Warning: Permanently added '10.128.10.9' (ECDSA) to the list of known hosts.
2018/11/12 02:47:54 fuzzer started
2018/11/12 02:47:59 dialing manager at 10.128.0.26:42475
2018/11/12 02:47:59 syscalls: 1
2018/11/12 02:47:59 code coverage: enabled
2018/11/12 02:47:59 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2018/11/12 02:47:59 setuid sandbox: enabled
2018/11/12 02:47:59 namespace sandbox: enabled
2018/11/12 02:47:59 Android sandbox: /sys/fs/selinux/policy does not exist
2018/11/12 02:47:59 fault injection: enabled
2018/11/12 02:47:59 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2018/11/12 02:47:59 net packed injection: enabled
2018/11/12 02:47:59 net device setup: enabled
02:50:47 executing program 0:
r0 = syz_open_dev$dri(&(0x7f0000000180)='/dev/dri/card#\x00', 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000200)={&(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)})

syzkaller login: [  255.375663] IPVS: ftp: loaded support on port[0] = 21
[  257.879891] bridge0: port 1(bridge_slave_0) entered blocking state
[  257.887070] bridge0: port 1(bridge_slave_0) entered disabled state
[  257.896019] device bridge_slave_0 entered promiscuous mode
[  258.055068] bridge0: port 2(bridge_slave_1) entered blocking state
[  258.061564] bridge0: port 2(bridge_slave_1) entered disabled state
[  258.070365] device bridge_slave_1 entered promiscuous mode
[  258.217804] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  258.358841] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  258.808567] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  258.958156] bond0: Enslaving bond_slave_1 as an active interface with an up link
02:50:52 executing program 1:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r0, 0x20000000008912, &(0x7f0000000200)="0a5c2d0240316285717070")
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128l\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
accept4(r1, &(0x7f0000000500)=@ipx, &(0x7f00000001c0)=0x80, 0x0)

[  259.249117] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  259.256571] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  259.970990] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  259.979323] team0: Port device team_slave_0 added
[  260.073043] IPVS: ftp: loaded support on port[0] = 21
[  260.211050] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  260.219406] team0: Port device team_slave_1 added
[  260.449650] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  260.456937] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  260.466117] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  260.650171] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  260.657345] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  260.666602] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  260.881275] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  260.889381] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  260.898848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  261.199900] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  261.207886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  261.217381] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  262.240893] ip (6704) used greatest stack depth: 53216 bytes left
[  264.008347] bridge0: port 2(bridge_slave_1) entered blocking state
[  264.014959] bridge0: port 2(bridge_slave_1) entered forwarding state
[  264.021946] bridge0: port 1(bridge_slave_0) entered blocking state
[  264.028595] bridge0: port 1(bridge_slave_0) entered forwarding state
[  264.037602] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  264.102256] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  264.197573] bridge0: port 1(bridge_slave_0) entered blocking state
[  264.204084] bridge0: port 1(bridge_slave_0) entered disabled state
[  264.212875] device bridge_slave_0 entered promiscuous mode
[  264.489822] bridge0: port 2(bridge_slave_1) entered blocking state
[  264.496494] bridge0: port 2(bridge_slave_1) entered disabled state
[  264.505544] device bridge_slave_1 entered promiscuous mode
[  264.669450] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  264.873161] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  265.573028] bond0: Enslaving bond_slave_0 as an active interface with an up link
02:50:58 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c)
sendmmsg(r0, &(0x7f0000007e00), 0x4000000000000f4, 0x7ffffff7)

[  265.738898] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  266.336118] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  266.343177] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  266.642397] IPVS: ftp: loaded support on port[0] = 21
[  267.308885] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  267.317173] team0: Port device team_slave_0 added
[  267.655476] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  267.663794] team0: Port device team_slave_1 added
[  267.939240] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  267.946395] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  267.955473] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  268.249048] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  268.256290] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  268.265286] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  268.549876] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  268.557658] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  268.566811] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  268.896203] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  268.905172] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  268.914172] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  271.699487] bridge0: port 1(bridge_slave_0) entered blocking state
[  271.706146] bridge0: port 1(bridge_slave_0) entered disabled state
[  271.714977] device bridge_slave_0 entered promiscuous mode
[  272.029061] bridge0: port 2(bridge_slave_1) entered blocking state
[  272.035653] bridge0: port 2(bridge_slave_1) entered disabled state
[  272.044207] device bridge_slave_1 entered promiscuous mode
[  272.232559] bridge0: port 2(bridge_slave_1) entered blocking state
[  272.239158] bridge0: port 2(bridge_slave_1) entered forwarding state
[  272.246266] bridge0: port 1(bridge_slave_0) entered blocking state
[  272.252762] bridge0: port 1(bridge_slave_0) entered forwarding state
[  272.261774] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  272.322171] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  272.528367] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  273.204765] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  273.536947] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  273.840901] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  274.146884] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  274.165992] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  274.446752] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  274.453826] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
02:51:08 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x4, 0x4, 0x4, 0xfab}, 0x2c)
close(r0)

[  275.400464] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  275.408706] team0: Port device team_slave_0 added
[  275.749975] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  275.758302] team0: Port device team_slave_1 added
[  276.113524] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  276.120774] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  276.129810] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  276.156948] 8021q: adding VLAN 0 to HW filter on device bond0
[  276.298158] IPVS: ftp: loaded support on port[0] = 21
[  276.468332] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  276.476084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  276.485510] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  276.831739] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  276.839571] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  276.848975] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  277.279139] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  277.287063] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  277.296173] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  277.618348] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  278.968261] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  278.974885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  278.982946] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  280.466941] 8021q: adding VLAN 0 to HW filter on device team0
[  281.253779] bridge0: port 2(bridge_slave_1) entered blocking state
[  281.260359] bridge0: port 2(bridge_slave_1) entered forwarding state
[  281.267443] bridge0: port 1(bridge_slave_0) entered blocking state
[  281.273918] bridge0: port 1(bridge_slave_0) entered forwarding state
[  281.282954] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  281.931595] bridge0: port 1(bridge_slave_0) entered blocking state
[  281.938331] bridge0: port 1(bridge_slave_0) entered disabled state
[  281.947028] device bridge_slave_0 entered promiscuous mode
[  282.165733] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  282.294420] bridge0: port 2(bridge_slave_1) entered blocking state
[  282.301191] bridge0: port 2(bridge_slave_1) entered disabled state
[  282.309952] device bridge_slave_1 entered promiscuous mode
[  282.694900] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  283.027251] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  284.002494] ip (7158) used greatest stack depth: 53072 bytes left
[  284.179799] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  284.526242] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  284.884290] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  284.891738] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  285.259766] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  285.266940] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  286.431686] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  286.439967] team0: Port device team_slave_0 added
[  286.818542] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  286.826821] team0: Port device team_slave_1 added
[  286.917045] 8021q: adding VLAN 0 to HW filter on device bond0
[  287.180008] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  287.187239] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  287.196152] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  287.599105] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  287.606849] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  287.615879] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
02:51:20 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070")
set_mempolicy(0x2, &(0x7f0000000600)=0x7, 0x1ff)
socket$inet6(0xa, 0x1000000000002, 0x0)

[  288.087917] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  288.095653] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  288.104778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  288.521634] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  288.561584] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  288.569763] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  288.578852] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
02:51:22 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket(0x11, 0x4000000000080002, 0x0)
ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000140)={'bridge0\x00', 0xe2ab})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'ip6_vti0\x00', <r1=>0x0})
setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000003dc0)=0x4, 0x4)
bind$packet(r0, &(0x7f0000000200)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x14)
sendmmsg$inet_sctp(r0, &(0x7f0000871fc8)=[{&(0x7f000086c000)=@in6={0xa, 0x3580, 0x2}, 0x1c, &(0x7f0000d1e000), 0x0, &(0x7f0000dda000)}], 0x492492492492510, 0x0)
bind$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x9, r1, 0x1, 0x1000, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x14)

[  289.361700] IPVS: ftp: loaded support on port[0] = 21
[  290.148494] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  290.154988] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  290.163114] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
02:51:23 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket(0x11, 0x4000000000080002, 0x0)
ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000140)={'bridge0\x00', 0xe2ab})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'ip6_vti0\x00', <r1=>0x0})
setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000003dc0)=0x4, 0x4)
bind$packet(r0, &(0x7f0000000200)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x14)
sendmmsg$inet_sctp(r0, &(0x7f0000871fc8)=[{&(0x7f000086c000)=@in6={0xa, 0x3580, 0x2}, 0x1c, &(0x7f0000d1e000), 0x0, &(0x7f0000dda000)}], 0x492492492492510, 0x0)
bind$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x9, r1, 0x1, 0x1000, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x14)

02:51:24 executing program 0:
r0 = dup3(0xffffffffffffffff, 0xffffffffffffff9c, 0x80000)
ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000000100)={0x0, 0xd, &(0x7f0000000000)="43c1fe60676ebf66c59b459e3a"})
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r1, 0x0, &(0x7f0000000080)="0a5c2d0240317f00000070")
clock_gettime(0x8, &(0x7f0000000040))
ioctl$SNDRV_TIMER_IOCTL_PAUSE(r0, 0x54a3)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer2\x00', 0x0, 0x0)
pwrite64(r1, &(0x7f0000000180)="2e593a4c30004f8d47de837bc021f52df8ff23d1401fc0ca7ee9fa8d5328d5ef3daf0b8756c8ae96b05de870bdfa6bf3693a867ab2c96b6a7391896593ac97f037cbc6f466e4604146d4468abc1e1602bf9e7b8ce581e621b480b72062b388f5836e6fbd1e4754d62f55ac9834958ec2da91ffe8fa92ef85", 0x78, 0x1)
ioctl$TIOCLINUX6(r1, 0x541c, &(0x7f00000000c0)={0x6, 0x3})

02:51:24 executing program 0:
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={&(0x7f0000000200), &(0x7f0000000240)}}, &(0x7f00000002c0))
r0 = syz_open_dev$dspn(&(0x7f0000000100)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/7, 0x7}], 0x1)
r1 = gettid()
getsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f00000001c0)=""/73, &(0x7f00000000c0)=0x49)
ioctl$int_in(r0, 0x80000080045006, &(0x7f0000000040))
syz_open_dev$sndpcmc(&(0x7f0000000140)='/dev/snd/pcmC#D#c\x00', 0xffff, 0x7)
timer_settime(0x0, 0x0, &(0x7f00000016c0)={{}, {0x0, 0x989680}}, &(0x7f0000001680))
tkill(r1, 0x15)

[  292.022693] 8021q: adding VLAN 0 to HW filter on device team0
02:51:25 executing program 0:
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={&(0x7f0000000200), &(0x7f0000000240)}}, &(0x7f00000002c0))
r0 = syz_open_dev$dspn(&(0x7f0000000100)='/dev/dsp#\x00', 0x1, 0x0)
readv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/7, 0x7}], 0x1)
r1 = gettid()
getsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f00000001c0)=""/73, &(0x7f00000000c0)=0x49)
ioctl$int_in(r0, 0x80000080045006, &(0x7f0000000040))
syz_open_dev$sndpcmc(&(0x7f0000000140)='/dev/snd/pcmC#D#c\x00', 0xffff, 0x7)
timer_settime(0x0, 0x0, &(0x7f00000016c0)={{}, {0x0, 0x989680}}, &(0x7f0000001680))
tkill(r1, 0x15)

[  293.757233] bridge0: port 2(bridge_slave_1) entered blocking state
[  293.763739] bridge0: port 2(bridge_slave_1) entered forwarding state
[  293.770820] bridge0: port 1(bridge_slave_0) entered blocking state
[  293.777389] bridge0: port 1(bridge_slave_0) entered forwarding state
[  293.786196] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  293.805823] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
02:51:27 executing program 0:
r0 = socket$inet(0x2, 0x3, 0x8)
setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000100)={@multicast2, @loopback, 0x0, 0x3, [@broadcast, @local, @broadcast]}, 0x1c)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000080)={@multicast2, @loopback}, 0x10)
ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r0, 0x40405515, &(0x7f0000000000)={0x1, 0x5, 0x3, 0xe068, 'syz0\x00', 0x3f})
getsockname$inet(r0, &(0x7f0000000040)={0x2, 0x0, @remote}, &(0x7f00000000c0)=0x10)

02:51:27 executing program 0:
r0 = userfaultfd(0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0xe})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000913000)={{&(0x7f00004b3000/0x5000)=nil, 0x5000}, 0x1})
madvise(&(0x7f00004b6000/0x4000)=nil, 0x4000, 0x12)
clone(0x0, &(0x7f00000001c0), &(0x7f0000001ffc), &(0x7f0000001000), &(0x7f00000000c0))
syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x3f, 0x80)

02:51:29 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f798058439ed554fa07424ab9b3f8683ecf89dee901d2da75c01f0200f58d26d7a071fb35331ce39c5aeeff5083cf07dd46455c914d4aff1e7cf7ed57c0c2056f5ca9fcf03cbf82bd13534737339245d3c70641be6281d7e1b4b7099114c571872298dd7f2120e2b6fa2a2e2a2c9c6e0034750b7961fa2c1584c0b5a500ae0ac39bc76a78d9158266759f766a3e8c84c09cf3ad8882947ffa1fb4c050727beb12c57e06ff590000000000000000000000000000008924578ad49ea1144c7448d640aa88a66a71b77d73a924ff027fdcb550161653d4cb57088385248286f5be9d8766c70c29e6f5063dfe74a1b0b52079159048210b4d271ac94c889b063ca34a09579af03631f128e6dd2c966daecd7c6f7e0f4ebcaf80250cfab07184838078c71d809d06dc0bac75db814525d1d1acaf4cb6f4890f397382ae636697f688094e38db5c22770f53076c630df9bb4c149189ffa975f52087311c5baafc11c90bdc25fc803b71153ddc3995b2df49cdd784bc5bea40861070dadb395e85c93cdfa08e")
mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0xfffffffffffffffc, 0x12, r0, 0x0)
setsockopt$IP6T_SO_SET_ADD_COUNTERS(r0, 0x29, 0x41, &(0x7f0000000280)={'security\x00', 0x3, [{}, {}, {}]}, 0x58)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
getsockopt$inet_int(r1, 0x10d, 0xd2, &(0x7f0000000000), &(0x7f0000000240)=0x1c9)

[  296.391355] bridge0: port 1(bridge_slave_0) entered blocking state
[  296.397990] bridge0: port 1(bridge_slave_0) entered disabled state
[  296.406801] device bridge_slave_0 entered promiscuous mode
[  296.802813] bridge0: port 2(bridge_slave_1) entered blocking state
[  296.809567] bridge0: port 2(bridge_slave_1) entered disabled state
[  296.818322] device bridge_slave_1 entered promiscuous mode
[  297.199980] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  297.609159] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  297.996453] 8021q: adding VLAN 0 to HW filter on device bond0
[  298.713222] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  299.153834] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  299.268351] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  299.561393] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  299.568589] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  299.949197] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  299.956518] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  300.586426] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  300.592895] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  300.601121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  301.063868] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  301.072752] team0: Port device team_slave_0 added
[  301.414181] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  301.422733] team0: Port device team_slave_1 added
02:51:34 executing program 1:
r0 = socket$pppoe(0x18, 0x1, 0x0)
socketpair$unix(0x1, 0x4, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0x2, @dev={[], 0xa}, 'lo\x00'}}, 0xffffffffffffff23)
socket$l2tp(0x18, 0x1, 0x1)
sendto(r0, &(0x7f00000001c0), 0x0, 0x0, &(0x7f00000000c0)=@pppoe={0x18, 0x0, {0x0, @local, 'ip6gretap0\x00'}}, 0x80)
recvmmsg(r0, &(0x7f0000000b00)=[{{0x0, 0xfffffffffffffd6b, &(0x7f0000000800), 0x0, &(0x7f0000000880)=""/209, 0xd1}}, {{&(0x7f0000000980)=@hci, 0xc, &(0x7f00000009c0), 0xa3, &(0x7f0000000a00)=""/240, 0xf0}}], 0x2d5, 0x2042, &(0x7f0000000b80)={0x77359400})

[  301.808130] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  301.815442] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  301.824274] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  302.112063] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  302.119428] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  302.128347] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  302.153584] 8021q: adding VLAN 0 to HW filter on device team0
[  302.507884] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  302.515712] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  302.524835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  302.777821] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  302.785716] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  302.795079] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  305.238637] bridge0: port 2(bridge_slave_1) entered blocking state
[  305.245252] bridge0: port 2(bridge_slave_1) entered forwarding state
[  305.252228] bridge0: port 1(bridge_slave_0) entered blocking state
[  305.258881] bridge0: port 1(bridge_slave_0) entered forwarding state
[  305.267806] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  305.274409] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  307.044898] 8021q: adding VLAN 0 to HW filter on device bond0
02:51:40 executing program 2:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x33f, 0x4)
setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000100)=0x7, 0x4)
r1 = syz_open_dev$mouse(&(0x7f0000000080)='/dev/input/mouse#\x00', 0x1, 0x10080)
ioctl$TCSBRK(r1, 0x5409, 0x7)
sendto$inet6(r0, &(0x7f00000000c0), 0x0, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x8, @dev}, 0x1c)

[  307.873987] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  308.505750] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  308.512175] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  308.520474] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  309.085855] 8021q: adding VLAN 0 to HW filter on device team0
[  312.311942] 8021q: adding VLAN 0 to HW filter on device bond0
[  312.686716] hrtimer: interrupt took 57614 ns
[  312.784977] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
02:51:45 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/ip_tables_targets\x00')
ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f00000005c0)=ANY=[@ANYPTR=&(0x7f0000000000)=ANY=[@ANYRESDEC=r0], @ANYPTR64=&(0x7f0000000040)=ANY=[@ANYRES32=r0, @ANYRES64=r0], @ANYRES16=r0, @ANYRESDEC, @ANYRES32=r0, @ANYPTR64=&(0x7f0000000140)=ANY=[@ANYRESOCT=r0, @ANYRESOCT=r0, @ANYRESOCT=r0], @ANYRESOCT=r0, @ANYPTR=&(0x7f0000000200)=ANY=[@ANYRES64=r0, @ANYRESDEC, @ANYPTR=&(0x7f0000000400)=ANY=[@ANYRES32=r0, @ANYRESDEC, @ANYRES64=r0, @ANYBLOB="8cb796bf617f16335fe9c3425471fdeab15433c00a96a806faac64a75ad22f694bab340e8e5b3981ffbce1808cb4b040da65d160b34d0972f3c7323469bad0ef53c36ac81f509e72efdae5e0ca22da0d907a9e16915eb27807e224332bf844824169faac88488399e64a1853c6c644e1cced20495c909545127ab8f47fa0163b915caf24749cad3b8392ed454c9b277bf82a34cdc513039bdedb50d6e2f9456d4fab024524b93b0fb5af908ae75aac3bc40b7baaeeb4c5090b0656872d375635c9a4354351004921b567e086", @ANYRESOCT=r0], @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYRES16=r0, @ANYRESDEC=r0, @ANYRES16=r0, @ANYPTR, @ANYRES16=0x0, @ANYRESHEX=r0, @ANYPTR64], @ANYRESOCT=r0, @ANYRES16=0x0]])
ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r0, 0x408c5333, &(0x7f0000000080)={0x7ff, 0x47364796, 0x100, 'queue1\x00', 0x3ff})

[  313.244889] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  313.251130] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  313.259286] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  313.550620] 8021q: adding VLAN 0 to HW filter on device team0
02:51:48 executing program 2:
openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/exec\x00', 0x2, 0x0)
syz_emit_ethernet(0x3e, &(0x7f00000001c0)={@local, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, "50a09c", 0x8, 0x0, 0x0, @remote, @local, {[], @udp={0x0, 0x500, 0x8}}}}}}, &(0x7f0000000040))

02:51:48 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
socketpair$inet6_icmp_raw(0xa, 0x3, 0x3a, &(0x7f0000000000))
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000300)=[@text16={0x10, &(0x7f0000000340)="643e67660f3a61ca9bbaf80c66b8bc5d158866efbafc0c66ed66b9800000c00f326635001000000f30f40f38c94bf80f380b5775260f01ca0f21360f180ad810", 0x40}], 0x2d3, 0x0, &(0x7f0000000280), 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

02:51:48 executing program 3:
r0 = syz_open_dev$sndseq(&(0x7f0000dcc000)='/dev/snd/seq\x00', 0x0, 0x2)
read(r0, &(0x7f0000000180)=""/28, 0x1c)
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000418f50)={{0x80}, "0a4ceaa05d9a00000000000000039b3fd4cec307e8ef3d13eb790ec9c65abaf90d229db692542e5b78f8b29e0a27800f0000000000000009fb42f376589701a4", 0xa9824f69d1376637, 0x10800a})
r1 = dup3(r0, r0, 0x80000)
ioctl$SNDRV_RAWMIDI_IOCTL_STATUS(r1, 0xc0385720, &(0x7f0000000080)={0x1, {}, 0x80000001, 0x200})
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf})
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000280)={0xdb6, 0x0, 0x0, "717565756531000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d833bdf00", 0x51b1})
write$sndseq(r0, &(0x7f0000000240), 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer2\x00', 0x0, 0x0)

02:51:48 executing program 5:
r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x10001, 0x24001)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f00000000c0)={0x10, 0x30, 0xfa00, {&(0x7f0000000080)={<r1=>0xffffffffffffffff}, 0x3, {0xa, 0x4e21, 0x1f, @mcast1, 0x200000000}}}, 0x38)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000100)={0x11, 0x10, 0xfa00, {&(0x7f0000000040), r1}}, 0x18)
rmdir(&(0x7f0000000140)='./file0\x00')
getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000000180)={<r2=>0x0, 0xe2, "a26d3facd12d37f72ccd13b4696b082ca0b123439e2eada7dac265714e114cc0796812837b4faa196af5f318f1829e72815f3b14fee48b3327ec66a96af5240a1efe65551508447b06647a980285f5e304aedc065cd0ca12be34da2f8b78975b76191f4cb2fa23f88b20d60dde354f0b844980cbd2f3abc24a04936e3001101b27ea8883451b8fb876a1acfb0b5856ff6ce0b2d5aa1c9cfaee5ccb2a0479923a70db6c1d39dc1e7ba5eb9aef64422d00bf2b10f5744a1d38b0d2f68a2ed02f04915957650a0d6410322efb5a6a50ffcea403666b5956414cae0d11dd085c31168ca3"}, &(0x7f0000000280)=0xea)
getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f00000002c0)={r2, 0x5}, &(0x7f0000000300)=0x8)
fcntl$setflags(r0, 0x2, 0x1)
bind$unix(r0, &(0x7f0000000340)=@file={0x1, './file0\x00'}, 0x6e)
r3 = openat(r0, &(0x7f00000003c0)='./file0\x00', 0x80, 0x84)
r4 = syz_open_dev$sndtimer(&(0x7f0000000400)='/dev/snd/timer\x00', 0x0, 0x0)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000440)={r2, @in6={{0xa, 0x4e21, 0xfffffffffffffff8, @ipv4={[], [], @multicast2}, 0x1}}, 0x200, 0x5, 0x3, 0xb83, 0x9}, &(0x7f0000000500)=0x98)
r5 = add_key$keyring(&(0x7f0000000540)='keyring\x00', &(0x7f0000000580)={'syz', 0x3}, 0x0, 0x0, 0x0)
r6 = add_key(&(0x7f0000000640)='id_resolver\x00', &(0x7f0000000680)={'syz', 0x1}, &(0x7f00000006c0)="adb979614f4ad4fb8e7307c68d56b9d129dc88c66233f7724f20f68a0962899d1f5b2d157dd7060ede80ea243ea9883a2b2b375083b90074d81bba7151b259df434517b7a94e5e801c54bafca389be4bff8b1e33a09522ffed7f3573b569d15b35e9ff8fc1f4766f9fd0d6f9d86e06879b0b97ddaf3e3311d44577c062d949bd2f8080ef53", 0x85, 0xfffffffffffffffd)
keyctl$search(0xa, r5, &(0x7f00000005c0)='cifs.spnego\x00', &(0x7f0000000600)={'syz', 0x1}, r6)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f00000007c0)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000780)={<r7=>0xffffffffffffffff}, 0x111, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_LISTEN(r3, &(0x7f0000000800)={0x7, 0x8, 0xfa00, {r7, 0x7e1ea61e}}, 0x10)
ioctl$sock_inet_tcp_SIOCINQ(r0, 0x541b, &(0x7f0000000840))
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r4, 0xc4c85512, &(0x7f0000000880)={{0x6, 0x5, 0x0, 0x3, '\x00', 0x1}, 0x0, [0x10001, 0x6294, 0x7fffffff, 0x8, 0x3ff, 0x2, 0x5caacff, 0x0, 0x7, 0x1, 0x9, 0x0, 0x9, 0x7, 0x5, 0xfffffffffffffffd, 0x0, 0x100, 0x7, 0x7, 0x8000, 0x3f, 0x437, 0x8, 0x6, 0xffff, 0x4, 0xffff, 0xb37, 0x10001, 0xf47, 0x4, 0x401, 0x8, 0x3040, 0x400, 0xffffffffffffe290, 0x80000000, 0x4, 0x8, 0x4100, 0xfff, 0x4, 0xf8d, 0x10000, 0x5, 0x40, 0x7, 0x2, 0x9, 0x6, 0x4, 0xc6, 0x800, 0xe5f, 0x23, 0x8, 0x18, 0x0, 0x2, 0x81, 0xed35, 0xad06, 0x800, 0x1, 0xc3a, 0x6, 0x7f, 0xdc8b, 0xec, 0x80000000000, 0x20, 0x4, 0x1, 0x6, 0x1ff, 0x703, 0x8, 0x40, 0x10001, 0x9, 0x6, 0x401, 0x7f, 0x3a4, 0xa760, 0x894, 0x80, 0x3, 0x9, 0x800000000, 0x1, 0x9, 0x4, 0xb4e, 0x80000000, 0x2, 0x9, 0x2, 0x247, 0xfa5b, 0x100, 0x8, 0x7, 0xfbca, 0x7fffffff, 0x0, 0x10000, 0xd14f, 0x1, 0x3, 0x3, 0x3, 0x3, 0x6, 0x3, 0x101, 0x1, 0x5, 0x5, 0x3ff, 0xb0, 0x5, 0xbf, 0x6, 0x7, 0x4, 0x7ff]})
r8 = getpgid(0xffffffffffffffff)
get_robust_list(r8, &(0x7f0000000ec0)=&(0x7f0000000e80)={&(0x7f0000000dc0)={&(0x7f0000000d80)}, 0x0, &(0x7f0000000e40)={&(0x7f0000000e00)}}, &(0x7f0000000f00)=0x18)
setxattr$trusted_overlay_redirect(&(0x7f0000000f40)='./file0\x00', &(0x7f0000000f80)='trusted.overlay.redirect\x00', &(0x7f0000000fc0)='./file0\x00', 0x8, 0x1)
setxattr$security_smack_transmute(&(0x7f0000001000)='./file0\x00', &(0x7f0000001040)='security.SMACK64TRANSMUTE\x00', &(0x7f0000001080)='TRUE', 0x4, 0x1)
r9 = openat$sequencer(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/sequencer\x00', 0x30000, 0x0)
ioctl$KVM_GET_EMULATED_CPUID(r9, 0xc008ae09, &(0x7f0000001100)=""/145)
fcntl$F_GET_FILE_RW_HINT(r0, 0x40d, &(0x7f00000011c0))
ioctl$sock_inet6_udp_SIOCINQ(r3, 0x541b, &(0x7f0000001200))
r10 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000001240)='/dev/sequencer\x00', 0x400, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r10, &(0x7f00000012c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000001280), 0x2, 0x3}}, 0x20)
setsockopt$IP_VS_SO_SET_EDITDEST(r9, 0x0, 0x489, &(0x7f0000001300)={{0x87, @dev={0xac, 0x14, 0x14, 0x18}, 0x4e23, 0x1, 'rr\x00', 0x29, 0x3, 0x50}, {@local, 0x4e22, 0x0, 0x0, 0x7fffffff}}, 0x44)

02:51:48 executing program 0:
r0 = socket(0x2, 0x1, 0x1)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00')
sendmsg$IPVS_CMD_NEW_SERVICE(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x90, r1, 0x10, 0x70bd2d, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7}, @IPVS_CMD_ATTR_DAEMON={0x18, 0x3, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x33}, @IPVS_CMD_ATTR_SERVICE={0x4c, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0xc}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x76}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x1d}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e23}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'nq\x00'}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x9}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x55}]}]}, 0x90}, 0x1, 0x0, 0x0, 0x40}, 0x8001)
r2 = socket$inet6(0xa, 0x1, 0x8010000000000084)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
listen(r2, 0x4)
accept4(r2, 0x0, &(0x7f0000000040), 0x0)
r4 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000280)={<r5=>0x0, @in={{0x2, 0x4e23, @loopback}}, 0x7ff, 0x80000000, 0x7, 0xffff, 0xfffffffffffffff7}, &(0x7f0000000340)=0x98)
getsockopt$inet_sctp_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f0000000380)={r5, 0x0, 0x54b, 0x4}, &(0x7f00000003c0)=0x10)
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f00000000c0))
tkill(r4, 0x1104000000016)

02:51:48 executing program 1:
r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm-control\x00', 0x0, 0x0)
ioctl$PIO_FONTX(r0, 0x4b6c, &(0x7f0000000140)="3bc1ee43d844277f58d52705becb947107a3f9dcc1e2284177499f0c4b7baaf08f6e33fcddbdc42a604f1079167b2c23bfef26004d6fb972017e8793757f7214020926aabb8601a874d36f0af0506532bbfff1c99cdd0e20b66d00acabdb82f567fd03bb0b44343c50c0ce03e5e8f846e1fa85cde6411808b1cb761b0cf2539246565b6619eb21c0d3d7070831dd53cd54970b9c65f318fd322604c664d628265b918cb8bb6c16110da0b332bca8dffc8d271801ecb71ab528a5b4")
shmctl$SHM_UNLOCK(0x0, 0xc)
r1 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x7, 0x101000)
ioctl$GIO_SCRNMAP(r1, 0x4b40, &(0x7f00000000c0)=""/4)
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r1, 0xc4c85513, &(0x7f0000000200)={{0x6, 0x6, 0x101, 0x5, 'syz0\x00', 0x9}, 0x0, [0x5, 0x770, 0x8001, 0x9e, 0x4a8, 0x2, 0x10000, 0x5, 0x6, 0x401, 0x0, 0x100, 0x6, 0x0, 0xfffffffffffffffe, 0x800, 0x2, 0x8, 0x1, 0x8000, 0x0, 0x80000001, 0x9, 0x7, 0x9, 0xffffffffffffff7f, 0x5, 0x3, 0x80000001, 0x6, 0x8001, 0xffffffffffffff00, 0x6, 0x7f, 0x3, 0x6, 0x1, 0x6, 0x1, 0x6, 0x7, 0x100, 0x2, 0x9, 0x20, 0x6e13, 0x9, 0x7, 0x6, 0xb0, 0x9, 0x6, 0x1, 0x8, 0x100000000, 0x98bc, 0xaa9ad92, 0x40, 0x1, 0x5, 0x6, 0x8001, 0x88dc, 0x7fffffff, 0x8, 0x3, 0x3, 0x3, 0x5e, 0x400, 0xfffffffffffffffd, 0x7, 0x8001, 0x10000, 0x23, 0x9, 0x9, 0x7, 0x100, 0x636, 0xffffffff00000001, 0x0, 0x6, 0x7fff, 0x5e, 0x7, 0x40, 0x170, 0xd1f, 0x3, 0x4, 0xfffffffffffffff8, 0x20000000000, 0x8001, 0x100000000, 0x8000, 0x5, 0x1a0, 0x2, 0x1, 0x5, 0x5, 0x92, 0x200, 0x10001, 0x8, 0x5, 0x15a, 0xa95, 0xfffffffffffffff7, 0x3, 0x400, 0x2, 0x200, 0xfffffffffffffffb, 0xffffffffffffff05, 0x5, 0x5017, 0x5, 0x6, 0x1f, 0x8, 0xffff, 0xffffffffffffff80, 0x8, 0x0, 0xd9], {0x0, 0x1c9c380}})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r1, 0x402c5342, &(0x7f0000000040)={0x100, 0x7, 0x2, {0x0, 0x1c9c380}, 0x3, 0xffffffffffff8001})

02:51:48 executing program 2:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000180)='/dev/null\x00', 0x40, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r1, 0xc0045540, &(0x7f00000001c0))
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x4300, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r2, 0x10e, 0x2, &(0x7f00000000c0)=0x2, 0x4)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000040)={<r3=>0x0, 0x8, 0x30}, &(0x7f0000000080)=0xc)
getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000100)={r3, 0x100000000}, &(0x7f0000000140)=0x8)
write(r0, &(0x7f00000000c0), 0xfec9)

[  315.796785] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details.
02:51:48 executing program 1:
r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x8a001, 0x0)
write$P9_RSTATu(r0, &(0x7f0000000300)={0x94, 0x7d, 0x0, {{0x0, 0x66, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0xa, '/dev/ptmx\x00', 0x1d, 'self)%@trusted{GPLuservmnet1!', 0xa, '/dev/ptmx\x00', 0x2, '[\x00'}, 0x19, 'vmnet0vmnet0-wlan1-system'}}, 0x94)
ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000040)=""/7)
ioctl$RNDCLEARPOOL(r0, 0x5206, &(0x7f0000000080)=0x2)

02:51:49 executing program 3:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_buf(r0, 0x0, 0x20, &(0x7f0000000040)="bb531a6c51c180c3497b179b", 0xc)
socket$inet_udp(0x2, 0x2, 0x0)

02:51:49 executing program 4:
r0 = socket$inet6(0x10, 0x3, 0x0)
setsockopt$inet6_dccp_buf(r0, 0x21, 0x2, &(0x7f0000000180)="194725882d879ee9ad0dfb33b39629f8a12e6937ee822bf514baeda73dd256de4b5d4ebb4ee97f5595e3d7e95868a3f10df148edceaf116a65e6038669839e616bb808d9582960ce1b55f8dcb3b3629651a56e7c365b7acde7cc0d9dde5930", 0x5f)
r1 = syz_open_dev$amidi(&(0x7f0000000100)='/dev/amidi#\x00', 0xfff, 0x40)
ioctl$sock_bt_hidp_HIDPGETCONNINFO(r1, 0x800448d3, &(0x7f0000000200)={{0x1, 0xa27, 0xffffffffffffffe0, 0x5a3, 0x47, 0x1ff}, 0x1, 0x7ff, 0x1, 0x2, 0x1, "46ea0f8b85e279d933b7c0bac3f360c25b34e2b9751f3c8e675589b04927661d9b7409f1afab62b886c7b812fa73408fbd8f40d226afde32bb1eaba46ffb497875c63094fd2670fc7bcca0dabe250a12f9ab6ed5fdf615b418799ae3ddaa902455419ef41f073e2644e6f33845609d3b822ff1f36781f8c51b8ce1d2666b7642"})
sendmsg(r0, &(0x7f000000bfc8)={&(0x7f0000000000)=@nl=@proc, 0x80, &(0x7f0000002000), 0x0, &(0x7f0000000080)=[{0x60, 0x102, 0x8, "40c9e7c8d97f4bca3a353f38ed651329d61969c6416a4caa46bbadfa06110d038336723a99fac9f89a29056c4073f3aa9777cb3eec5700a84f706f1ad43c03bc4afc104180bcf45a6d595b15fe3c54a8"}], 0x60, 0x2}, 0x8000)

02:51:49 executing program 2:
r0 = syz_open_dev$video(&(0x7f0000000480)='/dev/video#\x00', 0x0, 0x0)
r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x46080)
ioctl$KVM_SET_BOOT_CPU_ID(r1, 0xae78, &(0x7f0000000040))
ioctl$VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000100)={0x0, 0xb, 0x4, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "9bf53a42"}, 0x0, 0x0, @userptr, 0x4})

02:51:49 executing program 1:
clone(0x41ab, 0x0, 0xfffffffffffffffe, &(0x7f0000000040), 0xffffffffffffffff)
r0 = getpid()
rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000000c0))
r1 = msgget$private(0x0, 0x204)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f0000000180)={{{@in6, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in=@rand_addr}, 0x0, @in6=@loopback}}, &(0x7f0000000540)=0xe8)
getgroups(0x3, &(0x7f00000002c0)=[<r3=>0xee01, 0x0, 0xee01])
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000000300)={{{@in=@rand_addr, @in=@rand_addr, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in6}, 0x0, @in=@loopback}}, &(0x7f0000000400)=0xe8)
r5 = getgid()
msgctl$IPC_SET(r1, 0x1, &(0x7f0000000440)={{0xffff, r2, r3, r4, r5, 0x0, 0x80000000000000}, 0x1, 0x2, 0x0, 0x7fff, 0x0, 0x2, r0, r0})
ptrace(0x10, r0)
ptrace$getregset(0x4204, r0, 0x201, &(0x7f0000000080)={&(0x7f0000000040)})
lsetxattr$security_selinux(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)='security.selinux\x00', &(0x7f0000000140)='system_u:object_r:var_spool_t:s0\x00', 0x21, 0x1)
r6 = syz_open_dev$sndpcmc(&(0x7f00000004c0)='/dev/snd/pcmC#D#c\x00', 0x4, 0x181000)
openat$cgroup_ro(r6, &(0x7f0000000500)='cgroup.events\x00', 0x0, 0x0)

02:51:49 executing program 3:
r0 = syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x0)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/sync_sock_size\x00', 0x2, 0x0)
setsockopt$inet6_tcp_buf(r1, 0x6, 0x0, &(0x7f00000002c0)="4d602b2623bd73c0381f4c5f0e4482", 0xf)
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000240)='/dev/vga_arbiter\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$VIDIOC_G_JPEGCOMP(r1, 0x808c563d, &(0x7f0000000540))
ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r0, 0xc0a85320, &(0x7f0000000300)={{0x80}, 'port0\x00', 0x0, 0x0, 0x0, 0x8})
pipe2(&(0x7f0000000200)={<r3=>0xffffffffffffffff}, 0x80000)
ioctl$BLKBSZGET(r3, 0x80081270, &(0x7f0000000100))
ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0x40505330, &(0x7f0000000080)={{}, {0x80}, 0x0, 0x1})

02:51:49 executing program 4:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000))
r0 = syz_open_dev$dmmidi(&(0x7f0000000200)='/dev/dmmidi#\x00', 0x1, 0x200080)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x4)
r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000000100), 0x1)
r2 = socket$inet(0x2, 0xe, 0x8c42)
setsockopt$IP_VS_SO_SET_TIMEOUT(r2, 0x0, 0x48a, &(0x7f0000000040)={0x6, 0x10000, 0x2}, 0xc)
ioctl$DRM_IOCTL_RES_CTX(r1, 0xc0106426, &(0x7f00000000c0)={0x8, &(0x7f0000000080)=[{<r3=>0x0}, {}, {}, {}, {}, {}, {}, {}]})
ioctl$DRM_IOCTL_NEW_CTX(r1, 0x40086425, &(0x7f00000001c0)={r3, 0x1})

02:51:49 executing program 0:
r0 = memfd_create(&(0x7f0000000100)='-^:vmnet1keyringprocwlan1\x00', 0x4)
ioctl$NBD_CLEAR_SOCK(r0, 0xab04)
r1 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0x2c, &(0x7f0000000040)=0x100, 0x4)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x33, &(0x7f0000000300)={0x0, &(0x7f00000002c0)}, 0x10)
r2 = memfd_create(&(0x7f0000000000)='-^:vmnet1keyringprocwlan1\x00', 0x5)
ioctl$EVIOCGKEYCODE(r2, 0x80084504, &(0x7f0000000080)=""/59)
write$P9_RSETATTR(r2, &(0x7f00000000c0)={0x7, 0x1b, 0x1}, 0xf)

[  317.269986] IPVS: ftp: loaded support on port[0] = 21
[  318.820402] bridge0: port 1(bridge_slave_0) entered blocking state
[  318.826979] bridge0: port 1(bridge_slave_0) entered disabled state
[  318.834841] device bridge_slave_0 entered promiscuous mode
[  318.913273] bridge0: port 2(bridge_slave_1) entered blocking state
[  318.919861] bridge0: port 2(bridge_slave_1) entered disabled state
[  318.928052] device bridge_slave_1 entered promiscuous mode
[  319.005955] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  319.083865] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  319.319876] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  319.401685] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  319.482523] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  319.489639] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  319.568611] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  319.575639] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  319.812856] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  319.820644] team0: Port device team_slave_0 added
[  319.899090] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  319.906776] team0: Port device team_slave_1 added
[  319.987716] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  320.071300] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  320.151710] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  320.159229] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  320.168387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  320.248156] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  320.255771] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  320.264688] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  321.154333] bridge0: port 2(bridge_slave_1) entered blocking state
[  321.160845] bridge0: port 2(bridge_slave_1) entered forwarding state
[  321.167860] bridge0: port 1(bridge_slave_0) entered blocking state
[  321.174294] bridge0: port 1(bridge_slave_0) entered forwarding state
[  321.182806] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  321.474891] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  324.395055] 8021q: adding VLAN 0 to HW filter on device bond0
[  324.692360] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  324.991401] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  324.997747] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  325.005707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  325.304697] 8021q: adding VLAN 0 to HW filter on device team0
02:52:00 executing program 5:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x40000000000013, 0x10, 0xe68}, 0x2c)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000100)={r0, &(0x7f0000000000), &(0x7f0000000080)=""/111}, 0x18)

02:52:00 executing program 2:
r0 = syz_open_dev$video(&(0x7f0000000480)='/dev/video#\x00', 0x0, 0x0)
r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x46080)
ioctl$KVM_SET_BOOT_CPU_ID(r1, 0xae78, &(0x7f0000000040))
ioctl$VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000100)={0x0, 0xb, 0x4, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "9bf53a42"}, 0x0, 0x0, @userptr, 0x4})

02:52:00 executing program 3:
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000c40)={@local, @remote}, &(0x7f0000000c80)=0xc)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000cc0)={'team0\x00'})
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r0, 0x4018aee1, &(0x7f0000000140)={0x0, 0x3, 0x6, &(0x7f0000000100)=0x8})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCINQ(r1, 0x541b, &(0x7f0000000000))
timer_create(0x0, &(0x7f0000000040)={0x0, 0x0, 0x2}, &(0x7f0000000180))

02:52:00 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
socket$inet6_udp(0xa, 0x2, 0x0)
ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070")
r1 = syz_open_dev$adsp(&(0x7f0000000080)='/dev/adsp#\x00', 0x800, 0x200)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000005c0)={0x38, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1063084004000000000000000f630c400162eb156a000000000000001063084003000000000000000e630c4002000000040000000040045f14809922893630000000"], 0x90, 0x0, &(0x7f0000000500)="01a342e1846f1269f0fefc820df59a00e43347067362e9f96dfcc2badd65879bf1d9f19ebace6d523294ce684802c46f0bb973697f111995758353bbae193f86a507f08e1365065c38128c4dea50782b261049957d9718e6db10a7991a5570ea0b085116ff442fa910201ae30b78e097e6b619479014acfc4b0608efd5e3198627f8779670a8474b5b434231c11b471d"})
r2 = creat(&(0x7f0000000240)='./file0\x00', 0x0)
ioctl$BINDER_GET_NODE_DEBUG_INFO(r2, 0xc018620b, &(0x7f0000000000)={<r3=>0x0})
setsockopt$inet_group_source_req(r2, 0x0, 0x2f, &(0x7f00000003c0)={0x3, {{0x2, 0x4e22, @remote}}, {{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xd}}}}, 0x108)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000000c0)={0x4c, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="046304400300000001634040040000000000000003000000000000000000000010000000000000000000000030000000000000000000000000000000", @ANYPTR=&(0x7f0000000040)=ANY=[@ANYBLOB="7a04000000000000", @ANYRES32=r2, @ANYBLOB="000000000000000000000000852a627700010000", @ANYRES64=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYPTR=&(0x7f0000000080)=ANY=[]], 0xf1, 0x0, &(0x7f0000000280)="2160faa77c5509f4a4661cb52b2b34c273639a7d1afa4ea4197f5a63de3e6d05a842e650e6631cffa1c153afb2d672a33b267f9adc7be8386229e097e8cf5ff6c0c147c685d9c6cc1a9a8f7edf1a8431571bc8a624b8b86b105dc0ac3c7ac17b35456a8109f013dc98478881330c65e0295c954cab4089ece3924cc63f5b3a9f29469a418c050078974a4363c6d7ee423ca26603f58acec16799996cc8c9ac004deaacff9a9bc2dcd3a3ef4ab666cbe539657dc401f0bd4f8ba71b4496c399ac1c2eda910ba769a5b30d15c9b96e2a95525d39f74fb64153d2abe4aa15618a73957f179972b89bef1024c5ed493260c35e"})
r4 = syz_open_dev$binder(&(0x7f0000000380)='/dev/binder#\x00', 0xffffffffffffffff, 0x4)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000200)={0xfdb5, 0x0, &(0x7f0000000240), 0x0, 0x0, &(0x7f0000000080)})

02:52:00 executing program 4:
unshare(0x400)
r0 = socket(0x848000000015, 0x805, 0x0)
getsockopt(r0, 0x114, 0x9, &(0x7f0000000140)=""/13, &(0x7f0000000000)=0xd)
r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x80, 0x0)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, &(0x7f0000000180)={<r2=>0x0, @in6={{0xa, 0x4e22, 0x2, @remote, 0x9}}, 0xffffffff, 0x8, 0x9, 0x8001, 0x80}, &(0x7f00000000c0)=0x98)
setsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000100)={r2, 0x5, 0x7, 0x7}, 0x10)
openat$cgroup_procs(r1, &(0x7f0000000080)='tasks\x00', 0x2, 0x0)

02:52:00 executing program 1:
r0 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0)
ioctl$BLKIOOPT(r0, 0x1279, &(0x7f0000000200))
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ppp\x00', 0x0, 0x0)
unshare(0x40600)
ioctl$EVIOCGPROP(r1, 0xc004743e, &(0x7f0000000100)=""/246)
ioctl$EVIOCGVERSION(r1, 0x80044501, &(0x7f0000000040)=""/68)

[  327.368834] binder: 8292:8294 unknown command 1768304430
[  327.374830] binder: 8292:8294 ioctl c0306201 20000200 returned -22
[  327.407837] binder: 8292:8306 unknown command 1768304430
[  327.413467] binder: 8292:8306 ioctl c0306201 20000200 returned -22
02:52:00 executing program 3:
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioprio_get$pid(0x1, 0x0)

02:52:00 executing program 2:
perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x2102001fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff)
socket(0x0, 0x0, 0x0)
r0 = getpid()
rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100))
ptrace(0x10, r0)
ptrace$getregset(0x4205, r0, 0x202, &(0x7f0000000080)={&(0x7f0000000040)=""/61, 0xffffff78})

02:52:00 executing program 4:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu\x00', 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000500)='cgroup.procs\x00', 0x2, 0x0)
dup3(r0, r1, 0x0)

02:52:00 executing program 0:
r0 = eventfd(0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000140)='fdinfo/3\x00')
sendfile(r0, r1, &(0x7f0000000000), 0x4)

02:52:00 executing program 1:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup\x00', 0x200002, 0x0)
fchdir(r0)
r1 = creat(&(0x7f00000001c0)='./file1\x00', 0x0)
fallocate(r1, 0x0, 0x0, 0x4005eed)
fallocate(r1, 0x20, 0x0, 0x8000)

02:52:00 executing program 5:
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[]}}, 0x0)
perf_event_open(&(0x7f000001d000)={0x200000002, 0x70, 0x6, 0x108000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000184000)=ANY=[@ANYBLOB="020e00001000000000000000000000000800120000000100000000000000000006000000000000000000000000000000e000000100000000000000000000000000000000000000000000200000000000030006000000080002000080ac14ffbbf00000000000000003000500000000000200423b1d632b91c520000000000000"], 0x80}}, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
sendmmsg(r0, &(0x7f0000000180), 0x2e565d7c36d98a1, 0x0)

02:52:01 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000002e40)={0x1, 0xf1, 0x4, 0x6c, 0x5, 0x1}, 0x2c)

02:52:01 executing program 3:
r0 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0x40086610, &(0x7f0000000200)={0x3})

02:52:01 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x5, 0x84, 0x200000000001, 0x100000001}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000000)={r0, &(0x7f00000001c0), &(0x7f0000000080)}, 0x20)

02:52:01 executing program 4:
r0 = socket$inet6(0xa, 0x3, 0x3c)
connect$inet6(r0, &(0x7f00000009c0)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c)
sendmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000200)=',', 0x1}], 0x1, &(0x7f0000000140)}, 0xc100)
write(r0, &(0x7f0000001480)="315602e340961e1e6fa59033d79acf3337e6f077c142e053f33b91e63dea1de22a51c7a9912b0e37913342a45531e6658b91dc1a1506da83b2df055fee6750e8f1ef3cd93be6a73969237df2b400d071dfb0c8ee97926c83bb877660c1611372fe5f125444fcfdb535b7647d159944c4ad244be807adb78124f4bad832af462474724466862c244d86c888372ab824a5b65fb558ae938276501174d6c9db1298d1e31019e5e9f89478e2dc6c6885d4a1759c4779f2b4ba7ed17e841b81d918e55f800768573e148073dd11971d10b31cc5849c9a438dd31cd4d1ccd5ed75556991740f643f1c91c26801d1691af894be5e88091388ff92f1313a2593af3471f2c855bd4888b65e9125c755ae7a17347a68714790b0cf54f3721b708e69fee8aeb0aa8be9021bf08527c566deba7661e48893ce809d5ebf830af035ccf6dc2d11cfdc10e047ab4fa4a660af73601e4cdf1a6efb826d645ddf88b698352307a61cb57a3d57acce96d7615ee9d9d48bdb1e019cee40e0d1eb83b80e719ad75468d13d7923c57e447d1a17b1e8b4f6c334075e48ce514df543", 0x197)

02:52:01 executing program 3:
clone(0x2102001fbc, 0x0, 0xfffffffffffffffe, &(0x7f00000002c0), 0xffffffffffffffff)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000240)=@broute={'broute\x00', 0x20, 0x1, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000c0], 0x0, &(0x7f0000000080), &(0x7f00000000c0)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xffffffffffffffff}, {}]}, 0x108)
getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, &(0x7f0000000000), &(0x7f0000000040)=0x4)

02:52:01 executing program 1:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070")
r1 = socket$inet(0x2, 0x80001, 0x84)
sendmsg$inet_sctp(r1, &(0x7f0000000600)={&(0x7f0000000000)=@in={0x2, 0x0, @local}, 0x10, &(0x7f0000000440)=[{&(0x7f0000000040)="e9", 0x1}], 0x1, &(0x7f0000000580)}, 0x0)

02:52:01 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x40000000000013, 0x10, 0xe68}, 0x2c)
bpf$MAP_UPDATE_ELEM(0x4, &(0x7f0000000240)={r0, &(0x7f0000000100), &(0x7f0000000180)}, 0x20)

02:52:01 executing program 5:
r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r0)
socket$kcm(0x2, 0x3, 0x2)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$kcm(0xa, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f00000000c0)={&(0x7f0000000000)=@in6={0xa, 0x4e22, 0x0, @remote={0xfe, 0x17}}, 0x80, &(0x7f0000000d80), 0x0, &(0x7f0000000080)=[{0x28, 0x29, 0x2, "0000000000000000000000000000000004"}], 0x28}, 0x0)
perf_event_open(&(0x7f0000001440)={0x0, 0x70, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e7, 0x0, 0xc82, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001400)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

02:52:01 executing program 0:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(0xffffffffffffffff, 0x4020565a, &(0x7f0000000280))
io_setup(0x101, &(0x7f0000000040))
ioctl$HDIO_GETGEO(0xffffffffffffffff, 0x301, &(0x7f00000002c0))

[  328.765759] kernel msg: ebtables bug: please report to author: bad policy
[  328.843864] kernel msg: ebtables bug: please report to author: bad policy
02:52:02 executing program 4:
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r0 = syz_open_dev$loop(&(0x7f0000003640)='/dev/loop#\x00', 0x0, 0x24180)
read(r0, &(0x7f0000000200)=""/30, 0xfffffe80)

02:52:02 executing program 3:
syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0)
clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000580), 0xffffffffffffffff)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000001a40)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="020300030c000000000000200000000002000900400000000000bc000000000003000600000000000200ee00e0000054d81458186fecb90002000100000000000000020200044a7b030005000000000002000000e0003f010000000000fca0d9200d55021cf57ac0d1973de7a8cff1f4e54785699011e059a18d3223a0a72c66f201b6ea881f39e73faa9814000c7037bc1ee88da77e9a9eb89615f55161b257ff04d6f405803ad37c7623726a9558602c7e1c82e425cb38388a36ad362dffcf3b9d300fb12a2ab5979cc81c16fd346f57c636a25c7afc5c0b2abdec24d86b6aff4d699a4e9e0ac216b99b3d32a79fb2b1eddd228c73c47e6f3992d0bbbf0a8574cb4d0a62138fe248"], 0x109}}, 0x0)
socketpair$nbd(0x2, 0x1, 0x0, &(0x7f0000000040))
flistxattr(0xffffffffffffffff, &(0x7f0000000140)=""/19, 0x13)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000005c0)={{{@in6=@remote, @in=@rand_addr}}, {{@in6=@mcast1}, 0x0, @in=@local}}, &(0x7f00000006c0)=0xe8)
ioctl$EVIOCREVOKE(0xffffffffffffffff, 0x40044591, &(0x7f0000000380)=0x8)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(0xffffffffffffffff, 0x40485404, &(0x7f00000003c0)={{0x1, 0x1}, 0x3})
fsetxattr$security_selinux(0xffffffffffffffff, &(0x7f00000001c0)='security.selinux\x00', &(0x7f0000000200)='system_u:object_r:userio_device_t:s0\x00', 0x25, 0x0)
exit(0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000140)={{0x1}})

02:52:02 executing program 2:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10)

02:52:02 executing program 1:
r0 = creat(&(0x7f00000002c0)='./bus\x00', 0x0)
open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
write$cgroup_type(r0, &(0x7f0000000200)='threaded\x00', 0x10000024e)
lseek(0xffffffffffffffff, 0x0, 0x40000000000003)
lsetxattr$security_smack_entry(&(0x7f0000000080)='./bus\x00', &(0x7f00000000c0)='security.SMACK64EXEC\x00', &(0x7f0000000300)="6d353573756d76626f786e657430516f6367736f7570285e00cc267c38fd152088b1e5e856cd17d950a92f1f2f7f00380ad4fb59c7f5652bba4a251e977a6ff19deed4120c61f3a1c119a79af131e28c66a43e4f17cdfd0382650b5117bf0e15d8de4685eb3a47c2e85fe8780a6522de862ba2ac076838976d1fae024e0c49e241ad814742b5391e2fdad65b6f0c2b54b0c5aac657edecd803ec7ef4092e1e7bc91fd9333091", 0xa6, 0x0)
lsetxattr$trusted_overlay_redirect(&(0x7f0000000040)='./bus\x00', &(0x7f0000000100)='trusted.overlay.redirect\x00', &(0x7f0000000140)='./bus\x00', 0x6, 0x0)

02:52:02 executing program 5:
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000004900)=[{{&(0x7f0000001680)=@nfc, 0x80, &(0x7f0000001780)=[{&(0x7f0000001700)=""/91, 0x5b}], 0x1, &(0x7f00000017c0)=""/116, 0x74}}], 0x1, 0x0, &(0x7f0000004a40))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f0000e95fe0)={@dev}, 0x20)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/anycast6\x00')
preadv(r1, &(0x7f0000000140), 0x391, 0x51)

02:52:02 executing program 3:
syz_open_dev$sndtimer(&(0x7f00000000c0)='/dev/snd/timer\x00', 0x0, 0x0)
clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000580), 0xffffffffffffffff)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000001a40)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="020300030c000000000000200000000002000900400000000000bc000000000003000600000000000200ee00e0000054d81458186fecb90002000100000000000000020200044a7b030005000000000002000000e0003f010000000000fca0d9200d55021cf57ac0d1973de7a8cff1f4e54785699011e059a18d3223a0a72c66f201b6ea881f39e73faa9814000c7037bc1ee88da77e9a9eb89615f55161b257ff04d6f405803ad37c7623726a9558602c7e1c82e425cb38388a36ad362dffcf3b9d300fb12a2ab5979cc81c16fd346f57c636a25c7afc5c0b2abdec24d86b6aff4d699a4e9e0ac216b99b3d32a79fb2b1eddd228c73c47e6f3992d0bbbf0a8574cb4d0a62138fe248"], 0x109}}, 0x0)
socketpair$nbd(0x2, 0x1, 0x0, &(0x7f0000000040))
flistxattr(0xffffffffffffffff, &(0x7f0000000140)=""/19, 0x13)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000005c0)={{{@in6=@remote, @in=@rand_addr}}, {{@in6=@mcast1}, 0x0, @in=@local}}, &(0x7f00000006c0)=0xe8)
ioctl$EVIOCREVOKE(0xffffffffffffffff, 0x40044591, &(0x7f0000000380)=0x8)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(0xffffffffffffffff, 0x40485404, &(0x7f00000003c0)={{0x1, 0x1}, 0x3})
fsetxattr$security_selinux(0xffffffffffffffff, &(0x7f00000001c0)='security.selinux\x00', &(0x7f0000000200)='system_u:object_r:userio_device_t:s0\x00', 0x25, 0x0)
exit(0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f0000000140)={{0x1}})

02:52:02 executing program 0:
rt_sigprocmask(0x0, &(0x7f0000000140)={0xfffffffffffffff8}, 0x0, 0x8)
r0 = gettid()
timer_create(0x0, &(0x7f0000000000)={0x0, 0x7, 0x4, @tid=r0}, &(0x7f0000000080))
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x1}, {0x0, 0x989680}}, &(0x7f00000000c0))
rt_sigreturn()

[  329.638460] PANIC: double fault, error_code: 0x0
[  329.643338] CPU: 1 PID: 8400 Comm: syz-executor0 Not tainted 4.19.0+ #82
[  329.650222] ==================================================================
[  329.657613] BUG: KMSAN: uninit-value in irq_work_claim+0x153/0x390
[  329.663975] CPU: 1 PID: 8400 Comm: syz-executor0 Not tainted 4.19.0+ #82
[  329.670836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  329.680211] Call Trace:
[  329.682815]  <#DF>
[  329.685004]  dump_stack+0x32d/0x480
[  329.688679]  ? irq_work_claim+0x153/0x390
[  329.692888]  kmsan_report+0x19f/0x300
[  329.696744]  kmsan_internal_check_memory+0x35f/0x450
[  329.701894]  ? __msan_poison_alloca+0x1e0/0x2b0
[  329.706618]  kmsan_check_memory+0xd/0x10
[  329.710716]  irq_work_claim+0x153/0x390
[  329.714740]  irq_work_queue+0x44/0x280
[  329.718673]  vprintk_emit+0x693/0x790
[  329.722534]  vprintk_default+0x90/0xa0
[  329.726468]  vprintk_func+0x26b/0x2a0
[  329.730308]  printk+0x1a3/0x1f0
[  329.733685]  dump_stack_print_info+0x2c4/0x3c0
[  329.738330]  show_regs_print_info+0x37/0x40
[  329.742715]  show_regs+0x38/0x170
[  329.746206]  df_debug+0x86/0xb0
[  329.749516]  do_double_fault+0x362/0x480
[  329.753628]  double_fault+0x1e/0x30
[  329.757302] RIP: 0010:kmsan_get_origin_address+0xa/0x370
[  329.762775] Code: eb fe 0f 0b 66 90 66 2e 0f 1f 84 00 00 00 00 00 eb fe 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 41 55 <41> 54 53 48 83 ec 10 48 89 75 c8 48 89 fb 49 bc 00 00 00 00 00 78
[  329.781907] RSP: 0018:fffffe000003d000 EFLAGS: 00010086
[  329.787304] RAX: 00000000000001a8 RBX: 0000000000000000 RCX: 0000000000000001
[  329.794597] RDX: 0000000000000001 RSI: 0000000000000088 RDI: fffffe000003d150
[  329.801892] RBP: fffffe000003d018 R08: 0000000000000000 R09: 0000000000000000
[  329.809185] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000088
[  329.816472] R13: fffffe000003d1c0 R14: fffffe000003d1a8 R15: fffffe000003d1a8
[  329.823782]  </#DF>
[  329.826037]  <ENTRY_TRAMPOLINE>
[  329.829351]  kmsan_memmove_origins+0xbd/0x1d0
[  329.833881]  ? kmsan_memmove_shadow+0xad/0xe0
[  329.838427]  __msan_memmove+0x6c/0x80
[  329.842272]  fixup_bad_iret+0x9b/0x130
[  329.846205]  error_entry+0xad/0xc0
[  329.849761] RIP: 0000:          (null)
[  329.853699] Code: Bad RIP value.
[  329.857087] RSP: a3fb7f:00007f03337ff9c0 EFLAGS: 00000000 ORIG_RAX: 0000000000000000
[  329.865037] RAX: 0000000000000000 RBX: ffffffff8ae00e58 RCX: 000000000040393c
[  329.872328] RDX: 89d47e9d6d268100 RSI: 0000000000000000 RDI: 0000000000000000
[  329.879623] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000072bf08
[  329.887395] R10: 000000000072bf00 R11: 000000000072bf0c R12: 0000000000000000
[  329.894701] R13: 000000000072bf08 R14: 000000000072bf00 R15: 000000000072bf0c
[  329.902014]  ? general_protection+0x8/0x30
[  329.906292]  ? general_protection+0x8/0x30
[  329.910573]  </ENTRY_TRAMPOLINE>
[  329.913953] 
[  329.915604] Local variable description: ----__ai_ptr@irq_work_claim
[  329.922030] Variable was created at:
[  329.925769]  irq_work_claim+0x4b/0x390
[  329.929696]  irq_work_queue+0x44/0x280
[  329.933590] 
[  329.935230] Byte 7 of 8 is uninitialized
[  329.939307] Memory access of size 8 starts at fffffe0000045a38
[  329.945289] ==================================================================
[  329.952670] Disabling lock debugging due to kernel taint
[  329.958142] Kernel panic - not syncing: panic_on_warn set ...
[  329.958142] 
[  329.965547] CPU: 1 PID: 8400 Comm: syz-executor0 Tainted: G    B             4.19.0+ #82
[  329.973802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  329.983180] Call Trace:
[  329.985787]  <#DF>
[  329.987972]  dump_stack+0x32d/0x480
[  329.991663]  panic+0x57e/0xb28
[  329.994938]  ? __msan_metadata_ptr_for_store_1+0x13/0x20
[  330.000440]  kmsan_report+0x300/0x300
[  330.004308]  kmsan_internal_check_memory+0x35f/0x450
[  330.009462]  ? __msan_poison_alloca+0x1e0/0x2b0
[  330.014187]  kmsan_check_memory+0xd/0x10
[  330.018272]  irq_work_claim+0x153/0x390
[  330.022296]  irq_work_queue+0x44/0x280
[  330.026226]  vprintk_emit+0x693/0x790
[  330.030089]  vprintk_default+0x90/0xa0
[  330.034025]  vprintk_func+0x26b/0x2a0
[  330.037871]  printk+0x1a3/0x1f0
[  330.041228]  dump_stack_print_info+0x2c4/0x3c0
[  330.045862]  show_regs_print_info+0x37/0x40
[  330.050219]  show_regs+0x38/0x170
[  330.053711]  df_debug+0x86/0xb0
[  330.057032]  do_double_fault+0x362/0x480
[  330.061138]  double_fault+0x1e/0x30
[  330.064798] RIP: 0010:kmsan_get_origin_address+0xa/0x370
[  330.070276] Code: eb fe 0f 0b 66 90 66 2e 0f 1f 84 00 00 00 00 00 eb fe 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 55 48 89 e5 41 57 41 56 41 55 <41> 54 53 48 83 ec 10 48 89 75 c8 48 89 fb 49 bc 00 00 00 00 00 78
[  330.089202] RSP: 0018:fffffe000003d000 EFLAGS: 00010086
[  330.094595] RAX: 00000000000001a8 RBX: 0000000000000000 RCX: 0000000000000001
[  330.101901] RDX: 0000000000000001 RSI: 0000000000000088 RDI: fffffe000003d150
[  330.109197] RBP: fffffe000003d018 R08: 0000000000000000 R09: 0000000000000000
[  330.116487] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000088
[  330.123781] R13: fffffe000003d1c0 R14: fffffe000003d1a8 R15: fffffe000003d1a8
[  330.131099]  </#DF>
[  330.133363]  <ENTRY_TRAMPOLINE>
[  330.136700]  kmsan_memmove_origins+0xbd/0x1d0
[  330.141242]  ? kmsan_memmove_shadow+0xad/0xe0
[  330.145784]  __msan_memmove+0x6c/0x80
[  330.149622]  fixup_bad_iret+0x9b/0x130
[  330.153563]  error_entry+0xad/0xc0
[  330.157125] RIP: 0000:          (null)
[  330.161047] Code: Bad RIP value.
[  330.164437] RSP: a3fb7f:00007f03337ff9c0 EFLAGS: 00000000 ORIG_RAX: 0000000000000000
[  330.172347] RAX: 0000000000000000 RBX: ffffffff8ae00e58 RCX: 000000000040393c
[  330.179658] RDX: 89d47e9d6d268100 RSI: 0000000000000000 RDI: 0000000000000000
[  330.186957] RBP: 0000000000000000 R08: 0000000000000000 R09: 000000000072bf08
[  330.194250] R10: 000000000072bf00 R11: 000000000072bf0c R12: 0000000000000000
[  330.201540] R13: 000000000072bf08 R14: 000000000072bf00 R15: 000000000072bf0c
[  330.208865]  ? general_protection+0x8/0x30
[  330.213144]  ? general_protection+0x8/0x30
[  330.217429]  </ENTRY_TRAMPOLINE>
[  330.221822] Kernel Offset: disabled
[  330.225462] Rebooting in 86400 seconds..