CAPBSET_READ(0x17, 0x0) setsockopt$sock_int(r0, 0x1, 0x4, &(0x7f00000000c0)=0x3ff, 0x4) sendto$inet(r0, 0x0, 0x0, 0x20000000, &(0x7f0000000340)={0x2, 0x4e20}, 0x10) prctl$PR_SET_THP_DISABLE(0x29, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x2, @perf_bp={&(0x7f0000000040), 0xe5ec6dbb42ddd7db}, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x20000) r2 = inotify_init1(0x0) r3 = getpid() fcntl$setown(r2, 0x8, 0xffffffffffffffff) fcntl$getownex(r2, 0x10, &(0x7f0000000100)={0x0, 0x0}) kcmp(r4, r3, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000140)={[], 0x6, 0x8, 0x5, 0x7fffffff, 0x9, r3}) sendto$inet(r0, &(0x7f0000000080)="e3", 0xffffffffffffff30, 0x4044050, 0x0, 0x105) [ 163.562447] kvm [7145]: vcpu0, guest rIP: 0x8a disabled perfctr wrmsr: 0x187 data 0x4d00000040f 23:29:14 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x9, &(0x7f0000000000)=0x20000005, 0x4) getsockopt$inet_tcp_int(r0, 0x6, 0x9, 0x0, &(0x7f00000000c0)) [ 163.703700] kvm [7177]: vcpu0, guest rIP: 0x8a disabled perfctr wrmsr: 0x187 data 0x4d00000040f 23:29:14 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x9, &(0x7f0000000000)=0x20000005, 0x4) getsockopt$inet_tcp_int(r0, 0x6, 0x9, 0x0, &(0x7f00000000c0)) [ 163.791209] kvm [7177]: vcpu0, guest rIP: 0x8a ignored wrmsr: 0x11e data 0x4d00000040f [ 163.816995] kvm [7177]: vcpu0, guest rIP: 0x8a disabled perfctr wrmsr: 0x186 data 0x4d00000040f 23:29:14 executing program 5: io_cancel(0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x20000000fb], 0x1f004, 0x485}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 23:29:14 executing program 2: prctl$PR_GET_DUMPABLE(0x3) getdents64(0xffffffffffffffff, &(0x7f00000004c0)=""/141, 0x8d) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, &(0x7f0000000000)={0x0, @aes256, 0x2, "0cde737c8ea91285"}) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000180), 0x8) mmap(&(0x7f0000000000/0xddf000)=nil, 0xddf000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 23:29:14 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)}, 0x0) r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fremovexattr(r0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='net/fib_trie\x00') preadv(r1, &(0x7f0000000480), 0x100000000000022c, 0x0) socket$inet6(0xa, 0x2, 0x0) getpid() getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000740)={0x3, 0x0, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) execveat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000480)=[0x0], &(0x7f0000000640)=[0x0, 0x0, 0x0], 0x0) 23:29:14 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_cancel(0x0, 0x0, &(0x7f0000000680)) syz_genetlink_get_family_id$tipc(0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x20000000fb], 0x1f004, 0x485}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 23:29:14 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @broadcast}, 0x10) prctl$PR_CAPBSET_READ(0x17, 0x0) setsockopt$sock_int(r0, 0x1, 0x4, &(0x7f00000000c0)=0x3ff, 0x4) sendto$inet(r0, 0x0, 0x0, 0x20000000, &(0x7f0000000340)={0x2, 0x4e20}, 0x10) prctl$PR_SET_THP_DISABLE(0x29, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x2, @perf_bp={&(0x7f0000000040), 0xe5ec6dbb42ddd7db}, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x20000) r2 = inotify_init1(0x0) r3 = getpid() fcntl$setown(r2, 0x8, 0xffffffffffffffff) fcntl$getownex(r2, 0x10, &(0x7f0000000100)={0x0, 0x0}) kcmp(r4, r3, 0x2, 0xffffffffffffffff, 0xffffffffffffffff) ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000140)={[], 0x6, 0x8, 0x5, 0x7fffffff, 0x9, r3}) sendto$inet(r0, &(0x7f0000000080)="e3", 0xffffffffffffff30, 0x4044050, 0x0, 0x105) 23:29:14 executing program 1: sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)}, 0x0) r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fremovexattr(r0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000240)='net/fib_trie\x00') preadv(r1, &(0x7f0000000480), 0x100000000000022c, 0x0) socket$inet6(0xa, 0x2, 0x0) getpid() getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000740)={0x3, 0x0, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) execveat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000480)=[0x0], &(0x7f0000000640)=[0x0, 0x0, 0x0], 0x0) 23:29:14 executing program 5: 23:29:14 executing program 5: prctl$PR_GET_DUMPABLE(0x3) getdents64(0xffffffffffffffff, &(0x7f00000004c0)=""/141, 0x8d) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, &(0x7f0000000000)={0x0, @aes256, 0x2, "0cde737c8ea91285"}) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000180), 0x8) mmap(&(0x7f0000000000/0xddf000)=nil, 0xddf000, 0x0, 0x32, 0xffffffffffffffff, 0x0) 23:29:15 executing program 4: 23:29:15 executing program 4: 23:29:15 executing program 0: 23:29:15 executing program 0: 23:29:15 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000140)) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000140)={0xfdfdffff00000000}) 23:29:15 executing program 2: 23:29:15 executing program 0: 23:29:15 executing program 1: 23:29:15 executing program 3: 23:29:15 executing program 4: 23:29:15 executing program 1: 23:29:16 executing program 5: 23:29:16 executing program 0: 23:29:16 executing program 3: 23:29:16 executing program 2: 23:29:16 executing program 4: 23:29:16 executing program 1: 23:29:16 executing program 2: 23:29:16 executing program 0: 23:29:16 executing program 4: 23:29:16 executing program 1: 23:29:16 executing program 3: 23:29:16 executing program 5: 23:29:16 executing program 0: 23:29:16 executing program 2: 23:29:16 executing program 5: 23:29:16 executing program 3: 23:29:16 executing program 1: 23:29:16 executing program 4: 23:29:16 executing program 0: 23:29:16 executing program 2: 23:29:16 executing program 3: 23:29:16 executing program 1: 23:29:16 executing program 4: 23:29:16 executing program 5: 23:29:16 executing program 2: 23:29:16 executing program 3: 23:29:16 executing program 0: 23:29:16 executing program 4: 23:29:16 executing program 1: 23:29:16 executing program 5: 23:29:16 executing program 3: 23:29:16 executing program 1: 23:29:16 executing program 4: 23:29:16 executing program 0: 23:29:16 executing program 2: 23:29:16 executing program 1: 23:29:16 executing program 3: personality(0x8000000) io_setup(0x3, &(0x7f0000000100)) 23:29:16 executing program 4: 23:29:16 executing program 5: 23:29:16 executing program 0: 23:29:16 executing program 2: 23:29:16 executing program 1: 23:29:16 executing program 0: clone(0x800007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="13d50f34"], 0x4}}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000001a40)=[{{0x0, 0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000002c0)}], 0x3}}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001b00)=ANY=[@ANYBLOB="eabe9f303b222957eecbc62428a82d2759621c4e25aca1877c7e5255f910c28f5e87a648b9546a1ebed56adb3b91e7f1ffd7e4ab56ad8e39ac079b906da58a5d1ab04e9d752a92806db0c8541ab3234dedb663fc73c7fe3c32325c4541008239fb1aace0ec8aaeca96b11a0d6e07106a0b90a1a706037fe7f2", @ANYRESHEX, @ANYPTR64, @ANYRESOCT, @ANYRES32, @ANYBLOB="0a1da9ee18cff6bc6a83095a16d8e35857b4bc2097af31ac7986a65cad647484f90c9fd46fef259ad171921ffcec605b1e5398c51a4bd95b0e2492f55ac2cddab500c32ec94bbca707914c339a47abae0bdae27c10cd74e98587787e4038c04a4b627b17e13dbcd3f8f5c96d5ac62040f4e1cd7e6716249e8f76346f92a216d694999b59692eed8ee95fe63da028952afc20b543340c03a803000000000000002f511da3e2105f9a23f265f22b279463036de8ff0096431fff"], 0x0, 0x167}, 0x20) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x3}, 0x1c) sendmmsg(r1, &(0x7f0000007e00), 0x40000000000025d, 0x0) 23:29:16 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='attr/current\x00') write$selinux_create(r0, 0x0, 0x18) 23:29:16 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/dev_snmp6\x00') r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) ioctl$TCXONC(r2, 0x540a, 0x0) 23:29:16 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$inet(r0, &(0x7f0000003300)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) recvmmsg(r1, &(0x7f0000002b80)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x40, 0x0) 23:29:16 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dcab0d5e0be6e47bf070") r1 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) writev(r1, &(0x7f0000000700)=[{&(0x7f0000000500)="c5", 0x1}], 0x1) 23:29:16 executing program 1: syz_open_dev$evdev(&(0x7f0000006240)='/dev/input/event#\x00', 0x2, 0x4840) 23:29:16 executing program 5: r0 = openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/create\x00', 0x2, 0x0) write$selinux_create(r0, 0x0, 0x256) 23:29:16 executing program 0: r0 = openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/create\x00', 0x2, 0x0) write$selinux_create(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="73797374656d5f753a6f626a6563745f723a73797374656d5f64627573645f7661725f6c69625f743a733020756e636f6e66696e65645f753a73797374656d5f723a696e736d6f645f743a73302d73303a63302e6331303233203030303018"], 0x5f) [ 166.169805] ptrace attach of "/root/syz-executor.0"[7340] was attempted by "/root/syz-executor.0"[7344] 23:29:16 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='clear_refs\x00') write$selinux_create(r0, 0x0, 0x18) 23:29:16 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x4e23, @broadcast}, 0x10) 23:29:16 executing program 3: r0 = openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/create\x00', 0x2, 0x0) write$selinux_create(r0, 0x0, 0xffad) 23:29:16 executing program 2: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f0000000100)='./bus\x00', 0x0, 0x0, 0x0, 0x8000, &(0x7f00000004c0)={[], [{@euid_gt={'euid>'}}]}) 23:29:16 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/dev_snmp6\x00') r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) r2 = dup3(r1, r0, 0x0) ioctl$TCXONC(r2, 0x540a, 0x1) 23:29:16 executing program 4: r0 = openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/create\x00', 0x2, 0x0) write$selinux_create(r0, 0x0, 0x0) write$binfmt_aout(r0, 0x0, 0x0) 23:29:16 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dcab0d5e0be6e47bf070") r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/enforce\x00', 0x1, 0x0) write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f0000000200)={0x30}, 0x30) 23:29:16 executing program 3: open(0x0, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(0x0) sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, 0x0, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000040)='./file0\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00\a\x13', 0x275a, 0x0) 23:29:16 executing program 5: syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x4000) 23:29:16 executing program 0: r0 = openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/create\x00', 0x2, 0x0) write$selinux_create(r0, &(0x7f00000000c0)=@access={'system_u:object_r:system_dbusd_var_lib_t:s0', 0x20, 'unconfined_u:system_r:insmod_t:s0-s0:c0.c1023', 0x20, 0xc5a}, 0x6f) 23:29:17 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000007c0)='/group.sta\x9f\xd4t\x00+\x96FR\bR\t\x12\x04J{\t\xab\v\x02t\xe1\t\x85\xa6\xfa\x15\xb3[\xa6\x94!\xf2\x04\xde\xc5f\x8a\x06\x00\x00\x00\xb9\x0f\xf8`\xe0\x1f&+\xaf\xacu\nm\\\xe2Y\xcba\xea\f\xd9DXX>\xef/\xc5\x97\xea\x93\xa7\xde\xc9\xb4\x16\x8eF\x8b\xe0W\xdfuE\xfe\x8b\xc4G\x8f\x8e\xd8[T|i$\x88\x04\x00\x00\x00\x00\x00\x00\x00\x90\x1eB\x8b\x98\xad\xd17_Q\xe15\x84\x8f\xea\x98\xc6J\x81W!\xf0\\\xa1O\x9f\x93\x19C\xceQCV\xe3WE\x11\xe0\xc6\x1f\xf2/\xf6\x1fM\xeba_\xa9\xcd\x10\xcd\x0e~\xc6\xed\xb6\x82\xf6\xee\x9aK\xdd\x86\xf8\x0f\x15Y-\xb8A1\x1bb\xff\xf0\xd2M\xf7)\xaa\x8a\x18\xb9_\x83>\xeb\xfc\xc18^\x1d\xb3Y\xdc#\xde\xdb\x89\x90L\x99o\x02\xb6\x98e\xc6b\xce\xb7\x99k3&\xaf\v\xc6\x80\xff\xdb\xb7\x0e\xb4K\xf8\x17\xba\xf8\xee\fe\xed]\x93\x13\xbc\xf5\xe2<\xa2\xaf\x83\xa3\xaabc\x95\x00\t:\xcc\xe1\t]\x84\x90\x17l\xd3\xa7M\xdb\x02J\x90\xe8\xe8\xb3\xc9\xf6\xea\xb2\xdeI\xe4\x0f\xd4\xca(\xcd\xfa\xb2\xb8@\xca\x17u\x02Rb\xad\xd0\xf7\x9bz#\xb8\x1d\x88\xf6?3,\x89\xb1-p\x8a\r\xdb\xd6,\xa4\x01y\x1bc\xb7\x19\xcey\xb5\xae\xc4\xe3\xc4\xe9=\x1e\x8c\xec\xfe\x05b\x7f`Y k\xc4\xa8 \xc3\x9b\v\xbbE\x8c\xb8\xe6\x8a\xa0s\b\xcb\xbb\xfa\xde\xf0\n`\x8az<\f\xf1\xbe\x85\xd1Wk\x17\xbc1q\x8b\x93Y|\x9e\xe2\xc9Ms/A\x98\xf2\x88\n\x92?7\xb1\xe0\xee\xe8yo\xb7\xb2p\xc5O~\x87\x17F\b\xb5\xd6\xdc\xe4u:$>\xd1\xaf\x1a\xcb\x18\x8a\x0e$\xbd\x94N\xc84}_\x06\x11\xd2\xdd7\xe0\b\x0f\xd0\xb0WZ\xfc\xb1\xc3\tS\x13\a6\xc0\xbc\vG\xe4p\x1b\xee\x89_=\xb8\x12\xddpk\x860\x03\xfd\xde\x0f\x9c\xc2\xe5.\xfe\xaf\x8f\xe2\x16\x8c\xdbS\xe6\xc26\xde\xf4I\x9f\x003P\xb5\x9fg\x82!\xf2\x82 \xc1Os\xd7C\\\xad\xb3n}t\xba|\x10\x05,rk\xd1\t|\x1e\x00\x9e\xfa\"\x85\xdd\xb7O\a\xfc\x14\xa8\x00\x1f6M\xb00\xbd\xb7\xd6\xa8\xffe\xb2\xcb\'', 0x2761, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)}, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000000)) 23:29:17 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@remote, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8) r1 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0) sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d33373"], 0x10}}, 0x0) recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400}) 23:29:17 executing program 2: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000440)='/dev/uhid\x00', 0x2, 0x0) write$UHID_INPUT2(r0, &(0x7f0000000480), 0x6) 23:29:17 executing program 3: r0 = openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/create\x00', 0x2, 0x0) write$selinux_create(r0, 0x0, 0x0) close(r0) 23:29:17 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='loginuid\x00') write$P9_RLOCK(r0, 0x0, 0x0) 23:29:17 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000003, &(0x7f0000000080)={0x2, 0x1000004e23, @local}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='sit0\x00', 0x10) r1 = memfd_create(&(0x7f00000000c0)='n\x9e\xc2ux/.bdevh\x01\xd9\"\x8f\xa9\x91\x95\x7f\b\x00\x00', 0x0) ftruncate(r1, 0x4000b) socket$packet(0x11, 0x2000000003, 0x300) sendfile(r0, r1, 0x0, 0x10010000000002) 23:29:17 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000003c0)={0x0, 0x0}, &(0x7f0000000400)=0xc) ioprio_get$uid(0x3, r1) 23:29:17 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x9, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x5, 0x1, 0x14}]}, &(0x7f0000f6bffb)='GPL\x00'}, 0x48) 23:29:17 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x206, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) 23:29:17 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x5, 0x53, 0x8000, 0x2000008000000001, 0x0, 0x1}, 0x3c) bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x73fffb, 0x0, 0x822000, 0x0}, 0x2c) 23:29:17 executing program 1: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socket$kcm(0x11, 0x3, 0x300) socket$kcm(0x2, 0x1000000000000002, 0x0) r1 = socket$kcm(0x11, 0x3, 0x300) r2 = socket$kcm(0x2, 0x1000000000000002, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x3e, &(0x7f00000002c0)=r1, 0x4) sendmsg$kcm(r2, &(0x7f0000003d00)={&(0x7f0000000380)=@in={0x2, 0x4e23, @local}, 0x80, 0x0}, 0xfd00) write$cgroup_subtree(r2, 0x0, 0x0) 23:29:17 executing program 5: socket$kcm(0x10, 0x2, 0x0) r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1fb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0) perf_event_open$cgroup(&(0x7f0000000fc0)={0x0, 0x70, 0x0, 0x0, 0x1, 0x0, 0x0, 0x7, 0x100, 0x4, 0x0, 0x2b, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x5, 0x2, 0x0, 0x0, 0x6, 0x0, 0x1ff, 0x0, 0x7, 0x8, 0xffffffff, 0x0, 0x3ff, 0x2faa, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x5, @perf_config_ext={0x0, 0x489e}, 0x8, 0x0, 0x9, 0x0, 0x6, 0x5, 0x400}, r1, 0x6, 0xffffffffffffffff, 0x4) openat$cgroup_int(0xffffffffffffff9c, 0x0, 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000017c0)={&(0x7f0000000100)=@un=@file={0x1, './file0\x00'}, 0x80, 0x0}, 0x0) write$cgroup_int(r2, &(0x7f00000009c0), 0x12) write$cgroup_int(r3, &(0x7f0000000080), 0x297ef) r4 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_int(r4, &(0x7f0000000080)='memory.high\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40042409, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) recvmsg(r3, &(0x7f0000000940)={&(0x7f0000000200)=@x25, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000280)=""/99, 0x63}, {&(0x7f0000000300)=""/47, 0x2f}, {&(0x7f0000000440)=""/160, 0xa0}, {&(0x7f0000000500)=""/137, 0x89}, {&(0x7f0000000340)=""/102, 0x66}, {&(0x7f00000005c0)=""/20, 0x14}, {0x0}], 0x7}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000001600), 0x0, 0xffffffff000003b1}, 0x28) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000c00)={0xffffffffffffffff, 0xc0, &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000980)=0x6, 0x0, 0x0, 0x0, &(0x7f0000000a40)={0x9, 0x5}, 0x0, 0x0, 0x0, &(0x7f0000000ac0), 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b00)=0x8}}, 0x10) [ 166.734253] syz-executor.5 (7424) used greatest stack depth: 22800 bytes left 23:29:17 executing program 0: unshare(0x600) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f000001bff4)) signalfd(r3, &(0x7f0000392ff8), 0x8) 23:29:17 executing program 3: futex(&(0x7f000000cffc)=0x1, 0x800000000006, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc)=0x1, 0x800000000006, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) pipe(0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$TIOCSLCKTRMIOS(0xffffffffffffffff, 0x5457, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) 23:29:17 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)) creat(&(0x7f0000000040)='./bus\x00', 0x0) epoll_create1(0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 23:29:17 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x880800000000010, 0x802, 0x0) write(r0, &(0x7f0000000040)="240000001a0025f0046bbc04fef7001c020b49ff14000000805608000800040001000200", 0x24) 23:29:17 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) r0 = epoll_create1(0x0) fcntl$getownex(r0, 0x24, &(0x7f000045fff8)) 23:29:17 executing program 0: unshare(0x600) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f000001bff4)) signalfd(r3, &(0x7f0000392ff8), 0x8) 23:29:17 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) syz_open_procfs(0x0, &(0x7f0000272000)) 23:29:17 executing program 1: 23:29:17 executing program 0: unshare(0x600) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f000001bff4)) signalfd(r3, &(0x7f0000392ff8), 0x8) 23:29:17 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10) [ 167.030876] audit: type=1326 audit(1568244557.573:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7451 comm="syz-executor.3" exe="/root/syz-executor.3" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c72a code=0x0 23:29:17 executing program 0: unshare(0x600) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f000001bff4)) signalfd(r3, &(0x7f0000392ff8), 0x8) 23:29:17 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10) sendmsg(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000000c0)='f', 0x1}], 0x1}, 0x0) sendto$inet(r0, &(0x7f0000000080), 0xffffffffffffff02, 0x420ffe0, 0x0, 0xfffffffffffffd37) 23:29:17 executing program 0: unshare(0x600) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0) epoll_create1(0x0) signalfd(r3, &(0x7f0000392ff8), 0x8) [ 167.743350] audit: type=1326 audit(1568244558.293:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7451 comm="syz-executor.3" exe="/root/syz-executor.3" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c72a code=0x0 23:29:18 executing program 3: futex(&(0x7f000000cffc)=0x1, 0x800000000006, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc)=0x1, 0x800000000006, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) pipe(0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$TIOCSLCKTRMIOS(0xffffffffffffffff, 0x5457, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) 23:29:18 executing program 5: r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x0) ioctl$SIOCAX25CTLCON(r0, 0x89e7, &(0x7f0000000100)={@default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null={0x3}, 0x0, 0x0, 0x0, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null, @default, @default]}) 23:29:18 executing program 1: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r0, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @netrom, @netrom, @rose, @rose]}, 0x48) listen(r0, 0x0) 23:29:18 executing program 0: unshare(0x600) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0) epoll_create1(0x0) signalfd(r3, &(0x7f0000392ff8), 0x8) 23:29:18 executing program 2: mknod(&(0x7f00000005c0)='./bus\x00', 0x8, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x1) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) 23:29:18 executing program 4: r0 = memfd_create(&(0x7f0000000100)='net/if_inet6\x00', 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/if_inet6\x00') sendfile(r0, r1, 0x0, 0x4172) 23:29:18 executing program 0: unshare(0x600) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0) epoll_create1(0x0) signalfd(r3, &(0x7f0000392ff8), 0x8) 23:29:18 executing program 5: r0 = socket(0x10, 0x2, 0x0) bind$netlink(r0, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x100a00}, 0xc) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/netlink\x00') pipe(0x0) socket$inet(0x2, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) sendfile(r0, r1, 0x0, 0x80000005) 23:29:18 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x70aa3dee8a609283, 0x0, 0xfffffffffffffde3) open(0x0, 0x0, 0x0) listen(r0, 0x0) flistxattr(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000180)='reno\x00', 0x5) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0xfffffffffffffdc6, 0x20000004, &(0x7f0000000280)={0xa, 0x4e22}, 0x1c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket(0x10, 0x400000000080803, 0x0) write(r4, &(0x7f0000000040)="240000003a00d17da53a7436fef7001d0a0b49ffed000009000028000800030001000000", 0x24) recvmmsg(r4, &(0x7f0000004040)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000140)=""/116, 0x74}, {&(0x7f00000001c0)=""/4096, 0x1000}], 0x2}}], 0x1, 0x0, 0x0) r5 = socket(0x10, 0x400000000080803, 0x0) write(r5, &(0x7f0000000040)="240000003a00d17da53a7436fef7001d0a0b49ffed000009000028000800030001000000", 0x24) recvmmsg(r5, &(0x7f0000004040)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000140)=""/116, 0x74}, {&(0x7f00000001c0)=""/4096, 0x1000}], 0x2}}], 0x1, 0x0, 0x0) setsockopt$inet_buf(r5, 0x0, 0x29, 0x0, 0x0) write$P9_RLERROR(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0) recvfrom$inet6(r1, 0x0, 0x0, 0x0, 0x0, 0x0) r6 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r6, 0x8914, &(0x7f0000000000)={'lo\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r6, 0x8914, &(0x7f0000000140)={'lo\x00\x00\x00$\x00\x00\x00\x00\x00\x00\b\x00\x00\x11', 0xff}) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) r7 = accept4(r0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r9 = dup(r8) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) accept4(r9, &(0x7f0000000080)=@ipx, &(0x7f00000001c0)=0x80, 0x80800) sendto$inet6(r7, &(0x7f00000000c0), 0xfffffdda, 0x0, 0x0, 0x0) 23:29:18 executing program 2: clone(0x1bf9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setpriority(0x0, 0x0, 0x400000000000e6) setpriority(0x2, 0x0, 0x0) fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0) 23:29:18 executing program 1: clone(0x43000108, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 23:29:18 executing program 0: unshare(0x600) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, &(0x7f000001bff4)) signalfd(r3, &(0x7f0000392ff8), 0x8) [ 167.963125] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 167.997009] selinux_nlmsg_perm: 20 callbacks suppressed [ 167.997020] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8224 sclass=netlink_route_socket pig=7551 comm=syz-executor.5 [ 167.998989] audit: type=1326 audit(1568244558.543:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7516 comm="syz-executor.3" exe="/root/syz-executor.3" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c72a code=0x0 [ 168.073762] IPVS: ftp: loaded support on port[0] = 21 [ 168.091799] audit: type=1326 audit(1568244558.643:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7535 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c72a code=0x0 [ 168.104277] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8224 sclass=netlink_route_socket pig=7561 comm=syz-executor.5 23:29:19 executing program 3: futex(&(0x7f000000cffc)=0x1, 0x800000000006, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc)=0x1, 0x800000000006, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) pipe(0x0) socket$inet_udp(0x2, 0x2, 0x0) ioctl$TIOCSLCKTRMIOS(0xffffffffffffffff, 0x5457, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) 23:29:19 executing program 2: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x800000000050000}]}) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$P9_RLERROR(r0, 0x0, 0x0) 23:29:19 executing program 0: unshare(0x600) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, &(0x7f000001bff4)) signalfd(r3, &(0x7f0000392ff8), 0x8) 23:29:19 executing program 5: bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x10034, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x820000, 0x0}, 0x2c) openat$cgroup_subtree(0xffffffffffffffff, 0x0, 0x2, 0x0) 23:29:19 executing program 0: unshare(0x600) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, &(0x7f000001bff4)) signalfd(r3, &(0x7f0000392ff8), 0x8) [ 168.743581] ================================================================== [ 168.751183] BUG: KASAN: use-after-free in tcp_ack+0x414f/0x4760 [ 168.757262] Read of size 4 at addr ffff888099b8a32c by task syz-executor.4/7535 [ 168.764717] [ 168.766346] CPU: 0 PID: 7535 Comm: syz-executor.4 Not tainted 4.14.143 #0 [ 168.773285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 168.782640] Call Trace: [ 168.785232] [ 168.787400] dump_stack+0x138/0x197 [ 168.791038] ? tcp_ack+0x414f/0x4760 [ 168.794749] print_address_description.cold+0x7c/0x1dc [ 168.800043] ? tcp_ack+0x414f/0x4760 [ 168.803783] kasan_report.cold+0xa9/0x2af [ 168.807952] __asan_report_load4_noabort+0x14/0x20 [ 168.812887] tcp_ack+0x414f/0x4760 [ 168.816435] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 168.821553] ? trace_hardirqs_on+0x10/0x10 [ 168.825802] ? tcp_fastretrans_alert+0x2620/0x2620 [ 168.830739] ? lock_downgrade+0x6e0/0x6e0 [ 168.834900] tcp_rcv_established+0x3e9/0x1650 [ 168.839408] ? trace_hardirqs_on+0xd/0x10 23:29:19 executing program 0: unshare(0x600) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, &(0x7f000001bff4)) signalfd(0xffffffffffffffff, &(0x7f0000392ff8), 0x8) [ 168.843568] ? save_trace+0x290/0x290 [ 168.847390] ? tcp_data_queue+0x3730/0x3730 [ 168.851725] tcp_v6_do_rcv+0x417/0x1190 [ 168.851754] tcp_v6_rcv+0x2446/0x2ed0 [ 168.859516] ? save_trace+0x290/0x290 [ 168.863339] ip6_input_finish+0x300/0x15a0 [ 168.867603] ip6_input+0xd5/0x340 [ 168.871086] ? ip6_input_finish+0x15a0/0x15a0 [ 168.875603] ? ipv6_rcv+0x16aa/0x1d20 [ 168.879416] ? ip6_rcv_finish+0x7a0/0x7a0 [ 168.883572] ip6_rcv_finish+0x23f/0x7a0 [ 168.887583] ipv6_rcv+0xe4d/0x1d20 23:29:19 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x10034, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpid() bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x820000, 0x0}, 0x2c) bpf$MAP_CREATE(0x0, 0x0, 0x0) recvmsg(0xffffffffffffffff, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'irlan0\x00'}) 23:29:19 executing program 0: unshare(0x600) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, &(0x7f000001bff4)) signalfd(0xffffffffffffffff, &(0x7f0000392ff8), 0x8) [ 168.891129] ? put_prev_task_stop+0x358/0x400 [ 168.895636] ? ip6_input+0x340/0x340 [ 168.899346] ? __lock_is_held+0xb6/0x140 [ 168.899356] ? check_preemption_disabled+0x3c/0x250 [ 168.899365] ? ip6_make_skb+0x410/0x410 [ 168.899374] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 168.899380] ? ip6_input+0x340/0x340 [ 168.899393] __netif_receive_skb_core+0x1eae/0x2ca0 [ 168.899400] ? trace_hardirqs_on+0x10/0x10 [ 168.899413] ? enqueue_to_backlog+0xcc0/0xcc0 [ 168.917879] ? process_backlog+0x43e/0x730 [ 168.917897] ? lock_acquire+0x16f/0x430 [ 168.917909] __netif_receive_skb+0x2c/0x1b0 [ 168.917917] ? __netif_receive_skb+0x2c/0x1b0 [ 168.917926] process_backlog+0x21f/0x730 [ 168.917932] ? mark_held_locks+0xb1/0x100 [ 168.917945] net_rx_action+0x490/0xf80 [ 168.964449] ? napi_complete_done+0x4f0/0x4f0 [ 168.968964] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 168.974435] __do_softirq+0x244/0x9a0 [ 168.978257] ? ip6_finish_output2+0x9c0/0x21b0 [ 168.982866] do_softirq_own_stack+0x2a/0x40 [ 168.987192] [ 168.989439] do_softirq.part.0+0x10e/0x160 [ 168.993683] __local_bh_enable_ip+0x154/0x1a0 [ 168.998195] ip6_finish_output2+0x9f3/0x21b0 [ 169.002623] ? ip6_forward_finish+0x480/0x480 [ 169.007129] ? __lock_is_held+0xb6/0x140 [ 169.011198] ? check_preemption_disabled+0x3c/0x250 [ 169.016232] ip6_finish_output+0x4f4/0xb50 [ 169.020484] ? ip6_finish_output+0x4f4/0xb50 [ 169.024901] ip6_output+0x20f/0x6d0 [ 169.028530] ? ip6_finish_output+0xb50/0xb50 [ 169.032946] ? __lock_is_held+0xb6/0x140 [ 169.037014] ? check_preemption_disabled+0x3c/0x250 [ 169.042029] ? ip6_fragment+0x32c0/0x32c0 [ 169.042038] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 169.042047] ip6_xmit+0xd53/0x1eb0 [ 169.042061] ? ip6_finish_output2+0x21b0/0x21b0 [ 169.042069] ? ip6_dst_check+0x116/0x2c0 [ 169.042080] ? save_trace+0x290/0x290 [ 169.042088] ? ip6_append_data+0x2f0/0x2f0 [ 169.042097] ? __lock_is_held+0xb6/0x140 [ 169.042106] ? check_preemption_disabled+0x3c/0x250 [ 169.042121] inet6_csk_xmit+0x286/0x4d0 [ 169.042129] ? inet6_csk_update_pmtu+0x140/0x140 [ 169.042138] ? tcp_md5_do_lookup+0x1d3/0x530 [ 169.051735] __tcp_transmit_skb+0x172c/0x2fe0 [ 169.051754] ? __tcp_select_window+0x6e0/0x6e0 [ 169.051765] ? kvm_clock_read+0x23/0x40 [ 169.107280] ? sched_clock_cpu+0x1b/0x1c0 [ 169.111439] ? tcp_small_queue_check+0x184/0x1e0 [ 169.116185] tcp_write_xmit+0x523/0x4960 [ 169.120231] ? tcp_v6_md5_lookup+0x23/0x30 [ 169.124448] ? tcp_established_options+0x2c5/0x420 [ 169.129361] ? tcp_current_mss+0x1b1/0x2f0 [ 169.133587] __tcp_push_pending_frames+0xa6/0x260 [ 169.138418] tcp_send_fin+0x17e/0xc40 [ 169.142204] tcp_close+0xcc8/0xfb0 [ 169.145726] ? lock_acquire+0x16f/0x430 [ 169.149687] ? ip_mc_drop_socket+0x1d6/0x230 [ 169.154081] inet_release+0xec/0x1c0 [ 169.157780] inet6_release+0x53/0x80 [ 169.161496] __sock_release+0xce/0x2b0 [ 169.165383] ? __sock_release+0x2b0/0x2b0 [ 169.169513] sock_close+0x1b/0x30 [ 169.172951] __fput+0x275/0x7a0 [ 169.176217] ____fput+0x16/0x20 [ 169.179480] task_work_run+0x114/0x190 [ 169.183355] exit_to_usermode_loop+0x1da/0x220 [ 169.187919] do_syscall_64+0x4bc/0x640 [ 169.191786] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 169.196618] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 169.201790] RIP: 0033:0x4135d1 [ 169.204965] RSP: 002b:00007ffe17fa15d0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 169.212655] RAX: 0000000000000000 RBX: 000000000000000e RCX: 00000000004135d1 [ 169.219905] RDX: 0000000000000000 RSI: 0000000000000391 RDI: 000000000000000d [ 169.227157] RBP: 0000000000000001 R08: 0000000054e04395 R09: ffffffffffffffff [ 169.234407] R10: 00007ffe17fa16b0 R11: 0000000000000293 R12: 000000000075c9a0 [ 169.241679] R13: 000000000075c9a0 R14: 00000000007618f0 R15: ffffffffffffffff [ 169.248939] [ 169.250547] Allocated by task 7543: [ 169.254157] save_stack_trace+0x16/0x20 [ 169.258112] save_stack+0x45/0xd0 [ 169.261544] kasan_kmalloc+0xce/0xf0 [ 169.265261] kasan_slab_alloc+0xf/0x20 [ 169.269129] kmem_cache_alloc_node+0x144/0x780 [ 169.273690] __alloc_skb+0x9c/0x500 [ 169.277304] sk_stream_alloc_skb+0xb3/0x780 [ 169.281606] tcp_sendmsg_locked+0xf61/0x3200 [ 169.285995] tcp_sendmsg+0x30/0x50 [ 169.289530] inet_sendmsg+0x122/0x500 [ 169.293309] sock_sendmsg+0xce/0x110 [ 169.297000] SYSC_sendto+0x206/0x310 [ 169.300691] SyS_sendto+0x40/0x50 [ 169.304124] do_syscall_64+0x1e8/0x640 [ 169.307990] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 169.313155] [ 169.314767] Freed by task 7543: [ 169.318029] save_stack_trace+0x16/0x20 [ 169.321979] save_stack+0x45/0xd0 [ 169.325409] kasan_slab_free+0x75/0xc0 [ 169.329288] kmem_cache_free+0x83/0x2b0 [ 169.333241] kfree_skbmem+0x8d/0x120 [ 169.336952] __kfree_skb+0x1e/0x30 [ 169.340474] tcp_remove_empty_skb.part.0+0x231/0x2e0 [ 169.345555] tcp_sendmsg_locked+0x1ced/0x3200 [ 169.350035] tcp_sendmsg+0x30/0x50 [ 169.353555] inet_sendmsg+0x122/0x500 [ 169.357334] sock_sendmsg+0xce/0x110 [ 169.361026] SYSC_sendto+0x206/0x310 [ 169.364718] SyS_sendto+0x40/0x50 [ 169.368149] do_syscall_64+0x1e8/0x640 [ 169.372017] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 169.377183] [ 169.378797] The buggy address belongs to the object at ffff888099b8a300 [ 169.378797] which belongs to the cache skbuff_fclone_cache of size 472 [ 169.392128] The buggy address is located 44 bytes inside of [ 169.392128] 472-byte region [ffff888099b8a300, ffff888099b8a4d8) [ 169.403896] The buggy address belongs to the page: [ 169.410111] page:ffffea000266e280 count:1 mapcount:0 mapping:ffff888099b8a080 index:0x0 [ 169.418238] flags: 0x1fffc0000000100(slab) [ 169.422457] raw: 01fffc0000000100 ffff888099b8a080 0000000000000000 0000000100000006 [ 169.430325] raw: ffffea000296b120 ffffea00025af6a0 ffff88821b7203c0 0000000000000000 [ 169.438199] page dumped because: kasan: bad access detected [ 169.443888] [ 169.445499] Memory state around the buggy address: [ 169.450408] ffff888099b8a200: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc [ 169.457749] ffff888099b8a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 169.465107] >ffff888099b8a300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 169.472445] ^ [ 169.477096] ffff888099b8a380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 169.484438] ffff888099b8a400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 169.491778] ================================================================== [ 169.499115] Disabling lock debugging due to kernel taint [ 169.504629] Kernel panic - not syncing: panic_on_warn set ... [ 169.504629] [ 169.511993] CPU: 0 PID: 7535 Comm: syz-executor.4 Tainted: G B 4.14.143 #0 [ 169.520119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 169.529455] Call Trace: [ 169.532016] [ 169.534149] dump_stack+0x138/0x197 [ 169.537759] ? tcp_ack+0x414f/0x4760 [ 169.541453] panic+0x1f2/0x426 [ 169.544626] ? add_taint.cold+0x16/0x16 [ 169.548583] kasan_end_report+0x47/0x4f [ 169.552534] kasan_report.cold+0x130/0x2af [ 169.556750] __asan_report_load4_noabort+0x14/0x20 [ 169.561676] tcp_ack+0x414f/0x4760 [ 169.565195] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 169.570282] ? trace_hardirqs_on+0x10/0x10 [ 169.574498] ? tcp_fastretrans_alert+0x2620/0x2620 [ 169.579408] ? lock_downgrade+0x6e0/0x6e0 [ 169.583540] tcp_rcv_established+0x3e9/0x1650 [ 169.588015] ? trace_hardirqs_on+0xd/0x10 [ 169.592158] ? save_trace+0x290/0x290 [ 169.595937] ? tcp_data_queue+0x3730/0x3730 [ 169.600257] tcp_v6_do_rcv+0x417/0x1190 [ 169.604223] tcp_v6_rcv+0x2446/0x2ed0 [ 169.608013] ? save_trace+0x290/0x290 [ 169.611807] ip6_input_finish+0x300/0x15a0 [ 169.616028] ip6_input+0xd5/0x340 [ 169.619462] ? ip6_input_finish+0x15a0/0x15a0 [ 169.623959] ? ipv6_rcv+0x16aa/0x1d20 [ 169.627748] ? ip6_rcv_finish+0x7a0/0x7a0 [ 169.631892] ip6_rcv_finish+0x23f/0x7a0 [ 169.635848] ipv6_rcv+0xe4d/0x1d20 [ 169.639368] ? put_prev_task_stop+0x358/0x400 [ 169.643841] ? ip6_input+0x340/0x340 [ 169.647533] ? __lock_is_held+0xb6/0x140 [ 169.651574] ? check_preemption_disabled+0x3c/0x250 [ 169.656568] ? ip6_make_skb+0x410/0x410 [ 169.660525] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 169.665953] ? ip6_input+0x340/0x340 [ 169.669667] __netif_receive_skb_core+0x1eae/0x2ca0 [ 169.674661] ? trace_hardirqs_on+0x10/0x10 [ 169.678875] ? enqueue_to_backlog+0xcc0/0xcc0 [ 169.683352] ? process_backlog+0x43e/0x730 [ 169.687588] ? lock_acquire+0x16f/0x430 [ 169.691544] __netif_receive_skb+0x2c/0x1b0 [ 169.695846] ? __netif_receive_skb+0x2c/0x1b0 [ 169.700321] process_backlog+0x21f/0x730 [ 169.704910] ? mark_held_locks+0xb1/0x100 [ 169.709038] net_rx_action+0x490/0xf80 [ 169.712913] ? napi_complete_done+0x4f0/0x4f0 [ 169.717388] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 169.722820] __do_softirq+0x244/0x9a0 [ 169.726613] ? ip6_finish_output2+0x9c0/0x21b0 [ 169.731174] do_softirq_own_stack+0x2a/0x40 [ 169.735473] [ 169.737690] do_softirq.part.0+0x10e/0x160 [ 169.741906] __local_bh_enable_ip+0x154/0x1a0 [ 169.746394] ip6_finish_output2+0x9f3/0x21b0 [ 169.750785] ? ip6_forward_finish+0x480/0x480 [ 169.755270] ? __lock_is_held+0xb6/0x140 [ 169.759311] ? check_preemption_disabled+0x3c/0x250 [ 169.764319] ip6_finish_output+0x4f4/0xb50 [ 169.768531] ? ip6_finish_output+0x4f4/0xb50 [ 169.772933] ip6_output+0x20f/0x6d0 [ 169.776539] ? ip6_finish_output+0xb50/0xb50 [ 169.780927] ? __lock_is_held+0xb6/0x140 [ 169.785001] ? check_preemption_disabled+0x3c/0x250 [ 169.790019] ? ip6_fragment+0x32c0/0x32c0 [ 169.794155] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 169.799588] ip6_xmit+0xd53/0x1eb0 [ 169.803112] ? ip6_finish_output2+0x21b0/0x21b0 [ 169.807933] ? ip6_dst_check+0x116/0x2c0 [ 169.811995] ? save_trace+0x290/0x290 [ 169.815774] ? ip6_append_data+0x2f0/0x2f0 [ 169.820014] ? __lock_is_held+0xb6/0x140 [ 169.824069] ? check_preemption_disabled+0x3c/0x250 [ 169.829067] inet6_csk_xmit+0x286/0x4d0 [ 169.833019] ? inet6_csk_update_pmtu+0x140/0x140 [ 169.837753] ? tcp_md5_do_lookup+0x1d3/0x530 [ 169.842143] __tcp_transmit_skb+0x172c/0x2fe0 [ 169.846618] ? __tcp_select_window+0x6e0/0x6e0 [ 169.851184] ? kvm_clock_read+0x23/0x40 [ 169.855136] ? sched_clock_cpu+0x1b/0x1c0 [ 169.859263] ? tcp_small_queue_check+0x184/0x1e0 [ 169.863997] tcp_write_xmit+0x523/0x4960 [ 169.868038] ? tcp_v6_md5_lookup+0x23/0x30 [ 169.872266] ? tcp_established_options+0x2c5/0x420 [ 169.877176] ? tcp_current_mss+0x1b1/0x2f0 [ 169.881392] __tcp_push_pending_frames+0xa6/0x260 [ 169.886214] tcp_send_fin+0x17e/0xc40 [ 169.890010] tcp_close+0xcc8/0xfb0 [ 169.893533] ? lock_acquire+0x16f/0x430 [ 169.897485] ? ip_mc_drop_socket+0x1d6/0x230 [ 169.901874] inet_release+0xec/0x1c0 [ 169.905565] inet6_release+0x53/0x80 [ 169.909273] __sock_release+0xce/0x2b0 [ 169.913139] ? __sock_release+0x2b0/0x2b0 [ 169.917264] sock_close+0x1b/0x30 [ 169.920888] __fput+0x275/0x7a0 [ 169.924146] ____fput+0x16/0x20 [ 169.927415] task_work_run+0x114/0x190 [ 169.931284] exit_to_usermode_loop+0x1da/0x220 [ 169.935844] do_syscall_64+0x4bc/0x640 [ 169.939711] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 169.944535] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 169.949720] RIP: 0033:0x4135d1 [ 169.952889] RSP: 002b:00007ffe17fa15d0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 169.960590] RAX: 0000000000000000 RBX: 000000000000000e RCX: 00000000004135d1 [ 169.968979] RDX: 0000000000000000 RSI: 0000000000000391 RDI: 000000000000000d [ 169.976229] RBP: 0000000000000001 R08: 0000000054e04395 R09: ffffffffffffffff [ 169.983761] R10: 00007ffe17fa16b0 R11: 0000000000000293 R12: 000000000075c9a0 [ 169.991036] R13: 000000000075c9a0 R14: 00000000007618f0 R15: ffffffffffffffff [ 169.999658] Kernel Offset: disabled [ 170.003285] Rebooting in 86400 seconds..