0xa, 0x0, 0x0, @remote, 0x5}, 0x1c) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000bfff0)={&(0x7f0000006440)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}}, 0xb8}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x39, &(0x7f0000000040)={@mcast2={0xff, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa4ffffff]}}, 0x20) [ 3502.984500][T20882] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:19:27 executing program 1: setrlimit(0xd, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000380)={0x14, 0x0, 0x200, 0x70bd2c}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x10) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:27 executing program 0: r0 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000bfff0)={&(0x7f0000006440)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}}, 0xb8}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000040)={@mcast2={0xff, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa4ffffff]}}, 0x20) 02:19:27 executing program 0: r0 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000bfff0)={&(0x7f0000006440)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}}, 0xb8}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000040)={@mcast2={0xff, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa4ffffff]}}, 0x20) 02:19:27 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x6c00000000000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:19:28 executing program 1: setrlimit(0xd, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000380)={0x14, 0x0, 0x200, 0x70bd2c}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x10) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:28 executing program 0: r0 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000bfff0)={&(0x7f0000006440)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}}, 0xb8}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000040)={@mcast2={0xff, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa4ffffff]}}, 0x20) [ 3503.694907][T20904] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:19:28 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff"], 0x1) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000380)={0x1c, 0x0, 0x200, 0x70bd2c, 0x0, {}, [@TIPC_NLA_NODE={0x8, 0x6, [@TIPC_NLA_NODE_UP={0x4}]}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:28 executing program 5: socket$kcm(0x29, 0x0, 0x0) clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000000), 0x0, 0x0, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, 0x0) ptrace$cont(0x20, r0, 0x0, 0x0) 02:19:28 executing program 3: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff"], 0x1) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:28 executing program 1: setrlimit(0xd, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000380)={0x14, 0x0, 0x200, 0x70bd2c}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x10) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:28 executing program 0: r0 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000bfff0)={&(0x7f0000006440)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}}, 0xb8}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x39, 0x0, 0x0) [ 3504.101310][T20904] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:19:28 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x7001000000000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:19:28 executing program 0: r0 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000bfff0)={&(0x7f0000006440)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}}, 0xb8}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x39, 0x0, 0x0) 02:19:28 executing program 0: r0 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000bfff0)={&(0x7f0000006440)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}}, 0xb8}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x39, 0x0, 0x0) [ 3504.438016][T20935] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:19:29 executing program 0: 02:19:29 executing program 5: socket$kcm(0x29, 0x0, 0x0) clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000000), 0x0, 0x0, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, 0x0) ptrace$cont(0x20, r0, 0x0, 0x0) 02:19:29 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x7400000000000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:19:29 executing program 0: 02:19:29 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, 0x0, 0x0) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:29 executing program 3: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff"], 0x1) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:29 executing program 0: [ 3504.755057][T20947] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:19:29 executing program 1: setrlimit(0xd, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000380)={0x14, 0x0, 0x200, 0x70bd2c}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x10) close(r0) readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:29 executing program 0: 02:19:29 executing program 1: setrlimit(0xd, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000380)={0x14, 0x0, 0x200, 0x70bd2c}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x10) close(r0) readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3505.131649][T20967] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:19:29 executing program 0: 02:19:29 executing program 0: 02:19:29 executing program 5: socket$kcm(0x29, 0x0, 0x0) clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000000), 0x0, 0x0, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 02:19:29 executing program 0: 02:19:29 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x7a00000000000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:19:29 executing program 1: setrlimit(0xd, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000380)={0x14, 0x0, 0x200, 0x70bd2c}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x10) close(r0) readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3505.617145][T20984] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3505.726740][ C0] net_ratelimit: 16 callbacks suppressed [ 3505.726750][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:19:30 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, 0x0, 0x0) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:30 executing program 0: 02:19:30 executing program 3: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff"], 0x1) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:30 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x8100000000000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:19:30 executing program 0: 02:19:30 executing program 3: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:30 executing program 0: 02:19:30 executing program 1: setrlimit(0xd, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000380)={0x14, 0x0, 0x200, 0x70bd2c}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x10) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:30 executing program 5: socket$kcm(0x29, 0x0, 0x0) clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000000), 0x0, 0x0, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 02:19:30 executing program 0: 02:19:30 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x8401000000000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:19:30 executing program 1: setrlimit(0xd, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:31 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, 0x0, 0x0) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:31 executing program 0: 02:19:31 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x8403000000000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3506.686694][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3506.692763][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3506.698809][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3506.704647][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3506.710639][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3506.716632][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3506.722687][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3506.728636][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:19:31 executing program 0: 02:19:31 executing program 3: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:31 executing program 0: 02:19:31 executing program 0: [ 3507.096778][T21040] validate_nla: 3 callbacks suppressed [ 3507.096792][T21040] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:19:31 executing program 0: 02:19:31 executing program 5: socket$kcm(0x29, 0x0, 0x0) clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000000), 0x0, 0x0, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 02:19:31 executing program 1: setrlimit(0xd, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:31 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x88a8ffff00000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3507.363788][T21061] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:19:31 executing program 0: 02:19:32 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:32 executing program 1: setrlimit(0xd, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:32 executing program 0: 02:19:32 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x9effffff00000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3507.712417][T21069] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:19:32 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='\x00\xe4\x00\xec\xff\x03E') getdents64(r0, &(0x7f0000000df0)=""/528, 0x7f355eb8) 02:19:32 executing program 3: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3507.806707][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:19:32 executing program 0: r0 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000bfff0)={&(0x7f0000006440)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@mcast1, @in=@multicast1}}}, 0xb8}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x39, &(0x7f0000000040)={@mcast2={0xff, 0x2, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa4ffffff]}}, 0x20) 02:19:32 executing program 3: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) r1 = openat$vhci(0xffffffffffffff9c, 0x0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:32 executing program 5: socket$kcm(0x29, 0x0, 0x0) clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000000), 0x0, 0x0, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$cont(0x20, 0x0, 0x0, 0x0) 02:19:32 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0xad00000000000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:19:32 executing program 0: pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) socket$inet(0x2, 0x3, 0x1) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000000c0)={@rand_addr, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x14) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, 0x0) getsockopt$IP6T_SO_GET_REVISION_TARGET(r1, 0x29, 0x45, &(0x7f0000000140)={'ah\x00'}, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffff9c, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(r0, 0x0, r2, 0x0, 0x810003, 0xb) [ 3508.209014][T21098] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:19:32 executing program 3: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) r1 = openat$vhci(0xffffffffffffff9c, 0x0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:33 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:33 executing program 1: setrlimit(0xd, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:33 executing program 3: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) r1 = openat$vhci(0xffffffffffffff9c, 0x0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:33 executing program 1: setrlimit(0xd, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:33 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0xb403000000000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:19:33 executing program 3: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:33 executing program 5: socket$kcm(0x29, 0x0, 0x0) clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000000), 0x0, 0x0, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$cont(0x20, 0x0, 0x0, 0x0) [ 3508.964972][T21127] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:19:33 executing program 1: setrlimit(0xd, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:33 executing program 1: setrlimit(0xd, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:33 executing program 3: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:33 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f000080e000)=ANY=[@ANYBLOB="020e000014000000000000000004000005000600008000000a000000000000000000000000000000000000000000000000000000000000000800120000000200000000000000000006000000000000000000000000000000ac14ffbb000000000000000000000000ac14140000000000000000000000000005000500008000000a00000000000000fe8000000000000000000000000000ff0000000000000000"], 0xa0}}, 0x0) sendmsg(r0, &(0x7f0000000180)={&(0x7f00000000c0)=@x25={0x9, @null=' \x00'}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000200)="14a8b1bc1ba44ea9161df448c8221e74dc588f37d5cc2a43a788c85371638f27042f591cc38f7d316a3f9b8faf357a2acd4fc30bf0eb18968db61c95a4719666f3b79ebe0efc4da98941fa7cb38688dde5af3cef0c02de91817c5c714985ab9958a07379877b89b972d5248b6c55ce39f80a34f51ad67c4cfe2fef7ae18df457a291c9af177536770ec9575b836d4d8c1f6eeb80f83462b0e09fad22bb31de45115f396f8fb52c14e2", 0xa9}], 0x1}, 0x10) 02:19:33 executing program 1: setrlimit(0xd, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:34 executing program 3: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:34 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000180)='./bus\x00', 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000140)) write$cgroup_type(r1, &(0x7f0000000340)='threaded\x00', 0x100000282) ioctl$EXT4_IOC_MIGRATE(r2, 0x6609) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) dup2(r3, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 02:19:34 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x0) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:34 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0xbc01000000000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:19:34 executing program 3: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, 0x0, 0x0) [ 3509.716907][ T26] audit: type=1804 audit(1552529974.135:115): pid=21169 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/file0/root/syzkaller-testdir806562445/syzkaller.X8L5Tv/4992/bus" dev="sda1" ino=18368 res=1 [ 3509.785864][T21171] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:19:34 executing program 5: socket$kcm(0x29, 0x0, 0x0) clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000000), 0x0, 0x0, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000100)) ptrace(0x10, r0) ptrace$cont(0x20, 0x0, 0x0, 0x0) 02:19:34 executing program 3: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, 0x0, 0x0) 02:19:34 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0xc3ffffff00000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3510.294419][T21193] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:19:34 executing program 3: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, 0x0, 0x0) 02:19:34 executing program 1: setrlimit(0xd, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:35 executing program 3: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080), 0x0) 02:19:35 executing program 1: setrlimit(0xd, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:35 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0xd600000000000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3510.680797][ T26] audit: type=1804 audit(1552529975.095:116): pid=21201 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/file0/root/syzkaller-testdir806562445/syzkaller.X8L5Tv/4992/bus" dev="sda1" ino=18368 res=1 [ 3510.840782][T21219] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3510.846627][ C0] net_ratelimit: 9 callbacks suppressed [ 3510.846636][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3510.856194][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3510.868536][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3510.874451][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3510.880405][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3510.886402][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3510.892371][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3510.898387][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:19:35 executing program 0: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) r1 = openat$vhci(0xffffffffffffff9c, 0x0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:35 executing program 5: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, 0x0, 0x0) 02:19:35 executing program 3: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080), 0x0) 02:19:35 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x0) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:35 executing program 1: setrlimit(0xd, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3510.995201][ T26] audit: type=1804 audit(1552529975.405:117): pid=21176 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/file0/root/syzkaller-testdir806562445/syzkaller.X8L5Tv/4992/bus" dev="sda1" ino=18368 res=1 02:19:35 executing program 1: setrlimit(0xd, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:35 executing program 5: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, 0x0, 0x0) 02:19:35 executing program 0: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) r1 = openat$vhci(0xffffffffffffff9c, 0x0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:35 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0xe4ffffff00000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:19:35 executing program 3: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080), 0x0) 02:19:35 executing program 5: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, 0x0, 0x0) 02:19:35 executing program 0: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) r1 = openat$vhci(0xffffffffffffff9c, 0x0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3511.358757][T21251] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:19:35 executing program 0: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:35 executing program 3: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{0x0}], 0x1) 02:19:35 executing program 5: setrlimit(0xd, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3511.660704][T21254] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:19:36 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0}, 0x0) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:36 executing program 0: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3511.967952][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:19:36 executing program 1: setrlimit(0xd, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:36 executing program 3: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{0x0}], 0x1) 02:19:36 executing program 5: setrlimit(0xd, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:36 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0xf001000000000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:19:36 executing program 0: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:36 executing program 3: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{0x0}], 0x1) 02:19:36 executing program 5: setrlimit(0xd, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3512.169766][T21301] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:19:36 executing program 0: setrlimit(0xd, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:36 executing program 0: setrlimit(0xd, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:36 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0xf003000000000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3512.605392][T21325] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3512.676727][T21329] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:19:37 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:37 executing program 5: setrlimit(0xd, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000380)={0x14, 0x0, 0x200, 0x70bd2c}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x10) close(r0) readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:37 executing program 1: setrlimit(0xd, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:37 executing program 3: gettid() futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(0x0) r0 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r0, 0x400, 0x1) fcntl$setown(r0, 0x8, 0x0) execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x0) 02:19:37 executing program 0: setrlimit(0xd, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:37 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0xf0ffffff00000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:19:37 executing program 5: setrlimit(0xd, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000380)={0x14, 0x0, 0x200, 0x70bd2c}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x10) close(r0) readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3512.926763][ C0] protocol 88fb is buggy, dev hsr_slave_0 02:19:37 executing program 5: setrlimit(0xd, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000380)={0x14, 0x0, 0x200, 0x70bd2c}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x10) close(r0) readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:37 executing program 0: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[], 0x0) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3513.081460][T21351] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:19:37 executing program 0: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[], 0x0) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:37 executing program 5: r0 = socket$inet6(0xa, 0x80002, 0x0) connect$inet6(r0, 0x0, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000bfff0)={&(0x7f0000006440)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}}, 0xb8}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x39, &(0x7f0000000040)={@mcast2={0xff, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa4ffffff]}}, 0x20) 02:19:37 executing program 0: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[], 0x0) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:38 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, 0x0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:38 executing program 3: gettid() futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(0x0) r0 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r0, 0x400, 0x1) fcntl$setown(r0, 0x8, 0x0) execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x0) 02:19:38 executing program 1: setrlimit(0xd, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:38 executing program 0: gettid() futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(0x0) r0 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r0, 0x400, 0x1) fcntl$setown(r0, 0x8, 0x0) execveat(0xffffffffffffffff, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) 02:19:38 executing program 5: gettid() futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(0x0) r0 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r0, 0x400, 0x1) fcntl$setown(r0, 0x8, 0x0) execveat(0xffffffffffffffff, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) 02:19:38 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0xf201000000000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:19:38 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, 0x0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3513.987523][T21389] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3514.037226][T21401] IPVS: ftp: loaded support on port[0] = 21 02:19:38 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, 0x0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:38 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3514.300504][T21404] IPVS: ftp: loaded support on port[0] = 21 [ 3514.328981][T21412] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:19:38 executing program 3: setrlimit(0xd, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:38 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0xf203000000000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:19:39 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3514.805620][T21425] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:19:39 executing program 1: setrlimit(0xd, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:39 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:39 executing program 1: setrlimit(0xd, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3515.143737][T21425] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:19:39 executing program 0: gettid() futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(0x0) r0 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r0, 0x400, 0x1) fcntl$setown(r0, 0x8, 0x0) execveat(0xffffffffffffffff, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) [ 3515.520202][T21451] IPVS: ftp: loaded support on port[0] = 21 [ 3516.126721][ C0] net_ratelimit: 16 callbacks suppressed [ 3516.126731][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3517.086628][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3517.092482][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3517.098439][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3517.104224][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3517.110154][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3517.115936][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3517.121839][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3517.127661][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:19:41 executing program 5: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:41 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, 0x0, 0x0) 02:19:41 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0xf401000000000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:19:41 executing program 3: setrlimit(0xd, 0x0) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:41 executing program 1: setrlimit(0xd, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:41 executing program 0: gettid() futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(0x0) r0 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r0, 0x400, 0x1) fcntl$setown(r0, 0x8, 0x0) execveat(0xffffffffffffffff, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) 02:19:41 executing program 5: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:41 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, 0x0, 0x0) [ 3517.381457][T21468] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3517.538780][T21470] IPVS: ftp: loaded support on port[0] = 21 02:19:42 executing program 5: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:42 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, 0x0, 0x0) 02:19:42 executing program 5: gettid() futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(0x0) r0 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r0, 0x400, 0x1) fcntl$setown(0xffffffffffffffff, 0x8, 0x0) execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) 02:19:42 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0xf603000000000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:19:42 executing program 5: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:42 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080), 0x0) 02:19:42 executing program 5: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:42 executing program 3: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:42 executing program 1: setrlimit(0xd, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3518.206662][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3518.262418][T21504] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:19:44 executing program 0: socket$kcm(0x29, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000080)=ANY=[], 0x0) r0 = openat$snapshot(0xffffffffffffff9c, 0x0, 0x240000, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000003140)='/dev/audio\x00', 0x4000, 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dsp\x00', 0x80, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000040)={0x0}) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000240)={0x0, 0x0, 0x100, 0x3, 0x8, 0x8}, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, 0x0, &(0x7f00000031c0)) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000280)={r2}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000200), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000000), 0x0, &(0x7f0000000180)={0x0, 0x1c9c380}, 0x8) r3 = getpid() rt_tgsigqueueinfo(r3, r3, 0x16, &(0x7f0000000100)) socket$inet_dccp(0x2, 0x6, 0x0) ptrace(0x10, r3) ptrace$cont(0x20, r3, 0x0, 0x0) 02:19:44 executing program 5: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:44 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080), 0x0) 02:19:44 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:44 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0xf7bc020000000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:19:44 executing program 3: socket$kcm(0x29, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000080)=ANY=[], 0x0) r0 = openat$snapshot(0xffffffffffffff9c, 0x0, 0x240000, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000003140)='/dev/audio\x00', 0x4000, 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dsp\x00', 0x80, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000040)={0x0}) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000240)={0x0, 0x0, 0x100, 0x3, 0x8, 0x8}, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, 0x0, &(0x7f00000031c0)) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000280)={r2}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000200), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000000), 0x0, &(0x7f0000000180)={0x0, 0x1c9c380}, 0x8) r3 = getpid() rt_tgsigqueueinfo(r3, r3, 0x16, &(0x7f0000000100)) socket$inet_dccp(0x2, 0x6, 0x0) ptrace(0x10, r3) ptrace$cont(0x20, r3, 0x0, 0x0) 02:19:44 executing program 3: socket$kcm(0x29, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000080)=ANY=[], 0x0) r0 = openat$snapshot(0xffffffffffffff9c, 0x0, 0x240000, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000003140)='/dev/audio\x00', 0x4000, 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dsp\x00', 0x80, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000040)={0x0}) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000240)={0x0, 0x0, 0x100, 0x3, 0x8, 0x8}, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, 0x0, &(0x7f00000031c0)) ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, &(0x7f0000000280)={r2}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000200), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000000), 0x0, &(0x7f0000000180)={0x0, 0x1c9c380}, 0x8) r3 = getpid() rt_tgsigqueueinfo(r3, r3, 0x16, &(0x7f0000000100)) socket$inet_dccp(0x2, 0x6, 0x0) ptrace(0x10, r3) ptrace$cont(0x20, r3, 0x0, 0x0) [ 3520.262752][T21529] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:19:44 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000380)={0x1c, 0x0, 0x200, 0x70bd2c, 0x0, {}, [@TIPC_NLA_NODE={0x8, 0x6, [@TIPC_NLA_NODE_UP={0x4}]}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:44 executing program 5: gettid() futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(0x0) r0 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r0, 0x400, 0x1) fcntl$setown(r0, 0x8, 0x0) execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) 02:19:44 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:44 executing program 3: gettid() futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(0x0) r0 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r0, 0x400, 0x1) fcntl$setown(r0, 0x8, 0x0) execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) 02:19:44 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080), 0x0) 02:19:45 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000380)={0x1c, 0x0, 0x200, 0x70bd2c, 0x0, {}, [@TIPC_NLA_NODE={0x8, 0x6, [@TIPC_NLA_NODE_UP={0x4}]}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:45 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{0x0}], 0x1) 02:19:45 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000380)={0x1c, 0x0, 0x200, 0x70bd2c, 0x0, {}, [@TIPC_NLA_NODE={0x8, 0x6, [@TIPC_NLA_NODE_UP={0x4}]}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:45 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0xf800000000000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3520.972298][T21569] IPVS: ftp: loaded support on port[0] = 21 [ 3521.065082][T21574] IPVS: ftp: loaded support on port[0] = 21 02:19:45 executing program 0: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:45 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{0x0}], 0x1) [ 3521.110511][T21584] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3521.246610][ C0] net_ratelimit: 9 callbacks suppressed [ 3521.246619][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3521.252350][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3521.264291][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3521.270122][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3521.275979][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3521.281843][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3521.287779][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3521.293577][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:19:45 executing program 0: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3522.366714][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:19:47 executing program 5: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:47 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:47 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{0x0}], 0x1) 02:19:47 executing program 0: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:47 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0xf8bc020000000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:19:47 executing program 3: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:47 executing program 0: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3523.326986][ C0] protocol 88fb is buggy, dev hsr_slave_0 02:19:47 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0xf9bc020000000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:19:47 executing program 5: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:47 executing program 0: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3523.572495][T21630] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:19:48 executing program 2: gettid() futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r0 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r0, 0x400, 0x1) fcntl$setown(r0, 0x8, 0x0) execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) 02:19:48 executing program 5: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:48 executing program 0: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:48 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:48 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(0x0, 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x0) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:19:48 executing program 5: gettid() futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r0 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r0, 0x400, 0x1) fcntl$setown(r0, 0x8, 0x0) execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) 02:19:48 executing program 3: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3524.021177][T21645] IPVS: ftp: loaded support on port[0] = 21 02:19:48 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0xfa01000000000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3524.228043][T21662] IPVS: ftp: loaded support on port[0] = 21 [ 3524.400874][T21670] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3524.473956][T21650] IPVS: ftp: loaded support on port[0] = 21 02:19:49 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0xfa03000000000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:19:49 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(0x0, 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(0xffffffffffffffff, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:19:49 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:49 executing program 3: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3525.121442][T21674] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3525.516375][T21676] IPVS: ftp: loaded support on port[0] = 21 [ 3526.526725][ C0] net_ratelimit: 16 callbacks suppressed [ 3526.526735][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3527.486587][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3527.492475][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3527.498555][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3527.504427][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3527.510372][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3527.516229][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3527.522161][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3527.528743][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3528.606724][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:19:53 executing program 2: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(0x0, 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(0xffffffffffffffff, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:19:53 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0xfabc020000000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:19:53 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:53 executing program 3: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3528.991583][T21705] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3529.083708][T21706] IPVS: ftp: loaded support on port[0] = 21 02:19:53 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(0x0, 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r2, 0x400, 0x0) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:19:53 executing program 2: gettid() futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r0 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r0, 0x400, 0x1) fcntl$setown(r0, 0x8, 0x0) execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) 02:19:53 executing program 5: gettid() futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, 0x0, 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r0 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r0, 0x400, 0x1) fcntl$setown(r0, 0x8, 0x0) execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) 02:19:53 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0xfbbc020000000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3529.434028][T21713] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3529.594517][T21722] IPVS: ftp: loaded support on port[0] = 21 [ 3529.661238][T21719] IPVS: ftp: loaded support on port[0] = 21 02:19:54 executing program 3: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(0x0, 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r2, 0x400, 0x0) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:19:54 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:54 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0xfc03000000000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:19:54 executing program 3: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(0x0, 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r2, 0x400, 0x0) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:19:54 executing program 5: gettid() futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, 0x0, 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r0 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r0, 0x400, 0x1) fcntl$setown(r0, 0x8, 0x0) execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) 02:19:54 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:54 executing program 2: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3530.279890][T21743] IPVS: ftp: loaded support on port[0] = 21 02:19:54 executing program 3: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(0x0, 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(0xffffffffffffffff, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) [ 3530.362601][T21741] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3530.395956][T21747] IPVS: ftp: loaded support on port[0] = 21 [ 3530.683932][T21768] IPVS: ftp: loaded support on port[0] = 21 [ 3531.646568][ C0] net_ratelimit: 9 callbacks suppressed [ 3531.646577][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3531.658079][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3531.663960][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3531.669826][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3531.675707][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3531.681558][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3531.687483][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3531.693285][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3532.766710][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:19:57 executing program 0: mknod$loop(&(0x7f0000000080)='./file0\x00', 0x0, 0xffffffffffffffff) openat$fuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x20000000, &(0x7f0000000240)='./file0\x00', 0x0, 0x7a00, &(0x7f00000001c0)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) 02:19:57 executing program 2: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:57 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0xfcbc020000000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:19:57 executing program 3: gettid() futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r0 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r0, 0x400, 0x1) fcntl$setown(r0, 0x8, 0x0) execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) 02:19:57 executing program 5: gettid() futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r0 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r0, 0x400, 0x1) fcntl$setown(r0, 0x8, 0x0) execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) 02:19:57 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:57 executing program 2: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:57 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3532.989170][T21778] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3533.028053][T21790] IPVS: ftp: loaded support on port[0] = 21 02:19:57 executing program 0: socketpair$unix(0x1, 0x100000000005, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x89f0, &(0x7f0000000080)={'bridge0\x00\x0f\x00', &(0x7f0000000000)=@ethtool_ringparam={0x8}}) 02:19:57 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:57 executing program 3: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) futex(0x0, 0x85, 0x0, 0x0, 0x0, 0xfffffffffffffffc) 02:19:57 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3533.284514][T21810] futex_wake_op: syz-executor.3 tries to shift op by -1; fix this program 02:19:57 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0xfdbc020000000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3533.332552][T21810] futex_wake_op: syz-executor.3 tries to shift op by -1; fix this program 02:19:57 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f00005fafd2)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) dup2(r1, r0) r2 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r2, &(0x7f0000000180)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast2}, 0x4}}, 0x26) syz_open_dev$usbmon(0x0, 0x0, 0x0) 02:19:57 executing program 3: rt_sigprocmask(0x0, &(0x7f0000000000)={0xfffffffffffffffe}, 0x0, 0x8) setrlimit(0x1, &(0x7f0000000100)) r0 = creat(&(0x7f00000000c0)='./file1\x00', 0x0) write(r0, &(0x7f00000006c0)="88", 0x1) 02:19:57 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3533.613832][T21826] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:19:58 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/pid_for_children\x00') 02:19:58 executing program 0: r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fallocate(r0, 0x3, 0x0, 0x8020007) [ 3533.726596][ C0] protocol 88fb is buggy, dev hsr_slave_0 02:19:58 executing program 2: mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='tmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000100)='./file0\x00') mkdir(&(0x7f0000000480)='./file0\x00', 0x0) poll(0x0, 0x0, 0x0) rmdir(&(0x7f0000000340)='./file0\x00') 02:19:58 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c0000000007010205000000000000000f0000000800010006000000"], 0x1c}}, 0x0) 02:19:58 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:58 executing program 0: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)) 02:19:58 executing program 5: bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x8, 0x3, &(0x7f0000000040)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x8, 0x27}}, &(0x7f0000000240)='GPL\x00\x83\xff\x13\x0f_\xb0\x0e][dC/\xa6\xbb)p\xc5\xa6$\x1e\x8d\xef\xd6S>*\xe1\x06\xbee\\lRcI!l0\xbb\x1f\x80\xfbE\x0e\xc0\xd5\xbe', 0x1, 0x99, &(0x7f0000000440)=""/153}, 0x48) [ 3533.847861][T21826] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:19:58 executing program 3: r0 = socket(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'bridge0\x00', &(0x7f0000000180)=ANY=[@ANYBLOB="17"]}) 02:19:58 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0xfe03000000000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:19:58 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:58 executing program 2: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) ioctl$VIDIOC_S_AUDIO(0xffffffffffffffff, 0x40345622, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000340)='TIPCv2\x00') close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:58 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=@setneightbl={0x28, 0x43, 0x301, 0x0, 0x0, {}, [@NDTA_NAME={0x14, 0x1, 'em0lo/-//).Q\x00'}]}, 0x28}}, 0x0) 02:19:58 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000680)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6100) ftruncate(r1, 0x10001) r2 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x800) sendfile(r1, r2, &(0x7f0000d83ff8), 0x8000fffffffe) creat(&(0x7f0000000040)='./bus\x00', 0x0) 02:19:58 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:19:58 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/dev_mcast\x00') sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=ANY=[]}, 0x0) preadv(r0, &(0x7f00000017c0), 0x1fe, 0x400000000000) [ 3534.458624][T21873] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:19:58 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x10, 0x2, 0x0) sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000440)="24000000190007041dfffd946f6105000a001000fe02000000000800030006000400ff7e", 0x24}], 0x1}, 0x0) [ 3534.571692][ T26] audit: type=1804 audit(1552529998.985:118): pid=21881 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/file0/root/syzkaller-testdir806562445/syzkaller.X8L5Tv/5025/bus" dev="sda1" ino=18817 res=1 02:19:59 executing program 5: setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000100)='rose0\x00', 0x10) r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x1000000000000000, 0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f00000003c0)={{{@in6=@loopback, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast1}, 0x0, @in6=@empty}}, 0x0) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x8894) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, 0x0) stat(&(0x7f0000000000)='./file0\x00', 0x0) fchown(r0, r1, 0x0) prctl$PR_SET_FP_MODE(0x2d, 0x0) r2 = perf_event_open$cgroup(0x0, 0xffffffffffffff9c, 0xffffffffffffffff, 0xffffffffffffff9c, 0x1) socket$nl_generic(0x10, 0x3, 0x10) write$binfmt_elf64(r2, &(0x7f0000000300)=ANY=[], 0x0) ioctl$GIO_UNISCRNMAP(0xffffffffffffffff, 0x4b69, 0x0) r3 = accept(0xffffffffffffffff, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = accept4$inet(0xffffffffffffffff, 0x0, &(0x7f0000000680), 0x800) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) bind$bt_rfcomm(0xffffffffffffffff, &(0x7f00000006c0)={0x1f, {0x10001}, 0x8b}, 0xa) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSIFDSTADDR(r3, 0x8918, &(0x7f00000000c0)={'ip_vti0\x00', {0x2, 0x4e21, @rand_addr=0x1}}) setitimer(0x1, &(0x7f0000000180)={{}, {0x0, 0x2710}}, 0x0) ioctl$sock_FIOGETOWN(r4, 0x8903, &(0x7f0000000140)=0x0) fcntl$setown(r5, 0x8, r6) r7 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r7, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r7, 0x0, 0x0, 0x400200007fe, &(0x7f00000002c0)={0x2, 0x10084e23, @local}, 0x10) write$binfmt_elf64(r7, &(0x7f00000016c0)=ANY=[@ANYRES64, @ANYRESDEC, @ANYRES16], 0xffffffe6) setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x0) [ 3534.783129][ T26] audit: type=1804 audit(1552529999.065:119): pid=21890 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/file0/root/syzkaller-testdir806562445/syzkaller.X8L5Tv/5025/bus" dev="sda1" ino=18817 res=1 02:19:59 executing program 0: ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000380)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000400)='devtmpfs\x00', 0x0, 0x0) munmap(&(0x7f0000551000/0x4000)=nil, 0x4000) chdir(&(0x7f0000000140)='./file0\x00') getpgrp(0x0) lstat(0x0, 0x0) r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) ptrace$poke(0x5, 0x0, 0x0, 0x0) write$eventfd(r0, &(0x7f0000000280), 0xa68c4f8f) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0) [ 3534.884458][ T26] audit: type=1804 audit(1552529999.065:120): pid=21890 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/file0/root/syzkaller-testdir806562445/syzkaller.X8L5Tv/5025/bus" dev="sda1" ino=18817 res=1 [ 3534.918726][T21888] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 3534.948915][T21877] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:19:59 executing program 2: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) ioctl$VIDIOC_S_AUDIO(0xffffffffffffffff, 0x40345622, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000340)='TIPCv2\x00') close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3534.984283][ T26] audit: type=1804 audit(1552529999.065:121): pid=21890 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/file0/root/syzkaller-testdir806562445/syzkaller.X8L5Tv/5025/bus" dev="sda1" ino=18817 res=1 [ 3535.090961][ T26] audit: type=1804 audit(1552529999.135:122): pid=21881 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/file0/root/syzkaller-testdir806562445/syzkaller.X8L5Tv/5025/bus" dev="sda1" ino=18817 res=1 02:19:59 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0xfebc020000000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3535.166151][T21899] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. 02:19:59 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioprio_set$pid(0x3, 0x0, 0x0) r0 = socket(0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) bind$packet(0xffffffffffffffff, 0x0, 0x0) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(0xffffffffffffffff, 0x0, 0x0) sendmmsg(r0, 0x0, 0x0, 0x0) 02:19:59 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3535.470009][T21912] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:19:59 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:00 executing program 2: getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffff9c, 0x84, 0x76, &(0x7f0000000140), 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) ioctl$VIDIOC_S_AUDIO(0xffffffffffffffff, 0x40345622, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000340)='TIPCv2\x00') close(r0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:00 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:00 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000440)={0x26, 'aead\x00', 0x0, 0x0, 'morus640-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r1 = accept$alg(r0, 0x0, 0x0) getgroups(0x0, 0x0) sendmsg$alg(r1, &(0x7f0000001380)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x200}], 0x30}, 0x0) write$binfmt_script(r1, &(0x7f0000000300)=ANY=[], 0xffffffaa) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmmsg(r1, &(0x7f0000004ec0)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000000)=""/84, 0x54}, {&(0x7f0000000200)=""/98, 0x62}, {&(0x7f0000000280)=""/112, 0xfd80}, {&(0x7f0000000340)=""/249, 0x20000439}], 0x4}}], 0x1, 0x0, 0x0) 02:20:00 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0xa, &(0x7f00000000c0)=0xfff, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007f9, &(0x7f0000000080)={0x2, 0x200000004e23, @loopback}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000100), 0x4) sendto(r0, &(0x7f0000000280)="862e2f66792f889eff93bedf6dc14fbb5a2b270209382521cf00bd5dd192f45ebb2d3656aa7d2db118c1c5a23f3a048d3eb30f0822434274f4b162e1474c3914fb732bdca1055334420dcab57de08c17959534b91556dbbd89f09ab0dcf026e395133d98bfcefb71ade9b5bc3504247948cead01382cfd9cba102d4bedbb0b2ba22bd411c8c4f6be2e8823e353e1042674ca22cc9417c8b3d08e4e2d5b9637022963ce5fc28072dbab19ec0e569fa1c0c3a4e9337423dfee462a64fa0752ab0db772f78af4bb11a7fbef321f6b2e9b64de572eac1dc2c2aa3ba98c3c0f455b211c00c1393d660ed41470aa789655f8a6f785f30b077a467eadbc34af99dd8ba4030f792f80f341419fb005806debc35c70dfa5b41b45923da7efbbeda51003af18201b882a657459962342fe18a68e1587434451500f358b1234889cb683b8050a2b1d222e209e68b7748863854419ff3815c8ea99574a7e5049ba18714e7197a136bf39d95ffa39fa2824a1ab51a447abfe7bbee785a65378e9a90960272ff919cf9db83de033949e63e3cf34db98901f1a9c9ba12f4e1e38a609830baf4d6b188408305600e32bbdc4fcf86f67df43c6a84f7abe5e7408932206116c02b63f4ad51e1c3e3f7a2f04f7f92fd3a3b200280b00243d142033522214ed5f025cbc8164cd9781388d0ef067de46c756f272ea611209d74ee770f073615965307e3fa5a7469cb5a68eef95fb036b7767360e2299fd3d67a850089c533244a5a94941a52a1097284be1da86d3c9169cfb6a17384f8983fc0237d35cf1ca19084dda4e1d3cbd0520fd7a45be921c49460ce366847f812ac53693bc85d75c40a1c2a19f2e677b421921f549110f2827d9c10acbc3c939c971fe80ca39b786f634a0b05f74e155253c1437bf143e8ce84365b46ead29d7bffc7f55274601452a1c6ef093044af63da0f464902b025c866498c7e3004d3d1e8731bd6d1b5774d8e8954a745604400f49b9d022f249de3c15907bff0ef7d757483cdc353f3143e7ebdece542cfc1dc8e933d24ebb760567cf6429d186a43162af49eb5e9d3e943addff581bd5b9c0d589492a938add82b8f806f141e38edbbbc09494d419f9f60bbd2374ed801923f2f8784f4cf8ce729e73410e2899d4d62d59ebf51d831210d85cf71c8617f989c6e90bd74c44076a606f01f4d1d31148c47f667c2702f242b526d1b0e775feaf021d0678326c8a58c92b651e117fd31c9687ac5e9d39cdfcce38dd7122ebde51632fe55817ee7cb59f9cc2b637a3b932a63571a049f39cda426cfc6abf9aca4c06df9ae80d9cce64ca6f356e28a9cd348f94ea73b4d9e61bcdd5d52f6919c086167d816bb79640f8202a8ddcf573d2c22894ef0c480b9b523f63458a95ceabb014387bd07a98220177c3836fed6ec898bef837510bf5c5fa11171ccf42558ed487639274a822993604a2bc421fc425347e33fe52beb590efeebaaf463b1702ab19fa3ac399cc1328c9ae70239df9803d600618aca26e0cbbd1a0cffe8f8c676c5866e6f9e5846259d82e4e6a07e82a036015d17bc7c0a560cf91ed4099791aaefd6a0e551123065eba1d5ce0d280733c16aa6e0f14869fcffe7375a7c43c906b45e26886e47102e499c9a2f4a97275624e6666b9b409b896bded7610d47460be53a3afb75fdc10e5204f5062ef3e1cf5113c72566de4f80f068c10d59c90250f4eb08a3485c3020ef48fdfa0f332528af815fd4ca56f1c362cc1daed51d7c9f8fe3dcbae2186978396a418b437bea66bac938da3177bdd4d1de6b3177438650538b25cc77d0e514c5ea9df00d08f93ad5bb92000900097721f99ed31982405347d380420440894cd057e35ae5533ee5af356d76f03cb0ffb13a87dc4509a17492794d967681974748a36caa08434bec91ba252449624199c36d7876a3fc0a8008daa406405a5435e58d6822f242855d56e92ffe36f0a1a111bdd914a60eca465358ffabb07e2f83d423f819d409913bec430d7850af781db4090e6290ca2fb3c4b593db3fdbc731905bfe148e4e5bc253eb920d7b9521fc50cf20037d8eeed1e1317b4a5c3f73dc23a6bab225470adbc96fb0f276e52c0d046d100018cd284b6b9de6e153a2124bbd3ef7711900b0a702d70de15a2bd61daef920fd74e020aac4a477c9a40e5e0a8bc5354dcc1416df59a232510a163291f2133d9481a9016aa2add24d896d1f9b89cad76e3a56ae62ec96d454c2cdf5bd3304a08ca7d01e302926f27510826cc87be97186a331832d5415ee6e55c2e13858ba7050cf61308462cae16fa67305b1d3ef219a72f65f527338cfcff1a95943118071dbe4626d36fd0a95698b08333e3c08b012f44e129056c4d3c9c29139ecade113e112aa8056b24ab2abd0a6c5059098ffbed1136a65c511cd40574a31c43abf2ff7bc2fe93ba904c0f31fbbfb0d9e369d2d3b74b2a04c88226c92b63c63b35b013705ee4dbf29eff81f4987137599ae9c6a9740134d31c2098221ef3b7e2a94aff4b85f0c95d14dc273df1b2a3822a3ff5fe156af71ce9bd9ee97f39f4e634cd28f16de650bca52458aad4a4711eae00d4cc7b6d1b0fc02829ca47b2072679779ac8ba6f62e56c941b66d3c463f17848ff4089236c909620133ecde673ea6e72af8ca3981e6a889e2664f3ae7a712f6ba8d59c89c064ff4daea7fbfea37bb72c23b2cb3499725f37ac4108ae6399b04db672f13581c7c5a8195964c07e478c3d5051c95b2b519946b5a5b59e882900a8b2c245e972210d76f0c0e12309863091fa3aadba3634069280d9aab701751a2e2223a317d4024c8f307f3c15d0cbb774b333bf5cb15f93c33d2eac24a0097bb64d540971a2a02376858ceb1a4c78ea8012d24c6f3e7f2c5ad495de910cbda18a93e4304216071734b4e08f1078af752a76cded03890b339e6361e1bcfb2f51dfef7d611ba2e7b7b54cc6fd9575b8f0ae02619e0023d4ed2e3d63eb6c6edb15f0892ad3c4df8f564aa9be24359f528487204d4294d0b6d812ba5324ad8e303ec24f70cd108eb88daeaec8c81dcd9ba509b3c266b234eb4124254578f4b63f282e0fc91db26263dfa584d920638293e4b9183373d5381336ecfa227f31473ddfa4a88369fb306cb07f2b12d3c92314d005b4a9d64e2f9ed0247158f13d4147794a3829a0a2e16ac002929a6f3fe91a7d37ec684a7787a5aba328e0026ff89157b8a3f815e9611eadd05f67424aee7e1ab9c878fc0fddc74c4d348ff83c735607e56d2408f2cb909c005f4839fbd5b8b0a10655e2c4fca6542765af9f3fea5b1848fd2e181807528d5a688ec4a7f730df644f4e613d0e41e639a9e53834ee0fa1b6577663d3d340f585515b57a34f1725153b0e1b9d21f36c7d889b70c7b7c992798635b83ab0ba7476fc3a8c1993c2fd66b3bd571dcd34dde658836c3a3b7c9c7ad62e2f81c1f4136bee6df8801b30b7c2f7c9388098cff7fb0b589e8355fadce3faa157df66cf34492bc708f31bb6b08e304b1c8766b90bd6e31fc04d3b537f79db513297b22fec7fcc6c5694b8f9739dfc045d391541a26d449a49d2d9996833aade9ecb3e4c4dc4fc8ca081b784cea7096d53403afa6463751505ca74ee27cd7b0d616e31ea3d3c0e15b301c3a4e801201bdf3f26d1221dda0aff3a70f0e6d2c5aa6db6c6493684a6a2c4700ba1d0cc7bbc8aca789b15ca8814b365b072e72db859bf04de31b76bc594ff85add990b488a4e6a152ff9bc91b30ed6361f1a2b8f96c5131a53927215e18ace8772cf4084773394146e459d7d8ddf68848e5a2ede315d8fa0484e92aac5618e1f22c2a9edb752e5356af2250cfdada665b302040eccb8e1710ee19a1b9308d3dd6da82fc313d3528963ee1ee9d4f7597235a7800fffd5caa40f467ba9fab3c8ee8e15c323b42036782f45312c445610dd4e02783661ab7c09df5e6274664fecb66be5380661db3d6df743947e77cbde8bf9629762b736984adea7a907648df29de44f4dc76525c910d010fae940053f5493cee202bc0bec0aae7d4b5b74a4ae855ed28d33b0f21f45b72ec5e65a911bd02635974c490a5ece8266c7532cb5fa1e4cb2bb0a6b5689ccb2a7fecfbbdd173dcb4bffdd89196b131ee00fa11552bc31c1192a80ddc304dd8fa608dd0fe5896449075f1375f8c4193d33ec1669c85edb9284af23b4553e63bebbd920fe58b07f193e282153f4802944b3573ac267e297e80465c4f0868b00a7c6ca23c2af7440768540932ea78e6e20bb5dd292968095a21c02cbd561b29de1edabf3d0ce5780a845b33616bc3c55b955f4180bcc57c3d8ba21f4c9e9a4f8f94f0f27fe5e854c642a24d22befd1aa513be640fef70d99e702559c248fbcf3db8c15eb036951a7c5dbecf2da9e90ec0f980db1beb940beebddaeb2588fad3024c541850011c2382bd20d2b1d9da5f40a937e9eb052bc842d00a63e118d1dfe64d89e18a3795d38f0b99a7be08239a8709678e02afbf9417c4b6e019b8d1bd83540bda0511909bb302e457537b92f7970e7f062f956f6338145df1aec22a04dca89ec7d519013560a156034bfb4a3117f35682270f6a38e181486b26fbe09b012f1551a39a89df1a213940c9a0390ee9329dcabae9126f71fb719b7d6b2bbeca3be28dbb1fb2b1effc0ea441955120aec848871655eed8a4342337a890bf1a757de62e1c5a2321ad5ecc8feadab6aa3ea936aa220d23bf2f493fd48b58e6945887025bb484869433177024571ef33cc4a4726009ecc57efbd990f91131106b02130c45207df969eb16404005dc4997c8e8749b7d4fcd83e1d63d87f064b0b9d47af01e66a9eeeb5f6b4736d74a9c7eca61deff296a60741883e710f91a99309b96b7fc8e55a408d105e5e1a0d7787ba55809c3244ffae589dbd52066746fee69846ce4b04152", 0xda8, 0x0, 0x0, 0x0) write$binfmt_aout(r0, &(0x7f0000001280)={{}, "", [[], [], []]}, 0x320) recvmsg(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x1000}], 0x1}, 0x400100) 02:20:00 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, 0x0, 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:00 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioprio_set$pid(0x3, 0x0, 0x0) r0 = socket(0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) bind$packet(0xffffffffffffffff, 0x0, 0x0) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(0xffffffffffffffff, 0x0, 0x0) sendmmsg(r0, 0x0, 0x0, 0x0) 02:20:00 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0xfeff000000000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:00 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x334, 0x0, 0x0, 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000480)={"a523fb9656eb871ffcd7ffeb51d84e738a55eba841ae487e33cdd921e8a51ce6c924020f0ac3562dd8cdeb31deac16f46da4ac16ee8165bce439fddce671c5b0a1103ea3f86a43cbb78504f6f9c77c2f09dc27632ec6036ee52a87e321e707c0cfe15576c26d52d0334c8d4693e127b3a046a5ed7796c9c5017cfd58ec871ed76369846fea9ebfa2f7f96496abf4ef57ed1ecd930eb9e13396875f01e972804ffe8a34c8fbedd97cdfb3176ec59fbbfd20a6ff17795431c3908530e4f5f703480a5211cc6a7e2084e4a9b6aedf60b7b8084b00ca2cbed255b4cc4679c967432fea5e95119f9635e94794aab6ef54f290677fa08d0ee2cc8eae468efd02417055d3f3ccc86b629dfb878c4d115c16c75fe352cffa93648cf49577256b5d2faf0634335c97ffff966ae90cbf81250df3613c25d2789c869c9cc95a6e9d364c4c684059c593f9950e66cf81cd9f36d73fade4f0cbb795010364d13ff32c12efd91d0ebb6533700945f2db6113a630bd521eec89a74c46e1733b72d6e4d2ccee3b40f99809a9a4fb5fc2d1c53100ab56b2556b55c1a0c5787356b464c3bf701154f54ef487a6d4420d46d69a74ee5bbfc4b0d6cb00aae8c3dfd6dd2e9f76d7a542f20553207b668dce69f1b463ee9166e81bb109f461b8885f15c9c473746f602616673b3345612158114780b9409ea856cb724faa6ed27ba836b35c10e7c7d43f2fa34f98f16a00f31565e16a213eaf4a7f438c89733ebe6d16328b930fd942bc64d631dd1f2aa1cc2ccdaff2324076c83e1ba4d2a0e40e010c96b42e7a4a76cd7a89ef592b9b3030f62d9fbd565ee5908ab9a1fd620b61e5d1e08621a31d21003cd12a450461636472fa64a7e1b98778bfb482fb4b4da31b42ee98b10f9c0f4c085d082f3af81959c3db74f72a0ab844fcbfa224842c81f6cdfd25829c44760e3859624f891df4824f7d17938ac2def6721639176fad9512ee9b4c5de1412cf3083e1d5ee2d29b63267ccba535409da7bef05d3fa79a3ef037ee609e01ad345ee17f48b5e8510f767de30b4540e3d7305e7ed88866c6b01fe345107ba7191a8809e2e014492acf9c4f35cad664198a65c55f884490f4b30b4526324be842c393f336f16bea2bf6c6b917fdb751e12ff689ab4ffa44625a8b2bc1de4e88682abe5ce9d1942792747681ad23c31046d825140987f19a9cf10323c3f50a20f35a6d1dd8ca6758296b4537a0da1a853011b777623c8774b3689897cf9264a7782470847f36a8093faee04114663438ab39d8a777fb3e10cb4a2402a939a98d387087c5ca5fd8fbc4d96ae698b5bb843e623a033eb5b1889ccfb4b95885bc69d4c1cb819b95e7923e557c9ec9ec10e94d1e12c2a9bd226fa095036f6cfc04c414fc57fc72c120614a586089c93741e97ae1c46600"}) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000000)=0xefff) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@text64={0x40, &(0x7f0000000100)="460f300f07c483614804ee08440f20c03506000000440f22c0c402f93473230f09f20f013cb9b805000000b9c00000000f01d90fc728c4c1f9e79f2e000000", 0x3f}], 0x1, 0x0, 0x0, 0x0) ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000080)=0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(0xffffffffffffffff, 0xc1105511, &(0x7f00000002c0)={{0x9, 0x7, 0x401, 0xe26, 'syz0\x00', 0x40}, 0x4, 0x14, 0x8474, r3, 0x0, 0x0, 'syz1\x00', 0x0, 0x0, [], [0xc8fe, 0x8, 0x5, 0x5]}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r1, 0x40106614, &(0x7f0000000140)={0x0, @speck128}) 02:20:00 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, 0x0, 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:00 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, 0x0, 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3536.376667][T21962] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:01 executing program 5: sched_setaffinity(0x0, 0x179, &(0x7f0000000140)=0x5) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000005c0)={0x0, 0x0}, 0x10) clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) lstat(&(0x7f0000000600)='./file0/file0\x00', 0x0) stat(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000280)='net/tcp\x00') r2 = socket(0x2, 0x1, 0x0) getsockopt$inet_mreqn(r0, 0x0, 0x24, &(0x7f0000000700)={@local}, &(0x7f0000000740)=0xc) sendmsg$nl_route_sched(r2, 0x0, 0x4) sendfile(r1, r1, &(0x7f0000000000)=0x12f, 0x4) fstat(r1, 0x0) 02:20:01 executing program 2: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000380)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000340)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r1, 0x0, 0x0) 02:20:01 executing program 3: syz_init_net_socket$netrom(0x6, 0x5, 0x0) socketpair$unix(0x1, 0x1000000000000005, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clone(0x20002102009fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) add_key$keyring(&(0x7f0000000140)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd) request_key(&(0x7f00000000c0)='user\x00', &(0x7f0000000080)={'syz'}, &(0x7f00000003c0)='\xd1?\xf3\xd7v\xdc\xf2\x05\x11\x1c\x87B\xbd\xeb\xc9\xf7e`\xa7(g\xc3\xd2\xe7\x11\xc9\xf3\x88\x00\x00\x00\xd0\x11\xf6[j_\x80\xc8\xe0`&\xb5\xe9\xe4e\xe3\xa5b\x9a\xc0\xa3N\xc0\xc2\x97\xb1X\x8dgO|\xce\xc6@\x9a\x18\x9ao\x80\xe9\xc9\xc1Zu0\xd9\"\xa7\xec\x90\x1b\v\xe2\xc6\xc0\au\x99G\xbe\xae\x8fy\xd2\xd4\xae1\x82\"Sf\x98}\xb9J\xa5\x8b~\xf3{\xcb\xe9_\xdc\xc9\xa9\x1dA\xcb\xc4%:\xe7\xf7J\xfe.\xa9\x18v\xaf\x94\v\xfa_\xc1T\xdd\xd9Pu\xca\xc5\x80\x8d\xb6n\x8f\xd9\xe0=Gg\xc0\"\xcfHK\xfb\x12\x9c\x1e\x92\xc2\x0f|!\x13\xa7i5\xab\x8c\xf8\xf5~)\xe2\xbd\x8b\x8a\xc3)w\xf3d\x9c|X\xcf]\x87\xd5\x1d\x13\xcd!1>\x00\xa3N\xa91\xb1xuP\x8d\xaf\xb9}xw\'CkQ\x86\xcdC\xe4y\x1a\x8d\x04W\xc92\x0f\xd1\xff\xb9\x9f\\\x13\x15=[\x035\xeca\x8aQ\x81\xcax\xfc0\xd0\xa1qj\xb2\x9cb;\x02\xda\xf6R\x9b\xb3]\x19\xf6\x96\x19\x91\"ZP\xe8\x97\xf7\xc8', 0x0) 02:20:01 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x8, 0x3, &(0x7f0000000040)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x8, 0x27}}, &(0x7f0000000240)='GPL\x00\x83\xff\x13\x0f_\xb0\x0e][dC/\xa6\xbb)p\xc5\xa6$\x1e\x8d\xef\xd6S>*\xe1\x06\xbee\\lRcI!l0\xbb\x1f\x80\xfbE\x0e\xc0\xd5\xbe', 0x1, 0x99, &(0x7f0000000440)=""/153}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="c06cc94d33da78b736d279ea2884", 0x0, 0x6}, 0x28) [ 3536.929671][ C0] net_ratelimit: 16 callbacks suppressed [ 3536.929702][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:20:01 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0xd}, 0x1c) sendmmsg(r0, &(0x7f00000002c0), 0x400000000000018, 0xe) 02:20:01 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0xfeffffff00000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:01 executing program 2: getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000300)={{{@in=@dev, @in=@initdev}}, {{@in6}, 0x0, @in6=@dev}}, 0x0) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) socket$inet(0x2, 0x3, 0x1) setsockopt$inet_mreqn(r2, 0x0, 0x20, &(0x7f00000000c0)={@rand_addr, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x14) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) write$FUSE_INIT(r0, &(0x7f0000000200)={0x50, 0x0, 0x0, {0x7, 0x1c, 0x0, 0x40, 0x0, 0x0, 0x0, 0xffffffffffffff91}}, 0x50) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IP6T_SO_GET_REVISION_TARGET(r1, 0x29, 0x45, &(0x7f0000000140)={'ah\x00'}, 0x0) getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setitimer(0x1, 0x0, 0x0) splice(r0, 0x0, r2, 0x0, 0x100000000, 0xc) 02:20:01 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, 0x15, 0x5, 0x0, 0x0, {0x1}, [@typed={0x8, 0x1, @fd}]}, 0x1c}}, 0x0) 02:20:01 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:01 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x0) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3537.342521][T22006] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:01 executing program 5: 02:20:02 executing program 5: [ 3537.660752][T22017] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:02 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0xd}, 0x1c) sendmmsg(r0, &(0x7f00000002c0), 0x400000000000018, 0xe) 02:20:02 executing program 5: 02:20:02 executing program 5: [ 3537.888871][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3537.896528][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3537.903765][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3537.909748][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3537.917156][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3537.923971][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3537.933142][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3537.940155][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:20:02 executing program 5: 02:20:02 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0xff0f000000000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:02 executing program 5: r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8040, 0x0) clock_gettime(0x0, 0x0) fcntl$setlease(r0, 0x400, 0x0) rt_sigprocmask(0x0, &(0x7f0000032ff8)={0xfffffffffffffffe}, 0x0, 0x8) ioctl$sock_inet_SIOCDELRT(0xffffffffffffffff, 0x890c, 0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) rt_sigtimedwait(&(0x7f00005a1000)={0xffffffffffeffffd}, 0x0, 0x0, 0x8) truncate(&(0x7f00000000c0)='./file0\x00', 0x0) fcntl$setlease(r0, 0x400, 0x2) [ 3538.243372][T22042] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:02 executing program 2: 02:20:02 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:02 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x0) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:02 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0xd}, 0x1c) sendmmsg(r0, &(0x7f00000002c0), 0x400000000000018, 0xe) 02:20:03 executing program 2: 02:20:03 executing program 5: 02:20:03 executing program 0: 02:20:03 executing program 2: 02:20:03 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0xff7f000000000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:03 executing program 2: 02:20:03 executing program 5: 02:20:03 executing program 0: 02:20:03 executing program 5: [ 3538.962952][T22072] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3539.006810][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3539.199871][T22079] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:03 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:03 executing program 2: 02:20:03 executing program 0: 02:20:03 executing program 5: 02:20:03 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0xffbc020000000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:03 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x0) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:03 executing program 0: 02:20:03 executing program 2: 02:20:03 executing program 5: [ 3539.512560][T22084] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:04 executing program 5: 02:20:04 executing program 0: 02:20:04 executing program 2: [ 3539.809471][T22092] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:04 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:04 executing program 5: 02:20:04 executing program 0: 02:20:04 executing program 2: 02:20:04 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0xffff030000000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:04 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:04 executing program 5: 02:20:04 executing program 2: 02:20:04 executing program 0: [ 3540.421637][T22120] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:04 executing program 5: 02:20:04 executing program 0: 02:20:05 executing program 2: 02:20:05 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:05 executing program 2: 02:20:05 executing program 0: 02:20:05 executing program 5: 02:20:05 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0xffffff7f00000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:05 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:05 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:05 executing program 0: 02:20:05 executing program 5: [ 3541.295008][T22140] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:05 executing program 2: 02:20:05 executing program 0: 02:20:05 executing program 5: [ 3542.046649][ C0] net_ratelimit: 9 callbacks suppressed [ 3542.046656][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3542.058166][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3542.063981][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3542.069790][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3542.075634][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3542.081463][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3542.087343][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3542.093121][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:20:06 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:06 executing program 2: 02:20:06 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0xffffffff00000000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:06 executing program 0: 02:20:06 executing program 5: 02:20:06 executing program 0: 02:20:06 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, 0x0, 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:06 executing program 5: 02:20:06 executing program 2: [ 3542.269366][T22172] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:06 executing program 2: 02:20:06 executing program 0: sched_setaffinity(0x0, 0x179, &(0x7f0000000140)=0x5) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) symlink(&(0x7f0000000400)='./file0\x00', &(0x7f0000000080)='./file0\x00') setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000005c0)={0x0, 0x0}, 0x10) fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x0) setxattr$security_smack_entry(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) lstat(&(0x7f0000000600)='./file0/file0\x00', 0x0) stat(0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000280)='net/tcp\x00') r2 = socket(0x2, 0x1, 0x0) listen(r2, 0x0) getsockopt$inet_mreqn(r0, 0x0, 0x24, &(0x7f0000000700)={@local}, &(0x7f0000000740)=0xc) sendfile(r1, r1, &(0x7f0000000000)=0x12f, 0x4) 02:20:06 executing program 5: 02:20:07 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:07 executing program 2: 02:20:07 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='m\x01\x04\x00\x00\x00\x00\x00\x00ap.cub`=\xd7\xbd\xd7', 0x0, 0x0) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000340)={0x525, 0x7, 0x1000}, 0x4) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='cpuacct.usage_user\x00', 0x0, 0x0) setsockopt$netlink_NETLINK_NO_ENOBUFS(r3, 0x10e, 0x5, &(0x7f0000000200)=0x2, 0x4) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_LAPIC(r3, 0x4400ae8f, &(0x7f0000000480)={"a523fb9656eb871ffcd7ffeb51d84e738a55eba841ae487e33cdd921e8a51ce6c924020f0ac3562dd8cdeb31deac16f46da4ac16ee8165bce439fddce671c5b0a1103ea3f86a43cbb78504f6f9c77c2f09dc27632ec6036ee52a87e321e707c0cfe15576c26d52d0334c8d4693e127b3a046a5ed7796c9c5017cfd58ec871ed76369846fea9ebfa2f7f96496abf4ef57ed1ecd930eb9e13396875f01e972804ffe8a34c8fbedd97cdfb3176ec59fbbfd20a6ff17795431c3908530e4f5f703480a5211cc6a7e2084e4a9b6aedf60b7b8084b00ca2cbed255b4cc4679c967432fea5e95119f9635e94794aab6ef54f290677fa08d0ee2cc8eae468efd02417055d3f3ccc86b629dfb878c4d115c16c75fe352cffa93648cf49577256b5d2faf0634335c97ffff966ae90cbf81250df3613c25d2789c869c9cc95a6e9d364c4c684059c593f9950e66cf81cd9f36d73fade4f0cbb795010364d13ff32c12efd91d0ebb6533700945f2db6113a630bd521eec89a74c46e1733b72d6e4d2ccee3b40f99809a9a4fb5fc2d1c53100ab56b2556b55c1a0c5787356b464c3bf701154f54ef487a6d4420d46d69a74ee5bbfc4b0d6cb00aae8c3dfd6dd2e9f76d7a542f20553207b668dce69f1b463ee9166e81bb109f461b8885f15c9c473746f602616673b3345612158114780b9409ea856cb724faa6ed27ba836b35c10e7c7d43f2fa34f98f16a00f31565e16a213eaf4a7f438c89733ebe6d16328b930fd942bc64d631dd1f2aa1cc2ccdaff2324076c83e1ba4d2a0e40e010c96b42e7a4a76cd7a89ef592b9b3030f62d9fbd565ee5908ab9a1fd620b61e5d1e08621a31d21003cd12a450461636472fa64a7e1b98778bfb482fb4b4da31b42ee98b10f9c0f4c085d082f3af81959c3db74f72a0ab844fcbfa224842c81f6cdfd25829c44760e3859624f891df4824f7d17938ac2def6721639176fad9512ee9b4c5de1412cf3083e1d5ee2d29b63267ccba535409da7bef05d3fa79a3ef037ee609e01ad345ee17f48b5e8510f767de30b4540e3d7305e7ed88866c6b01fe345107ba7191a8809e2e014492acf9c4f35cad664198a65c55f884490f4b30b4526324be842c393f336f16bea2bf6c6b917fdb751e12ff689ab4ffa44625a8b2bc1de4e88682abe5ce9d1942792747681ad23c31046d825140987f19a9cf10323c3f50a20f35a6d1dd8ca6758296b4537a0da1a853011b777623c8774b3689897cf9264a7782470847f36a8093faee04114663438ab39d8a777fb3e10cb4a2402a939a98d387087c5ca5fd8fbc4d96ae698b5bb843e623a033eb5b1889ccfb4b95885bc69d4c1cb819b95e7923e557c9ec9ec10e94d1e12c2a9bd226fa095036f6cfc04c414fc57fc72c120614a586089c93741e97ae1c46600"}) r5 = creat(&(0x7f0000000140)='./file0\x00', 0xef) setsockopt$netlink_NETLINK_NO_ENOBUFS(r2, 0x10e, 0x5, &(0x7f0000000380)=0xfffffffffffff48e, 0x4) ioctl$TCSETAW(r5, 0x5407, &(0x7f00000002c0)={0xc52, 0xfffffffeffffffff, 0x1, 0x3, 0x1b, 0x1f, 0x0, 0x101, 0x100000001}) openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x260000, 0x0) r6 = openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r4, 0x4008ae93, &(0x7f0000000000)=0xefff) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@text64={0x40, &(0x7f0000000100)="460f300f07c483614804ee08440f20c03506000000440f22c0c402f93473230f09f20f013cb9b805000000b9c00000000f01d90fc728c4c1f9e79f2e000000", 0x3f}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz1\x00', 0x1ff) socket$bt_hidp(0x1f, 0x3, 0x6) statfs(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)=""/55) ioctl$KVM_RUN(r6, 0xae80, 0x0) 02:20:07 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0xffffffff87600000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:07 executing program 0: r0 = socket(0x20000000000000a, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @initdev, 0x3}, 0x1c) 02:20:07 executing program 2: recvmsg(0xffffffffffffffff, 0x0, 0x2100) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8e67, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup(0xffffffffffffff9c, &(0x7f00000000c0)='syz1\x00', 0x200002, 0x0) r1 = openat$cgroup_ro(r0, 0x0, 0x0, 0x0) ioctl$KDSETMODE(r1, 0x4b3a, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000100)={0x0, r1}, 0x14) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340)='/dev/net/tun\x00', 0x2, 0x0) perf_event_open(&(0x7f0000000d80)={0xdf3b1f7d4f7d61f3, 0x70, 0x9, 0x0, 0x0, 0xfff, 0x0, 0x1, 0x1, 0x3, 0xe00000, 0x0, 0x6, 0x0, 0x685, 0xcf1, 0x81, 0x0, 0x401, 0x0, 0x1, 0xd3, 0x0, 0xbc4, 0x7, 0x6, 0x0, 0x5, 0xff, 0x691, 0x1, 0x3, 0x8, 0x4, 0x1, 0x7, 0x0, 0x3e0000000000000, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x400, 0x1}, 0x0, 0x0, 0xffffffffffffff9c, 0x3) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4005}) write$cgroup_type(r1, &(0x7f0000000280)='threaded\x00', 0x9) openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x800000000000000, 0x0) recvmsg$kcm(0xffffffffffffffff, 0x0, 0x40000000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)="2e0000003e0081", 0x7}], 0x1}, 0x0) r3 = socket$kcm(0x29, 0x5, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r1, 0x40045542, &(0x7f0000000240)=0x7) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x4000) ioctl$TUNSETVNETHDRSZ(r2, 0x400454d8, &(0x7f0000000080)=0x82) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') perf_event_open(&(0x7f00000001c0)={0x0, 0x70, 0xfffffffffffffffb, 0x3, 0x0, 0x0, 0x0, 0x0, 0x8984413869d6e3ae, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, r1, 0x0) write$cgroup_subtree(r2, &(0x7f00000000c0)={[{0x0, 'c\x86\xdd'}]}, 0xfdef) 02:20:07 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, 0x0, 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3543.148019][T22198] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3543.166742][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:20:07 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) syz_emit_ethernet(0x140, &(0x7f0000000640)={@local, @remote, [], {@ipv6={0x86dd, {0x0, 0x6, "50a09c", 0x8, 0xffffff11, 0x0, @remote, @local, {[], @udp={0x0, 0x4e20, 0x8}}}}}}, 0x0) 02:20:07 executing program 5: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, 0x0, 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:07 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, 0x0, 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3543.302446][T22221] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 02:20:07 executing program 5: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:07 executing program 0: gettid() futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r0 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r0, 0x400, 0x1) fcntl$setown(r0, 0x8, 0x0) execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) [ 3543.610770][T22206] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3543.683009][T22229] device nr0 entered promiscuous mode 02:20:08 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:08 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[], 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:08 executing program 5: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:08 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0xfffffffffffff000, {}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:08 executing program 0: gettid() futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r0 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r0, 0x400, 0x1) fcntl$setown(r0, 0x8, 0x0) execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) [ 3544.126558][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3544.135770][T22260] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3544.179613][T22263] IPVS: ftp: loaded support on port[0] = 21 02:20:08 executing program 2: gettid() futex(0x0, 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r0 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r0, 0x400, 0x1) fcntl$setown(r0, 0x8, 0x0) execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) 02:20:08 executing program 5: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:08 executing program 5: open(0x0, 0x0, 0x0) syz_open_procfs(0x0, 0x0) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0xa94, 0x0, 0xffffffffffffffff, 0x0, [0x7, 0x0, 0x0, 0x0, 0x320]}, 0x2c) 02:20:08 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x2}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3544.482751][T22274] IPVS: ftp: loaded support on port[0] = 21 02:20:09 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r0 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r0, 0x400, 0x1) fcntl$setown(r0, 0x8, 0x0) execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) [ 3544.588604][T22278] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:09 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x3}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:09 executing program 0: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r0 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r0, 0x400, 0x1) fcntl$setown(r0, 0x8, 0x0) execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) [ 3544.832983][T22287] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:09 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:09 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[], 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3545.030482][T22292] IPVS: ftp: loaded support on port[0] = 21 02:20:09 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r0 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r0, 0x400, 0x1) fcntl$setown(r0, 0x8, 0x0) execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) 02:20:09 executing program 2: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r0 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r0, 0x400, 0x1) fcntl$setown(r0, 0x8, 0x0) execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) 02:20:09 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[], 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:09 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x4}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:09 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3545.440952][T22314] IPVS: ftp: loaded support on port[0] = 21 [ 3545.509635][T22323] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:10 executing program 0: gettid() futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r0 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r0, 0x400, 0x1) fcntl$setown(r0, 0x8, 0x0) execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) 02:20:10 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r0 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r0, 0x400, 0x1) fcntl$setown(r0, 0x8, 0x0) execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) 02:20:10 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:10 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x5}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3545.993661][T22335] IPVS: ftp: loaded support on port[0] = 21 02:20:10 executing program 2: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(0x0, 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) [ 3546.182223][T22342] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:10 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:10 executing program 5: gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r0 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r0, 0x400, 0x1) fcntl$setown(r0, 0x8, 0x0) execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) 02:20:10 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:10 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x6}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3546.430239][T22348] IPVS: ftp: loaded support on port[0] = 21 02:20:10 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff"], 0x1) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3546.495425][T22357] IPVS: ftp: loaded support on port[0] = 21 02:20:11 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(0x0, 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:20:11 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff"], 0x1) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:11 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 3546.653125][T22368] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:11 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(0x0, 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:20:11 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x7}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:11 executing program 2: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff"], 0x1) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3547.061929][T22382] IPVS: ftp: loaded support on port[0] = 21 02:20:11 executing program 2: gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0) pipe(0x0) r0 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r0, 0x400, 0x1) fcntl$setown(r0, 0x8, 0x0) execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) 02:20:11 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(0x0, 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) [ 3547.160479][T22385] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3547.326744][ C0] net_ratelimit: 16 callbacks suppressed [ 3547.326753][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3547.362012][T22401] IPVS: ftp: loaded support on port[0] = 21 02:20:11 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x8}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:12 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:12 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff"], 0x1) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3547.598806][T22404] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:12 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(0x0, 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:20:12 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, 0x0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:12 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(0x0, 0x80000000000b, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) [ 3547.939201][T22422] IPVS: ftp: loaded support on port[0] = 21 02:20:12 executing program 2: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(0x0, 0x80000000000b, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:20:12 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, 0x0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3548.052424][T22405] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:12 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(0x0, 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) [ 3548.296767][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3548.302702][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3548.308584][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3548.314419][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3548.320330][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3548.326157][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3548.332117][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3548.337964][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3548.347995][T22439] IPVS: ftp: loaded support on port[0] = 21 02:20:12 executing program 2: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(0x0, 0x80000000000b, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:20:12 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:12 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x9}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:13 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, 0x0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:13 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3548.791275][T22456] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:13 executing program 2: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(0x0, 0x80000000000b, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:20:13 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:13 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(0x0, 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) [ 3549.186248][T22465] IPVS: ftp: loaded support on port[0] = 21 [ 3549.234998][T22474] IPVS: ftp: loaded support on port[0] = 21 [ 3549.417436][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:20:14 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(0x0, 0x80000000000b, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:20:14 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:14 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0xa}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:14 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket$inet(0x2, 0x3, 0x2) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r1, 0x0, 0x10005, 0x0) 02:20:14 executing program 2: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, 0x0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:14 executing program 5: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, 0x0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:14 executing program 5: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, 0x0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:14 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, 0x0, 0x0) [ 3550.539559][T22501] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3550.576703][T22498] IPVS: ftp: loaded support on port[0] = 21 02:20:15 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, 0x0, 0x0) 02:20:15 executing program 5: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, 0x0, 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:15 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0xb}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:15 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(0x0, 0x80000000000b, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) [ 3550.973217][T22525] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3551.004740][T22526] IPVS: ftp: loaded support on port[0] = 21 02:20:15 executing program 0: gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r0 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setown(r0, 0x8, 0x0) execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) 02:20:15 executing program 2: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(0x0, 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:20:15 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, 0x0, 0x0) [ 3551.133546][T22525] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:15 executing program 0: gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r0 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setown(r0, 0x8, 0x0) execveat(r0, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) 02:20:15 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket$inet(0x2, 0x3, 0x2) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r1, 0x0, 0x10005, 0x0) 02:20:15 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080), 0x0) [ 3551.210143][T22534] IPVS: ftp: loaded support on port[0] = 21 02:20:15 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0xc}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:15 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080), 0x0) [ 3551.526640][T22551] IPVS: ftp: loaded support on port[0] = 21 02:20:16 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) [ 3551.799141][T22555] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:16 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080), 0x0) 02:20:16 executing program 2: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) [ 3551.991634][T22566] IPVS: ftp: loaded support on port[0] = 21 02:20:16 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) tkill(r0, 0x16) 02:20:16 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) r2 = socket$inet(0x2, 0x3, 0x2) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r1, 0x0, 0x10005, 0x0) [ 3552.132297][T22559] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:16 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{0x0}], 0x1) 02:20:16 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0xe}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:16 executing program 2: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) tkill(r0, 0x16) [ 3552.447041][ C0] net_ratelimit: 9 callbacks suppressed [ 3552.447050][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3552.458495][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3552.464358][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3552.470152][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3552.476177][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3552.482020][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3552.487978][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3552.493729][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:20:17 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) tkill(r0, 0x16) [ 3552.650283][T22594] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:17 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) tkill(r0, 0x16) [ 3552.758059][T22599] IPVS: ftp: loaded support on port[0] = 21 02:20:17 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{0x0}], 0x1) 02:20:17 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) [ 3553.115819][T22616] IPVS: ftp: loaded support on port[0] = 21 [ 3553.566950][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3554.526678][ C0] protocol 88fb is buggy, dev hsr_slave_0 02:20:19 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x1, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) tkill(r0, 0x16) 02:20:19 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{0x0}], 0x1) 02:20:19 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x10}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:19 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:19 executing program 2: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{0x0}], 0x1) 02:20:19 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) [ 3555.073472][T22628] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3555.109743][T22636] IPVS: ftp: loaded support on port[0] = 21 02:20:19 executing program 2: gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r0 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r0, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r1 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r1, 0x400, 0x1) fcntl$setown(r1, 0x8, 0x0) execveat(r1, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r0, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) futex(&(0x7f000000cffc), 0x10000000c, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) 02:20:19 executing program 1: gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r0 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r0, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r1 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r1, 0x400, 0x1) fcntl$setown(r1, 0x8, 0x0) execveat(r1, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r0, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) futex(&(0x7f000000cffc), 0x10000000c, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) 02:20:19 executing program 2: gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r0 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r0, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r1 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r1, 0x400, 0x1) fcntl$setown(r1, 0x8, 0x0) execveat(r1, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r0, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) futex(&(0x7f000000cffc), 0x10000000c, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) 02:20:19 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x11}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3555.647574][T22658] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:20 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:20:20 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:20 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x1, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) tkill(r0, 0x16) 02:20:20 executing program 2: gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r0 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r0, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r1 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r1, 0x400, 0x1) fcntl$setown(r1, 0x8, 0x0) execveat(r1, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r0, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) futex(&(0x7f000000cffc), 0x10000000c, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) 02:20:20 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x12}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:20 executing program 1: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = memfd_create(&(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) write$binfmt_elf32(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="09040000000000ae24ad9e272392660776c8e20000ff7f000000"], 0x2b) r1 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_G_SLICED_VBI_CAP(r1, 0xc0745645, &(0x7f0000000040)={0x0, [], 0x1}) recvfrom$unix(r1, &(0x7f0000000100)=""/18, 0x12, 0x100, &(0x7f0000000140)=@abs={0x1, 0x0, 0x4e24}, 0x6e) execveat(r0, &(0x7f0000000080)='\x00', 0x0, 0x0, 0x1000) [ 3556.087728][T22677] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3556.187206][T22681] IPVS: ftp: loaded support on port[0] = 21 02:20:20 executing program 0: gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r0 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r0, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r1 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r1, 0x400, 0x1) fcntl$setown(r1, 0x8, 0x0) execveat(r1, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r0, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) 02:20:20 executing program 1: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = memfd_create(&(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) write$binfmt_elf32(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="09040000000000ae24ad9e272392660776c8e20000ff7f000000"], 0x2b) r1 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_G_SLICED_VBI_CAP(r1, 0xc0745645, &(0x7f0000000040)={0x0, [], 0x1}) recvfrom$unix(r1, &(0x7f0000000100)=""/18, 0x12, 0x100, &(0x7f0000000140)=@abs={0x1, 0x0, 0x4e24}, 0x6e) execveat(r0, &(0x7f0000000080)='\x00', 0x0, 0x0, 0x1000) 02:20:20 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x13}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3556.549362][T22694] IPVS: ftp: loaded support on port[0] = 21 [ 3556.701959][T22704] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:21 executing program 1: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = memfd_create(&(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) write$binfmt_elf32(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="09040000000000ae24ad9e272392660776c8e20000ff7f000000"], 0x2b) r1 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0xffffffffffffffff, 0x2) ioctl$VIDIOC_G_SLICED_VBI_CAP(r1, 0xc0745645, &(0x7f0000000040)={0x0, [], 0x1}) recvfrom$unix(r1, &(0x7f0000000100)=""/18, 0x12, 0x100, &(0x7f0000000140)=@abs={0x1, 0x0, 0x4e24}, 0x6e) execveat(r0, &(0x7f0000000080)='\x00', 0x0, 0x0, 0x1000) 02:20:21 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@text64={0x40, &(0x7f0000000100)="460f300f07c483614804ee08440f20c03506000000440f22c0c402f93473230f09f20f013cb9b805000000b9c00000000f01d90fc728c4c1f9e79f2e000000", 0x3f}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 02:20:21 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:21 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x1, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) tkill(r0, 0x16) 02:20:21 executing program 1: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x800000000004, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x10000000c, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) tkill(r0, 0x16) 02:20:21 executing program 1 (fault-call:6 fault-nth:0): getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:21 executing program 0: gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r0 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r0, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r1 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r1, 0x400, 0x1) fcntl$setown(r1, 0x8, 0x0) execveat(r1, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r0, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) 02:20:21 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x48}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3557.436661][T22736] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:22 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) close(0xffffffffffffffff) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$inet(0x2, 0x3, 0x2) bind$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x10005, 0x0) 02:20:22 executing program 0: gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r0 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r0, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r1 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r1, 0x400, 0x1) fcntl$setown(r1, 0x8, 0x0) execveat(r1, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r0, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) [ 3557.726933][ C0] net_ratelimit: 16 callbacks suppressed [ 3557.726941][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3557.765055][T22736] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:22 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@text64={0x40, &(0x7f0000000100)="460f300f07c483614804ee08440f20c03506000000440f22c0c402f93473230f09f20f013cb9b805000000b9c00000000f01d90fc728c4c1f9e79f2e000000", 0x3f}], 0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 02:20:22 executing program 5: gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x1, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) [ 3558.036741][T22752] IPVS: ftp: loaded support on port[0] = 21 [ 3558.059756][T22735] FAULT_INJECTION: forcing a failure. [ 3558.059756][T22735] name fail_futex, interval 1, probability 0, space 0, times 1 [ 3558.122625][T22735] CPU: 1 PID: 22735 Comm: syz-executor.1 Not tainted 5.0.0-next-20190306 #4 [ 3558.131347][T22735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3558.141414][T22735] Call Trace: [ 3558.144719][T22735] dump_stack+0x172/0x1f0 [ 3558.144741][T22735] should_fail.cold+0xa/0x15 [ 3558.144761][T22735] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3558.159481][T22735] ? debug_smp_processor_id+0x3c/0x280 [ 3558.165017][T22735] get_futex_key+0xba3/0x1660 [ 3558.169721][T22735] ? unqueue_me_pi+0xc0/0xc0 [ 3558.174332][T22735] ? __lock_acquire+0x548/0x3fb0 [ 3558.179303][T22735] futex_wake+0xf9/0x4d0 [ 3558.183568][T22735] ? get_futex_key+0x1660/0x1660 [ 3558.188517][T22735] ? __lock_acquire+0x548/0x3fb0 [ 3558.193470][T22735] ? debug_smp_processor_id+0x3c/0x280 [ 3558.198946][T22735] do_futex+0x324/0x1df0 [ 3558.203192][T22735] ? __lock_acquire+0x548/0x3fb0 [ 3558.203212][T22735] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3558.203228][T22735] ? debug_smp_processor_id+0x3c/0x280 [ 3558.203252][T22735] ? exit_robust_list+0x290/0x290 [ 3558.203276][T22735] ? __might_fault+0x12b/0x1e0 [ 3558.203295][T22735] ? find_held_lock+0x35/0x130 [ 3558.234543][T22735] ? __might_fault+0x12b/0x1e0 [ 3558.239428][T22735] ? lock_downgrade+0x880/0x880 [ 3558.244326][T22735] mm_release+0x33d/0x490 [ 3558.248674][T22735] do_exit+0x417/0x2fa0 [ 3558.252850][T22735] ? get_signal+0x331/0x1d50 [ 3558.257455][T22735] ? find_held_lock+0x35/0x130 [ 3558.262235][T22735] ? mm_update_next_owner+0x640/0x640 [ 3558.267639][T22735] ? kasan_check_write+0x14/0x20 [ 3558.272598][T22735] ? _raw_spin_unlock_irq+0x28/0x90 [ 3558.277812][T22735] ? get_signal+0x331/0x1d50 [ 3558.282405][T22735] ? _raw_spin_unlock_irq+0x28/0x90 [ 3558.282429][T22735] do_group_exit+0x135/0x370 [ 3558.282449][T22735] get_signal+0x399/0x1d50 [ 3558.282542][T22735] do_signal+0x87/0x1940 [ 3558.282563][T22735] ? kick_process+0xef/0x180 [ 3558.305576][T22735] ? task_work_add+0x9c/0x110 [ 3558.310284][T22735] ? setup_sigcontext+0x7d0/0x7d0 [ 3558.315334][T22735] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3558.321588][T22735] ? fput_many+0x12c/0x1a0 [ 3558.326023][T22735] ? fput+0x1b/0x20 [ 3558.329847][T22735] ? do_readv+0x1c0/0x290 [ 3558.334194][T22735] ? exit_to_usermode_loop+0x43/0x2c0 [ 3558.339585][T22735] ? do_syscall_64+0x52d/0x610 [ 3558.344351][T22735] ? exit_to_usermode_loop+0x43/0x2c0 [ 3558.344371][T22735] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3558.344390][T22735] ? trace_hardirqs_on+0x67/0x230 [ 3558.344412][T22735] exit_to_usermode_loop+0x244/0x2c0 [ 3558.344431][T22735] do_syscall_64+0x52d/0x610 02:20:22 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x4a}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3558.344453][T22735] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3558.375948][T22735] RIP: 0033:0x457f29 [ 3558.379855][T22735] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3558.409113][T22735] RSP: 002b:00007f28eedecc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 3558.409129][T22735] RAX: fffffffffffffe00 RBX: 00007f28eedecc90 RCX: 0000000000457f29 [ 3558.409136][T22735] RDX: 0000000000000001 RSI: 0000000020000080 RDI: 0000000000000005 [ 3558.409143][T22735] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 3558.409150][T22735] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f28eeded6d4 [ 3558.409159][T22735] R13: 00000000004c4a4f R14: 00000000004d8610 R15: 0000000000000006 [ 3558.506831][T22760] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:23 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) close(0xffffffffffffffff) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$inet(0x2, 0x3, 0x2) bind$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x10005, 0x0) 02:20:23 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:23 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) tkill(r0, 0x16) [ 3558.686634][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3558.692498][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3558.698485][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3558.704278][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3558.704376][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3558.715881][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3558.721798][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3558.727617][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:20:23 executing program 5: gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x1, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) 02:20:23 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$addseals(r0, 0x409, 0x8) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r2, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:23 executing program 2 (fault-call:2 fault-nth:0): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:23 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x4c}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:23 executing program 5: gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x1, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) [ 3559.111176][T22784] FAULT_INJECTION: forcing a failure. [ 3559.111176][T22784] name failslab, interval 1, probability 0, space 0, times 0 [ 3559.146653][T22784] CPU: 1 PID: 22784 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3559.155369][T22784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3559.165433][T22784] Call Trace: [ 3559.168742][T22784] dump_stack+0x172/0x1f0 [ 3559.173094][T22784] should_fail.cold+0xa/0x15 [ 3559.177695][T22784] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3559.183511][T22784] ? ___might_sleep+0x163/0x280 [ 3559.188376][T22784] __should_failslab+0x121/0x190 [ 3559.193323][T22784] should_failslab+0x9/0x14 [ 3559.197844][T22784] kmem_cache_alloc_node+0x264/0x710 [ 3559.203154][T22784] __alloc_skb+0xd5/0x5e0 [ 3559.207492][T22784] ? skb_trim+0x190/0x190 [ 3559.211834][T22784] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3559.217122][T22784] ? retint_kernel+0x2d/0x2d [ 3559.221814][T22784] vhci_write+0xc4/0x470 [ 3559.226083][T22784] new_sync_write+0x4c7/0x760 [ 3559.230776][T22784] ? default_llseek+0x2e0/0x2e0 [ 3559.235652][T22784] ? common_file_perm+0x238/0x720 [ 3559.240683][T22784] ? __fget+0x381/0x550 [ 3559.244857][T22784] ? apparmor_file_permission+0x25/0x30 [ 3559.250416][T22784] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3559.256676][T22784] ? security_file_permission+0x94/0x380 [ 3559.262322][T22784] __vfs_write+0xe4/0x110 [ 3559.266667][T22784] vfs_write+0x20c/0x580 [ 3559.270925][T22784] ksys_write+0xea/0x1f0 [ 3559.275176][T22784] ? __ia32_sys_read+0xb0/0xb0 [ 3559.279959][T22784] __x64_sys_write+0x73/0xb0 [ 3559.284558][T22784] ? do_syscall_64+0x5b/0x610 [ 3559.289246][T22784] do_syscall_64+0x103/0x610 [ 3559.291750][T22781] IPVS: ftp: loaded support on port[0] = 21 [ 3559.293858][T22784] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3559.305640][T22784] RIP: 0033:0x457f29 [ 3559.309672][T22784] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3559.329305][T22784] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3559.337739][T22784] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3559.345729][T22784] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3559.353807][T22784] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 02:20:23 executing program 5: gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x1, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) [ 3559.353818][T22784] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3559.353827][T22784] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 02:20:23 executing program 5: gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x1, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) 02:20:23 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="006c101d22318f065cca594a895787b480bf4dbc2e0154e2516f01875a508d8335a20b429939bd9e0bd1c319a61e84b3fa574d7a43a01d2a39f2777b3a414a52039a36652216c1"], 0x2) mount$9p_tcp(&(0x7f0000000140)='127.0.0.1\x00', &(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x80, &(0x7f0000000400)={'trans=tcp,', {'port', 0x3d, 0x4e20}, 0x2c, {[{@posixacl='posixacl'}, {@access_any='access=any'}, {@version_L='version=9p2000.L'}], [{@seclabel='seclabel'}, {@fscontext={'fscontext', 0x3d, 'root'}}]}}) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcs\x00', 0x20000, 0x0) perf_event_open$cgroup(&(0x7f0000000300)={0x7, 0x70, 0xfffffffffffffffb, 0xfffffffffffffff8, 0x2, 0x7, 0x0, 0x7, 0x1000, 0x0, 0xa, 0x8, 0x2, 0x5, 0x0, 0x2, 0x6, 0x8, 0x3, 0x9, 0x1ff, 0x7, 0x0, 0x1c0, 0x2, 0x22ce, 0xfffffffffffffe01, 0x1000, 0x1, 0x401, 0x2, 0x4, 0x1, 0xfff, 0x81, 0x4, 0x8, 0x6, 0x0, 0x14ec, 0x0, @perf_bp={&(0x7f0000000040), 0xf}, 0x4000, 0x3, 0xfffffffffffffffd, 0xb, 0x10001, 0xfff, 0x1000}, r3, 0xb, r0, 0x2) readv(r2, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3559.444154][T22783] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:24 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) close(0xffffffffffffffff) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$inet(0x2, 0x3, 0x2) bind$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x10005, 0x0) 02:20:24 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) tkill(r0, 0x16) 02:20:24 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x60}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3559.807089][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:20:24 executing program 2 (fault-call:2 fault-nth:1): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3559.999754][T22812] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3560.061198][T22815] FAULT_INJECTION: forcing a failure. [ 3560.061198][T22815] name failslab, interval 1, probability 0, space 0, times 0 [ 3560.119477][T22815] CPU: 1 PID: 22815 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3560.128206][T22815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3560.138297][T22815] Call Trace: [ 3560.141626][T22815] dump_stack+0x172/0x1f0 [ 3560.145987][T22815] should_fail.cold+0xa/0x15 [ 3560.150621][T22815] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3560.156457][T22815] ? ___might_sleep+0x163/0x280 [ 3560.161324][T22815] __should_failslab+0x121/0x190 [ 3560.166288][T22815] should_failslab+0x9/0x14 [ 3560.170818][T22815] kmem_cache_alloc_node_trace+0x270/0x720 [ 3560.176662][T22815] __kmalloc_node_track_caller+0x3d/0x70 [ 3560.182310][T22815] __kmalloc_reserve.isra.0+0x40/0xf0 [ 3560.187727][T22815] __alloc_skb+0x10b/0x5e0 [ 3560.192157][T22815] ? skb_trim+0x190/0x190 [ 3560.196533][T22815] vhci_write+0xc4/0x470 [ 3560.200792][T22815] new_sync_write+0x4c7/0x760 [ 3560.205579][T22815] ? default_llseek+0x2e0/0x2e0 [ 3560.210451][T22815] ? common_file_perm+0x238/0x720 [ 3560.215487][T22815] ? __fget+0x381/0x550 [ 3560.219667][T22815] ? apparmor_file_permission+0x25/0x30 [ 3560.225248][T22815] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3560.231519][T22815] ? security_file_permission+0x94/0x380 [ 3560.237168][T22815] __vfs_write+0xe4/0x110 [ 3560.241519][T22815] vfs_write+0x20c/0x580 [ 3560.241544][T22815] ksys_write+0xea/0x1f0 [ 3560.241564][T22815] ? __ia32_sys_read+0xb0/0xb0 [ 3560.241585][T22815] ? do_syscall_64+0x26/0x610 [ 3560.241602][T22815] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3560.241615][T22815] ? do_syscall_64+0x26/0x610 [ 3560.241637][T22815] __x64_sys_write+0x73/0xb0 [ 3560.259545][T22815] do_syscall_64+0x103/0x610 [ 3560.259569][T22815] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3560.259583][T22815] RIP: 0033:0x457f29 [ 3560.259600][T22815] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3560.259609][T22815] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 02:20:24 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) tkill(r0, 0x16) 02:20:24 executing program 5: gettid() futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x1, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) [ 3560.259624][T22815] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3560.259632][T22815] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3560.259640][T22815] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3560.259648][T22815] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3560.259657][T22815] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 02:20:24 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="685d38f48a3bb1ee363dab5bcd9d02e9000586519dd506e85d2b8a595fcb891e370a6b6a5fe5468e919d577ac1ba7464264452036097620dfbc76dd8f3dc8a6109000000083ef93720"], 0x2) r1 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x3ff, 0x400001) ioctl$DRM_IOCTL_FREE_BUFS(r1, 0x4010641a, &(0x7f00000001c0)={0x9, &(0x7f0000000180)=[0x80, 0x100000001, 0x4, 0x5, 0x7, 0xe580, 0x0, 0xffff, 0x83]}) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r2, &(0x7f0000000140), 0x0) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl\x00', 0x400000, 0x0) ioctl$VIDIOC_G_OUTPUT(r3, 0x8004562e, &(0x7f0000000140)) 02:20:24 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r1 = socket$inet(0x2, 0x3, 0x2) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x10005, 0x0) 02:20:24 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x61}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3560.502153][T22823] IPVS: ftp: loaded support on port[0] = 21 02:20:25 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r1 = socket$inet(0x2, 0x3, 0x2) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x10005, 0x0) [ 3560.847548][T22841] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:25 executing program 2 (fault-call:2 fault-nth:2): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:25 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vhci\x00', 0x40200000246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000000)=0x0) syz_open_procfs$namespace(r2, &(0x7f0000000040)='ns/uts\x00') [ 3560.974709][T22846] FAULT_INJECTION: forcing a failure. [ 3560.974709][T22846] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3560.987973][T22846] CPU: 0 PID: 22846 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3560.996671][T22846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3561.006745][T22846] Call Trace: [ 3561.010059][T22846] dump_stack+0x172/0x1f0 [ 3561.010087][T22846] should_fail.cold+0xa/0x15 [ 3561.010112][T22846] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3561.019029][T22846] ? __lock_acquire+0x548/0x3fb0 [ 3561.019046][T22846] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 3561.019057][T22846] ? kasan_slab_alloc+0xf/0x20 [ 3561.019070][T22846] ? kmem_cache_alloc_node+0x131/0x710 [ 3561.019085][T22846] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3561.019110][T22846] should_fail_alloc_page+0x50/0x60 [ 3561.057272][T22846] __alloc_pages_nodemask+0x1a1/0x7e0 [ 3561.062671][T22846] ? __alloc_pages_slowpath+0x2900/0x2900 [ 3561.068401][T22846] ? find_held_lock+0x35/0x130 [ 3561.068430][T22846] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3561.068453][T22846] cache_grow_begin+0x9c/0x860 [ 3561.068471][T22846] ? __kmalloc_node_track_caller+0x3d/0x70 [ 3561.068487][T22846] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3561.068516][T22846] kmem_cache_alloc_node_trace+0x658/0x720 [ 3561.083850][T22846] __kmalloc_node_track_caller+0x3d/0x70 [ 3561.083873][T22846] __kmalloc_reserve.isra.0+0x40/0xf0 [ 3561.083893][T22846] __alloc_skb+0x10b/0x5e0 [ 3561.083912][T22846] ? skb_trim+0x190/0x190 02:20:25 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r1 = socket$inet(0x2, 0x3, 0x2) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x10005, 0x0) [ 3561.107379][T22846] vhci_write+0xc4/0x470 [ 3561.107409][T22846] new_sync_write+0x4c7/0x760 [ 3561.117200][T22846] ? default_llseek+0x2e0/0x2e0 [ 3561.117227][T22846] ? common_file_perm+0x238/0x720 [ 3561.117243][T22846] ? __fget+0x381/0x550 [ 3561.117274][T22846] ? apparmor_file_permission+0x25/0x30 [ 3561.117292][T22846] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3561.117318][T22846] ? security_file_permission+0x94/0x380 [ 3561.117339][T22846] __vfs_write+0xe4/0x110 [ 3561.117360][T22846] vfs_write+0x20c/0x580 02:20:25 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) [ 3561.117382][T22846] ksys_write+0xea/0x1f0 [ 3561.130635][T22846] ? __ia32_sys_read+0xb0/0xb0 [ 3561.130656][T22846] ? do_syscall_64+0x26/0x610 [ 3561.130673][T22846] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3561.130686][T22846] ? do_syscall_64+0x26/0x610 [ 3561.130708][T22846] __x64_sys_write+0x73/0xb0 [ 3561.140575][T22846] do_syscall_64+0x103/0x610 [ 3561.140595][T22846] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3561.140607][T22846] RIP: 0033:0x457f29 [ 3561.140623][T22846] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3561.140632][T22846] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3561.140647][T22846] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3561.140657][T22846] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3561.140666][T22846] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 02:20:25 executing program 3: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 3561.140676][T22846] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3561.140684][T22846] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 02:20:25 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x1, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) 02:20:25 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="62b38be30000"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:26 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x68}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3561.772084][T22879] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:26 executing program 2 (fault-call:2 fault-nth:3): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3561.844609][T22862] IPVS: ftp: loaded support on port[0] = 21 [ 3561.937603][T22882] FAULT_INJECTION: forcing a failure. [ 3561.937603][T22882] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3561.950854][T22882] CPU: 0 PID: 22882 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3561.959544][T22882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3561.969611][T22882] Call Trace: [ 3561.972935][T22882] dump_stack+0x172/0x1f0 [ 3561.977330][T22882] should_fail.cold+0xa/0x15 [ 3561.981962][T22882] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3561.987802][T22882] ? __lock_acquire+0x548/0x3fb0 [ 3561.992776][T22882] should_fail_alloc_page+0x50/0x60 [ 3561.998004][T22882] __alloc_pages_nodemask+0x1a1/0x7e0 [ 3562.003409][T22882] ? __alloc_pages_slowpath+0x2900/0x2900 [ 3562.009148][T22882] ? find_held_lock+0x35/0x130 [ 3562.013937][T22882] ? kasan_check_write+0x14/0x20 [ 3562.018878][T22882] cache_grow_begin+0x9c/0x860 [ 3562.018898][T22882] ? kasan_check_read+0x11/0x20 [ 3562.018921][T22882] ? do_raw_spin_unlock+0x57/0x270 [ 3562.028546][T22882] ____cache_alloc_node+0x17c/0x1e0 [ 3562.038847][T22882] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3562.045102][T22882] kmem_cache_alloc_node_trace+0xec/0x720 [ 3562.045134][T22882] __kmalloc_node_track_caller+0x3d/0x70 [ 3562.045156][T22882] __kmalloc_reserve.isra.0+0x40/0xf0 [ 3562.045175][T22882] __alloc_skb+0x10b/0x5e0 [ 3562.045192][T22882] ? skb_trim+0x190/0x190 [ 3562.045213][T22882] ? retint_kernel+0x2d/0x2d [ 3562.056558][T22882] vhci_write+0xc4/0x470 [ 3562.056582][T22882] new_sync_write+0x4c7/0x760 [ 3562.056603][T22882] ? default_llseek+0x2e0/0x2e0 [ 3562.056617][T22882] ? retint_kernel+0x2d/0x2d [ 3562.056641][T22882] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3562.056662][T22882] ? retint_kernel+0x2d/0x2d [ 3562.056693][T22882] __vfs_write+0xe4/0x110 [ 3562.066476][T22882] vfs_write+0x20c/0x580 [ 3562.066500][T22882] ksys_write+0xea/0x1f0 [ 3562.066521][T22882] ? __ia32_sys_read+0xb0/0xb0 [ 3562.066539][T22882] ? do_syscall_64+0x26/0x610 [ 3562.066555][T22882] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3562.066569][T22882] ? do_syscall_64+0x26/0x610 [ 3562.066590][T22882] __x64_sys_write+0x73/0xb0 [ 3562.066610][T22882] do_syscall_64+0x103/0x610 [ 3562.075525][T22882] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3562.075540][T22882] RIP: 0033:0x457f29 [ 3562.075556][T22882] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3562.075565][T22882] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 02:20:26 executing program 3: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 3562.075581][T22882] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3562.075589][T22882] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3562.075598][T22882] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3562.075614][T22882] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3562.084519][T22882] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 02:20:26 executing program 5: futex(0x0, 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x1, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) 02:20:26 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x6c}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:26 executing program 5: futex(0x0, 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x1, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) 02:20:26 executing program 1: r0 = syz_open_dev$mouse(&(0x7f0000000140)='/dev/input/mouse#\x00', 0x101, 0x10000) dup(0xffffffffffffff9c) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000340)='/dev/ubi_ctrl\x00', 0x10000, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000300)='IPVS\x00') sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f0000000440)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x24, r2, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7ff}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x800) openat$random(0xffffffffffffff9c, &(0x7f0000000040)='/dev/urandom\x00', 0x0, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="c07998433ee286b0c443123a3cda27a1ff80c0e200787faa1072fd54a8b679ea29e0cefaef5c9e7326c4c0177b123deacdb3e5a9eb3693c62ccf86c3dc826f33bef3a1ff19042e97bc"], 0x2) r3 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r3, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:27 executing program 5: futex(0x0, 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x1, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) [ 3562.612050][T22903] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3562.847941][ C0] net_ratelimit: 9 callbacks suppressed [ 3562.847986][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3562.859598][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3562.866384][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3562.872637][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3562.879537][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3562.885714][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3562.892464][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3562.898675][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:20:28 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:20:28 executing program 5: futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x1, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) 02:20:28 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x74}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:28 executing program 2 (fault-call:2 fault-nth:4): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:28 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0)='TIPCv2\x00') sendmsg$TIPC_NL_NAME_TABLE_GET(r2, &(0x7f00000003c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x10244200}, 0xc, &(0x7f0000000380)={&(0x7f0000000300)={0x6c, r3, 0xb01, 0x70bd2d, 0x25dfdbfb, {}, [@TIPC_NLA_MON={0x4}, @TIPC_NLA_BEARER={0x54, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xfff}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'ib', 0x3a, 'batadv0\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x4, @rand_addr="9d56e46579b9ffef79bff483b1f01d5f", 0x74}}, {0x14, 0x2, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x26}}}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x40}, 0x4000800) r4 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x100, 0x101000) ioctl$KVM_GET_ONE_REG(r4, 0x4010aeab, &(0x7f0000000140)={0xffffffffffffffff, 0x9}) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:28 executing program 3: pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 3563.883383][T22916] FAULT_INJECTION: forcing a failure. [ 3563.883383][T22916] name failslab, interval 1, probability 0, space 0, times 0 [ 3563.894502][T22920] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3563.948563][T22916] CPU: 0 PID: 22916 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3563.957368][T22916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3563.967434][T22916] Call Trace: [ 3563.970751][T22916] dump_stack+0x172/0x1f0 [ 3563.975117][T22916] should_fail.cold+0xa/0x15 [ 3563.979735][T22916] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3563.985568][T22916] ? ___might_sleep+0x163/0x280 [ 3563.990440][T22916] __should_failslab+0x121/0x190 [ 3563.995396][T22916] should_failslab+0x9/0x14 [ 3563.999913][T22916] kmem_cache_alloc_trace+0x2d1/0x760 [ 3563.999934][T22916] ? skb_trim+0x190/0x190 [ 3563.999950][T22916] ? vhci_write+0x2b3/0x470 [ 3563.999967][T22916] ? rcu_read_lock_sched_held+0x110/0x130 [ 3564.000058][T22916] hci_alloc_dev+0x43/0x1d00 [ 3564.024480][T22916] __vhci_create_device+0x101/0x5a0 [ 3564.029703][T22916] vhci_write+0x2d0/0x470 [ 3564.034057][T22916] new_sync_write+0x4c7/0x760 [ 3564.038752][T22916] ? default_llseek+0x2e0/0x2e0 [ 3564.043629][T22916] ? common_file_perm+0x238/0x720 [ 3564.048667][T22916] ? __fget+0x381/0x550 [ 3564.052839][T22916] ? apparmor_file_permission+0x25/0x30 [ 3564.058395][T22916] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3564.064644][T22916] ? security_file_permission+0x94/0x380 [ 3564.064667][T22916] __vfs_write+0xe4/0x110 [ 3564.064690][T22916] vfs_write+0x20c/0x580 [ 3564.064713][T22916] ksys_write+0xea/0x1f0 [ 3564.064731][T22916] ? __ia32_sys_read+0xb0/0xb0 [ 3564.064747][T22916] ? do_syscall_64+0x26/0x610 [ 3564.074922][T22916] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe 02:20:28 executing program 5: futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x1, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) [ 3564.074939][T22916] ? do_syscall_64+0x26/0x610 [ 3564.074962][T22916] __x64_sys_write+0x73/0xb0 [ 3564.074983][T22916] do_syscall_64+0x103/0x610 [ 3564.083456][T22916] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3564.083471][T22916] RIP: 0033:0x457f29 [ 3564.083488][T22916] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3564.083496][T22916] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3564.103660][T22916] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3564.103670][T22916] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3564.103679][T22916] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3564.103688][T22916] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3564.103697][T22916] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3564.105472][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3564.133680][T22929] IPVS: ftp: loaded support on port[0] = 21 02:20:28 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) r0 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video0\x00', 0x2, 0x0) r1 = accept4$packet(0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x80000) dup3(r0, r1, 0x80000) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r3 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r3, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:28 executing program 5: futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x1, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) [ 3564.341454][T22939] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:28 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x1, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) 02:20:29 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x7a}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:29 executing program 1: pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffff9c, 0x84, 0x1, &(0x7f0000000140)={0x0, 0x5, 0x8, 0x6, 0x2000, 0x851c}, &(0x7f0000000280)=0x14) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f00000002c0)={r2, @in6={{0xa, 0x4e20, 0x101, @empty, 0x7}}, [0x6, 0x100000000, 0x5, 0xffffe00000000000, 0x2, 0x800, 0x1f, 0x3, 0x1, 0x3, 0xb6, 0x66, 0x4, 0xa1, 0x8]}, &(0x7f00000003c0)=0x100) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) ioctl$sock_bt_bnep_BNEPCONNADD(r1, 0x400442c8, &(0x7f0000000400)={r1, 0x4, 0x55, "89ac65288515d79886137935c6f510348b47c9111b7ca053ce70cf7d008b0e3ba3532c0ccb469642b68407fa3d99be5bd3e74e273c"}) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$KVM_ASSIGN_SET_INTX_MASK(r0, 0x4040aea4, &(0x7f0000000040)={0x3, 0x800, 0x10001, 0x1, 0x5}) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r3, 0x6612) write$P9_RLERRORu(r4, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r5 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r5, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3564.863448][T22959] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3564.926608][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3564.964508][T22962] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:30 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:20:30 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x1, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) 02:20:30 executing program 2 (fault-call:2 fault-nth:5): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:30 executing program 3: sendmsg(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:30 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) r0 = openat$random(0xffffffffffffff9c, &(0x7f0000000040)='/dev/urandom\x00', 0x70000, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) getsockopt$inet_mreq(r1, 0x0, 0x24, &(0x7f0000000300)={@empty, @broadcast}, &(0x7f0000000340)=0x8) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) r3 = syz_open_dev$admmidi(&(0x7f0000000140)='/dev/admmidi#\x00', 0x1, 0x101000) ioctl$KVM_SET_CPUID(r3, 0x4008ae8a, &(0x7f0000000280)={0x4, 0x0, [{0x2, 0x5f3c, 0x1, 0x29, 0xfffffffffffffffb}, {0x80000019, 0x4, 0x7, 0x2, 0x5}, {0x80000001, 0x7, 0x81, 0x54}, {0xc0000001, 0x6, 0x6, 0x1, 0xfff}]}) write$P9_RLERRORu(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r4 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r4, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:30 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0xad}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3566.375954][T22975] FAULT_INJECTION: forcing a failure. [ 3566.375954][T22975] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3566.389219][T22975] CPU: 1 PID: 22975 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3566.397933][T22975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3566.408014][T22975] Call Trace: [ 3566.411333][T22975] dump_stack+0x172/0x1f0 [ 3566.415695][T22975] should_fail.cold+0xa/0x15 [ 3566.420321][T22975] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3566.426150][T22975] ? __lock_acquire+0x548/0x3fb0 [ 3566.431107][T22975] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3566.437367][T22975] should_fail_alloc_page+0x50/0x60 [ 3566.442582][T22975] __alloc_pages_nodemask+0x1a1/0x7e0 [ 3566.447979][T22975] ? __alloc_pages_slowpath+0x2900/0x2900 [ 3566.453704][T22975] ? find_held_lock+0x35/0x130 [ 3566.453734][T22975] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3566.453756][T22975] cache_grow_begin+0x9c/0x860 [ 3566.453775][T22975] ? hci_alloc_dev+0x43/0x1d00 02:20:30 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x1, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) [ 3566.453792][T22975] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3566.453820][T22975] kmem_cache_alloc_trace+0x67f/0x760 [ 3566.485703][T22975] hci_alloc_dev+0x43/0x1d00 [ 3566.490322][T22975] __vhci_create_device+0x101/0x5a0 [ 3566.495548][T22975] vhci_write+0x2d0/0x470 [ 3566.499891][T22975] new_sync_write+0x4c7/0x760 [ 3566.504580][T22975] ? default_llseek+0x2e0/0x2e0 [ 3566.509446][T22975] ? common_file_perm+0x238/0x720 [ 3566.509463][T22975] ? __fget+0x381/0x550 [ 3566.509484][T22975] ? apparmor_file_permission+0x25/0x30 [ 3566.509499][T22975] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3566.509517][T22975] ? security_file_permission+0x94/0x380 [ 3566.509538][T22975] __vfs_write+0xe4/0x110 [ 3566.509559][T22975] vfs_write+0x20c/0x580 [ 3566.509580][T22975] ksys_write+0xea/0x1f0 [ 3566.509600][T22975] ? __ia32_sys_read+0xb0/0xb0 [ 3566.509620][T22975] ? do_syscall_64+0x26/0x610 [ 3566.509637][T22975] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3566.509651][T22975] ? do_syscall_64+0x26/0x610 [ 3566.509671][T22975] __x64_sys_write+0x73/0xb0 [ 3566.509689][T22975] do_syscall_64+0x103/0x610 [ 3566.509708][T22975] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3566.509722][T22975] RIP: 0033:0x457f29 [ 3566.509739][T22975] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3566.509748][T22975] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3566.509764][T22975] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 02:20:31 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(0x0, 0x1, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) [ 3566.509774][T22975] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3566.509783][T22975] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3566.509793][T22975] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3566.509809][T22975] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3566.526268][T22971] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3566.715450][T22982] IPVS: ftp: loaded support on port[0] = 21 02:20:31 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video37\x00', 0x2, 0x0) ioctl$VIDIOC_G_CTRL(r2, 0xc008561b, &(0x7f0000000140)={0x4, 0x10000}) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3566.935153][T22994] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:31 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0xd6}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:31 executing program 2 (fault-call:2 fault-nth:6): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:31 executing program 3: sendmsg(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 3567.272334][T23000] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3567.300282][T23004] FAULT_INJECTION: forcing a failure. [ 3567.300282][T23004] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3567.321016][T23004] CPU: 1 PID: 23004 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3567.329880][T23004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3567.339961][T23004] Call Trace: [ 3567.343302][T23004] dump_stack+0x172/0x1f0 [ 3567.347669][T23004] should_fail.cold+0xa/0x15 [ 3567.352296][T23004] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3567.358124][T23004] ? __lock_acquire+0x548/0x3fb0 [ 3567.363082][T23004] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 3567.368910][T23004] ? kasan_slab_alloc+0xf/0x20 [ 3567.373696][T23004] ? kmem_cache_alloc_node+0x131/0x710 [ 3567.379174][T23004] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3567.385451][T23004] should_fail_alloc_page+0x50/0x60 [ 3567.390680][T23004] __alloc_pages_nodemask+0x1a1/0x7e0 [ 3567.396088][T23004] ? __alloc_pages_slowpath+0x2900/0x2900 [ 3567.401826][T23004] ? find_held_lock+0x35/0x130 [ 3567.406627][T23004] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3567.412465][T23004] cache_grow_begin+0x9c/0x860 [ 3567.417249][T23004] ? __kmalloc_node_track_caller+0x3d/0x70 [ 3567.423069][T23004] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3567.429325][T23004] kmem_cache_alloc_node_trace+0x658/0x720 [ 3567.435162][T23004] __kmalloc_node_track_caller+0x3d/0x70 [ 3567.440810][T23004] __kmalloc_reserve.isra.0+0x40/0xf0 [ 3567.446185][T23004] __alloc_skb+0x10b/0x5e0 [ 3567.450689][T23004] ? skb_trim+0x190/0x190 [ 3567.455015][T23004] ? vhci_write+0x2b3/0x470 [ 3567.459521][T23004] ? rcu_read_lock_sched_held+0x110/0x130 [ 3567.465238][T23004] ? kmem_cache_free+0x225/0x260 [ 3567.470193][T23004] __vhci_create_device+0x88/0x5a0 [ 3567.475316][T23004] vhci_write+0x2d0/0x470 [ 3567.479672][T23004] new_sync_write+0x4c7/0x760 [ 3567.484379][T23004] ? default_llseek+0x2e0/0x2e0 [ 3567.489243][T23004] ? common_file_perm+0x238/0x720 [ 3567.494291][T23004] ? __fget+0x381/0x550 [ 3567.498469][T23004] ? apparmor_file_permission+0x25/0x30 [ 3567.505329][T23004] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3567.511595][T23004] ? security_file_permission+0x94/0x380 [ 3567.517250][T23004] __vfs_write+0xe4/0x110 [ 3567.521617][T23004] vfs_write+0x20c/0x580 [ 3567.525875][T23004] ksys_write+0xea/0x1f0 [ 3567.531091][T23004] ? __ia32_sys_read+0xb0/0xb0 [ 3567.535874][T23004] ? do_syscall_64+0x26/0x610 [ 3567.540566][T23004] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3567.546644][T23004] ? do_syscall_64+0x26/0x610 [ 3567.551345][T23004] __x64_sys_write+0x73/0xb0 [ 3567.555957][T23004] do_syscall_64+0x103/0x610 [ 3567.560554][T23004] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3567.566442][T23004] RIP: 0033:0x457f29 [ 3567.570345][T23004] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3567.589958][T23004] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3567.598391][T23004] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3567.606457][T23004] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3567.614438][T23004] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3567.622414][T23004] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3567.630390][T23004] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3567.762852][T23000] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:32 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:20:32 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(0x0, 0x1, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) 02:20:32 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vhci\x00', 0x10000) write$P9_RLERRORu(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) setsockopt$ax25_int(r0, 0x101, 0x0, &(0x7f0000000000)=0x1ff, 0x4) fsetxattr$security_ima(r1, &(0x7f0000000040)='security.ima\x00', &(0x7f0000000140)=ANY=[@ANYBLOB="04121b9ed400fbff000000000000000000000000"], 0x14, 0x0) readv(r0, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0xd9}], 0x1) 02:20:32 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0xf0}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:32 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffff9c) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000040)={r0, &(0x7f0000000280)="8e39500e24d048d7bcb415e4d5951cf86dea031719753e103c30480b1f34ab0655d1156c1d8d089f8e2d52d1a1e1b274d6d659e5a5bbbe8da44eac41369ffa39f8debac0d6013dcbb9", &(0x7f0000000300)=""/201}, 0x18) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r2, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3568.035001][T23019] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:32 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) [ 3568.129629][T23030] IPVS: ftp: loaded support on port[0] = 21 02:20:32 executing program 3: sendmsg(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:32 executing program 2 (fault-call:2 fault-nth:7): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3568.286888][ C0] net_ratelimit: 16 callbacks suppressed [ 3568.286897][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3568.314213][T23039] FAULT_INJECTION: forcing a failure. [ 3568.314213][T23039] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3568.327481][T23039] CPU: 0 PID: 23039 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3568.336150][T23039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3568.346212][T23039] Call Trace: [ 3568.349536][T23039] dump_stack+0x172/0x1f0 [ 3568.353902][T23039] should_fail.cold+0xa/0x15 [ 3568.353930][T23039] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3568.353951][T23039] ? __lock_acquire+0x548/0x3fb0 [ 3568.353988][T23039] should_fail_alloc_page+0x50/0x60 [ 3568.364371][T23039] __alloc_pages_nodemask+0x1a1/0x7e0 [ 3568.364390][T23039] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3568.364406][T23039] ? retint_kernel+0x2d/0x2d [ 3568.364427][T23039] ? __alloc_pages_slowpath+0x2900/0x2900 [ 3568.364463][T23039] cache_grow_begin+0x9c/0x860 [ 3568.364488][T23039] ? hci_alloc_dev+0x43/0x1d00 [ 3568.374656][T23039] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3568.374686][T23039] kmem_cache_alloc_trace+0x67f/0x760 [ 3568.374738][T23039] hci_alloc_dev+0x43/0x1d00 [ 3568.374764][T23039] __vhci_create_device+0x101/0x5a0 [ 3568.374783][T23039] vhci_write+0x2d0/0x470 [ 3568.374813][T23039] new_sync_write+0x4c7/0x760 [ 3568.385466][T23039] ? default_llseek+0x2e0/0x2e0 [ 3568.385493][T23039] ? common_file_perm+0x238/0x720 [ 3568.385510][T23039] ? __fget+0x381/0x550 [ 3568.385532][T23039] ? apparmor_file_permission+0x25/0x30 [ 3568.385550][T23039] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3568.385568][T23039] ? security_file_permission+0x94/0x380 [ 3568.385588][T23039] __vfs_write+0xe4/0x110 [ 3568.395887][T23039] vfs_write+0x20c/0x580 [ 3568.395910][T23039] ksys_write+0xea/0x1f0 02:20:32 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) [ 3568.395930][T23039] ? __ia32_sys_read+0xb0/0xb0 [ 3568.395950][T23039] ? do_syscall_64+0x26/0x610 [ 3568.395967][T23039] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3568.395981][T23039] ? do_syscall_64+0x26/0x610 [ 3568.396010][T23039] __x64_sys_write+0x73/0xb0 [ 3568.405524][T23039] do_syscall_64+0x103/0x610 [ 3568.405546][T23039] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3568.405560][T23039] RIP: 0033:0x457f29 [ 3568.405577][T23039] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3568.405586][T23039] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3568.405602][T23039] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3568.405611][T23039] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3568.405620][T23039] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3568.405628][T23039] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3568.405644][T23039] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3568.544156][T23044] IPVS: ftp: loaded support on port[0] = 21 02:20:33 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0xf8}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:33 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:20:33 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(0x0, 0x1, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) 02:20:33 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) [ 3568.901437][T23054] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:33 executing program 1: openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl\x00', 0x80000, 0x0) syz_open_dev$vcsn(&(0x7f0000000140)='/dev/vcs#\x00', 0x401, 0x20800) openat$vfio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vfio/vfio\x00', 0x400000, 0x0) syz_open_dev$mice(&(0x7f00000002c0)='/dev/input/mice\x00', 0x0, 0x210000) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snapshot\x00', 0x2000, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000340)='/dev/full\x00', 0x840, 0x0) pipe(&(0x7f0000000380)) syz_open_dev$swradio(&(0x7f00000003c0)='/dev/swradio#\x00', 0x0, 0x2) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000400)='/dev/snapshot\x00', 0x2040, 0x0) r0 = syz_open_dev$usb(&(0x7f0000000440)='/dev/bus/usb/00#/00#\x00', 0x3ff, 0x40000) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r2, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:33 executing program 2 (fault-call:2 fault-nth:8): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3569.086585][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3569.092539][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3569.098516][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3569.104326][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3569.110272][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3569.116067][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3569.122015][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3569.127848][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3569.245036][T23075] FAULT_INJECTION: forcing a failure. [ 3569.245036][T23075] name failslab, interval 1, probability 0, space 0, times 0 [ 3569.276797][T23075] CPU: 0 PID: 23075 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3569.285526][T23075] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3569.295602][T23075] Call Trace: [ 3569.298923][T23075] dump_stack+0x172/0x1f0 [ 3569.303282][T23075] should_fail.cold+0xa/0x15 [ 3569.308335][T23075] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3569.314152][T23075] ? ___might_sleep+0x163/0x280 [ 3569.319010][T23075] __should_failslab+0x121/0x190 [ 3569.323958][T23075] should_failslab+0x9/0x14 [ 3569.328464][T23075] kmem_cache_alloc_trace+0x2d1/0x760 [ 3569.333860][T23075] ? skb_trim+0x190/0x190 [ 3569.338228][T23075] ? vhci_write+0x2b3/0x470 [ 3569.342745][T23075] ? rcu_read_lock_sched_held+0x110/0x130 [ 3569.348467][T23075] hci_alloc_dev+0x43/0x1d00 [ 3569.353063][T23075] __vhci_create_device+0x101/0x5a0 [ 3569.358278][T23075] vhci_write+0x2d0/0x470 [ 3569.362621][T23075] new_sync_write+0x4c7/0x760 [ 3569.367332][T23075] ? default_llseek+0x2e0/0x2e0 [ 3569.372210][T23075] ? common_file_perm+0x238/0x720 [ 3569.377239][T23075] ? __fget+0x381/0x550 [ 3569.381413][T23075] ? apparmor_file_permission+0x25/0x30 [ 3569.386966][T23075] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3569.393219][T23075] ? security_file_permission+0x94/0x380 [ 3569.398874][T23075] __vfs_write+0xe4/0x110 [ 3569.403223][T23075] vfs_write+0x20c/0x580 [ 3569.407493][T23075] ksys_write+0xea/0x1f0 [ 3569.411754][T23075] ? __ia32_sys_read+0xb0/0xb0 [ 3569.416524][T23075] ? do_syscall_64+0x26/0x610 [ 3569.421634][T23075] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3569.427709][T23075] ? do_syscall_64+0x26/0x610 [ 3569.432402][T23075] __x64_sys_write+0x73/0xb0 [ 3569.437014][T23075] do_syscall_64+0x103/0x610 [ 3569.441619][T23075] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3569.447511][T23075] RIP: 0033:0x457f29 [ 3569.451407][T23075] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3569.471015][T23075] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3569.479436][T23075] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3569.487416][T23075] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 02:20:33 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 3569.495402][T23075] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3569.503387][T23075] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3569.511368][T23075] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3569.522227][T23070] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:34 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x0, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) 02:20:34 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x10a}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3569.863038][T23090] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3569.882107][T23076] IPVS: ftp: loaded support on port[0] = 21 02:20:34 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x400080, 0x0) ioctl$SNDRV_TIMER_IOCTL_INFO(r0, 0x80e85411, &(0x7f0000000100)=""/114) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000300)={{0x2, 0x4e20, @multicast2}, {0x6, @broadcast}, 0x4, {0x2, 0x4e22, @broadcast}, 'bond_slave_1\x00'}) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vhci\x00', 0x8000) readv(r2, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:34 executing program 2 (fault-call:2 fault-nth:9): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3570.184063][T23100] FAULT_INJECTION: forcing a failure. [ 3570.184063][T23100] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3570.197317][T23100] CPU: 0 PID: 23100 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3570.197334][T23100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3570.197341][T23100] Call Trace: [ 3570.197372][T23100] dump_stack+0x172/0x1f0 [ 3570.197404][T23100] should_fail.cold+0xa/0x15 [ 3570.219431][T23100] ? fault_create_debugfs_attr+0x1e0/0x1e0 02:20:34 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x154}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3570.228423][T23100] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3570.228442][T23100] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3570.228459][T23100] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3570.228483][T23100] ? retint_kernel+0x2d/0x2d [ 3570.245248][T23100] should_fail_alloc_page+0x50/0x60 [ 3570.255138][T23100] __alloc_pages_nodemask+0x1a1/0x7e0 [ 3570.255163][T23100] ? __alloc_pages_slowpath+0x2900/0x2900 [ 3570.255187][T23100] ? retint_kernel+0x2d/0x2d [ 3570.271473][T23100] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3570.271506][T23100] cache_grow_begin+0x9c/0x860 [ 3570.271534][T23100] ? hci_alloc_dev+0x43/0x1d00 [ 3570.281916][T23100] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3570.281941][T23100] kmem_cache_alloc_trace+0x67f/0x760 [ 3570.281975][T23100] hci_alloc_dev+0x43/0x1d00 [ 3570.297728][T23100] __vhci_create_device+0x101/0x5a0 [ 3570.297750][T23100] vhci_write+0x2d0/0x470 [ 3570.297771][T23100] new_sync_write+0x4c7/0x760 [ 3570.297790][T23100] ? default_llseek+0x2e0/0x2e0 [ 3570.297813][T23100] ? common_file_perm+0x238/0x720 [ 3570.297828][T23100] ? retint_kernel+0x2d/0x2d [ 3570.297850][T23100] ? apparmor_file_permission+0x25/0x30 [ 3570.307810][T23100] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3570.307831][T23100] ? security_file_permission+0x94/0x380 [ 3570.307847][T23100] ? rw_verify_area+0xb2/0x360 [ 3570.307865][T23100] __vfs_write+0xe4/0x110 [ 3570.307885][T23100] vfs_write+0x20c/0x580 [ 3570.307906][T23100] ksys_write+0xea/0x1f0 [ 3570.307927][T23100] ? __ia32_sys_read+0xb0/0xb0 [ 3570.317454][T23100] ? do_syscall_64+0x26/0x610 [ 3570.317472][T23100] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3570.317487][T23100] ? do_syscall_64+0x26/0x610 [ 3570.317509][T23100] __x64_sys_write+0x73/0xb0 [ 3570.317526][T23100] do_syscall_64+0x103/0x610 [ 3570.317543][T23100] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3570.317562][T23100] RIP: 0033:0x457f29 [ 3570.327084][T23100] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3570.327093][T23100] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3570.327109][T23100] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3570.327118][T23100] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3570.327127][T23100] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3570.327135][T23100] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3570.327143][T23100] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 02:20:34 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 3570.366655][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:20:35 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x0, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) [ 3570.624051][T23107] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:35 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x160}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3570.940061][T23117] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:37 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:20:37 executing program 2 (fault-call:2 fault-nth:10): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:37 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) r2 = fcntl$dupfd(r1, 0x406, r0) ioctl$VT_DISALLOCATE(r2, 0x5608) write$binfmt_elf64(r2, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x9, 0x1, 0x5, 0x3, 0x1000, 0x2, 0x0, 0xffff, 0x1ea, 0x40, 0x388, 0x5, 0xf5, 0x38, 0x2, 0x2, 0x0, 0x4}, [{0x6, 0x3, 0xae2, 0x401, 0x9d, 0x5c13d397, 0xffffffffffffff39, 0x5}], "a981a49e1133f7f94e3b79b0c32da2bf9811867ba95e565e8abb1293cdae2b539c00084c2ec013e746985c4d212b60eed2033536e7a8d4b4dd85ad15168b51d47e01f12a18b1b6c1d05209e8260def32b95cc855a96d99de6c90fdaacd5d5756c98da184f280b3bc94e8dd5f6b14722b4fcc63e185b6872f82d1271b6eccc48ceb20eff846ca6b628b9fc8f5d86cd10dc72f33889b75f80a1466d5333f021e8397f961d83b1b01f34ffc36b539764b2debd2dbb19fda4e7f6a8f8d3cd12ab0ae356cbe4212ee", [[], []]}, 0x33e) write$P9_RLERRORu(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r3 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r3, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:37 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x164}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:37 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:37 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x0, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) [ 3572.688624][T23135] FAULT_INJECTION: forcing a failure. [ 3572.688624][T23135] name failslab, interval 1, probability 0, space 0, times 0 [ 3572.708446][T23132] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3572.728691][T23135] CPU: 1 PID: 23135 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3572.737407][T23135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3572.747475][T23135] Call Trace: [ 3572.747609][T23135] dump_stack+0x172/0x1f0 [ 3572.747637][T23135] should_fail.cold+0xa/0x15 [ 3572.747662][T23135] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3572.747688][T23135] ? ___might_sleep+0x163/0x280 [ 3572.747715][T23135] __should_failslab+0x121/0x190 [ 3572.747738][T23135] should_failslab+0x9/0x14 [ 3572.747757][T23135] __kmalloc+0x2dc/0x740 [ 3572.747781][T23135] ? apply_wqattrs_prepare+0xae/0x970 [ 3572.747824][T23135] apply_wqattrs_prepare+0xae/0x970 [ 3572.784309][T23135] apply_workqueue_attrs_locked+0xcb/0x140 [ 3572.784332][T23135] apply_workqueue_attrs+0x31/0x50 [ 3572.784351][T23135] alloc_workqueue+0x84c/0xe70 [ 3572.784378][T23135] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 3572.784403][T23135] ? __init_waitqueue_head+0x36/0x90 [ 3572.784435][T23135] hci_register_dev+0x1b8/0x860 [ 3572.826598][T23135] ? hci_init_sysfs+0x7c/0xa0 [ 3572.831324][T23135] __vhci_create_device+0x2d0/0x5a0 [ 3572.836816][T23135] vhci_write+0x2d0/0x470 [ 3572.841210][T23135] new_sync_write+0x4c7/0x760 [ 3572.845931][T23135] ? default_llseek+0x2e0/0x2e0 [ 3572.850809][T23135] ? common_file_perm+0x238/0x720 [ 3572.855842][T23135] ? __fget+0x381/0x550 [ 3572.860018][T23135] ? apparmor_file_permission+0x25/0x30 [ 3572.860037][T23135] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3572.860055][T23135] ? security_file_permission+0x94/0x380 [ 3572.860082][T23135] __vfs_write+0xe4/0x110 [ 3572.881899][T23135] vfs_write+0x20c/0x580 [ 3572.886163][T23135] ksys_write+0xea/0x1f0 [ 3572.890413][T23135] ? __ia32_sys_read+0xb0/0xb0 [ 3572.895191][T23135] ? do_syscall_64+0x26/0x610 [ 3572.899877][T23135] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3572.905954][T23135] ? do_syscall_64+0x26/0x610 [ 3572.910653][T23135] __x64_sys_write+0x73/0xb0 [ 3572.910674][T23135] do_syscall_64+0x103/0x610 [ 3572.910696][T23135] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3572.910709][T23135] RIP: 0033:0x457f29 [ 3572.910726][T23135] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3572.910735][T23135] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3572.910758][T23135] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3572.949299][T23135] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3572.949309][T23135] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3572.949318][T23135] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3572.949328][T23135] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3573.038885][T23141] IPVS: ftp: loaded support on port[0] = 21 02:20:37 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$net_dm(&(0x7f0000000040)='NET_DM\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3573.086248][T23135] Bluetooth: Can't register HCI device [ 3573.285518][T23139] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:37 executing program 1: r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) fadvise64(r0, 0x0, 0x1, 0x6) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f0000000140)='/dev/dmmidi#\x00', 0x5, 0x0) r2 = dup2(r0, r0) ioctl$TUNSETSTEERINGEBPF(r1, 0x800454e0, &(0x7f0000000280)=r2) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000000980)={0x0, 0x4f, "d286b123b300a28214b02572665a494e56e07485da9c9fdca9879ad7d1a54a9cf2f3b858d3e781cda56d618d81e38a336074b593f76f6df3df455ee71ffe56355fc2ab4e261b1084433252d9b0894c"}, &(0x7f0000000a00)=0x57) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000001e80)={0x7, 0x4, 0x101, 0x3, 0x0}, &(0x7f0000001ec0)=0x10) sendmmsg$inet_sctp(r1, &(0x7f0000003240)=[{&(0x7f00000003c0)=@in={0x2, 0x4e21, @multicast2}, 0x10, &(0x7f0000000900)=[{&(0x7f0000000400)="e59db3dc94bd595d90b37095174218060e523d0c19af313e35874072ce03c6ddc258b7818b4314e0ff45dba200a4e7f1bd36debfe978fc1e1f11dd7a9a2971c0f4d777b97e0424741e2d78c23e8134cf13181197d500710bd993b0f59a5b1def965b00940e428d8a873647ceecb3cbc70d08accde6daccf96095d2381a3fec4dcde99f829f1a22c900f7b1018a49a106cfd4eae5bf899325a3045db2ad235e1da58bdd03491ba772efb1aa84", 0xac}, {&(0x7f00000004c0)="73deccbe1fa7df24b3604c3fe58ed92a31457fd652985af70a4be3444791e75052fa06d10e28a445ddb03555c005b580dd251a89ba9e0636ca61b12c45ec3278a63edaf02c581134ec10f76ce58890b023c62eef8adf277b57d09defbbb8cc5d2b4fa536c4630f67b8b4ee3e2ca8aa10c63261ef3d1565def1521dced8cf1b24f23db12bbab6c12abdb5b423604f16bb724391b4dfb01490add5e1e22f83824f7eb02790d481d3ae910dfc9909c0e84f922669e19e395af3f2be952799d3f9c73161", 0xc2}, {&(0x7f00000005c0)="f8f0c74312b6b919f50721978b9af3ccbcdf219664c22071010f17581edab0cfb527b697c20a0b17d7be88a324526ce34698c4ae2797545ae8625dd569d276b0dffbbb81c06e1c3912e70eed248c022addeaf212bc658d9ed1f59d64bb08d4643b9998e674ace5543c4b49fa600cf5bf1479a6cbe00edfb37fae86068e0971922b1122be1cf81ad0d58e1dcfcfa07c891bee2b08d67fd202752c0c86faada110822781bba2e79b247ba8176287e19a636b903c745ffa17da3ce4a2fa953d03d7ad9cbae42856ec0901d8778afa", 0xcd}, {&(0x7f00000006c0)="631919be2b7c1c07147e7e23b94bcc3e4ad3ed344d5620ffca812f341b63032492db313e457e92b14bd9ef5de46475fb4e6a99287aff08f69d99d78a8a194335110cd1c689ed58b9beddf9dfce6a59dd44b9fe41a8423cba9a72d00c3096", 0x5e}, {&(0x7f0000000740)="d99bd4c53acd4a990c8d9bbc36ea42e4b8a39e42d88ceeb60652f3306a6785f26c8542b8083d09ecddae1cf5d05ae805aae452a88e9da7debd426a4d5a8a737e5e6398de26ad709ede5118cf4af2b549a79f4ad03dc18cd7decc2c916b0cbbaed2831170c67dc50d9801fc9c8dbf24683fa28b54156461dc9f5e5105d0ff396a7a31cd9ee62f2d0bcbfb126859f0c207b06deca9b5ba1d90bdc1c8151ff7a2dee4661b95549cd83c7a7fb564eb6aeb7097052ab59762a598c4a24552a8d5ac65c62bbdd13c12d8cb27ac7eda52286733f993e5", 0xd3}, {&(0x7f0000000840)="3a5b5b9f21bed3a18a612c5cec4548d8d712c28b153cb5d4f9f63cc9867bac4da7cf7a503d71824a0af1d466d3228b71c03deaf08033c06a1602816ba9d05f448e32e89eb4049ed4239cd8aa62336a715fe87e37b4b5da375f76baaf97f9712233110e7539b6e99c17c726404915c8ff9eb7f5166045fe29409b35f525a3ea3d852e2682766b3b2e394e0e56c6e12497aaef34b436fe081cecb66a5444808dff8fac1c8525889eb79d0f", 0xaa}], 0x6, &(0x7f0000000a40)=[@sndinfo={0x20, 0x84, 0x2, {0x7fff, 0x8001, 0x0, 0x6, r3}}, @authinfo={0x18, 0x84, 0x6, {0x100}}, @authinfo={0x18, 0x84, 0x6, {0x5}}, @init={0x18, 0x84, 0x0, {0x1, 0x0, 0x39c0}}], 0x68, 0x4}, {&(0x7f0000000ac0)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x12}}, 0x10, &(0x7f0000000c40)=[{&(0x7f0000000b00)="3c600ef8c009c2cdf810486c47813985512be0110bee43a40fc6e1d0c667e98b52839a11870146f7da2dfd1a3709bb5f7034d691bcc13eac567d13f1f2ac989e6e134eb04227e4a0668e0f583cad0d4cbe96ec6d5a387af6e386bc47f3aefaed8f8a", 0x62}, {&(0x7f0000000b80)="e45274e54db399369b3fcc26f4d94aca6d94a6121462abdbf94c8bbd154018984355bbde4260f6361113489275320a6856e6db1505ddc57c28f4f20de8767730f7506cf22d23d305b41fb4d49a6c597cf5f28d5037bd43655c16a99a62eea4e0c76b54566489338d37a6d9df0a8f532f3fb071bebc84ce183aaf8c653d4c26c893f1b25fea265a099ddaf13c1b5663edeaf85f0c9e18f686", 0x98}], 0x2, &(0x7f0000000c80)=[@authinfo={0x18, 0x84, 0x6, {0xd1}}, @authinfo={0x18, 0x84, 0x6, {0x1}}], 0x30, 0x4}, {&(0x7f0000000cc0)=@in6={0xa, 0x4e21, 0x6, @mcast2, 0x2}, 0x1c, &(0x7f0000001d00)=[{&(0x7f0000000d00)="b8b636998974fd12c1840208350661f0307f86e0da1aa4ff66bf3071c6dc81791aeb9c55e00310cdfccce8f6ddbfd7c504c908d4a67e6ff1a7fbe394ee6393fa4ee3883cc3c3ec2d42880af92a509e26e9e88f5b3e290aac2200cc41d9d0d44b627001a1da7123670574cccf425dd8cbf8cb4a7a92a04822214f908edf8493b3143818db19d7a6433ef07b49522aa12d002634ac2da3f03f12c11fd81551a554736bbfb3589f12d42e05683099f2067a1789d50f4c56ff5271e99d7d9591e54496216ef5e337273d0ff2716485e56bb8be0ddcd7424752c99d39ed214a6d14a09688637af93293babc6a413da3c602092b165f6e6579c014c3fc1d0a2a158cd905177e2bd2949a341f49f86bd19e8782f897bfebc3ccff39532da30fec6ceb5ee3644037083d2a33668904b38a4076a40750edc1b71c631ec6bdd5aac4d5cf1f324c4b4159f8aa4f02b3e92638fe2a74ca144a71c71547873fca8a50f0047e9c4021f24abbaf5de13ddec20bee2f4ee83c541c9a4049857118479cb16fa8ece723357857c7503735907b870b85c20b50fa08e613c8a8623937d7d4cdbe377754c636c173785497ca8add2eb47e276508004e640c3f15b552edc749bdec773467704e9be958decb325dda3f8358ab97c30a134963e7f01f9db43fe9c2d077128f8bc4c2fb8b16e1be22192ee0ae9ba4d2e4fbe57a239395815f9d31ad92fa2b8c3cb94e064845844f67f23bce7be8d211a81d512db738d1e65be7dce91e3089addd013499dcffe8559c41189c6ef90b0355697d2d6cdbdb961e6ecd090a454571f3f173342ff12fd7ef4a931b2365c7d7a4681b47272cf1a5aa64fb4aed2618e22b01aed4e6c427080b41d2bf5752f5af1bc602cc645faec4a06e5088e86fa868d3d9aafc9d5016813e003e7a70476ef1b12c091fd63641df307310766e18bc5a338244aad7b5d6a4c241d0fe1e5c5e613d5591009d8300baca561e07845372c87802f03f7d637cbac7b9968b1bc4432d33bac92d8aa000ec81ed681e08eb5eabfb22ee623b8e345e8e30893bec71a512b5c070f09f7c56f47f42f2433254f0173da3af3d1a3568c387c7ceca9f9974421612c89a5d4797f5380570d15f612d683216133464de75e1d8cd4c62cf8ae848bbb9d877e12fc9858e8a6263098399a18cb8e37660ff9597005fab70d00c4f71885360d8adef05f3d30d55bd31b03eccee2293eddbc16110eea3d0cde874a9107aeaec71a1e6fe7b36ae50bf2c42b1d8135cfe0a098f92154da521dac85f13b0b9c19a6119016fdd3e13ab024f4066a03dfc6d6317808644921a9a4874998d866f7ef30cc01e3c156f4c91c1039df89f822fa04caffa643e998c620c36d23baf1d949c318803d59502646a063307ac6663ab11907ec1d5906808f8ede0133b58b3e236b60a9dc86b3662fe477364c66b497634e9443746e0d1aef6716a985cf066a2b0ee53cf88558bd085ba42d400e491b1fc20792879f5cf7789c97cf624387b7c7afa25847c2920c28f1ddae119740c7eb5648dc2eeec9fbd6b11fead557e9c71330609f581f435310c3e6afb998c2ad659a91e323e6de60edbd0a603c1e6ea40504a25ada8bdf8cb8deefe72228612ae84c971893b9abc4e4abeb937460641908a6ae5e425b1841aae2c1f0ed007a22cf5ca5249d85f28d12ece6817180b085944958f082530a88e64876f8d7bb8871d52dad1e7274757420ce814f84c146584fb04ab5ebe04ace9144a7bdf3b0f88c7913a819f84139540dedb4da2f85e936ccbe7c7bfa00504787f67069d6d6fdbf88d0d6be1428aac07611da3d1c504c1da76d16c45f11037f0b67ac5dd60d4f257e22e51d08a500e225ca17e8501349f5adf86c07915fae2389691b5dba2205b69deb58959e30a5aaafd7c8f7ff4ce347d6e55e0e4b76e2e91019d65eec593224bae4e3c71b909bc03fbacd7df3eaf9ff271b6f0b627777356e03b32d36bf4fdfd74b5299b8e818a442e5c78e7bbde40ea2665f83a0fca251eb2544253d8d2bf2506ea6a7b7c2511308b7e396f7f595a0205a3b9573cac6c7d8f607ea6e4062d9c461f56f01914d4785b4dfb189ef5a3748ff3c0cf635df6a701382bc5d16070648f05933e740baacec3dda98f90f4d02328ab3cf17dc32740422e1cb442365a01d0e3684e0433209ec0f4009423ddedce054d2ca8f6b1d63dc865ba9b704834612726cbd0848a9d99fcec4d008c7e698f896b3127658db5792890a92bec64e0b0eb5d48960a7e03db2677a5f13456039120e95351c4196d58f171e055eb3d446966b28c26c4891c24036c35c2df2c35d23a011ec5c744da41bd3d80d8c3cf619b13eadf6aabf7eefc205c32570ce77078f8993aa5c5af431a62093d915bc75cf64eb328e726ae88902fb00297d17543f22b10e0eb6fb1571e6ef67ad2fba92fb3ab24d5f8c523bb484e3563408dce467ee76ccdfead11e0616759bf1e9fb0a4273d007dfc6a1fac4166bb7071cc13f0face74e9b8eff92658fbe3eb7a963221c6ed7bf41450a595560faa4534bf4b8f9f965feb8d7facc1842530817c4dabfa40a9d73553ef4df3e326dc5e07b0d6cc3066d38589d53073b1e378cc89101546fbca0a0bb63afacd94557632a2897fd1ab98b21de89c0ff682432c1413600f4f909f8cca95db7020ce769542a65aad18bb3ad2f87e37fb79d29fc8499696d18418008cd1a815d56736e23cc3820c62294022d464f5658e2f858ed538d47767514f2e81f31db01f594197f18932609045ca4b2e97e0555440892d959fc82af3c1f24068829af42bb552ca45d5b8819a9ca16a9cdafd6f387a9b838109cf358bccbb3310075c7f38560ebddf407afcdf9bca8d363b8cc68f3e5f95a80f48448b38f7e538f066de0129b1d734526bd3f135266aa6d331c1bd2324b68e51293bede7d6beec5005a253251cd220481f71f01f8a3369a698b1e6f5f51b51a22f67203a5b35f911f9957fff378f8d085d7ee1386fa606fc887a613b10c2722a74d8e480a18e0101211bbcadb77643c037f04dde55decb34c147b2aee9343031b3ee8e0f40e106a37c09d49475bfedc9d61400610d8432b33635cb4f8fc68b67afe7ec13159e6a6a6f73696955fc33c66c2b7bf9713881d3b7371d784ab277477470a5f9ab7dd8555c69727943f562577ef560c6fbf45e2d49dfce6d72904b1e9888e236af8b4a0786f45e349af8b5d815b6a504c5556eb6cc0bc253b817fb719c4259d6e97eb61d613a4e1f6e0f9840e0bd877e6407c5245f18351f97a751064d1403a5e14b3f9f98557c05725919cedff8826bce428cebfe1782b48c76923ee7d015185c8ab16511b85e275cb18cc36e42581a09d01fb201f2bbd8fa1a7a079f909fa825ea9a1b4c2e0fb84bba07a6e9c0688317017a8e80cedd41d2e7f8bf0ee2ea8d872c131f240f3a95d4c69238e189babe7513678f79ad7c8678ee8c76d9eb5afb2b188fe8ee31035fa405f92df12eb997acc8bb53067e69ecad821046277b7a0b98fe0317af2858eceee0f41da1228960347e75568c57e245180b3ff8ee507978c788c507431f460550af53cd2afbb2235883ef3f6d1423e3c37030894f7d07f43247488b67ec6404eaaaa12dd22d87242118169672b67bd84d03af606ad47e7abecc8a5f188bcd88e9dd7c0a88e8b1a40f7e253c0ed0cf1788f363e8046bc53d9fdf4ae86a376d90726cb70c3bc76be0a693c53d2ca1f6bdbd05c0d407f97a4fff42c08591021c6daf2f6de5db90c5c612ccbdccdc0a52346ed90c31e2d6a73e4203527f30d3f3fa13f3301831fe0274c1f1d3acd00a0530b12668c1a001c416f46f256025f9acb41505f6eaf4bb23caa2321418624f6c132117306e06d5af5b26adc9dd6fc32b2162f1434836755acfea6332c45f61d641201f11a80c3031c9423a22f25f60ec570406d4150deeb187fdf93bfc3d0f6fd6ccdc1703b5170ec7c1c2ee5eb2d67e79dff6369db5ca76792db41a00c38564afb662f1159d772733a1fa6d72ffe52fbeceb05b2d55ca9b7a6e1dfad33ee7f9401934fb15926a1e61305a85ac316c056a0f3ecb789ea96f8a930d9616f42d8a26a86dde544f949d555e5cb027787ac164cd5545a1928f77df57c566209ec721b3150135bbfade35a711516b5621580fc58e88a8eb2965427681ceef5096b3888070a53217e847175fff7356e4642e3261e13dead704f81ccee713222653e1d2a7ce900d957a946449b43d4d61477208b7ce29be192e6f58c65da13c49ac4c04fe095bb0512a2103e1fbfd8256d39af7ab07b357f232c7eea7dda9ca9c9fdce66545917cae0168eadda08ce1292e406e14dcc50a08316eaebb8f7d15f4dd1cc22bfbef3d5e182fd60f7730ccc9281b71528fab80933827d85bb21750f9c9e12a48ca0da9497dcf43620234253ef385ec4af06c022610448d77e51f99f3c0544fc9da3fc81bf5a69ea2d1dc98fd03593175d1499bb081d7b8bf6d74f223ddf3530e687cb6b076110936abe1257fac6b500b91920bbda3ac834425378e7a27f06f98b8f170ac57eea3e155cbb759880443fbed28b26ddf5427bdf2c5b183855aecf067a112f2d17f481b11a899b4296f4f81d73c76e825405a761672092a6b9aa77691da5ba0f0d5ad9bcaaf206d1d9f4617f13973e2502d96c4d2cea95361d8caa9d27074f8f4f6dde317020aef954c91fb6a3c7b716a25328c10b4a544799b54902b0c3311dee1c9d569585b85b7083e251c3f3773d372ffc072a9f52b2bff5c9272a1538cc369f01a96d409b05ab6392f4e9e23b6382f56405b3e30634d625bb826076fb83d1f0b4f3ad37e4cc93fce2fbf11dc7de66c1fcc57ebdc5c826709e8d7c25f3928a80b5ab9dbe6f2080cb221bec3a90b7a118c7754a6b56466a6ac69408da79d28c20db39eabe3bfe62d5b7fd6846a0f56c77936eeebe2ab87122bec68cc7c02027da98519a3ed2afe46bfb946ad42a581495e9fe177c8387b4b2364820cf771c75ae76bc881c82b827b5f36fe39c68405324b2f69b900b720a620b7bd24505c29678c963829b30e82943aabe7bc4878f010c5c4f639295ed167f45f8c78d1f605ce6ee7c95e16edb7815322b9e926618036a72676a5a207d1bc064781cd906295d654fbbef500c9c523ab6445c9938553b211cdc46070a98d401b7fc0cb4d241f220df7cd3d685fa4bc76377d310fa126ecda9bcd50c85b688c6bca1ffc6ff5adbd7b96fd23b50577f4ba9993575597600004bd720ad5b0d332557c2e670c27dbbe738fab7ae5a9e953f09cd643b3b8e1b63af3d3389ea41436f635bf9e9f60b5f5694a1287e9e505b988fc36047dfedaba3c17fa0cc6ca1d51542735fc5db8b78b7f0a8106f775a3cb56b4f78dca9b1d4a9f0da256fcef1cf21318286fe61e73a813a1fb211388bc64a10ee0709230b051247f5ce9ac38686e85a24dfaaf19f8392cd66c90ed53ce20e9cb9c0260f7365f448459d38881885ef8e4fd148917372ed172d69713c0a718d4f880f4b0e0902c9b26ca684962a190cc7dd5bac2877c309528d0cf5006f51e3c86bb3c3cb74a52af1dab7381e1faf84ca144b142ed83f0c144f328d58064a6b1880956704268ac7eee40f24fe005d4872c3ae6e41901511a9a927bbb2f660d61a31b521e445732fececddcdd320b450b17a346fbf1d7ed0674c6518468e3e365b5469c1b86cdd5c2c036efe36b4d0ea160bf963ea5a7e514f5f3e1ffced7d07213eadf08d8c94403d4b1376a5e1b503496429e2bf35d2bfd", 0x1000}], 0x1, 0x0, 0x0, 0x40000}, {&(0x7f0000001d40)=@in={0x2, 0x4e20, @remote}, 0x10, &(0x7f0000001e40)=[{&(0x7f0000001d80)="decd9b9be8510ada5d7294ad5ad73e224913aa7e2728cb4f90a0316256d80d4e35c8699ef1856cd8937327511ecb0d0621fe0bfde795f61ec4998f49835d3b2bd64f3466c7cf911cd151da471cc2d3507d76cbf7dc3bb43a1d33b39741f58c62f92d226ee97ec8fe8c324285b839797bc16139634d1b058a6a13c2242b1738ea962fa63c6aee325699b90618bd", 0x8d}], 0x1, &(0x7f0000001f00)=[@init={0x18, 0x84, 0x0, {0x200, 0x401, 0x3, 0x3}}, @sndinfo={0x20, 0x84, 0x2, {0x5, 0x0, 0x3, 0x80, r4}}, @dstaddrv6={0x20, 0x84, 0x8, @ipv4={[], [], @loopback}}, @init={0x18, 0x84, 0x0, {0x8, 0x800, 0x4, 0x3}}], 0x70, 0x4000000}, {&(0x7f0000001f80)=@in6={0xa, 0x4e20, 0x0, @loopback, 0x3}, 0x1c, &(0x7f00000031c0)=[{&(0x7f0000001fc0)="324e38f28976c4d25423e4880e575b4c4ee972d14be81331fbd34f5ec8ad4857bce2605a1346ab6c35f4a67cf9a32e9172f02b6e6302111afe1100bd6504e20d385d24595d3f5f0c9907d5b002ae01022b6c9b1ebcfcb6df3a7c7e88aee9372becc418621c504dfb4257b41acb5f8369a2ca3d924d0443e9975b31181a14814af0f69dedcffd56d6be10636e27077a4932b3e472a52da35da5d02d0e87b855e868603befae4b091a67ac08475eab1fc1901682d53f8d18357a3a23c13a8aa16b129ff77cfb990e1194a6d8b6db23f8fb75c137acb234ccfa2ee733e11b9c2e30f0c0453502bbf7f8e062d067f39a3c5e16950ba18c2cc9ec99bd239051d5e72ffaaf0ce422fbc00e0e7ec8f3cda4c3c00af40f6fe16ce211e1f683a31e4cfc023263df65b24ab7eb016ee73a3ed085129cc0b711917ea4c7bd6a8be81b24968cbc702fe5f47ae52e9270fb9c4fe441c7fa175fb2372bdafaf4ea11b00d7443ae5c02abbd68d0a735076247cd184e1a9981c5d16798e5b9ebedc8c48dad3e86d5876dd743b44b0f40d02c524fdcb3a4cbce4e32c9c41f32bd9e8ea2803f78e1c266f58734ef1cf99a3ae184682cbb6bed2a5dec9ee9dc6d7704e67407d491eea579c990fe96a0c67b829540ae2c4e4cc69629d7e1122a404b7c82d92f50952911b81dfe1ced6d4ad0ab67b42aaf88d3f9430f9f40372704677a6c843fd06bd8a3c33f6117d7c8aeb76e16466b4439f7c4e28283d073d0e9b55dbb037baa5f6d060976b4f45bd7c74219882c3cb84ceba2aed5eadf2e441db8184e0f623145b41c4f6f6f06a772d256d3aa7566df73314023db41a53d1ea5fe413fa184d9421874163209e928fbfd2f1ed872200768c19198ced3f7a67c01a30856c1107b61a6d77ce220e5ad4352eee09445be30dcd0f8c6b2db3b45c5660d51d1eab754bec0dc28f3a79008232bcbc4743ea42f407a0c2f01144431a5fb3316b86a335163e658b143c009ee36d8b0cfb900406658fa906fb75cdd02da895ed7b4ae5ac3ae993dbc3417a7de6901ff5ce0f00136cbdf5cc49c8fa44990cbefa1d9763ce205703b5a7ffe4e8c41426b1483b4e3ebef2c68ba4614a1a5effe28f292d881f5e6a40964d9fe7e6a82e17d5c3672df9fa25ae2c84022662928d2f6294d6a48d8e77cdc62f30bed9a263cfe1ae8b603fd6da4cbb25b11fc32715e6b13f63bc63bc6a22bf030c064a1fe2cb37d0a336e299c03226925a1eb560a0dde26a27c916d046bf4f5773486425d670311f090ffe00074429733f4b163510a0f586c7d60e3c6688c69f598cfb62bf4f87d4d6d399b9686bbf488a5debbe31d1fb5d6244b1972efd70edabf7c14d8da03965e8682816bfd681d83aa59eea821c5789346ae7eec2e81fe47fa1029111b5a8b29048a0e6779678beffddbc611269f8dfe603079178d45514cd07ec0432b05d12541a3f74ef39b99461de82afab84751898a8975da95a6314b44ab416c6b80be334004d042ac3b333cba11a9abce5e003565c374c8b31200c65c0fd373f97d5ede771ad0ace0c0eb023443159e8db76a9f28866ed511680a1373e8c4e128cc825a627f00328b84ae730133348ab38a6f8085ddce96a30c991d1afdc31d4c266752de35de59a619cadf5762ca60157f522153c245951dc4b207399c2435a7deb9ced25cd414068c67aa9bd5ee5b2935381fd1477cb40b9ceefe71cedab8123cf828f72cb4db0388a6e2d265f8167ce359576e01e42843794b3d68579c4097025abe51768b4fe5f434d98340d6901f6d2b75e05949cf43a25b327f06fef2dcea14cca38f71f423bd4766900224bc7641be3b589207dea6a5de5a500c1e03aa880052c9f0e16f6a055d8d284786cbca42356c8e03b3697f696f4ae3997aabaa2a3ef1369b8e532578af8f6aa6a09f629a57d51a5a1f40e73a3fea51c184570aa23b1e8314769a3dcbae1fb418d8c2091b5e5adc5765a43cef5eadf16bb616080fc0e160247f28796b4cbb83432595147673d19ab61c5b35090dd5ccf188075e306808245030e960cf20c3046c0d82a1bbd5f4940d227640f6bc270e3cd31a0fa63f6b8dfae47fd774c290e9c7d8e79739de75ba64301fcff9ffda6814c360198dd3ea564f02596bdbad3fefcba9a750f06ed71f343df3dc4ee9cca9396bca899cba99af7cefcf8a382b00113ae91c1292c13818bc0160cc329707e2a4daffbf0da045bedafe0446c42888b33eb440c9231b460048dd0ff1684c589e5258a125566b39f79c6b2cd10a596c26aaaaa04a38289e21b0b21c9877c4800e2be9cba433bf987811a813dc81815cd27cbb3d9e5b2bc5a8f8ee0b416f16f3cbf6844343c74f9f5fac9912e06f2c18be9b168474084525a4d4ed333b7932a9cb57b61f137254ebec6a62fd1b200c4118e19016bec8d0918f922541526be393acc84d364e231537739540aefbee6abd5b43c687a47e27c5485c91878c7091dc8dace5250eff8bbcab98bed73899d8573d3374d8df6cae27ad9ce51f1e1ee3e6db1301508609be4034f349447f43f985a2989495ffc1bb8ce12c31fb6c79369cceebf3fc580abab864cc9705e872156a6cdbba56e219640f46a203427e910290df507f4b4223e16dbd8b97c3042642cf9874e2770f51cc4c93406bafcf2c3cd873259d868b5e04cc2e92a5d6d9e0dd548233e7600d636f182b7ff04fb8badcd168f07f66c59fadf4b6896858109efd3f3a51c14f857933dda31215187b4fba10b23946c1aeb3f97cc0322813acea099c4f6bf619b96a486e450cab4a375a0b5d039d399ab8f9e753a5052d630d008b98ab848b5752ad7ef18ed9397d9d5a9b5b291259ce96645f87e9c8840af2d82c1420b342f99b81d12573c7f3f3e1456fa549c63ad2094874d377dd8546ef3ee1e753e996a20c5bfd534e566a893a3c6b08c175b2a43c3e2c4987c5ac086f2e092064a7d38b353680741d95eb67fee84d7d7e303bd4e4b603bb5f49fc6e1d2cd1f25c89f8d03bb0fb01a1fa7f7312eef3ec09043e6b14caeb7cc88310f6e7fa2c4e135d41af184d971c882ff3710871e7c0f95d32a66dada82df22a843714e04290101d31488ae0e5ae3c94995ac15df79c9193f3e7a6f0b32a790e3fe622d4bce1bb5dd991f9d7511a2c734fc18a706b17c839369b4d7903c080ee1f87ccb9b7ddd9bfdad7f6e3bf8f4b93106ed324f4568e30c7ce1ea14cdd9d28ec1aedc9735af74097ced7dc8a045cd7fbc0842482f76cd7d2556cf06cbd90d6c40e14ed878886d9dcf89bd9d903659d1ed7b2d2d18eafa01fe4c6219271e88f056578a4fac74b88fc5722630474a5184c3879000b97cd49cce18ac1f32b0ddc6d2401d7408ab1f3081b4093deb15745681a8c0013ad065dda7ed9faf12ff4ea3fffb70c7396849e993d2cd056cca8fa7e7d6f1d97fb39075a9abad306fce82034dbe41ddb549bb3b315bfd1bdefcff56c03c8177122e09068736b6c4da33ad4589e80032d8f10740b0239723d466be5bd0e125fad2f0658e465f0fda380add24928a168c5ed4aaf9944febc912e40703ed741a98b20ce59259f77a4d87619b4ec200dd1632ea8507f4d47527eefefb3406769a8d925933e014681d0584b3784eaa8ab8dc1d26362f08bbfb45eb2c93b20fc69204b8b25c07495f2832c7f0992002bd83e6a7d123bf771924413214b220ca2c0140023daa55793bc82ebee3d2a233e11a6152b4b0f4368635ce666f300d04e69717c8951ebc51163b566558edd8b58586ee766969c00e6d9d74d40865e747a3b2314350c3642d57c591add915503edab793efba20d9390d13a482492d48833c4319b5984d78898cbc38d1d38cc648a2f9a09cdabd860a424676def9eb9476a8c74f036934edf20cc24ef06c97cdba4093fadc18d4707fdb3881a2cafa04452998828be4a7d5606f1a7e98459c5a752b884399b3dffa1b07f5c52150bb30ead7e046df5c19b38253efa7df7fd2e9a633c258995826dcffa1dd3eb85be8645751816a4890b9afe3e05c375dfa0e8c3edb620fd244aff986b79b21378121901d44fcc94f9aeda091612de22b149373cfa6c336ef86371732e6f468748c539eaa763949d81021d64af58cf19773cb80fe53cf1f903632de461eb3db9cbf3acb53e2a2afd9707b581c6086b4935d08bc4ec1f35eb5fbd088e653980cec0f6dd8e7deeb7110b456fee1e51c4655500fff8890a04bc4c4c8df2c92ca974e562a1e6f18b4247102b85573a9e169661daddb9fe76000a74d42c8c0cf023f0980047f94bc2a13ae7c9e7e2c2d0b984024de47b286f74dcc472fe9215d8af96b97ac6c8706a29a6192ca5730d1ccd008de963518fb1ab947d6acc9e71987b41e9ddbb3dacc3ea558fed66d2c0f7c153985707aee6ddde03ef39a4defdfb96f2b550dec004964140cb7d709f0f0f51292c2cff3a0ea5b3fb3d492d28516890ce1165899fa5a24658013664b7f5ffc791beccb0e19534256601e4f3a92463b782e3b25db57805877c1fc3d8c3d7e417bcc25ef3d88d7c94a810d2ff27130b1b8c9557dd2e84001f59c504149c4ae8256e0bea191c9f2303e25c1a88d8517a382b5956d04e62fb868e0d38129f557e92ff03c2eef93f6073a8ddac2b6b3011ec561dc04e57f5228b3516ab160209660b0182ed0335a5c5009cddf45c77b3fc19dd16d7d617405a0bce609bfb965ed965ccce85de51f80b73f752f28d4a977489bc9f4731cede03a2e127cc4aec6b9688810a66b95f47ec70ace3d7f564864811ee03389b59486f059d4d6c8fabd0a4e41a4b7af8317889cfdd7dcb1f201f6c626734e03badb81312a9bcd98253664ce688cc40ffeddccb2bdbdb6f065ed5c8ea4c4f451225faacd9af729be232aee8d99723cb764b6b9902acc61f5b433c8af790cfdc5fc8285a118e56eadc1539f22dcdd6cd94d79bb76f18bc3678430c906f6d3444d5c18033c185e57a7f37312193af681165b58b53f48af13b1d748a93385ef2b0772c236a5d0ab0932df2749c5b2126a8843b762a0deaf21f397b3b8a34cbf8607b80235cd60be14ce27ac978626edd16cf60214517581bed8ec4c2084e4a2f6f6cd0dc3a528322d849c7e8ad0beb977c003045de0e16b5545856dd8f87208152600422e8265875cbb9b7343fcc143ce7b4c4c9bd4bca0f4cfea5837f3a9e941243699ba230e909233e2c3cec6cef509731ca5f63a790138977f4ece18dcf65877eacb0c721bac94242c656971c83a457f3f902d8afc9e81679df2d45da8ee8018c7be1addace2a36be6b528eb324bdce166e6ddc554ed784122e7ecac03f32606d3979e210704f21ee6d42d4212d39e4256bf6a59ac269d924a49be8a37762c6c6deba13cf144dc9fef458a24ffabce68805a9b8126eddafbb41fd8f29f07904d7093c9684d2ef07bc846360f93fb6127d1ba3273f33266a2434f401a4bbc4ae65325ba8d325902e8ce4435507520d1d69ab314fe330304d447ad9d50428abe5d4f552d01425c2cc5662bce990090e858705ca2284034cd1426db44d1ce3eb12fff51fd48bac650ae35c7fe94c092473633b740f9a82dc976dd5a1c6a90c36816510cd0144ce5c5d76e38a746298351ee6c59821740591bea6c80e68861fbc40b13c680875fd3578c2498412602609e0330504b18a589a4957ded7b4f5e704f87bcf817f8612285ad7797b64528c80314d4a05a4beebdf5580c3362d2171724c0a1f17d0550c5d4b0bd28c7480c643d8113178bdbf9633a90d3b7e50321ed61caeb15fba46", 0x1000}, {&(0x7f0000002fc0)="c5f4332b5dffbe0edb72c0abaf4109684ac814d3cd2d848cd3fd4f64ac25ada6a2555588b10dcd2a64f1855032c561ada216777bb3fa02854a8c168f5a93c45d40b81734f72bd130204b205fbb0644fc4892ecf1b5886a8905ab62a12e66502f4b0ce616bcfafabb73213b372ca79af3cfa664ce347b7991443f76c793bc5a255e5683adb1418937b1abefdc18fa23b5b454721194e4ea952308adbe79e9d04b76db07db7cc20770057af9b4d28549341e45c9bfb0f4384c4acf", 0xba}, {&(0x7f0000003080)="947bd87694cb44a4457f36c2db322810999ca04ec45a0834b813feddfe11275f872e211cd65a52b0c5c966450cf8c7993d23d72b3918670368c8cf53f3df528ceaccf2155fc93175efeced8a1c8eb4091eed6be943bff36b8f5f2b475455d11bfe62f7d58d9d36000712aaf7caa3e92715fed14b3d3ef9ff13d393081e045564808f5fa1fbb9c67670e18b8af34528fd37437f9f3d484025702f", 0x9a}, {&(0x7f0000003140)="e2a432aa0e0180abf2e5306b9be7a5a9d2a2d455d175633f0d8ad280a960eecec90e5cbdd526d712fb6c204199e23c768e5af8c30a9fa0372c87d55d265d2c037b0301dac67917713d031ba269719bed2b32c2c6ba13b92a2924bf68d5", 0x5d}], 0x4, &(0x7f0000003200)=[@dstaddrv6={0x20, 0x84, 0x8, @mcast1}], 0x20}], 0x5, 0x0) setsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r2, 0x84, 0x7, &(0x7f0000000300)={0x36da4136}, 0x4) r5 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r5, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) getsockname$llc(r1, &(0x7f0000000340), &(0x7f0000000380)=0x10) r6 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) ioctl$VIDIOC_G_STD(r1, 0x80085617, &(0x7f00000002c0)) readv(r6, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:37 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:37 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, &(0x7f0000048000)=0x1, 0x0) 02:20:37 executing program 2 (fault-call:2 fault-nth:11): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:38 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x170}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3573.660072][T23170] FAULT_INJECTION: forcing a failure. [ 3573.660072][T23170] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3573.673325][T23170] CPU: 1 PID: 23170 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3573.673336][T23170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3573.673343][T23170] Call Trace: [ 3573.673371][T23170] dump_stack+0x172/0x1f0 [ 3573.673398][T23170] should_fail.cold+0xa/0x15 [ 3573.673425][T23170] ? debug_object_init+0x16/0x20 [ 3573.692164][T23170] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3573.692180][T23170] ? vfs_write+0x20c/0x580 [ 3573.692192][T23170] ? ksys_write+0xea/0x1f0 [ 3573.692205][T23170] ? __x64_sys_write+0x73/0xb0 [ 3573.692220][T23170] ? do_syscall_64+0x103/0x610 [ 3573.692236][T23170] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3573.692272][T23170] should_fail_alloc_page+0x50/0x60 [ 3573.739542][T23170] __alloc_pages_nodemask+0x1a1/0x7e0 [ 3573.739568][T23170] ? __lock_acquire+0x548/0x3fb0 [ 3573.755169][T23170] ? __alloc_pages_slowpath+0x2900/0x2900 [ 3573.760911][T23170] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3573.766728][T23170] ? find_held_lock+0x35/0x130 [ 3573.771503][T23170] cache_grow_begin+0x9c/0x860 [ 3573.771524][T23170] ? __debug_object_init+0x7cb/0xe00 [ 3573.771541][T23170] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3573.771572][T23170] kmem_cache_alloc+0x62d/0x6f0 [ 3573.792687][T23170] ? trace_hardirqs_on+0x67/0x230 [ 3573.792715][T23170] __debug_object_init+0x7cb/0xe00 [ 3573.792740][T23170] ? debug_object_fixup+0x30/0x30 [ 3573.792762][T23170] ? lockdep_init_map+0x1be/0x6d0 [ 3573.802918][T23170] debug_object_init+0x16/0x20 [ 3573.802936][T23170] __init_work+0x50/0x60 [ 3573.802953][T23170] hci_alloc_dev+0xed3/0x1d00 [ 3573.802973][T23170] __vhci_create_device+0x101/0x5a0 [ 3573.802992][T23170] vhci_write+0x2d0/0x470 [ 3573.817792][T23170] new_sync_write+0x4c7/0x760 [ 3573.817822][T23170] ? default_llseek+0x2e0/0x2e0 [ 3573.817848][T23170] ? common_file_perm+0x238/0x720 [ 3573.817863][T23170] ? __fget+0x381/0x550 [ 3573.817882][T23170] ? apparmor_file_permission+0x25/0x30 [ 3573.817899][T23170] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3573.817916][T23170] ? security_file_permission+0x94/0x380 [ 3573.817937][T23170] __vfs_write+0xe4/0x110 [ 3573.817959][T23170] vfs_write+0x20c/0x580 [ 3573.817981][T23170] ksys_write+0xea/0x1f0 [ 3573.817999][T23170] ? __ia32_sys_read+0xb0/0xb0 [ 3573.818017][T23170] ? do_syscall_64+0x26/0x610 [ 3573.818033][T23170] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3573.818048][T23170] ? do_syscall_64+0x26/0x610 [ 3573.818072][T23170] __x64_sys_write+0x73/0xb0 [ 3573.818098][T23170] do_syscall_64+0x103/0x610 [ 3573.881662][T23170] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3573.881677][T23170] RIP: 0033:0x457f29 [ 3573.881694][T23170] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3573.881701][T23170] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3573.881715][T23170] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3573.881725][T23170] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3573.881740][T23170] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3573.953071][T23170] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3573.953080][T23170] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3574.146797][T23180] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3574.300807][T23180] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3574.526632][ C0] net_ratelimit: 17 callbacks suppressed [ 3574.526639][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3575.326670][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3575.332545][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3575.338527][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3575.344337][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3575.350222][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3575.356002][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3575.361882][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3575.367675][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:20:40 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:20:40 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x184}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:40 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB='Zt'], 0x2) openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) 02:20:40 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x0) 02:20:40 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:40 executing program 2 (fault-call:2 fault-nth:12): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3575.649443][T23195] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3575.679407][T23194] FAULT_INJECTION: forcing a failure. [ 3575.679407][T23194] name failslab, interval 1, probability 0, space 0, times 0 [ 3575.707321][T23194] CPU: 1 PID: 23194 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3575.716050][T23194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3575.726134][T23194] Call Trace: [ 3575.729453][T23194] dump_stack+0x172/0x1f0 [ 3575.733795][T23194] should_fail.cold+0xa/0x15 [ 3575.738405][T23194] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3575.744241][T23194] ? ___might_sleep+0x163/0x280 [ 3575.749124][T23194] __should_failslab+0x121/0x190 [ 3575.754084][T23194] should_failslab+0x9/0x14 [ 3575.758601][T23194] kmem_cache_alloc_trace+0x2d1/0x760 [ 3575.763994][T23194] ? rcu_read_lock_sched_held+0x110/0x130 [ 3575.769734][T23194] ? __kmalloc+0x5d5/0x740 [ 3575.774176][T23194] alloc_workqueue_attrs+0x82/0x120 [ 3575.779398][T23194] apply_wqattrs_prepare+0xbb/0x970 [ 3575.784624][T23194] apply_workqueue_attrs_locked+0xcb/0x140 [ 3575.790449][T23194] apply_workqueue_attrs+0x31/0x50 [ 3575.795577][T23194] alloc_workqueue+0x84c/0xe70 [ 3575.800342][T23194] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 3575.806087][T23194] hci_register_dev+0x1b8/0x860 [ 3575.810958][T23194] ? hci_init_sysfs+0x7c/0xa0 [ 3575.815646][T23194] __vhci_create_device+0x2d0/0x5a0 [ 3575.820852][T23194] vhci_write+0x2d0/0x470 [ 3575.825200][T23194] new_sync_write+0x4c7/0x760 [ 3575.829883][T23194] ? default_llseek+0x2e0/0x2e0 [ 3575.834726][T23194] ? common_file_perm+0x238/0x720 [ 3575.839747][T23194] ? __fget+0x381/0x550 [ 3575.843926][T23194] ? apparmor_file_permission+0x25/0x30 [ 3575.849488][T23194] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3575.855744][T23194] ? security_file_permission+0x94/0x380 [ 3575.855769][T23194] __vfs_write+0xe4/0x110 [ 3575.855791][T23194] vfs_write+0x20c/0x580 [ 3575.855821][T23194] ksys_write+0xea/0x1f0 [ 3575.865824][T23194] ? __ia32_sys_read+0xb0/0xb0 [ 3575.865846][T23194] ? do_syscall_64+0x26/0x610 [ 3575.865864][T23194] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3575.865878][T23194] ? do_syscall_64+0x26/0x610 [ 3575.865900][T23194] __x64_sys_write+0x73/0xb0 [ 3575.874382][T23194] do_syscall_64+0x103/0x610 02:20:40 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x80000, 0x0) setsockopt$inet_dccp_buf(r0, 0x21, 0xc0, &(0x7f0000000280)="58a469aa263424d0ec14be197ae868bc0c9c14c63178c5e464a81280ecc0ad754df913bdfb53e3bb0bbabea873531cca0f9af8f584610aa4d8b2bfc042ece5c580dcc4eb982a9c9a204cebe44d8d8f3ce9ae8b9156f20874d269a540e37e0a1bfa0891e63b1358c9947fc013b5f86ee5f40e7ec781fc73cab9c8be979faa0d51731efcd4bd6a773d4e8eaf6722c7e46f5205e8edbd214a57b76c23b3a78d47a94d63360945d70e0c0362f28c852c6f1dfd8f5a9913f5061f9f41e51eba244927a15c7c2cfb2b5fd3f66b63924266addbfe8671ff", 0xd4) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000480)='/dev/vhci\x00', 0x24c) ioctl$BLKGETSIZE64(r0, 0x80081272, &(0x7f0000000000)) write$P9_RLERRORu(r1, &(0x7f00000000c0)=ANY=[], 0x0) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r2, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:40 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) [ 3575.874405][T23194] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3575.874419][T23194] RIP: 0033:0x457f29 [ 3575.874435][T23194] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3575.874443][T23194] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3575.883882][T23194] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3575.883892][T23194] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3575.883901][T23194] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3575.883911][T23194] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3575.883920][T23194] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3575.901308][T23194] Bluetooth: Can't register HCI device 02:20:40 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) r2 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x8, 0x44c00) ioctl$EVIOCGKEYCODE(r2, 0x80084504, &(0x7f0000000280)=""/4096) 02:20:40 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x1bc}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3576.091581][T23213] IPVS: ftp: loaded support on port[0] = 21 [ 3576.278798][T23226] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:40 executing program 5: r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) fadvise64(r0, 0x0, 0x1, 0x6) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f0000000140)='/dev/dmmidi#\x00', 0x5, 0x0) r2 = dup2(r0, r0) ioctl$TUNSETSTEERINGEBPF(r1, 0x800454e0, &(0x7f0000000280)=r2) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000000980)={0x0, 0x4f, "d286b123b300a28214b02572665a494e56e07485da9c9fdca9879ad7d1a54a9cf2f3b858d3e781cda56d618d81e38a336074b593f76f6df3df455ee71ffe56355fc2ab4e261b1084433252d9b0894c"}, &(0x7f0000000a00)=0x57) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000001e80)={0x7, 0x4, 0x101, 0x3, 0x0}, &(0x7f0000001ec0)=0x10) sendmmsg$inet_sctp(r1, &(0x7f0000003240)=[{&(0x7f00000003c0)=@in={0x2, 0x4e21, @multicast2}, 0x10, &(0x7f0000000900)=[{&(0x7f0000000400)="e59db3dc94bd595d90b37095174218060e523d0c19af313e35874072ce03c6ddc258b7818b4314e0ff45dba200a4e7f1bd36debfe978fc1e1f11dd7a9a2971c0f4d777b97e0424741e2d78c23e8134cf13181197d500710bd993b0f59a5b1def965b00940e428d8a873647ceecb3cbc70d08accde6daccf96095d2381a3fec4dcde99f829f1a22c900f7b1018a49a106cfd4eae5bf899325a3045db2ad235e1da58bdd03491ba772efb1aa84", 0xac}, {&(0x7f00000004c0)="73deccbe1fa7df24b3604c3fe58ed92a31457fd652985af70a4be3444791e75052fa06d10e28a445ddb03555c005b580dd251a89ba9e0636ca61b12c45ec3278a63edaf02c581134ec10f76ce58890b023c62eef8adf277b57d09defbbb8cc5d2b4fa536c4630f67b8b4ee3e2ca8aa10c63261ef3d1565def1521dced8cf1b24f23db12bbab6c12abdb5b423604f16bb724391b4dfb01490add5e1e22f83824f7eb02790d481d3ae910dfc9909c0e84f922669e19e395af3f2be952799d3f9c73161", 0xc2}, {&(0x7f00000005c0)="f8f0c74312b6b919f50721978b9af3ccbcdf219664c22071010f17581edab0cfb527b697c20a0b17d7be88a324526ce34698c4ae2797545ae8625dd569d276b0dffbbb81c06e1c3912e70eed248c022addeaf212bc658d9ed1f59d64bb08d4643b9998e674ace5543c4b49fa600cf5bf1479a6cbe00edfb37fae86068e0971922b1122be1cf81ad0d58e1dcfcfa07c891bee2b08d67fd202752c0c86faada110822781bba2e79b247ba8176287e19a636b903c745ffa17da3ce4a2fa953d03d7ad9cbae42856ec0901d8778afa", 0xcd}, {&(0x7f00000006c0)="631919be2b7c1c07147e7e23b94bcc3e4ad3ed344d5620ffca812f341b63032492db313e457e92b14bd9ef5de46475fb4e6a99287aff08f69d99d78a8a194335110cd1c689ed58b9beddf9dfce6a59dd44b9fe41a8423cba9a72d00c3096", 0x5e}, {&(0x7f0000000740)="d99bd4c53acd4a990c8d9bbc36ea42e4b8a39e42d88ceeb60652f3306a6785f26c8542b8083d09ecddae1cf5d05ae805aae452a88e9da7debd426a4d5a8a737e5e6398de26ad709ede5118cf4af2b549a79f4ad03dc18cd7decc2c916b0cbbaed2831170c67dc50d9801fc9c8dbf24683fa28b54156461dc9f5e5105d0ff396a7a31cd9ee62f2d0bcbfb126859f0c207b06deca9b5ba1d90bdc1c8151ff7a2dee4661b95549cd83c7a7fb564eb6aeb7097052ab59762a598c4a24552a8d5ac65c62bbdd13c12d8cb27ac7eda52286733f993e5", 0xd3}, {&(0x7f0000000840)="3a5b5b9f21bed3a18a612c5cec4548d8d712c28b153cb5d4f9f63cc9867bac4da7cf7a503d71824a0af1d466d3228b71c03deaf08033c06a1602816ba9d05f448e32e89eb4049ed4239cd8aa62336a715fe87e37b4b5da375f76baaf97f9712233110e7539b6e99c17c726404915c8ff9eb7f5166045fe29409b35f525a3ea3d852e2682766b3b2e394e0e56c6e12497aaef34b436fe081cecb66a5444808dff8fac1c8525889eb79d0f", 0xaa}], 0x6, &(0x7f0000000a40)=[@sndinfo={0x20, 0x84, 0x2, {0x7fff, 0x8001, 0x0, 0x6, r3}}, @authinfo={0x18, 0x84, 0x6, {0x100}}, @authinfo={0x18, 0x84, 0x6, {0x5}}, @init={0x18, 0x84, 0x0, {0x1, 0x0, 0x39c0}}], 0x68, 0x4}, {&(0x7f0000000ac0)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x12}}, 0x10, &(0x7f0000000c40)=[{&(0x7f0000000b00)="3c600ef8c009c2cdf810486c47813985512be0110bee43a40fc6e1d0c667e98b52839a11870146f7da2dfd1a3709bb5f7034d691bcc13eac567d13f1f2ac989e6e134eb04227e4a0668e0f583cad0d4cbe96ec6d5a387af6e386bc47f3aefaed8f8a", 0x62}, {&(0x7f0000000b80)="e45274e54db399369b3fcc26f4d94aca6d94a6121462abdbf94c8bbd154018984355bbde4260f6361113489275320a6856e6db1505ddc57c28f4f20de8767730f7506cf22d23d305b41fb4d49a6c597cf5f28d5037bd43655c16a99a62eea4e0c76b54566489338d37a6d9df0a8f532f3fb071bebc84ce183aaf8c653d4c26c893f1b25fea265a099ddaf13c1b5663edeaf85f0c9e18f686", 0x98}], 0x2, &(0x7f0000000c80)=[@authinfo={0x18, 0x84, 0x6, {0xd1}}, @authinfo={0x18, 0x84, 0x6, {0x1}}], 0x30, 0x4}, {&(0x7f0000000cc0)=@in6={0xa, 0x4e21, 0x6, @mcast2, 0x2}, 0x1c, &(0x7f0000001d00)=[{&(0x7f0000000d00)="b8b636998974fd12c1840208350661f0307f86e0da1aa4ff66bf3071c6dc81791aeb9c55e00310cdfccce8f6ddbfd7c504c908d4a67e6ff1a7fbe394ee6393fa4ee3883cc3c3ec2d42880af92a509e26e9e88f5b3e290aac2200cc41d9d0d44b627001a1da7123670574cccf425dd8cbf8cb4a7a92a04822214f908edf8493b3143818db19d7a6433ef07b49522aa12d002634ac2da3f03f12c11fd81551a554736bbfb3589f12d42e05683099f2067a1789d50f4c56ff5271e99d7d9591e54496216ef5e337273d0ff2716485e56bb8be0ddcd7424752c99d39ed214a6d14a09688637af93293babc6a413da3c602092b165f6e6579c014c3fc1d0a2a158cd905177e2bd2949a341f49f86bd19e8782f897bfebc3ccff39532da30fec6ceb5ee3644037083d2a33668904b38a4076a40750edc1b71c631ec6bdd5aac4d5cf1f324c4b4159f8aa4f02b3e92638fe2a74ca144a71c71547873fca8a50f0047e9c4021f24abbaf5de13ddec20bee2f4ee83c541c9a4049857118479cb16fa8ece723357857c7503735907b870b85c20b50fa08e613c8a8623937d7d4cdbe377754c636c173785497ca8add2eb47e276508004e640c3f15b552edc749bdec773467704e9be958decb325dda3f8358ab97c30a134963e7f01f9db43fe9c2d077128f8bc4c2fb8b16e1be22192ee0ae9ba4d2e4fbe57a239395815f9d31ad92fa2b8c3cb94e064845844f67f23bce7be8d211a81d512db738d1e65be7dce91e3089addd013499dcffe8559c41189c6ef90b0355697d2d6cdbdb961e6ecd090a454571f3f173342ff12fd7ef4a931b2365c7d7a4681b47272cf1a5aa64fb4aed2618e22b01aed4e6c427080b41d2bf5752f5af1bc602cc645faec4a06e5088e86fa868d3d9aafc9d5016813e003e7a70476ef1b12c091fd63641df307310766e18bc5a338244aad7b5d6a4c241d0fe1e5c5e613d5591009d8300baca561e07845372c87802f03f7d637cbac7b9968b1bc4432d33bac92d8aa000ec81ed681e08eb5eabfb22ee623b8e345e8e30893bec71a512b5c070f09f7c56f47f42f2433254f0173da3af3d1a3568c387c7ceca9f9974421612c89a5d4797f5380570d15f612d683216133464de75e1d8cd4c62cf8ae848bbb9d877e12fc9858e8a6263098399a18cb8e37660ff9597005fab70d00c4f71885360d8adef05f3d30d55bd31b03eccee2293eddbc16110eea3d0cde874a9107aeaec71a1e6fe7b36ae50bf2c42b1d8135cfe0a098f92154da521dac85f13b0b9c19a6119016fdd3e13ab024f4066a03dfc6d6317808644921a9a4874998d866f7ef30cc01e3c156f4c91c1039df89f822fa04caffa643e998c620c36d23baf1d949c318803d59502646a063307ac6663ab11907ec1d5906808f8ede0133b58b3e236b60a9dc86b3662fe477364c66b497634e9443746e0d1aef6716a985cf066a2b0ee53cf88558bd085ba42d400e491b1fc20792879f5cf7789c97cf624387b7c7afa25847c2920c28f1ddae119740c7eb5648dc2eeec9fbd6b11fead557e9c71330609f581f435310c3e6afb998c2ad659a91e323e6de60edbd0a603c1e6ea40504a25ada8bdf8cb8deefe72228612ae84c971893b9abc4e4abeb937460641908a6ae5e425b1841aae2c1f0ed007a22cf5ca5249d85f28d12ece6817180b085944958f082530a88e64876f8d7bb8871d52dad1e7274757420ce814f84c146584fb04ab5ebe04ace9144a7bdf3b0f88c7913a819f84139540dedb4da2f85e936ccbe7c7bfa00504787f67069d6d6fdbf88d0d6be1428aac07611da3d1c504c1da76d16c45f11037f0b67ac5dd60d4f257e22e51d08a500e225ca17e8501349f5adf86c07915fae2389691b5dba2205b69deb58959e30a5aaafd7c8f7ff4ce347d6e55e0e4b76e2e91019d65eec593224bae4e3c71b909bc03fbacd7df3eaf9ff271b6f0b627777356e03b32d36bf4fdfd74b5299b8e818a442e5c78e7bbde40ea2665f83a0fca251eb2544253d8d2bf2506ea6a7b7c2511308b7e396f7f595a0205a3b9573cac6c7d8f607ea6e4062d9c461f56f01914d4785b4dfb189ef5a3748ff3c0cf635df6a701382bc5d16070648f05933e740baacec3dda98f90f4d02328ab3cf17dc32740422e1cb442365a01d0e3684e0433209ec0f4009423ddedce054d2ca8f6b1d63dc865ba9b704834612726cbd0848a9d99fcec4d008c7e698f896b3127658db5792890a92bec64e0b0eb5d48960a7e03db2677a5f13456039120e95351c4196d58f171e055eb3d446966b28c26c4891c24036c35c2df2c35d23a011ec5c744da41bd3d80d8c3cf619b13eadf6aabf7eefc205c32570ce77078f8993aa5c5af431a62093d915bc75cf64eb328e726ae88902fb00297d17543f22b10e0eb6fb1571e6ef67ad2fba92fb3ab24d5f8c523bb484e3563408dce467ee76ccdfead11e0616759bf1e9fb0a4273d007dfc6a1fac4166bb7071cc13f0face74e9b8eff92658fbe3eb7a963221c6ed7bf41450a595560faa4534bf4b8f9f965feb8d7facc1842530817c4dabfa40a9d73553ef4df3e326dc5e07b0d6cc3066d38589d53073b1e378cc89101546fbca0a0bb63afacd94557632a2897fd1ab98b21de89c0ff682432c1413600f4f909f8cca95db7020ce769542a65aad18bb3ad2f87e37fb79d29fc8499696d18418008cd1a815d56736e23cc3820c62294022d464f5658e2f858ed538d47767514f2e81f31db01f594197f18932609045ca4b2e97e0555440892d959fc82af3c1f24068829af42bb552ca45d5b8819a9ca16a9cdafd6f387a9b838109cf358bccbb3310075c7f38560ebddf407afcdf9bca8d363b8cc68f3e5f95a80f48448b38f7e538f066de0129b1d734526bd3f135266aa6d331c1bd2324b68e51293bede7d6beec5005a253251cd220481f71f01f8a3369a698b1e6f5f51b51a22f67203a5b35f911f9957fff378f8d085d7ee1386fa606fc887a613b10c2722a74d8e480a18e0101211bbcadb77643c037f04dde55decb34c147b2aee9343031b3ee8e0f40e106a37c09d49475bfedc9d61400610d8432b33635cb4f8fc68b67afe7ec13159e6a6a6f73696955fc33c66c2b7bf9713881d3b7371d784ab277477470a5f9ab7dd8555c69727943f562577ef560c6fbf45e2d49dfce6d72904b1e9888e236af8b4a0786f45e349af8b5d815b6a504c5556eb6cc0bc253b817fb719c4259d6e97eb61d613a4e1f6e0f9840e0bd877e6407c5245f18351f97a751064d1403a5e14b3f9f98557c05725919cedff8826bce428cebfe1782b48c76923ee7d015185c8ab16511b85e275cb18cc36e42581a09d01fb201f2bbd8fa1a7a079f909fa825ea9a1b4c2e0fb84bba07a6e9c0688317017a8e80cedd41d2e7f8bf0ee2ea8d872c131f240f3a95d4c69238e189babe7513678f79ad7c8678ee8c76d9eb5afb2b188fe8ee31035fa405f92df12eb997acc8bb53067e69ecad821046277b7a0b98fe0317af2858eceee0f41da1228960347e75568c57e245180b3ff8ee507978c788c507431f460550af53cd2afbb2235883ef3f6d1423e3c37030894f7d07f43247488b67ec6404eaaaa12dd22d87242118169672b67bd84d03af606ad47e7abecc8a5f188bcd88e9dd7c0a88e8b1a40f7e253c0ed0cf1788f363e8046bc53d9fdf4ae86a376d90726cb70c3bc76be0a693c53d2ca1f6bdbd05c0d407f97a4fff42c08591021c6daf2f6de5db90c5c612ccbdccdc0a52346ed90c31e2d6a73e4203527f30d3f3fa13f3301831fe0274c1f1d3acd00a0530b12668c1a001c416f46f256025f9acb41505f6eaf4bb23caa2321418624f6c132117306e06d5af5b26adc9dd6fc32b2162f1434836755acfea6332c45f61d641201f11a80c3031c9423a22f25f60ec570406d4150deeb187fdf93bfc3d0f6fd6ccdc1703b5170ec7c1c2ee5eb2d67e79dff6369db5ca76792db41a00c38564afb662f1159d772733a1fa6d72ffe52fbeceb05b2d55ca9b7a6e1dfad33ee7f9401934fb15926a1e61305a85ac316c056a0f3ecb789ea96f8a930d9616f42d8a26a86dde544f949d555e5cb027787ac164cd5545a1928f77df57c566209ec721b3150135bbfade35a711516b5621580fc58e88a8eb2965427681ceef5096b3888070a53217e847175fff7356e4642e3261e13dead704f81ccee713222653e1d2a7ce900d957a946449b43d4d61477208b7ce29be192e6f58c65da13c49ac4c04fe095bb0512a2103e1fbfd8256d39af7ab07b357f232c7eea7dda9ca9c9fdce66545917cae0168eadda08ce1292e406e14dcc50a08316eaebb8f7d15f4dd1cc22bfbef3d5e182fd60f7730ccc9281b71528fab80933827d85bb21750f9c9e12a48ca0da9497dcf43620234253ef385ec4af06c022610448d77e51f99f3c0544fc9da3fc81bf5a69ea2d1dc98fd03593175d1499bb081d7b8bf6d74f223ddf3530e687cb6b076110936abe1257fac6b500b91920bbda3ac834425378e7a27f06f98b8f170ac57eea3e155cbb759880443fbed28b26ddf5427bdf2c5b183855aecf067a112f2d17f481b11a899b4296f4f81d73c76e825405a761672092a6b9aa77691da5ba0f0d5ad9bcaaf206d1d9f4617f13973e2502d96c4d2cea95361d8caa9d27074f8f4f6dde317020aef954c91fb6a3c7b716a25328c10b4a544799b54902b0c3311dee1c9d569585b85b7083e251c3f3773d372ffc072a9f52b2bff5c9272a1538cc369f01a96d409b05ab6392f4e9e23b6382f56405b3e30634d625bb826076fb83d1f0b4f3ad37e4cc93fce2fbf11dc7de66c1fcc57ebdc5c826709e8d7c25f3928a80b5ab9dbe6f2080cb221bec3a90b7a118c7754a6b56466a6ac69408da79d28c20db39eabe3bfe62d5b7fd6846a0f56c77936eeebe2ab87122bec68cc7c02027da98519a3ed2afe46bfb946ad42a581495e9fe177c8387b4b2364820cf771c75ae76bc881c82b827b5f36fe39c68405324b2f69b900b720a620b7bd24505c29678c963829b30e82943aabe7bc4878f010c5c4f639295ed167f45f8c78d1f605ce6ee7c95e16edb7815322b9e926618036a72676a5a207d1bc064781cd906295d654fbbef500c9c523ab6445c9938553b211cdc46070a98d401b7fc0cb4d241f220df7cd3d685fa4bc76377d310fa126ecda9bcd50c85b688c6bca1ffc6ff5adbd7b96fd23b50577f4ba9993575597600004bd720ad5b0d332557c2e670c27dbbe738fab7ae5a9e953f09cd643b3b8e1b63af3d3389ea41436f635bf9e9f60b5f5694a1287e9e505b988fc36047dfedaba3c17fa0cc6ca1d51542735fc5db8b78b7f0a8106f775a3cb56b4f78dca9b1d4a9f0da256fcef1cf21318286fe61e73a813a1fb211388bc64a10ee0709230b051247f5ce9ac38686e85a24dfaaf19f8392cd66c90ed53ce20e9cb9c0260f7365f448459d38881885ef8e4fd148917372ed172d69713c0a718d4f880f4b0e0902c9b26ca684962a190cc7dd5bac2877c309528d0cf5006f51e3c86bb3c3cb74a52af1dab7381e1faf84ca144b142ed83f0c144f328d58064a6b1880956704268ac7eee40f24fe005d4872c3ae6e41901511a9a927bbb2f660d61a31b521e445732fececddcdd320b450b17a346fbf1d7ed0674c6518468e3e365b5469c1b86cdd5c2c036efe36b4d0ea160bf963ea5a7e514f5f3e1ffced7d07213eadf08d8c94403d4b1376a5e1b503496429e2bf35d2bfd", 0x1000}], 0x1, 0x0, 0x0, 0x40000}, {&(0x7f0000001d40)=@in={0x2, 0x4e20, @remote}, 0x10, &(0x7f0000001e40)=[{&(0x7f0000001d80)="decd9b9be8510ada5d7294ad5ad73e224913aa7e2728cb4f90a0316256d80d4e35c8699ef1856cd8937327511ecb0d0621fe0bfde795f61ec4998f49835d3b2bd64f3466c7cf911cd151da471cc2d3507d76cbf7dc3bb43a1d33b39741f58c62f92d226ee97ec8fe8c324285b839797bc16139634d1b058a6a13c2242b1738ea962fa63c6aee325699b90618bd", 0x8d}], 0x1, &(0x7f0000001f00)=[@init={0x18, 0x84, 0x0, {0x200, 0x401, 0x3, 0x3}}, @sndinfo={0x20, 0x84, 0x2, {0x5, 0x0, 0x3, 0x80, r4}}, @dstaddrv6={0x20, 0x84, 0x8, @ipv4={[], [], @loopback}}, @init={0x18, 0x84, 0x0, {0x8, 0x800, 0x4, 0x3}}], 0x70, 0x4000000}, {&(0x7f0000001f80)=@in6={0xa, 0x4e20, 0x0, @loopback, 0x3}, 0x1c, &(0x7f00000031c0)=[{&(0x7f0000001fc0)="324e38f28976c4d25423e4880e575b4c4ee972d14be81331fbd34f5ec8ad4857bce2605a1346ab6c35f4a67cf9a32e9172f02b6e6302111afe1100bd6504e20d385d24595d3f5f0c9907d5b002ae01022b6c9b1ebcfcb6df3a7c7e88aee9372becc418621c504dfb4257b41acb5f8369a2ca3d924d0443e9975b31181a14814af0f69dedcffd56d6be10636e27077a4932b3e472a52da35da5d02d0e87b855e868603befae4b091a67ac08475eab1fc1901682d53f8d18357a3a23c13a8aa16b129ff77cfb990e1194a6d8b6db23f8fb75c137acb234ccfa2ee733e11b9c2e30f0c0453502bbf7f8e062d067f39a3c5e16950ba18c2cc9ec99bd239051d5e72ffaaf0ce422fbc00e0e7ec8f3cda4c3c00af40f6fe16ce211e1f683a31e4cfc023263df65b24ab7eb016ee73a3ed085129cc0b711917ea4c7bd6a8be81b24968cbc702fe5f47ae52e9270fb9c4fe441c7fa175fb2372bdafaf4ea11b00d7443ae5c02abbd68d0a735076247cd184e1a9981c5d16798e5b9ebedc8c48dad3e86d5876dd743b44b0f40d02c524fdcb3a4cbce4e32c9c41f32bd9e8ea2803f78e1c266f58734ef1cf99a3ae184682cbb6bed2a5dec9ee9dc6d7704e67407d491eea579c990fe96a0c67b829540ae2c4e4cc69629d7e1122a404b7c82d92f50952911b81dfe1ced6d4ad0ab67b42aaf88d3f9430f9f40372704677a6c843fd06bd8a3c33f6117d7c8aeb76e16466b4439f7c4e28283d073d0e9b55dbb037baa5f6d060976b4f45bd7c74219882c3cb84ceba2aed5eadf2e441db8184e0f623145b41c4f6f6f06a772d256d3aa7566df73314023db41a53d1ea5fe413fa184d9421874163209e928fbfd2f1ed872200768c19198ced3f7a67c01a30856c1107b61a6d77ce220e5ad4352eee09445be30dcd0f8c6b2db3b45c5660d51d1eab754bec0dc28f3a79008232bcbc4743ea42f407a0c2f01144431a5fb3316b86a335163e658b143c009ee36d8b0cfb900406658fa906fb75cdd02da895ed7b4ae5ac3ae993dbc3417a7de6901ff5ce0f00136cbdf5cc49c8fa44990cbefa1d9763ce205703b5a7ffe4e8c41426b1483b4e3ebef2c68ba4614a1a5effe28f292d881f5e6a40964d9fe7e6a82e17d5c3672df9fa25ae2c84022662928d2f6294d6a48d8e77cdc62f30bed9a263cfe1ae8b603fd6da4cbb25b11fc32715e6b13f63bc63bc6a22bf030c064a1fe2cb37d0a336e299c03226925a1eb560a0dde26a27c916d046bf4f5773486425d670311f090ffe00074429733f4b163510a0f586c7d60e3c6688c69f598cfb62bf4f87d4d6d399b9686bbf488a5debbe31d1fb5d6244b1972efd70edabf7c14d8da03965e8682816bfd681d83aa59eea821c5789346ae7eec2e81fe47fa1029111b5a8b29048a0e6779678beffddbc611269f8dfe603079178d45514cd07ec0432b05d12541a3f74ef39b99461de82afab84751898a8975da95a6314b44ab416c6b80be334004d042ac3b333cba11a9abce5e003565c374c8b31200c65c0fd373f97d5ede771ad0ace0c0eb023443159e8db76a9f28866ed511680a1373e8c4e128cc825a627f00328b84ae730133348ab38a6f8085ddce96a30c991d1afdc31d4c266752de35de59a619cadf5762ca60157f522153c245951dc4b207399c2435a7deb9ced25cd414068c67aa9bd5ee5b2935381fd1477cb40b9ceefe71cedab8123cf828f72cb4db0388a6e2d265f8167ce359576e01e42843794b3d68579c4097025abe51768b4fe5f434d98340d6901f6d2b75e05949cf43a25b327f06fef2dcea14cca38f71f423bd4766900224bc7641be3b589207dea6a5de5a500c1e03aa880052c9f0e16f6a055d8d284786cbca42356c8e03b3697f696f4ae3997aabaa2a3ef1369b8e532578af8f6aa6a09f629a57d51a5a1f40e73a3fea51c184570aa23b1e8314769a3dcbae1fb418d8c2091b5e5adc5765a43cef5eadf16bb616080fc0e160247f28796b4cbb83432595147673d19ab61c5b35090dd5ccf188075e306808245030e960cf20c3046c0d82a1bbd5f4940d227640f6bc270e3cd31a0fa63f6b8dfae47fd774c290e9c7d8e79739de75ba64301fcff9ffda6814c360198dd3ea564f02596bdbad3fefcba9a750f06ed71f343df3dc4ee9cca9396bca899cba99af7cefcf8a382b00113ae91c1292c13818bc0160cc329707e2a4daffbf0da045bedafe0446c42888b33eb440c9231b460048dd0ff1684c589e5258a125566b39f79c6b2cd10a596c26aaaaa04a38289e21b0b21c9877c4800e2be9cba433bf987811a813dc81815cd27cbb3d9e5b2bc5a8f8ee0b416f16f3cbf6844343c74f9f5fac9912e06f2c18be9b168474084525a4d4ed333b7932a9cb57b61f137254ebec6a62fd1b200c4118e19016bec8d0918f922541526be393acc84d364e231537739540aefbee6abd5b43c687a47e27c5485c91878c7091dc8dace5250eff8bbcab98bed73899d8573d3374d8df6cae27ad9ce51f1e1ee3e6db1301508609be4034f349447f43f985a2989495ffc1bb8ce12c31fb6c79369cceebf3fc580abab864cc9705e872156a6cdbba56e219640f46a203427e910290df507f4b4223e16dbd8b97c3042642cf9874e2770f51cc4c93406bafcf2c3cd873259d868b5e04cc2e92a5d6d9e0dd548233e7600d636f182b7ff04fb8badcd168f07f66c59fadf4b6896858109efd3f3a51c14f857933dda31215187b4fba10b23946c1aeb3f97cc0322813acea099c4f6bf619b96a486e450cab4a375a0b5d039d399ab8f9e753a5052d630d008b98ab848b5752ad7ef18ed9397d9d5a9b5b291259ce96645f87e9c8840af2d82c1420b342f99b81d12573c7f3f3e1456fa549c63ad2094874d377dd8546ef3ee1e753e996a20c5bfd534e566a893a3c6b08c175b2a43c3e2c4987c5ac086f2e092064a7d38b353680741d95eb67fee84d7d7e303bd4e4b603bb5f49fc6e1d2cd1f25c89f8d03bb0fb01a1fa7f7312eef3ec09043e6b14caeb7cc88310f6e7fa2c4e135d41af184d971c882ff3710871e7c0f95d32a66dada82df22a843714e04290101d31488ae0e5ae3c94995ac15df79c9193f3e7a6f0b32a790e3fe622d4bce1bb5dd991f9d7511a2c734fc18a706b17c839369b4d7903c080ee1f87ccb9b7ddd9bfdad7f6e3bf8f4b93106ed324f4568e30c7ce1ea14cdd9d28ec1aedc9735af74097ced7dc8a045cd7fbc0842482f76cd7d2556cf06cbd90d6c40e14ed878886d9dcf89bd9d903659d1ed7b2d2d18eafa01fe4c6219271e88f056578a4fac74b88fc5722630474a5184c3879000b97cd49cce18ac1f32b0ddc6d2401d7408ab1f3081b4093deb15745681a8c0013ad065dda7ed9faf12ff4ea3fffb70c7396849e993d2cd056cca8fa7e7d6f1d97fb39075a9abad306fce82034dbe41ddb549bb3b315bfd1bdefcff56c03c8177122e09068736b6c4da33ad4589e80032d8f10740b0239723d466be5bd0e125fad2f0658e465f0fda380add24928a168c5ed4aaf9944febc912e40703ed741a98b20ce59259f77a4d87619b4ec200dd1632ea8507f4d47527eefefb3406769a8d925933e014681d0584b3784eaa8ab8dc1d26362f08bbfb45eb2c93b20fc69204b8b25c07495f2832c7f0992002bd83e6a7d123bf771924413214b220ca2c0140023daa55793bc82ebee3d2a233e11a6152b4b0f4368635ce666f300d04e69717c8951ebc51163b566558edd8b58586ee766969c00e6d9d74d40865e747a3b2314350c3642d57c591add915503edab793efba20d9390d13a482492d48833c4319b5984d78898cbc38d1d38cc648a2f9a09cdabd860a424676def9eb9476a8c74f036934edf20cc24ef06c97cdba4093fadc18d4707fdb3881a2cafa04452998828be4a7d5606f1a7e98459c5a752b884399b3dffa1b07f5c52150bb30ead7e046df5c19b38253efa7df7fd2e9a633c258995826dcffa1dd3eb85be8645751816a4890b9afe3e05c375dfa0e8c3edb620fd244aff986b79b21378121901d44fcc94f9aeda091612de22b149373cfa6c336ef86371732e6f468748c539eaa763949d81021d64af58cf19773cb80fe53cf1f903632de461eb3db9cbf3acb53e2a2afd9707b581c6086b4935d08bc4ec1f35eb5fbd088e653980cec0f6dd8e7deeb7110b456fee1e51c4655500fff8890a04bc4c4c8df2c92ca974e562a1e6f18b4247102b85573a9e169661daddb9fe76000a74d42c8c0cf023f0980047f94bc2a13ae7c9e7e2c2d0b984024de47b286f74dcc472fe9215d8af96b97ac6c8706a29a6192ca5730d1ccd008de963518fb1ab947d6acc9e71987b41e9ddbb3dacc3ea558fed66d2c0f7c153985707aee6ddde03ef39a4defdfb96f2b550dec004964140cb7d709f0f0f51292c2cff3a0ea5b3fb3d492d28516890ce1165899fa5a24658013664b7f5ffc791beccb0e19534256601e4f3a92463b782e3b25db57805877c1fc3d8c3d7e417bcc25ef3d88d7c94a810d2ff27130b1b8c9557dd2e84001f59c504149c4ae8256e0bea191c9f2303e25c1a88d8517a382b5956d04e62fb868e0d38129f557e92ff03c2eef93f6073a8ddac2b6b3011ec561dc04e57f5228b3516ab160209660b0182ed0335a5c5009cddf45c77b3fc19dd16d7d617405a0bce609bfb965ed965ccce85de51f80b73f752f28d4a977489bc9f4731cede03a2e127cc4aec6b9688810a66b95f47ec70ace3d7f564864811ee03389b59486f059d4d6c8fabd0a4e41a4b7af8317889cfdd7dcb1f201f6c626734e03badb81312a9bcd98253664ce688cc40ffeddccb2bdbdb6f065ed5c8ea4c4f451225faacd9af729be232aee8d99723cb764b6b9902acc61f5b433c8af790cfdc5fc8285a118e56eadc1539f22dcdd6cd94d79bb76f18bc3678430c906f6d3444d5c18033c185e57a7f37312193af681165b58b53f48af13b1d748a93385ef2b0772c236a5d0ab0932df2749c5b2126a8843b762a0deaf21f397b3b8a34cbf8607b80235cd60be14ce27ac978626edd16cf60214517581bed8ec4c2084e4a2f6f6cd0dc3a528322d849c7e8ad0beb977c003045de0e16b5545856dd8f87208152600422e8265875cbb9b7343fcc143ce7b4c4c9bd4bca0f4cfea5837f3a9e941243699ba230e909233e2c3cec6cef509731ca5f63a790138977f4ece18dcf65877eacb0c721bac94242c656971c83a457f3f902d8afc9e81679df2d45da8ee8018c7be1addace2a36be6b528eb324bdce166e6ddc554ed784122e7ecac03f32606d3979e210704f21ee6d42d4212d39e4256bf6a59ac269d924a49be8a37762c6c6deba13cf144dc9fef458a24ffabce68805a9b8126eddafbb41fd8f29f07904d7093c9684d2ef07bc846360f93fb6127d1ba3273f33266a2434f401a4bbc4ae65325ba8d325902e8ce4435507520d1d69ab314fe330304d447ad9d50428abe5d4f552d01425c2cc5662bce990090e858705ca2284034cd1426db44d1ce3eb12fff51fd48bac650ae35c7fe94c092473633b740f9a82dc976dd5a1c6a90c36816510cd0144ce5c5d76e38a746298351ee6c59821740591bea6c80e68861fbc40b13c680875fd3578c2498412602609e0330504b18a589a4957ded7b4f5e704f87bcf817f8612285ad7797b64528c80314d4a05a4beebdf5580c3362d2171724c0a1f17d0550c5d4b0bd28c7480c643d8113178bdbf9633a90d3b7e50321ed61caeb15fba46", 0x1000}, {&(0x7f0000002fc0)="c5f4332b5dffbe0edb72c0abaf4109684ac814d3cd2d848cd3fd4f64ac25ada6a2555588b10dcd2a64f1855032c561ada216777bb3fa02854a8c168f5a93c45d40b81734f72bd130204b205fbb0644fc4892ecf1b5886a8905ab62a12e66502f4b0ce616bcfafabb73213b372ca79af3cfa664ce347b7991443f76c793bc5a255e5683adb1418937b1abefdc18fa23b5b454721194e4ea952308adbe79e9d04b76db07db7cc20770057af9b4d28549341e45c9bfb0f4384c4acf", 0xba}, {&(0x7f0000003080)="947bd87694cb44a4457f36c2db322810999ca04ec45a0834b813feddfe11275f872e211cd65a52b0c5c966450cf8c7993d23d72b3918670368c8cf53f3df528ceaccf2155fc93175efeced8a1c8eb4091eed6be943bff36b8f5f2b475455d11bfe62f7d58d9d36000712aaf7caa3e92715fed14b3d3ef9ff13d393081e045564808f5fa1fbb9c67670e18b8af34528fd37437f9f3d484025702f", 0x9a}, {&(0x7f0000003140)="e2a432aa0e0180abf2e5306b9be7a5a9d2a2d455d175633f0d8ad280a960eecec90e5cbdd526d712fb6c204199e23c768e5af8c30a9fa0372c87d55d265d2c037b0301dac67917713d031ba269719bed2b32c2c6ba13b92a2924bf68d5", 0x5d}], 0x4, &(0x7f0000003200)=[@dstaddrv6={0x20, 0x84, 0x8, @mcast1}], 0x20}], 0x5, 0x0) setsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r2, 0x84, 0x7, &(0x7f0000000300)={0x36da4136}, 0x4) r5 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r5, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) getsockname$llc(r1, &(0x7f0000000340), &(0x7f0000000380)=0x10) r6 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) ioctl$VIDIOC_G_STD(r1, 0x80085617, &(0x7f00000002c0)) readv(r6, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:40 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:40 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="113fd8a4d368afb88a3ffc6451c1dbd03b18acca9db8aa7ec2db4c34c6d434a00ec65f71cb248f4833e8e666cb7fc7255ff03888dd3594c65247b109b2c7d26b33b32c56c8837c641d0c73f715052048ad51d8b57b0220313cc0889ff89193e250c6a48bf295e1174657bafee9935e276dd119ef9f63af6a"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:40 executing program 2 (fault-call:2 fault-nth:13): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3576.565038][T23243] FAULT_INJECTION: forcing a failure. [ 3576.565038][T23243] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3576.578303][T23243] CPU: 1 PID: 23243 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3576.586994][T23243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3576.587011][T23243] Call Trace: [ 3576.600382][T23243] dump_stack+0x172/0x1f0 [ 3576.604724][T23243] should_fail.cold+0xa/0x15 [ 3576.604745][T23243] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3576.604765][T23243] ? __lock_acquire+0x548/0x3fb0 [ 3576.604796][T23243] should_fail_alloc_page+0x50/0x60 [ 3576.625300][T23243] __alloc_pages_nodemask+0x1a1/0x7e0 [ 3576.630694][T23243] ? __alloc_pages_slowpath+0x2900/0x2900 [ 3576.636421][T23243] ? find_held_lock+0x35/0x130 [ 3576.641198][T23243] ? kasan_check_write+0x14/0x20 [ 3576.646144][T23243] cache_grow_begin+0x9c/0x860 [ 3576.650913][T23243] ? kasan_check_read+0x11/0x20 [ 3576.655772][T23243] ? do_raw_spin_unlock+0x57/0x270 [ 3576.660901][T23243] ____cache_alloc_node+0x17c/0x1e0 [ 3576.666194][T23243] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3576.672444][T23243] __kmalloc+0x219/0x740 [ 3576.676718][T23243] ? alloc_workqueue+0x13c/0xe70 [ 3576.681751][T23243] alloc_workqueue+0x13c/0xe70 [ 3576.686525][T23243] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 3576.692250][T23243] ? scnprintf+0x140/0x140 [ 3576.696689][T23243] ? __init_waitqueue_head+0x36/0x90 [ 3576.702006][T23243] hci_register_dev+0x1b8/0x860 [ 3576.706879][T23243] ? hci_init_sysfs+0x7c/0xa0 [ 3576.711572][T23243] __vhci_create_device+0x2d0/0x5a0 [ 3576.716904][T23243] vhci_write+0x2d0/0x470 [ 3576.721248][T23243] new_sync_write+0x4c7/0x760 [ 3576.725948][T23243] ? default_llseek+0x2e0/0x2e0 [ 3576.730818][T23243] ? common_file_perm+0x238/0x720 [ 3576.735846][T23243] ? __fget+0x381/0x550 [ 3576.740009][T23243] ? apparmor_file_permission+0x25/0x30 [ 3576.745553][T23243] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3576.751812][T23243] ? security_file_permission+0x94/0x380 [ 3576.757460][T23243] __vfs_write+0xe4/0x110 [ 3576.761806][T23243] vfs_write+0x20c/0x580 [ 3576.766069][T23243] ksys_write+0xea/0x1f0 [ 3576.770341][T23243] ? __ia32_sys_read+0xb0/0xb0 [ 3576.775118][T23243] ? do_syscall_64+0x26/0x610 [ 3576.779808][T23243] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3576.785890][T23243] ? do_syscall_64+0x26/0x610 [ 3576.790587][T23243] __x64_sys_write+0x73/0xb0 [ 3576.795182][T23243] do_syscall_64+0x103/0x610 [ 3576.799778][T23243] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3576.805701][T23243] RIP: 0033:0x457f29 [ 3576.809595][T23243] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3576.829199][T23243] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3576.837607][T23243] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3576.845585][T23243] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3576.853575][T23243] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 02:20:41 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:20:41 executing program 5: r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) fadvise64(r0, 0x0, 0x1, 0x6) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f0000000140)='/dev/dmmidi#\x00', 0x5, 0x0) r2 = dup2(r0, r0) ioctl$TUNSETSTEERINGEBPF(r1, 0x800454e0, &(0x7f0000000280)=r2) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000000980)={0x0, 0x4f, "d286b123b300a28214b02572665a494e56e07485da9c9fdca9879ad7d1a54a9cf2f3b858d3e781cda56d618d81e38a336074b593f76f6df3df455ee71ffe56355fc2ab4e261b1084433252d9b0894c"}, &(0x7f0000000a00)=0x57) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000001e80)={0x7, 0x4, 0x101, 0x3, 0x0}, &(0x7f0000001ec0)=0x10) [ 3576.861542][T23243] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3576.869512][T23243] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3576.886692][ C0] protocol 88fb is buggy, dev hsr_slave_1 sendmmsg$inet_sctp(r1, &(0x7f0000003240)=[{&(0x7f00000003c0)=@in={0x2, 0x4e21, @multicast2}, 0x10, &(0x7f0000000900)=[{&(0x7f0000000400)="e59db3dc94bd595d90b37095174218060e523d0c19af313e35874072ce03c6ddc258b7818b4314e0ff45dba200a4e7f1bd36debfe978fc1e1f11dd7a9a2971c0f4d777b97e0424741e2d78c23e8134cf13181197d500710bd993b0f59a5b1def965b00940e428d8a873647ceecb3cbc70d08accde6daccf96095d2381a3fec4dcde99f829f1a22c900f7b1018a49a106cfd4eae5bf899325a3045db2ad235e1da58bdd03491ba772efb1aa84", 0xac}, {&(0x7f00000004c0)="73deccbe1fa7df24b3604c3fe58ed92a31457fd652985af70a4be3444791e75052fa06d10e28a445ddb03555c005b580dd251a89ba9e0636ca61b12c45ec3278a63edaf02c581134ec10f76ce58890b023c62eef8adf277b57d09defbbb8cc5d2b4fa536c4630f67b8b4ee3e2ca8aa10c63261ef3d1565def1521dced8cf1b24f23db12bbab6c12abdb5b423604f16bb724391b4dfb01490add5e1e22f83824f7eb02790d481d3ae910dfc9909c0e84f922669e19e395af3f2be952799d3f9c73161", 0xc2}, {&(0x7f00000005c0)="f8f0c74312b6b919f50721978b9af3ccbcdf219664c22071010f17581edab0cfb527b697c20a0b17d7be88a324526ce34698c4ae2797545ae8625dd569d276b0dffbbb81c06e1c3912e70eed248c022addeaf212bc658d9ed1f59d64bb08d4643b9998e674ace5543c4b49fa600cf5bf1479a6cbe00edfb37fae86068e0971922b1122be1cf81ad0d58e1dcfcfa07c891bee2b08d67fd202752c0c86faada110822781bba2e79b247ba8176287e19a636b903c745ffa17da3ce4a2fa953d03d7ad9cbae42856ec0901d8778afa", 0xcd}, {&(0x7f00000006c0)="631919be2b7c1c07147e7e23b94bcc3e4ad3ed344d5620ffca812f341b63032492db313e457e92b14bd9ef5de46475fb4e6a99287aff08f69d99d78a8a194335110cd1c689ed58b9beddf9dfce6a59dd44b9fe41a8423cba9a72d00c3096", 0x5e}, {&(0x7f0000000740)="d99bd4c53acd4a990c8d9bbc36ea42e4b8a39e42d88ceeb60652f3306a6785f26c8542b8083d09ecddae1cf5d05ae805aae452a88e9da7debd426a4d5a8a737e5e6398de26ad709ede5118cf4af2b549a79f4ad03dc18cd7decc2c916b0cbbaed2831170c67dc50d9801fc9c8dbf24683fa28b54156461dc9f5e5105d0ff396a7a31cd9ee62f2d0bcbfb126859f0c207b06deca9b5ba1d90bdc1c8151ff7a2dee4661b95549cd83c7a7fb564eb6aeb7097052ab59762a598c4a24552a8d5ac65c62bbdd13c12d8cb27ac7eda52286733f993e5", 0xd3}, {&(0x7f0000000840)="3a5b5b9f21bed3a18a612c5cec4548d8d712c28b153cb5d4f9f63cc9867bac4da7cf7a503d71824a0af1d466d3228b71c03deaf08033c06a1602816ba9d05f448e32e89eb4049ed4239cd8aa62336a715fe87e37b4b5da375f76baaf97f9712233110e7539b6e99c17c726404915c8ff9eb7f5166045fe29409b35f525a3ea3d852e2682766b3b2e394e0e56c6e12497aaef34b436fe081cecb66a5444808dff8fac1c8525889eb79d0f", 0xaa}], 0x6, &(0x7f0000000a40)=[@sndinfo={0x20, 0x84, 0x2, {0x7fff, 0x8001, 0x0, 0x6, r3}}, @authinfo={0x18, 0x84, 0x6, {0x100}}, @authinfo={0x18, 0x84, 0x6, {0x5}}, @init={0x18, 0x84, 0x0, {0x1, 0x0, 0x39c0}}], 0x68, 0x4}, {&(0x7f0000000ac0)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x12}}, 0x10, &(0x7f0000000c40)=[{&(0x7f0000000b00)="3c600ef8c009c2cdf810486c47813985512be0110bee43a40fc6e1d0c667e98b52839a11870146f7da2dfd1a3709bb5f7034d691bcc13eac567d13f1f2ac989e6e134eb04227e4a0668e0f583cad0d4cbe96ec6d5a387af6e386bc47f3aefaed8f8a", 0x62}, {&(0x7f0000000b80)="e45274e54db399369b3fcc26f4d94aca6d94a6121462abdbf94c8bbd154018984355bbde4260f6361113489275320a6856e6db1505ddc57c28f4f20de8767730f7506cf22d23d305b41fb4d49a6c597cf5f28d5037bd43655c16a99a62eea4e0c76b54566489338d37a6d9df0a8f532f3fb071bebc84ce183aaf8c653d4c26c893f1b25fea265a099ddaf13c1b5663edeaf85f0c9e18f686", 0x98}], 0x2, &(0x7f0000000c80)=[@authinfo={0x18, 0x84, 0x6, {0xd1}}, @authinfo={0x18, 0x84, 0x6, {0x1}}], 0x30, 0x4}, {&(0x7f0000000cc0)=@in6={0xa, 0x4e21, 0x6, @mcast2, 0x2}, 0x1c, &(0x7f0000001d00)=[{&(0x7f0000000d00)="b8b636998974fd12c1840208350661f0307f86e0da1aa4ff66bf3071c6dc81791aeb9c55e00310cdfccce8f6ddbfd7c504c908d4a67e6ff1a7fbe394ee6393fa4ee3883cc3c3ec2d42880af92a509e26e9e88f5b3e290aac2200cc41d9d0d44b627001a1da7123670574cccf425dd8cbf8cb4a7a92a04822214f908edf8493b3143818db19d7a6433ef07b49522aa12d002634ac2da3f03f12c11fd81551a554736bbfb3589f12d42e05683099f2067a1789d50f4c56ff5271e99d7d9591e54496216ef5e337273d0ff2716485e56bb8be0ddcd7424752c99d39ed214a6d14a09688637af93293babc6a413da3c602092b165f6e6579c014c3fc1d0a2a158cd905177e2bd2949a341f49f86bd19e8782f897bfebc3ccff39532da30fec6ceb5ee3644037083d2a33668904b38a4076a40750edc1b71c631ec6bdd5aac4d5cf1f324c4b4159f8aa4f02b3e92638fe2a74ca144a71c71547873fca8a50f0047e9c4021f24abbaf5de13ddec20bee2f4ee83c541c9a4049857118479cb16fa8ece723357857c7503735907b870b85c20b50fa08e613c8a8623937d7d4cdbe377754c636c173785497ca8add2eb47e276508004e640c3f15b552edc749bdec773467704e9be958decb325dda3f8358ab97c30a134963e7f01f9db43fe9c2d077128f8bc4c2fb8b16e1be22192ee0ae9ba4d2e4fbe57a239395815f9d31ad92fa2b8c3cb94e064845844f67f23bce7be8d211a81d512db738d1e65be7dce91e3089addd013499dcffe8559c41189c6ef90b0355697d2d6cdbdb961e6ecd090a454571f3f173342ff12fd7ef4a931b2365c7d7a4681b47272cf1a5aa64fb4aed2618e22b01aed4e6c427080b41d2bf5752f5af1bc602cc645faec4a06e5088e86fa868d3d9aafc9d5016813e003e7a70476ef1b12c091fd63641df307310766e18bc5a338244aad7b5d6a4c241d0fe1e5c5e613d5591009d8300baca561e07845372c87802f03f7d637cbac7b9968b1bc4432d33bac92d8aa000ec81ed681e08eb5eabfb22ee623b8e345e8e30893bec71a512b5c070f09f7c56f47f42f2433254f0173da3af3d1a3568c387c7ceca9f9974421612c89a5d4797f5380570d15f612d683216133464de75e1d8cd4c62cf8ae848bbb9d877e12fc9858e8a6263098399a18cb8e37660ff9597005fab70d00c4f71885360d8adef05f3d30d55bd31b03eccee2293eddbc16110eea3d0cde874a9107aeaec71a1e6fe7b36ae50bf2c42b1d8135cfe0a098f92154da521dac85f13b0b9c19a6119016fdd3e13ab024f4066a03dfc6d6317808644921a9a4874998d866f7ef30cc01e3c156f4c91c1039df89f822fa04caffa643e998c620c36d23baf1d949c318803d59502646a063307ac6663ab11907ec1d5906808f8ede0133b58b3e236b60a9dc86b3662fe477364c66b497634e9443746e0d1aef6716a985cf066a2b0ee53cf88558bd085ba42d400e491b1fc20792879f5cf7789c97cf624387b7c7afa25847c2920c28f1ddae119740c7eb5648dc2eeec9fbd6b11fead557e9c71330609f581f435310c3e6afb998c2ad659a91e323e6de60edbd0a603c1e6ea40504a25ada8bdf8cb8deefe72228612ae84c971893b9abc4e4abeb937460641908a6ae5e425b1841aae2c1f0ed007a22cf5ca5249d85f28d12ece6817180b085944958f082530a88e64876f8d7bb8871d52dad1e7274757420ce814f84c146584fb04ab5ebe04ace9144a7bdf3b0f88c7913a819f84139540dedb4da2f85e936ccbe7c7bfa00504787f67069d6d6fdbf88d0d6be1428aac07611da3d1c504c1da76d16c45f11037f0b67ac5dd60d4f257e22e51d08a500e225ca17e8501349f5adf86c07915fae2389691b5dba2205b69deb58959e30a5aaafd7c8f7ff4ce347d6e55e0e4b76e2e91019d65eec593224bae4e3c71b909bc03fbacd7df3eaf9ff271b6f0b627777356e03b32d36bf4fdfd74b5299b8e818a442e5c78e7bbde40ea2665f83a0fca251eb2544253d8d2bf2506ea6a7b7c2511308b7e396f7f595a0205a3b9573cac6c7d8f607ea6e4062d9c461f56f01914d4785b4dfb189ef5a3748ff3c0cf635df6a701382bc5d16070648f05933e740baacec3dda98f90f4d02328ab3cf17dc32740422e1cb442365a01d0e3684e0433209ec0f4009423ddedce054d2ca8f6b1d63dc865ba9b704834612726cbd0848a9d99fcec4d008c7e698f896b3127658db5792890a92bec64e0b0eb5d48960a7e03db2677a5f13456039120e95351c4196d58f171e055eb3d446966b28c26c4891c24036c35c2df2c35d23a011ec5c744da41bd3d80d8c3cf619b13eadf6aabf7eefc205c32570ce77078f8993aa5c5af431a62093d915bc75cf64eb328e726ae88902fb00297d17543f22b10e0eb6fb1571e6ef67ad2fba92fb3ab24d5f8c523bb484e3563408dce467ee76ccdfead11e0616759bf1e9fb0a4273d007dfc6a1fac4166bb7071cc13f0face74e9b8eff92658fbe3eb7a963221c6ed7bf41450a595560faa4534bf4b8f9f965feb8d7facc1842530817c4dabfa40a9d73553ef4df3e326dc5e07b0d6cc3066d38589d53073b1e378cc89101546fbca0a0bb63afacd94557632a2897fd1ab98b21de89c0ff682432c1413600f4f909f8cca95db7020ce769542a65aad18bb3ad2f87e37fb79d29fc8499696d18418008cd1a815d56736e23cc3820c62294022d464f5658e2f858ed538d47767514f2e81f31db01f594197f18932609045ca4b2e97e0555440892d959fc82af3c1f24068829af42bb552ca45d5b8819a9ca16a9cdafd6f387a9b838109cf358bccbb3310075c7f38560ebddf407afcdf9bca8d363b8cc68f3e5f95a80f48448b38f7e538f066de0129b1d734526bd3f135266aa6d331c1bd2324b68e51293bede7d6beec5005a253251cd220481f71f01f8a3369a698b1e6f5f51b51a22f67203a5b35f911f9957fff378f8d085d7ee1386fa606fc887a613b10c2722a74d8e480a18e0101211bbcadb77643c037f04dde55decb34c147b2aee9343031b3ee8e0f40e106a37c09d49475bfedc9d61400610d8432b33635cb4f8fc68b67afe7ec13159e6a6a6f73696955fc33c66c2b7bf9713881d3b7371d784ab277477470a5f9ab7dd8555c69727943f562577ef560c6fbf45e2d49dfce6d72904b1e9888e236af8b4a0786f45e349af8b5d815b6a504c5556eb6cc0bc253b817fb719c4259d6e97eb61d613a4e1f6e0f9840e0bd877e6407c5245f18351f97a751064d1403a5e14b3f9f98557c05725919cedff8826bce428cebfe1782b48c76923ee7d015185c8ab16511b85e275cb18cc36e42581a09d01fb201f2bbd8fa1a7a079f909fa825ea9a1b4c2e0fb84bba07a6e9c0688317017a8e80cedd41d2e7f8bf0ee2ea8d872c131f240f3a95d4c69238e189babe7513678f79ad7c8678ee8c76d9eb5afb2b188fe8ee31035fa405f92df12eb997acc8bb53067e69ecad821046277b7a0b98fe0317af2858eceee0f41da1228960347e75568c57e245180b3ff8ee507978c788c507431f460550af53cd2afbb2235883ef3f6d1423e3c37030894f7d07f43247488b67ec6404eaaaa12dd22d87242118169672b67bd84d03af606ad47e7abecc8a5f188bcd88e9dd7c0a88e8b1a40f7e253c0ed0cf1788f363e8046bc53d9fdf4ae86a376d90726cb70c3bc76be0a693c53d2ca1f6bdbd05c0d407f97a4fff42c08591021c6daf2f6de5db90c5c612ccbdccdc0a52346ed90c31e2d6a73e4203527f30d3f3fa13f3301831fe0274c1f1d3acd00a0530b12668c1a001c416f46f256025f9acb41505f6eaf4bb23caa2321418624f6c132117306e06d5af5b26adc9dd6fc32b2162f1434836755acfea6332c45f61d641201f11a80c3031c9423a22f25f60ec570406d4150deeb187fdf93bfc3d0f6fd6ccdc1703b5170ec7c1c2ee5eb2d67e79dff6369db5ca76792db41a00c38564afb662f1159d772733a1fa6d72ffe52fbeceb05b2d55ca9b7a6e1dfad33ee7f9401934fb15926a1e61305a85ac316c056a0f3ecb789ea96f8a930d9616f42d8a26a86dde544f949d555e5cb027787ac164cd5545a1928f77df57c566209ec721b3150135bbfade35a711516b5621580fc58e88a8eb2965427681ceef5096b3888070a53217e847175fff7356e4642e3261e13dead704f81ccee713222653e1d2a7ce900d957a946449b43d4d61477208b7ce29be192e6f58c65da13c49ac4c04fe095bb0512a2103e1fbfd8256d39af7ab07b357f232c7eea7dda9ca9c9fdce66545917cae0168eadda08ce1292e406e14dcc50a08316eaebb8f7d15f4dd1cc22bfbef3d5e182fd60f7730ccc9281b71528fab80933827d85bb21750f9c9e12a48ca0da9497dcf43620234253ef385ec4af06c022610448d77e51f99f3c0544fc9da3fc81bf5a69ea2d1dc98fd03593175d1499bb081d7b8bf6d74f223ddf3530e687cb6b076110936abe1257fac6b500b91920bbda3ac834425378e7a27f06f98b8f170ac57eea3e155cbb759880443fbed28b26ddf5427bdf2c5b183855aecf067a112f2d17f481b11a899b4296f4f81d73c76e825405a761672092a6b9aa77691da5ba0f0d5ad9bcaaf206d1d9f4617f13973e2502d96c4d2cea95361d8caa9d27074f8f4f6dde317020aef954c91fb6a3c7b716a25328c10b4a544799b54902b0c3311dee1c9d569585b85b7083e251c3f3773d372ffc072a9f52b2bff5c9272a1538cc369f01a96d409b05ab6392f4e9e23b6382f56405b3e30634d625bb826076fb83d1f0b4f3ad37e4cc93fce2fbf11dc7de66c1fcc57ebdc5c826709e8d7c25f3928a80b5ab9dbe6f2080cb221bec3a90b7a118c7754a6b56466a6ac69408da79d28c20db39eabe3bfe62d5b7fd6846a0f56c77936eeebe2ab87122bec68cc7c02027da98519a3ed2afe46bfb946ad42a581495e9fe177c8387b4b2364820cf771c75ae76bc881c82b827b5f36fe39c68405324b2f69b900b720a620b7bd24505c29678c963829b30e82943aabe7bc4878f010c5c4f639295ed167f45f8c78d1f605ce6ee7c95e16edb7815322b9e926618036a72676a5a207d1bc064781cd906295d654fbbef500c9c523ab6445c9938553b211cdc46070a98d401b7fc0cb4d241f220df7cd3d685fa4bc76377d310fa126ecda9bcd50c85b688c6bca1ffc6ff5adbd7b96fd23b50577f4ba9993575597600004bd720ad5b0d332557c2e670c27dbbe738fab7ae5a9e953f09cd643b3b8e1b63af3d3389ea41436f635bf9e9f60b5f5694a1287e9e505b988fc36047dfedaba3c17fa0cc6ca1d51542735fc5db8b78b7f0a8106f775a3cb56b4f78dca9b1d4a9f0da256fcef1cf21318286fe61e73a813a1fb211388bc64a10ee0709230b051247f5ce9ac38686e85a24dfaaf19f8392cd66c90ed53ce20e9cb9c0260f7365f448459d38881885ef8e4fd148917372ed172d69713c0a718d4f880f4b0e0902c9b26ca684962a190cc7dd5bac2877c309528d0cf5006f51e3c86bb3c3cb74a52af1dab7381e1faf84ca144b142ed83f0c144f328d58064a6b1880956704268ac7eee40f24fe005d4872c3ae6e41901511a9a927bbb2f660d61a31b521e445732fececddcdd320b450b17a346fbf1d7ed0674c6518468e3e365b5469c1b86cdd5c2c036efe36b4d0ea160bf963ea5a7e514f5f3e1ffced7d07213eadf08d8c94403d4b1376a5e1b503496429e2bf35d2bfd", 0x1000}], 0x1, 0x0, 0x0, 0x40000}, {&(0x7f0000001d40)=@in={0x2, 0x4e20, @remote}, 0x10, &(0x7f0000001e40)=[{&(0x7f0000001d80)="decd9b9be8510ada5d7294ad5ad73e224913aa7e2728cb4f90a0316256d80d4e35c8699ef1856cd8937327511ecb0d0621fe0bfde795f61ec4998f49835d3b2bd64f3466c7cf911cd151da471cc2d3507d76cbf7dc3bb43a1d33b39741f58c62f92d226ee97ec8fe8c324285b839797bc16139634d1b058a6a13c2242b1738ea962fa63c6aee325699b90618bd", 0x8d}], 0x1, &(0x7f0000001f00)=[@init={0x18, 0x84, 0x0, {0x200, 0x401, 0x3, 0x3}}, @sndinfo={0x20, 0x84, 0x2, {0x5, 0x0, 0x3, 0x80, r4}}, @dstaddrv6={0x20, 0x84, 0x8, @ipv4={[], [], @loopback}}, @init={0x18, 0x84, 0x0, {0x8, 0x800, 0x4, 0x3}}], 0x70, 0x4000000}, {&(0x7f0000001f80)=@in6={0xa, 0x4e20, 0x0, @loopback, 0x3}, 0x1c, &(0x7f00000031c0)=[{&(0x7f0000001fc0)="324e38f28976c4d25423e4880e575b4c4ee972d14be81331fbd34f5ec8ad4857bce2605a1346ab6c35f4a67cf9a32e9172f02b6e6302111afe1100bd6504e20d385d24595d3f5f0c9907d5b002ae01022b6c9b1ebcfcb6df3a7c7e88aee9372becc418621c504dfb4257b41acb5f8369a2ca3d924d0443e9975b31181a14814af0f69dedcffd56d6be10636e27077a4932b3e472a52da35da5d02d0e87b855e868603befae4b091a67ac08475eab1fc1901682d53f8d18357a3a23c13a8aa16b129ff77cfb990e1194a6d8b6db23f8fb75c137acb234ccfa2ee733e11b9c2e30f0c0453502bbf7f8e062d067f39a3c5e16950ba18c2cc9ec99bd239051d5e72ffaaf0ce422fbc00e0e7ec8f3cda4c3c00af40f6fe16ce211e1f683a31e4cfc023263df65b24ab7eb016ee73a3ed085129cc0b711917ea4c7bd6a8be81b24968cbc702fe5f47ae52e9270fb9c4fe441c7fa175fb2372bdafaf4ea11b00d7443ae5c02abbd68d0a735076247cd184e1a9981c5d16798e5b9ebedc8c48dad3e86d5876dd743b44b0f40d02c524fdcb3a4cbce4e32c9c41f32bd9e8ea2803f78e1c266f58734ef1cf99a3ae184682cbb6bed2a5dec9ee9dc6d7704e67407d491eea579c990fe96a0c67b829540ae2c4e4cc69629d7e1122a404b7c82d92f50952911b81dfe1ced6d4ad0ab67b42aaf88d3f9430f9f40372704677a6c843fd06bd8a3c33f6117d7c8aeb76e16466b4439f7c4e28283d073d0e9b55dbb037baa5f6d060976b4f45bd7c74219882c3cb84ceba2aed5eadf2e441db8184e0f623145b41c4f6f6f06a772d256d3aa7566df73314023db41a53d1ea5fe413fa184d9421874163209e928fbfd2f1ed872200768c19198ced3f7a67c01a30856c1107b61a6d77ce220e5ad4352eee09445be30dcd0f8c6b2db3b45c5660d51d1eab754bec0dc28f3a79008232bcbc4743ea42f407a0c2f01144431a5fb3316b86a335163e658b143c009ee36d8b0cfb900406658fa906fb75cdd02da895ed7b4ae5ac3ae993dbc3417a7de6901ff5ce0f00136cbdf5cc49c8fa44990cbefa1d9763ce205703b5a7ffe4e8c41426b1483b4e3ebef2c68ba4614a1a5effe28f292d881f5e6a40964d9fe7e6a82e17d5c3672df9fa25ae2c84022662928d2f6294d6a48d8e77cdc62f30bed9a263cfe1ae8b603fd6da4cbb25b11fc32715e6b13f63bc63bc6a22bf030c064a1fe2cb37d0a336e299c03226925a1eb560a0dde26a27c916d046bf4f5773486425d670311f090ffe00074429733f4b163510a0f586c7d60e3c6688c69f598cfb62bf4f87d4d6d399b9686bbf488a5debbe31d1fb5d6244b1972efd70edabf7c14d8da03965e8682816bfd681d83aa59eea821c5789346ae7eec2e81fe47fa1029111b5a8b29048a0e6779678beffddbc611269f8dfe603079178d45514cd07ec0432b05d12541a3f74ef39b99461de82afab84751898a8975da95a6314b44ab416c6b80be334004d042ac3b333cba11a9abce5e003565c374c8b31200c65c0fd373f97d5ede771ad0ace0c0eb023443159e8db76a9f28866ed511680a1373e8c4e128cc825a627f00328b84ae730133348ab38a6f8085ddce96a30c991d1afdc31d4c266752de35de59a619cadf5762ca60157f522153c245951dc4b207399c2435a7deb9ced25cd414068c67aa9bd5ee5b2935381fd1477cb40b9ceefe71cedab8123cf828f72cb4db0388a6e2d265f8167ce359576e01e42843794b3d68579c4097025abe51768b4fe5f434d98340d6901f6d2b75e05949cf43a25b327f06fef2dcea14cca38f71f423bd4766900224bc7641be3b589207dea6a5de5a500c1e03aa880052c9f0e16f6a055d8d284786cbca42356c8e03b3697f696f4ae3997aabaa2a3ef1369b8e532578af8f6aa6a09f629a57d51a5a1f40e73a3fea51c184570aa23b1e8314769a3dcbae1fb418d8c2091b5e5adc5765a43cef5eadf16bb616080fc0e160247f28796b4cbb83432595147673d19ab61c5b35090dd5ccf188075e306808245030e960cf20c3046c0d82a1bbd5f4940d227640f6bc270e3cd31a0fa63f6b8dfae47fd774c290e9c7d8e79739de75ba64301fcff9ffda6814c360198dd3ea564f02596bdbad3fefcba9a750f06ed71f343df3dc4ee9cca9396bca899cba99af7cefcf8a382b00113ae91c1292c13818bc0160cc329707e2a4daffbf0da045bedafe0446c42888b33eb440c9231b460048dd0ff1684c589e5258a125566b39f79c6b2cd10a596c26aaaaa04a38289e21b0b21c9877c4800e2be9cba433bf987811a813dc81815cd27cbb3d9e5b2bc5a8f8ee0b416f16f3cbf6844343c74f9f5fac9912e06f2c18be9b168474084525a4d4ed333b7932a9cb57b61f137254ebec6a62fd1b200c4118e19016bec8d0918f922541526be393acc84d364e231537739540aefbee6abd5b43c687a47e27c5485c91878c7091dc8dace5250eff8bbcab98bed73899d8573d3374d8df6cae27ad9ce51f1e1ee3e6db1301508609be4034f349447f43f985a2989495ffc1bb8ce12c31fb6c79369cceebf3fc580abab864cc9705e872156a6cdbba56e219640f46a203427e910290df507f4b4223e16dbd8b97c3042642cf9874e2770f51cc4c93406bafcf2c3cd873259d868b5e04cc2e92a5d6d9e0dd548233e7600d636f182b7ff04fb8badcd168f07f66c59fadf4b6896858109efd3f3a51c14f857933dda31215187b4fba10b23946c1aeb3f97cc0322813acea099c4f6bf619b96a486e450cab4a375a0b5d039d399ab8f9e753a5052d630d008b98ab848b5752ad7ef18ed9397d9d5a9b5b291259ce96645f87e9c8840af2d82c1420b342f99b81d12573c7f3f3e1456fa549c63ad2094874d377dd8546ef3ee1e753e996a20c5bfd534e566a893a3c6b08c175b2a43c3e2c4987c5ac086f2e092064a7d38b353680741d95eb67fee84d7d7e303bd4e4b603bb5f49fc6e1d2cd1f25c89f8d03bb0fb01a1fa7f7312eef3ec09043e6b14caeb7cc88310f6e7fa2c4e135d41af184d971c882ff3710871e7c0f95d32a66dada82df22a843714e04290101d31488ae0e5ae3c94995ac15df79c9193f3e7a6f0b32a790e3fe622d4bce1bb5dd991f9d7511a2c734fc18a706b17c839369b4d7903c080ee1f87ccb9b7ddd9bfdad7f6e3bf8f4b93106ed324f4568e30c7ce1ea14cdd9d28ec1aedc9735af74097ced7dc8a045cd7fbc0842482f76cd7d2556cf06cbd90d6c40e14ed878886d9dcf89bd9d903659d1ed7b2d2d18eafa01fe4c6219271e88f056578a4fac74b88fc5722630474a5184c3879000b97cd49cce18ac1f32b0ddc6d2401d7408ab1f3081b4093deb15745681a8c0013ad065dda7ed9faf12ff4ea3fffb70c7396849e993d2cd056cca8fa7e7d6f1d97fb39075a9abad306fce82034dbe41ddb549bb3b315bfd1bdefcff56c03c8177122e09068736b6c4da33ad4589e80032d8f10740b0239723d466be5bd0e125fad2f0658e465f0fda380add24928a168c5ed4aaf9944febc912e40703ed741a98b20ce59259f77a4d87619b4ec200dd1632ea8507f4d47527eefefb3406769a8d925933e014681d0584b3784eaa8ab8dc1d26362f08bbfb45eb2c93b20fc69204b8b25c07495f2832c7f0992002bd83e6a7d123bf771924413214b220ca2c0140023daa55793bc82ebee3d2a233e11a6152b4b0f4368635ce666f300d04e69717c8951ebc51163b566558edd8b58586ee766969c00e6d9d74d40865e747a3b2314350c3642d57c591add915503edab793efba20d9390d13a482492d48833c4319b5984d78898cbc38d1d38cc648a2f9a09cdabd860a424676def9eb9476a8c74f036934edf20cc24ef06c97cdba4093fadc18d4707fdb3881a2cafa04452998828be4a7d5606f1a7e98459c5a752b884399b3dffa1b07f5c52150bb30ead7e046df5c19b38253efa7df7fd2e9a633c258995826dcffa1dd3eb85be8645751816a4890b9afe3e05c375dfa0e8c3edb620fd244aff986b79b21378121901d44fcc94f9aeda091612de22b149373cfa6c336ef86371732e6f468748c539eaa763949d81021d64af58cf19773cb80fe53cf1f903632de461eb3db9cbf3acb53e2a2afd9707b581c6086b4935d08bc4ec1f35eb5fbd088e653980cec0f6dd8e7deeb7110b456fee1e51c4655500fff8890a04bc4c4c8df2c92ca974e562a1e6f18b4247102b85573a9e169661daddb9fe76000a74d42c8c0cf023f0980047f94bc2a13ae7c9e7e2c2d0b984024de47b286f74dcc472fe9215d8af96b97ac6c8706a29a6192ca5730d1ccd008de963518fb1ab947d6acc9e71987b41e9ddbb3dacc3ea558fed66d2c0f7c153985707aee6ddde03ef39a4defdfb96f2b550dec004964140cb7d709f0f0f51292c2cff3a0ea5b3fb3d492d28516890ce1165899fa5a24658013664b7f5ffc791beccb0e19534256601e4f3a92463b782e3b25db57805877c1fc3d8c3d7e417bcc25ef3d88d7c94a810d2ff27130b1b8c9557dd2e84001f59c504149c4ae8256e0bea191c9f2303e25c1a88d8517a382b5956d04e62fb868e0d38129f557e92ff03c2eef93f6073a8ddac2b6b3011ec561dc04e57f5228b3516ab160209660b0182ed0335a5c5009cddf45c77b3fc19dd16d7d617405a0bce609bfb965ed965ccce85de51f80b73f752f28d4a977489bc9f4731cede03a2e127cc4aec6b9688810a66b95f47ec70ace3d7f564864811ee03389b59486f059d4d6c8fabd0a4e41a4b7af8317889cfdd7dcb1f201f6c626734e03badb81312a9bcd98253664ce688cc40ffeddccb2bdbdb6f065ed5c8ea4c4f451225faacd9af729be232aee8d99723cb764b6b9902acc61f5b433c8af790cfdc5fc8285a118e56eadc1539f22dcdd6cd94d79bb76f18bc3678430c906f6d3444d5c18033c185e57a7f37312193af681165b58b53f48af13b1d748a93385ef2b0772c236a5d0ab0932df2749c5b2126a8843b762a0deaf21f397b3b8a34cbf8607b80235cd60be14ce27ac978626edd16cf60214517581bed8ec4c2084e4a2f6f6cd0dc3a528322d849c7e8ad0beb977c003045de0e16b5545856dd8f87208152600422e8265875cbb9b7343fcc143ce7b4c4c9bd4bca0f4cfea5837f3a9e941243699ba230e909233e2c3cec6cef509731ca5f63a790138977f4ece18dcf65877eacb0c721bac94242c656971c83a457f3f902d8afc9e81679df2d45da8ee8018c7be1addace2a36be6b528eb324bdce166e6ddc554ed784122e7ecac03f32606d3979e210704f21ee6d42d4212d39e4256bf6a59ac269d924a49be8a37762c6c6deba13cf144dc9fef458a24ffabce68805a9b8126eddafbb41fd8f29f07904d7093c9684d2ef07bc846360f93fb6127d1ba3273f33266a2434f401a4bbc4ae65325ba8d325902e8ce4435507520d1d69ab314fe330304d447ad9d50428abe5d4f552d01425c2cc5662bce990090e858705ca2284034cd1426db44d1ce3eb12fff51fd48bac650ae35c7fe94c092473633b740f9a82dc976dd5a1c6a90c36816510cd0144ce5c5d76e38a746298351ee6c59821740591bea6c80e68861fbc40b13c680875fd3578c2498412602609e0330504b18a589a4957ded7b4f5e704f87bcf817f8612285ad7797b64528c80314d4a05a4beebdf5580c3362d2171724c0a1f17d0550c5d4b0bd28c7480c643d8113178bdbf9633a90d3b7e50321ed61caeb15fba46", 0x1000}, {&(0x7f0000002fc0)="c5f4332b5dffbe0edb72c0abaf4109684ac814d3cd2d848cd3fd4f64ac25ada6a2555588b10dcd2a64f1855032c561ada216777bb3fa02854a8c168f5a93c45d40b81734f72bd130204b205fbb0644fc4892ecf1b5886a8905ab62a12e66502f4b0ce616bcfafabb73213b372ca79af3cfa664ce347b7991443f76c793bc5a255e5683adb1418937b1abefdc18fa23b5b454721194e4ea952308adbe79e9d04b76db07db7cc20770057af9b4d28549341e45c9bfb0f4384c4acf", 0xba}, {&(0x7f0000003080)="947bd87694cb44a4457f36c2db322810999ca04ec45a0834b813feddfe11275f872e211cd65a52b0c5c966450cf8c7993d23d72b3918670368c8cf53f3df528ceaccf2155fc93175efeced8a1c8eb4091eed6be943bff36b8f5f2b475455d11bfe62f7d58d9d36000712aaf7caa3e92715fed14b3d3ef9ff13d393081e045564808f5fa1fbb9c67670e18b8af34528fd37437f9f3d484025702f", 0x9a}, {&(0x7f0000003140)="e2a432aa0e0180abf2e5306b9be7a5a9d2a2d455d175633f0d8ad280a960eecec90e5cbdd526d712fb6c204199e23c768e5af8c30a9fa0372c87d55d265d2c037b0301dac67917713d031ba269719bed2b32c2c6ba13b92a2924bf68d5", 0x5d}], 0x4, &(0x7f0000003200)=[@dstaddrv6={0x20, 0x84, 0x8, @mcast1}], 0x20}], 0x5, 0x0) setsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r2, 0x84, 0x7, &(0x7f0000000300)={0x36da4136}, 0x4) r5 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r5, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) getsockname$llc(r1, &(0x7f0000000340), &(0x7f0000000380)=0x10) r6 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) ioctl$VIDIOC_G_STD(r1, 0x80085617, &(0x7f00000002c0)) readv(r6, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:41 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x1f0}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:41 executing program 5: r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) fadvise64(r0, 0x0, 0x1, 0x6) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f0000000140)='/dev/dmmidi#\x00', 0x5, 0x0) r2 = dup2(r0, r0) ioctl$TUNSETSTEERINGEBPF(r1, 0x800454e0, &(0x7f0000000280)=r2) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000000980)={0x0, 0x4f, "d286b123b300a28214b02572665a494e56e07485da9c9fdca9879ad7d1a54a9cf2f3b858d3e781cda56d618d81e38a336074b593f76f6df3df455ee71ffe56355fc2ab4e261b1084433252d9b0894c"}, &(0x7f0000000a00)=0x57) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r1, 0x84, 0x22, &(0x7f0000001e80)={0x7, 0x4, 0x101, 0x3, 0x0}, &(0x7f0000001ec0)=0x10) sendmmsg$inet_sctp(r1, &(0x7f0000003240)=[{&(0x7f00000003c0)=@in={0x2, 0x4e21, @multicast2}, 0x10, &(0x7f0000000900)=[{&(0x7f0000000400)="e59db3dc94bd595d90b37095174218060e523d0c19af313e35874072ce03c6ddc258b7818b4314e0ff45dba200a4e7f1bd36debfe978fc1e1f11dd7a9a2971c0f4d777b97e0424741e2d78c23e8134cf13181197d500710bd993b0f59a5b1def965b00940e428d8a873647ceecb3cbc70d08accde6daccf96095d2381a3fec4dcde99f829f1a22c900f7b1018a49a106cfd4eae5bf899325a3045db2ad235e1da58bdd03491ba772efb1aa84", 0xac}, {&(0x7f00000004c0)="73deccbe1fa7df24b3604c3fe58ed92a31457fd652985af70a4be3444791e75052fa06d10e28a445ddb03555c005b580dd251a89ba9e0636ca61b12c45ec3278a63edaf02c581134ec10f76ce58890b023c62eef8adf277b57d09defbbb8cc5d2b4fa536c4630f67b8b4ee3e2ca8aa10c63261ef3d1565def1521dced8cf1b24f23db12bbab6c12abdb5b423604f16bb724391b4dfb01490add5e1e22f83824f7eb02790d481d3ae910dfc9909c0e84f922669e19e395af3f2be952799d3f9c73161", 0xc2}, {&(0x7f00000005c0)="f8f0c74312b6b919f50721978b9af3ccbcdf219664c22071010f17581edab0cfb527b697c20a0b17d7be88a324526ce34698c4ae2797545ae8625dd569d276b0dffbbb81c06e1c3912e70eed248c022addeaf212bc658d9ed1f59d64bb08d4643b9998e674ace5543c4b49fa600cf5bf1479a6cbe00edfb37fae86068e0971922b1122be1cf81ad0d58e1dcfcfa07c891bee2b08d67fd202752c0c86faada110822781bba2e79b247ba8176287e19a636b903c745ffa17da3ce4a2fa953d03d7ad9cbae42856ec0901d8778afa", 0xcd}, {&(0x7f00000006c0)="631919be2b7c1c07147e7e23b94bcc3e4ad3ed344d5620ffca812f341b63032492db313e457e92b14bd9ef5de46475fb4e6a99287aff08f69d99d78a8a194335110cd1c689ed58b9beddf9dfce6a59dd44b9fe41a8423cba9a72d00c3096", 0x5e}, {&(0x7f0000000740)="d99bd4c53acd4a990c8d9bbc36ea42e4b8a39e42d88ceeb60652f3306a6785f26c8542b8083d09ecddae1cf5d05ae805aae452a88e9da7debd426a4d5a8a737e5e6398de26ad709ede5118cf4af2b549a79f4ad03dc18cd7decc2c916b0cbbaed2831170c67dc50d9801fc9c8dbf24683fa28b54156461dc9f5e5105d0ff396a7a31cd9ee62f2d0bcbfb126859f0c207b06deca9b5ba1d90bdc1c8151ff7a2dee4661b95549cd83c7a7fb564eb6aeb7097052ab59762a598c4a24552a8d5ac65c62bbdd13c12d8cb27ac7eda52286733f993e5", 0xd3}, {&(0x7f0000000840)="3a5b5b9f21bed3a18a612c5cec4548d8d712c28b153cb5d4f9f63cc9867bac4da7cf7a503d71824a0af1d466d3228b71c03deaf08033c06a1602816ba9d05f448e32e89eb4049ed4239cd8aa62336a715fe87e37b4b5da375f76baaf97f9712233110e7539b6e99c17c726404915c8ff9eb7f5166045fe29409b35f525a3ea3d852e2682766b3b2e394e0e56c6e12497aaef34b436fe081cecb66a5444808dff8fac1c8525889eb79d0f", 0xaa}], 0x6, &(0x7f0000000a40)=[@sndinfo={0x20, 0x84, 0x2, {0x7fff, 0x8001, 0x0, 0x6, r3}}, @authinfo={0x18, 0x84, 0x6, {0x100}}, @authinfo={0x18, 0x84, 0x6, {0x5}}, @init={0x18, 0x84, 0x0, {0x1, 0x0, 0x39c0}}], 0x68, 0x4}, {&(0x7f0000000ac0)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x12}}, 0x10, &(0x7f0000000c40)=[{&(0x7f0000000b00)="3c600ef8c009c2cdf810486c47813985512be0110bee43a40fc6e1d0c667e98b52839a11870146f7da2dfd1a3709bb5f7034d691bcc13eac567d13f1f2ac989e6e134eb04227e4a0668e0f583cad0d4cbe96ec6d5a387af6e386bc47f3aefaed8f8a", 0x62}, {&(0x7f0000000b80)="e45274e54db399369b3fcc26f4d94aca6d94a6121462abdbf94c8bbd154018984355bbde4260f6361113489275320a6856e6db1505ddc57c28f4f20de8767730f7506cf22d23d305b41fb4d49a6c597cf5f28d5037bd43655c16a99a62eea4e0c76b54566489338d37a6d9df0a8f532f3fb071bebc84ce183aaf8c653d4c26c893f1b25fea265a099ddaf13c1b5663edeaf85f0c9e18f686", 0x98}], 0x2, &(0x7f0000000c80)=[@authinfo={0x18, 0x84, 0x6, {0xd1}}, @authinfo={0x18, 0x84, 0x6, {0x1}}], 0x30, 0x4}, {&(0x7f0000000cc0)=@in6={0xa, 0x4e21, 0x6, @mcast2, 0x2}, 0x1c, &(0x7f0000001d00)=[{&(0x7f0000000d00)="b8b636998974fd12c1840208350661f0307f86e0da1aa4ff66bf3071c6dc81791aeb9c55e00310cdfccce8f6ddbfd7c504c908d4a67e6ff1a7fbe394ee6393fa4ee3883cc3c3ec2d42880af92a509e26e9e88f5b3e290aac2200cc41d9d0d44b627001a1da7123670574cccf425dd8cbf8cb4a7a92a04822214f908edf8493b3143818db19d7a6433ef07b49522aa12d002634ac2da3f03f12c11fd81551a554736bbfb3589f12d42e05683099f2067a1789d50f4c56ff5271e99d7d9591e54496216ef5e337273d0ff2716485e56bb8be0ddcd7424752c99d39ed214a6d14a09688637af93293babc6a413da3c602092b165f6e6579c014c3fc1d0a2a158cd905177e2bd2949a341f49f86bd19e8782f897bfebc3ccff39532da30fec6ceb5ee3644037083d2a33668904b38a4076a40750edc1b71c631ec6bdd5aac4d5cf1f324c4b4159f8aa4f02b3e92638fe2a74ca144a71c71547873fca8a50f0047e9c4021f24abbaf5de13ddec20bee2f4ee83c541c9a4049857118479cb16fa8ece723357857c7503735907b870b85c20b50fa08e613c8a8623937d7d4cdbe377754c636c173785497ca8add2eb47e276508004e640c3f15b552edc749bdec773467704e9be958decb325dda3f8358ab97c30a134963e7f01f9db43fe9c2d077128f8bc4c2fb8b16e1be22192ee0ae9ba4d2e4fbe57a239395815f9d31ad92fa2b8c3cb94e064845844f67f23bce7be8d211a81d512db738d1e65be7dce91e3089addd013499dcffe8559c41189c6ef90b0355697d2d6cdbdb961e6ecd090a454571f3f173342ff12fd7ef4a931b2365c7d7a4681b47272cf1a5aa64fb4aed2618e22b01aed4e6c427080b41d2bf5752f5af1bc602cc645faec4a06e5088e86fa868d3d9aafc9d5016813e003e7a70476ef1b12c091fd63641df307310766e18bc5a338244aad7b5d6a4c241d0fe1e5c5e613d5591009d8300baca561e07845372c87802f03f7d637cbac7b9968b1bc4432d33bac92d8aa000ec81ed681e08eb5eabfb22ee623b8e345e8e30893bec71a512b5c070f09f7c56f47f42f2433254f0173da3af3d1a3568c387c7ceca9f9974421612c89a5d4797f5380570d15f612d683216133464de75e1d8cd4c62cf8ae848bbb9d877e12fc9858e8a6263098399a18cb8e37660ff9597005fab70d00c4f71885360d8adef05f3d30d55bd31b03eccee2293eddbc16110eea3d0cde874a9107aeaec71a1e6fe7b36ae50bf2c42b1d8135cfe0a098f92154da521dac85f13b0b9c19a6119016fdd3e13ab024f4066a03dfc6d6317808644921a9a4874998d866f7ef30cc01e3c156f4c91c1039df89f822fa04caffa643e998c620c36d23baf1d949c318803d59502646a063307ac6663ab11907ec1d5906808f8ede0133b58b3e236b60a9dc86b3662fe477364c66b497634e9443746e0d1aef6716a985cf066a2b0ee53cf88558bd085ba42d400e491b1fc20792879f5cf7789c97cf624387b7c7afa25847c2920c28f1ddae119740c7eb5648dc2eeec9fbd6b11fead557e9c71330609f581f435310c3e6afb998c2ad659a91e323e6de60edbd0a603c1e6ea40504a25ada8bdf8cb8deefe72228612ae84c971893b9abc4e4abeb937460641908a6ae5e425b1841aae2c1f0ed007a22cf5ca5249d85f28d12ece6817180b085944958f082530a88e64876f8d7bb8871d52dad1e7274757420ce814f84c146584fb04ab5ebe04ace9144a7bdf3b0f88c7913a819f84139540dedb4da2f85e936ccbe7c7bfa00504787f67069d6d6fdbf88d0d6be1428aac07611da3d1c504c1da76d16c45f11037f0b67ac5dd60d4f257e22e51d08a500e225ca17e8501349f5adf86c07915fae2389691b5dba2205b69deb58959e30a5aaafd7c8f7ff4ce347d6e55e0e4b76e2e91019d65eec593224bae4e3c71b909bc03fbacd7df3eaf9ff271b6f0b627777356e03b32d36bf4fdfd74b5299b8e818a442e5c78e7bbde40ea2665f83a0fca251eb2544253d8d2bf2506ea6a7b7c2511308b7e396f7f595a0205a3b9573cac6c7d8f607ea6e4062d9c461f56f01914d4785b4dfb189ef5a3748ff3c0cf635df6a701382bc5d16070648f05933e740baacec3dda98f90f4d02328ab3cf17dc32740422e1cb442365a01d0e3684e0433209ec0f4009423ddedce054d2ca8f6b1d63dc865ba9b704834612726cbd0848a9d99fcec4d008c7e698f896b3127658db5792890a92bec64e0b0eb5d48960a7e03db2677a5f13456039120e95351c4196d58f171e055eb3d446966b28c26c4891c24036c35c2df2c35d23a011ec5c744da41bd3d80d8c3cf619b13eadf6aabf7eefc205c32570ce77078f8993aa5c5af431a62093d915bc75cf64eb328e726ae88902fb00297d17543f22b10e0eb6fb1571e6ef67ad2fba92fb3ab24d5f8c523bb484e3563408dce467ee76ccdfead11e0616759bf1e9fb0a4273d007dfc6a1fac4166bb7071cc13f0face74e9b8eff92658fbe3eb7a963221c6ed7bf41450a595560faa4534bf4b8f9f965feb8d7facc1842530817c4dabfa40a9d73553ef4df3e326dc5e07b0d6cc3066d38589d53073b1e378cc89101546fbca0a0bb63afacd94557632a2897fd1ab98b21de89c0ff682432c1413600f4f909f8cca95db7020ce769542a65aad18bb3ad2f87e37fb79d29fc8499696d18418008cd1a815d56736e23cc3820c62294022d464f5658e2f858ed538d47767514f2e81f31db01f594197f18932609045ca4b2e97e0555440892d959fc82af3c1f24068829af42bb552ca45d5b8819a9ca16a9cdafd6f387a9b838109cf358bccbb3310075c7f38560ebddf407afcdf9bca8d363b8cc68f3e5f95a80f48448b38f7e538f066de0129b1d734526bd3f135266aa6d331c1bd2324b68e51293bede7d6beec5005a253251cd220481f71f01f8a3369a698b1e6f5f51b51a22f67203a5b35f911f9957fff378f8d085d7ee1386fa606fc887a613b10c2722a74d8e480a18e0101211bbcadb77643c037f04dde55decb34c147b2aee9343031b3ee8e0f40e106a37c09d49475bfedc9d61400610d8432b33635cb4f8fc68b67afe7ec13159e6a6a6f73696955fc33c66c2b7bf9713881d3b7371d784ab277477470a5f9ab7dd8555c69727943f562577ef560c6fbf45e2d49dfce6d72904b1e9888e236af8b4a0786f45e349af8b5d815b6a504c5556eb6cc0bc253b817fb719c4259d6e97eb61d613a4e1f6e0f9840e0bd877e6407c5245f18351f97a751064d1403a5e14b3f9f98557c05725919cedff8826bce428cebfe1782b48c76923ee7d015185c8ab16511b85e275cb18cc36e42581a09d01fb201f2bbd8fa1a7a079f909fa825ea9a1b4c2e0fb84bba07a6e9c0688317017a8e80cedd41d2e7f8bf0ee2ea8d872c131f240f3a95d4c69238e189babe7513678f79ad7c8678ee8c76d9eb5afb2b188fe8ee31035fa405f92df12eb997acc8bb53067e69ecad821046277b7a0b98fe0317af2858eceee0f41da1228960347e75568c57e245180b3ff8ee507978c788c507431f460550af53cd2afbb2235883ef3f6d1423e3c37030894f7d07f43247488b67ec6404eaaaa12dd22d87242118169672b67bd84d03af606ad47e7abecc8a5f188bcd88e9dd7c0a88e8b1a40f7e253c0ed0cf1788f363e8046bc53d9fdf4ae86a376d90726cb70c3bc76be0a693c53d2ca1f6bdbd05c0d407f97a4fff42c08591021c6daf2f6de5db90c5c612ccbdccdc0a52346ed90c31e2d6a73e4203527f30d3f3fa13f3301831fe0274c1f1d3acd00a0530b12668c1a001c416f46f256025f9acb41505f6eaf4bb23caa2321418624f6c132117306e06d5af5b26adc9dd6fc32b2162f1434836755acfea6332c45f61d641201f11a80c3031c9423a22f25f60ec570406d4150deeb187fdf93bfc3d0f6fd6ccdc1703b5170ec7c1c2ee5eb2d67e79dff6369db5ca76792db41a00c38564afb662f1159d772733a1fa6d72ffe52fbeceb05b2d55ca9b7a6e1dfad33ee7f9401934fb15926a1e61305a85ac316c056a0f3ecb789ea96f8a930d9616f42d8a26a86dde544f949d555e5cb027787ac164cd5545a1928f77df57c566209ec721b3150135bbfade35a711516b5621580fc58e88a8eb2965427681ceef5096b3888070a53217e847175fff7356e4642e3261e13dead704f81ccee713222653e1d2a7ce900d957a946449b43d4d61477208b7ce29be192e6f58c65da13c49ac4c04fe095bb0512a2103e1fbfd8256d39af7ab07b357f232c7eea7dda9ca9c9fdce66545917cae0168eadda08ce1292e406e14dcc50a08316eaebb8f7d15f4dd1cc22bfbef3d5e182fd60f7730ccc9281b71528fab80933827d85bb21750f9c9e12a48ca0da9497dcf43620234253ef385ec4af06c022610448d77e51f99f3c0544fc9da3fc81bf5a69ea2d1dc98fd03593175d1499bb081d7b8bf6d74f223ddf3530e687cb6b076110936abe1257fac6b500b91920bbda3ac834425378e7a27f06f98b8f170ac57eea3e155cbb759880443fbed28b26ddf5427bdf2c5b183855aecf067a112f2d17f481b11a899b4296f4f81d73c76e825405a761672092a6b9aa77691da5ba0f0d5ad9bcaaf206d1d9f4617f13973e2502d96c4d2cea95361d8caa9d27074f8f4f6dde317020aef954c91fb6a3c7b716a25328c10b4a544799b54902b0c3311dee1c9d569585b85b7083e251c3f3773d372ffc072a9f52b2bff5c9272a1538cc369f01a96d409b05ab6392f4e9e23b6382f56405b3e30634d625bb826076fb83d1f0b4f3ad37e4cc93fce2fbf11dc7de66c1fcc57ebdc5c826709e8d7c25f3928a80b5ab9dbe6f2080cb221bec3a90b7a118c7754a6b56466a6ac69408da79d28c20db39eabe3bfe62d5b7fd6846a0f56c77936eeebe2ab87122bec68cc7c02027da98519a3ed2afe46bfb946ad42a581495e9fe177c8387b4b2364820cf771c75ae76bc881c82b827b5f36fe39c68405324b2f69b900b720a620b7bd24505c29678c963829b30e82943aabe7bc4878f010c5c4f639295ed167f45f8c78d1f605ce6ee7c95e16edb7815322b9e926618036a72676a5a207d1bc064781cd906295d654fbbef500c9c523ab6445c9938553b211cdc46070a98d401b7fc0cb4d241f220df7cd3d685fa4bc76377d310fa126ecda9bcd50c85b688c6bca1ffc6ff5adbd7b96fd23b50577f4ba9993575597600004bd720ad5b0d332557c2e670c27dbbe738fab7ae5a9e953f09cd643b3b8e1b63af3d3389ea41436f635bf9e9f60b5f5694a1287e9e505b988fc36047dfedaba3c17fa0cc6ca1d51542735fc5db8b78b7f0a8106f775a3cb56b4f78dca9b1d4a9f0da256fcef1cf21318286fe61e73a813a1fb211388bc64a10ee0709230b051247f5ce9ac38686e85a24dfaaf19f8392cd66c90ed53ce20e9cb9c0260f7365f448459d38881885ef8e4fd148917372ed172d69713c0a718d4f880f4b0e0902c9b26ca684962a190cc7dd5bac2877c309528d0cf5006f51e3c86bb3c3cb74a52af1dab7381e1faf84ca144b142ed83f0c144f328d58064a6b1880956704268ac7eee40f24fe005d4872c3ae6e41901511a9a927bbb2f660d61a31b521e445732fececddcdd320b450b17a346fbf1d7ed0674c6518468e3e365b5469c1b86cdd5c2c036efe36b4d0ea160bf963ea5a7e514f5f3e1ffced7d07213eadf08d8c94403d4b1376a5e1b503496429e2bf35d2bfd", 0x1000}], 0x1, 0x0, 0x0, 0x40000}, {&(0x7f0000001d40)=@in={0x2, 0x4e20, @remote}, 0x10, &(0x7f0000001e40)=[{&(0x7f0000001d80)="decd9b9be8510ada5d7294ad5ad73e224913aa7e2728cb4f90a0316256d80d4e35c8699ef1856cd8937327511ecb0d0621fe0bfde795f61ec4998f49835d3b2bd64f3466c7cf911cd151da471cc2d3507d76cbf7dc3bb43a1d33b39741f58c62f92d226ee97ec8fe8c324285b839797bc16139634d1b058a6a13c2242b1738ea962fa63c6aee325699b90618bd", 0x8d}], 0x1, &(0x7f0000001f00)=[@init={0x18, 0x84, 0x0, {0x200, 0x401, 0x3, 0x3}}, @sndinfo={0x20, 0x84, 0x2, {0x5, 0x0, 0x3, 0x80, r4}}, @dstaddrv6={0x20, 0x84, 0x8, @ipv4={[], [], @loopback}}, @init={0x18, 0x84, 0x0, {0x8, 0x800, 0x4, 0x3}}], 0x70, 0x4000000}, {&(0x7f0000001f80)=@in6={0xa, 0x4e20, 0x0, @loopback, 0x3}, 0x1c, &(0x7f00000031c0)=[{&(0x7f0000001fc0)="324e38f28976c4d25423e4880e575b4c4ee972d14be81331fbd34f5ec8ad4857bce2605a1346ab6c35f4a67cf9a32e9172f02b6e6302111afe1100bd6504e20d385d24595d3f5f0c9907d5b002ae01022b6c9b1ebcfcb6df3a7c7e88aee9372becc418621c504dfb4257b41acb5f8369a2ca3d924d0443e9975b31181a14814af0f69dedcffd56d6be10636e27077a4932b3e472a52da35da5d02d0e87b855e868603befae4b091a67ac08475eab1fc1901682d53f8d18357a3a23c13a8aa16b129ff77cfb990e1194a6d8b6db23f8fb75c137acb234ccfa2ee733e11b9c2e30f0c0453502bbf7f8e062d067f39a3c5e16950ba18c2cc9ec99bd239051d5e72ffaaf0ce422fbc00e0e7ec8f3cda4c3c00af40f6fe16ce211e1f683a31e4cfc023263df65b24ab7eb016ee73a3ed085129cc0b711917ea4c7bd6a8be81b24968cbc702fe5f47ae52e9270fb9c4fe441c7fa175fb2372bdafaf4ea11b00d7443ae5c02abbd68d0a735076247cd184e1a9981c5d16798e5b9ebedc8c48dad3e86d5876dd743b44b0f40d02c524fdcb3a4cbce4e32c9c41f32bd9e8ea2803f78e1c266f58734ef1cf99a3ae184682cbb6bed2a5dec9ee9dc6d7704e67407d491eea579c990fe96a0c67b829540ae2c4e4cc69629d7e1122a404b7c82d92f50952911b81dfe1ced6d4ad0ab67b42aaf88d3f9430f9f40372704677a6c843fd06bd8a3c33f6117d7c8aeb76e16466b4439f7c4e28283d073d0e9b55dbb037baa5f6d060976b4f45bd7c74219882c3cb84ceba2aed5eadf2e441db8184e0f623145b41c4f6f6f06a772d256d3aa7566df73314023db41a53d1ea5fe413fa184d9421874163209e928fbfd2f1ed872200768c19198ced3f7a67c01a30856c1107b61a6d77ce220e5ad4352eee09445be30dcd0f8c6b2db3b45c5660d51d1eab754bec0dc28f3a79008232bcbc4743ea42f407a0c2f01144431a5fb3316b86a335163e658b143c009ee36d8b0cfb900406658fa906fb75cdd02da895ed7b4ae5ac3ae993dbc3417a7de6901ff5ce0f00136cbdf5cc49c8fa44990cbefa1d9763ce205703b5a7ffe4e8c41426b1483b4e3ebef2c68ba4614a1a5effe28f292d881f5e6a40964d9fe7e6a82e17d5c3672df9fa25ae2c84022662928d2f6294d6a48d8e77cdc62f30bed9a263cfe1ae8b603fd6da4cbb25b11fc32715e6b13f63bc63bc6a22bf030c064a1fe2cb37d0a336e299c03226925a1eb560a0dde26a27c916d046bf4f5773486425d670311f090ffe00074429733f4b163510a0f586c7d60e3c6688c69f598cfb62bf4f87d4d6d399b9686bbf488a5debbe31d1fb5d6244b1972efd70edabf7c14d8da03965e8682816bfd681d83aa59eea821c5789346ae7eec2e81fe47fa1029111b5a8b29048a0e6779678beffddbc611269f8dfe603079178d45514cd07ec0432b05d12541a3f74ef39b99461de82afab84751898a8975da95a6314b44ab416c6b80be334004d042ac3b333cba11a9abce5e003565c374c8b31200c65c0fd373f97d5ede771ad0ace0c0eb023443159e8db76a9f28866ed511680a1373e8c4e128cc825a627f00328b84ae730133348ab38a6f8085ddce96a30c991d1afdc31d4c266752de35de59a619cadf5762ca60157f522153c245951dc4b207399c2435a7deb9ced25cd414068c67aa9bd5ee5b2935381fd1477cb40b9ceefe71cedab8123cf828f72cb4db0388a6e2d265f8167ce359576e01e42843794b3d68579c4097025abe51768b4fe5f434d98340d6901f6d2b75e05949cf43a25b327f06fef2dcea14cca38f71f423bd4766900224bc7641be3b589207dea6a5de5a500c1e03aa880052c9f0e16f6a055d8d284786cbca42356c8e03b3697f696f4ae3997aabaa2a3ef1369b8e532578af8f6aa6a09f629a57d51a5a1f40e73a3fea51c184570aa23b1e8314769a3dcbae1fb418d8c2091b5e5adc5765a43cef5eadf16bb616080fc0e160247f28796b4cbb83432595147673d19ab61c5b35090dd5ccf188075e306808245030e960cf20c3046c0d82a1bbd5f4940d227640f6bc270e3cd31a0fa63f6b8dfae47fd774c290e9c7d8e79739de75ba64301fcff9ffda6814c360198dd3ea564f02596bdbad3fefcba9a750f06ed71f343df3dc4ee9cca9396bca899cba99af7cefcf8a382b00113ae91c1292c13818bc0160cc329707e2a4daffbf0da045bedafe0446c42888b33eb440c9231b460048dd0ff1684c589e5258a125566b39f79c6b2cd10a596c26aaaaa04a38289e21b0b21c9877c4800e2be9cba433bf987811a813dc81815cd27cbb3d9e5b2bc5a8f8ee0b416f16f3cbf6844343c74f9f5fac9912e06f2c18be9b168474084525a4d4ed333b7932a9cb57b61f137254ebec6a62fd1b200c4118e19016bec8d0918f922541526be393acc84d364e231537739540aefbee6abd5b43c687a47e27c5485c91878c7091dc8dace5250eff8bbcab98bed73899d8573d3374d8df6cae27ad9ce51f1e1ee3e6db1301508609be4034f349447f43f985a2989495ffc1bb8ce12c31fb6c79369cceebf3fc580abab864cc9705e872156a6cdbba56e219640f46a203427e910290df507f4b4223e16dbd8b97c3042642cf9874e2770f51cc4c93406bafcf2c3cd873259d868b5e04cc2e92a5d6d9e0dd548233e7600d636f182b7ff04fb8badcd168f07f66c59fadf4b6896858109efd3f3a51c14f857933dda31215187b4fba10b23946c1aeb3f97cc0322813acea099c4f6bf619b96a486e450cab4a375a0b5d039d399ab8f9e753a5052d630d008b98ab848b5752ad7ef18ed9397d9d5a9b5b291259ce96645f87e9c8840af2d82c1420b342f99b81d12573c7f3f3e1456fa549c63ad2094874d377dd8546ef3ee1e753e996a20c5bfd534e566a893a3c6b08c175b2a43c3e2c4987c5ac086f2e092064a7d38b353680741d95eb67fee84d7d7e303bd4e4b603bb5f49fc6e1d2cd1f25c89f8d03bb0fb01a1fa7f7312eef3ec09043e6b14caeb7cc88310f6e7fa2c4e135d41af184d971c882ff3710871e7c0f95d32a66dada82df22a843714e04290101d31488ae0e5ae3c94995ac15df79c9193f3e7a6f0b32a790e3fe622d4bce1bb5dd991f9d7511a2c734fc18a706b17c839369b4d7903c080ee1f87ccb9b7ddd9bfdad7f6e3bf8f4b93106ed324f4568e30c7ce1ea14cdd9d28ec1aedc9735af74097ced7dc8a045cd7fbc0842482f76cd7d2556cf06cbd90d6c40e14ed878886d9dcf89bd9d903659d1ed7b2d2d18eafa01fe4c6219271e88f056578a4fac74b88fc5722630474a5184c3879000b97cd49cce18ac1f32b0ddc6d2401d7408ab1f3081b4093deb15745681a8c0013ad065dda7ed9faf12ff4ea3fffb70c7396849e993d2cd056cca8fa7e7d6f1d97fb39075a9abad306fce82034dbe41ddb549bb3b315bfd1bdefcff56c03c8177122e09068736b6c4da33ad4589e80032d8f10740b0239723d466be5bd0e125fad2f0658e465f0fda380add24928a168c5ed4aaf9944febc912e40703ed741a98b20ce59259f77a4d87619b4ec200dd1632ea8507f4d47527eefefb3406769a8d925933e014681d0584b3784eaa8ab8dc1d26362f08bbfb45eb2c93b20fc69204b8b25c07495f2832c7f0992002bd83e6a7d123bf771924413214b220ca2c0140023daa55793bc82ebee3d2a233e11a6152b4b0f4368635ce666f300d04e69717c8951ebc51163b566558edd8b58586ee766969c00e6d9d74d40865e747a3b2314350c3642d57c591add915503edab793efba20d9390d13a482492d48833c4319b5984d78898cbc38d1d38cc648a2f9a09cdabd860a424676def9eb9476a8c74f036934edf20cc24ef06c97cdba4093fadc18d4707fdb3881a2cafa04452998828be4a7d5606f1a7e98459c5a752b884399b3dffa1b07f5c52150bb30ead7e046df5c19b38253efa7df7fd2e9a633c258995826dcffa1dd3eb85be8645751816a4890b9afe3e05c375dfa0e8c3edb620fd244aff986b79b21378121901d44fcc94f9aeda091612de22b149373cfa6c336ef86371732e6f468748c539eaa763949d81021d64af58cf19773cb80fe53cf1f903632de461eb3db9cbf3acb53e2a2afd9707b581c6086b4935d08bc4ec1f35eb5fbd088e653980cec0f6dd8e7deeb7110b456fee1e51c4655500fff8890a04bc4c4c8df2c92ca974e562a1e6f18b4247102b85573a9e169661daddb9fe76000a74d42c8c0cf023f0980047f94bc2a13ae7c9e7e2c2d0b984024de47b286f74dcc472fe9215d8af96b97ac6c8706a29a6192ca5730d1ccd008de963518fb1ab947d6acc9e71987b41e9ddbb3dacc3ea558fed66d2c0f7c153985707aee6ddde03ef39a4defdfb96f2b550dec004964140cb7d709f0f0f51292c2cff3a0ea5b3fb3d492d28516890ce1165899fa5a24658013664b7f5ffc791beccb0e19534256601e4f3a92463b782e3b25db57805877c1fc3d8c3d7e417bcc25ef3d88d7c94a810d2ff27130b1b8c9557dd2e84001f59c504149c4ae8256e0bea191c9f2303e25c1a88d8517a382b5956d04e62fb868e0d38129f557e92ff03c2eef93f6073a8ddac2b6b3011ec561dc04e57f5228b3516ab160209660b0182ed0335a5c5009cddf45c77b3fc19dd16d7d617405a0bce609bfb965ed965ccce85de51f80b73f752f28d4a977489bc9f4731cede03a2e127cc4aec6b9688810a66b95f47ec70ace3d7f564864811ee03389b59486f059d4d6c8fabd0a4e41a4b7af8317889cfdd7dcb1f201f6c626734e03badb81312a9bcd98253664ce688cc40ffeddccb2bdbdb6f065ed5c8ea4c4f451225faacd9af729be232aee8d99723cb764b6b9902acc61f5b433c8af790cfdc5fc8285a118e56eadc1539f22dcdd6cd94d79bb76f18bc3678430c906f6d3444d5c18033c185e57a7f37312193af681165b58b53f48af13b1d748a93385ef2b0772c236a5d0ab0932df2749c5b2126a8843b762a0deaf21f397b3b8a34cbf8607b80235cd60be14ce27ac978626edd16cf60214517581bed8ec4c2084e4a2f6f6cd0dc3a528322d849c7e8ad0beb977c003045de0e16b5545856dd8f87208152600422e8265875cbb9b7343fcc143ce7b4c4c9bd4bca0f4cfea5837f3a9e941243699ba230e909233e2c3cec6cef509731ca5f63a790138977f4ece18dcf65877eacb0c721bac94242c656971c83a457f3f902d8afc9e81679df2d45da8ee8018c7be1addace2a36be6b528eb324bdce166e6ddc554ed784122e7ecac03f32606d3979e210704f21ee6d42d4212d39e4256bf6a59ac269d924a49be8a37762c6c6deba13cf144dc9fef458a24ffabce68805a9b8126eddafbb41fd8f29f07904d7093c9684d2ef07bc846360f93fb6127d1ba3273f33266a2434f401a4bbc4ae65325ba8d325902e8ce4435507520d1d69ab314fe330304d447ad9d50428abe5d4f552d01425c2cc5662bce990090e858705ca2284034cd1426db44d1ce3eb12fff51fd48bac650ae35c7fe94c092473633b740f9a82dc976dd5a1c6a90c36816510cd0144ce5c5d76e38a746298351ee6c59821740591bea6c80e68861fbc40b13c680875fd3578c2498412602609e0330504b18a589a4957ded7b4f5e704f87bcf817f8612285ad7797b64528c80314d4a05a4beebdf5580c3362d2171724c0a1f17d0550c5d4b0bd28c7480c643d8113178bdbf9633a90d3b7e50321ed61caeb15fba46", 0x1000}, {&(0x7f0000002fc0)="c5f4332b5dffbe0edb72c0abaf4109684ac814d3cd2d848cd3fd4f64ac25ada6a2555588b10dcd2a64f1855032c561ada216777bb3fa02854a8c168f5a93c45d40b81734f72bd130204b205fbb0644fc4892ecf1b5886a8905ab62a12e66502f4b0ce616bcfafabb73213b372ca79af3cfa664ce347b7991443f76c793bc5a255e5683adb1418937b1abefdc18fa23b5b454721194e4ea952308adbe79e9d04b76db07db7cc20770057af9b4d28549341e45c9bfb0f4384c4acf", 0xba}, {&(0x7f0000003080)="947bd87694cb44a4457f36c2db322810999ca04ec45a0834b813feddfe11275f872e211cd65a52b0c5c966450cf8c7993d23d72b3918670368c8cf53f3df528ceaccf2155fc93175efeced8a1c8eb4091eed6be943bff36b8f5f2b475455d11bfe62f7d58d9d36000712aaf7caa3e92715fed14b3d3ef9ff13d393081e045564808f5fa1fbb9c67670e18b8af34528fd37437f9f3d484025702f", 0x9a}, {&(0x7f0000003140)="e2a432aa0e0180abf2e5306b9be7a5a9d2a2d455d175633f0d8ad280a960eecec90e5cbdd526d712fb6c204199e23c768e5af8c30a9fa0372c87d55d265d2c037b0301dac67917713d031ba269719bed2b32c2c6ba13b92a2924bf68d5", 0x5d}], 0x4, &(0x7f0000003200)=[@dstaddrv6={0x20, 0x84, 0x8, @mcast1}], 0x20}], 0x5, 0x0) setsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r2, 0x84, 0x7, &(0x7f0000000300)={0x36da4136}, 0x4) r5 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r5, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) getsockname$llc(r1, &(0x7f0000000340), &(0x7f0000000380)=0x10) r6 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) ioctl$VIDIOC_G_STD(r1, 0x80085617, &(0x7f00000002c0)) readv(r6, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3577.094565][T23253] IPVS: ftp: loaded support on port[0] = 21 02:20:41 executing program 5: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) r2 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x8, 0x44c00) ioctl$EVIOCGKEYCODE(r2, 0x80084504, &(0x7f0000000280)=""/4096) [ 3577.155061][T23257] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:41 executing program 5: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) r2 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x8, 0x44c00) ioctl$EVIOCGKEYCODE(r2, 0x80084504, &(0x7f0000000280)=""/4096) 02:20:41 executing program 5: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) r2 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x8, 0x44c00) ioctl$EVIOCGKEYCODE(r2, 0x80084504, &(0x7f0000000280)=""/4096) 02:20:41 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{0x0}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:41 executing program 2 (fault-call:2 fault-nth:14): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:41 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x1f2}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3577.525500][T23279] FAULT_INJECTION: forcing a failure. [ 3577.525500][T23279] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3577.539720][T23279] CPU: 1 PID: 23279 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3577.539731][T23279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3577.539736][T23279] Call Trace: [ 3577.539765][T23279] dump_stack+0x172/0x1f0 [ 3577.539792][T23279] should_fail.cold+0xa/0x15 [ 3577.539827][T23279] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3577.576540][T23279] ? __lock_acquire+0x548/0x3fb0 [ 3577.576565][T23279] should_fail_alloc_page+0x50/0x60 [ 3577.576582][T23279] __alloc_pages_nodemask+0x1a1/0x7e0 [ 3577.576603][T23279] ? __alloc_pages_slowpath+0x2900/0x2900 [ 3577.576616][T23279] ? find_held_lock+0x35/0x130 [ 3577.576641][T23279] ? kasan_check_write+0x14/0x20 [ 3577.576664][T23279] cache_grow_begin+0x9c/0x860 [ 3577.612348][T23279] ? kasan_check_read+0x11/0x20 [ 3577.617234][T23279] ? do_raw_spin_unlock+0x57/0x270 [ 3577.622387][T23279] ____cache_alloc_node+0x17c/0x1e0 [ 3577.627594][T23279] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3577.627617][T23279] __kmalloc+0x219/0x740 [ 3577.627639][T23279] ? alloc_workqueue+0x13c/0xe70 [ 3577.627659][T23279] alloc_workqueue+0x13c/0xe70 [ 3577.627684][T23279] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 3577.627707][T23279] ? scnprintf+0x140/0x140 [ 3577.643313][T23279] ? __init_waitqueue_head+0x36/0x90 [ 3577.643339][T23279] hci_register_dev+0x1b8/0x860 [ 3577.643357][T23279] ? hci_init_sysfs+0x7c/0xa0 02:20:42 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) r2 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0x6, 0x4000) getsockopt$bt_BT_POWER(r2, 0x112, 0x9, &(0x7f0000000140)=0x1, &(0x7f0000000280)=0x1) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:42 executing program 5: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$net_dm(&(0x7f0000000040)='NET_DM\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3577.643381][T23279] __vhci_create_device+0x2d0/0x5a0 [ 3577.653904][T23279] vhci_write+0x2d0/0x470 [ 3577.653927][T23279] new_sync_write+0x4c7/0x760 [ 3577.653946][T23279] ? default_llseek+0x2e0/0x2e0 [ 3577.653970][T23279] ? common_file_perm+0x238/0x720 [ 3577.663673][T23279] ? __fget+0x381/0x550 [ 3577.663697][T23279] ? apparmor_file_permission+0x25/0x30 [ 3577.663714][T23279] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3577.663731][T23279] ? security_file_permission+0x94/0x380 [ 3577.663754][T23279] __vfs_write+0xe4/0x110 [ 3577.673292][T23279] vfs_write+0x20c/0x580 [ 3577.673315][T23279] ksys_write+0xea/0x1f0 [ 3577.673334][T23279] ? __ia32_sys_read+0xb0/0xb0 [ 3577.673358][T23279] ? do_syscall_64+0x26/0x610 [ 3577.682881][T23279] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3577.682899][T23279] ? do_syscall_64+0x26/0x610 [ 3577.682932][T23279] __x64_sys_write+0x73/0xb0 [ 3577.692457][T23279] do_syscall_64+0x103/0x610 [ 3577.692479][T23279] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3577.692493][T23279] RIP: 0033:0x457f29 [ 3577.692509][T23279] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3577.692525][T23279] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3577.701715][T23279] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3577.701725][T23279] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3577.701734][T23279] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 02:20:42 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) [ 3577.701743][T23279] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3577.701752][T23279] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 02:20:42 executing program 5: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$net_dm(&(0x7f0000000040)='NET_DM\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3577.965711][T23287] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:42 executing program 5: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$net_dm(&(0x7f0000000040)='NET_DM\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:42 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) fsetxattr$trusted_overlay_upper(r1, &(0x7f0000000040)='trusted.overlay.upper\x00', &(0x7f0000000140)={0x0, 0xfb, 0x36, 0x6, 0x800, "2ea4f75f290ff6e6d815c624797f4330", "c31e833b9471590039d0d662e251a9bf43b62a10adc313108194cb7df83b20672d"}, 0x36, 0x2) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:42 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:20:42 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x1f4}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:42 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:20:42 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{0x0}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:42 executing program 2 (fault-call:2 fault-nth:15): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3578.391858][T23318] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3578.474269][T23324] FAULT_INJECTION: forcing a failure. [ 3578.474269][T23324] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3578.489095][T23324] CPU: 1 PID: 23324 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3578.497784][T23324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3578.507861][T23324] Call Trace: [ 3578.511176][T23324] dump_stack+0x172/0x1f0 [ 3578.515532][T23324] should_fail.cold+0xa/0x15 [ 3578.515560][T23324] ? save_stack+0x45/0xd0 [ 3578.524481][T23324] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3578.524499][T23324] ? __lock_acquire+0x548/0x3fb0 [ 3578.524514][T23324] ? new_sync_write+0x4c7/0x760 [ 3578.524534][T23324] ? __vfs_write+0xe4/0x110 [ 3578.535291][T23324] ? vfs_write+0x20c/0x580 [ 3578.535308][T23324] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3578.535329][T23324] should_fail_alloc_page+0x50/0x60 [ 3578.535346][T23324] __alloc_pages_nodemask+0x1a1/0x7e0 [ 3578.535369][T23324] ? __alloc_pages_slowpath+0x2900/0x2900 [ 3578.544714][T23324] ? find_held_lock+0x35/0x130 [ 3578.544741][T23324] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3578.544764][T23324] cache_grow_begin+0x9c/0x860 [ 3578.555419][T23324] ? alloc_workqueue_attrs+0x82/0x120 [ 3578.555437][T23324] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3578.555463][T23324] kmem_cache_alloc_trace+0x67f/0x760 [ 3578.566045][T23324] ? rcu_read_lock_sched_held+0x110/0x130 [ 3578.566072][T23324] alloc_workqueue_attrs+0x82/0x120 [ 3578.566089][T23324] apply_wqattrs_prepare+0xbb/0x970 [ 3578.566118][T23324] apply_workqueue_attrs_locked+0xcb/0x140 [ 3578.566139][T23324] apply_workqueue_attrs+0x31/0x50 [ 3578.576612][T23324] alloc_workqueue+0x84c/0xe70 [ 3578.576637][T23324] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 3578.576661][T23324] ? __init_waitqueue_head+0x36/0x90 [ 3578.576687][T23324] hci_register_dev+0x1b8/0x860 [ 3578.576708][T23324] ? hci_init_sysfs+0x7c/0xa0 [ 3578.587274][T23324] __vhci_create_device+0x2d0/0x5a0 [ 3578.587295][T23324] vhci_write+0x2d0/0x470 [ 3578.587316][T23324] new_sync_write+0x4c7/0x760 02:20:43 executing program 5: pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffff9c, 0x84, 0x1, &(0x7f0000000140)={0x0, 0x5, 0x8, 0x6, 0x2000, 0x851c}, &(0x7f0000000280)=0x14) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f00000002c0)={r2, @in6={{0xa, 0x4e20, 0x101, @empty, 0x7}}, [0x6, 0x100000000, 0x5, 0xffffe00000000000, 0x2, 0x800, 0x1f, 0x3, 0x1, 0x3, 0xb6, 0x66, 0x4, 0xa1, 0x8]}, &(0x7f00000003c0)=0x100) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) ioctl$sock_bt_bnep_BNEPCONNADD(r1, 0x400442c8, &(0x7f0000000400)={r1, 0x4, 0x55, "89ac65288515d79886137935c6f510348b47c9111b7ca053ce70cf7d008b0e3ba3532c0ccb469642b68407fa3d99be5bd3e74e273c"}) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$KVM_ASSIGN_SET_INTX_MASK(r0, 0x4040aea4, &(0x7f0000000040)={0x3, 0x800, 0x10001, 0x1, 0x5}) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r3, 0x6612) write$P9_RLERRORu(r4, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r5 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r5, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:43 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) [ 3578.587343][T23324] ? default_llseek+0x2e0/0x2e0 [ 3578.598962][T23324] ? common_file_perm+0x238/0x720 [ 3578.598979][T23324] ? __fget+0x381/0x550 [ 3578.598998][T23324] ? apparmor_file_permission+0x25/0x30 [ 3578.599015][T23324] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3578.599038][T23324] ? security_file_permission+0x94/0x380 [ 3578.610115][T23324] __vfs_write+0xe4/0x110 [ 3578.610135][T23324] vfs_write+0x20c/0x580 [ 3578.610156][T23324] ksys_write+0xea/0x1f0 [ 3578.610174][T23324] ? __ia32_sys_read+0xb0/0xb0 02:20:43 executing program 5: pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffff9c, 0x84, 0x1, &(0x7f0000000140)={0x0, 0x5, 0x8, 0x6, 0x2000, 0x851c}, &(0x7f0000000280)=0x14) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f00000002c0)={r2, @in6={{0xa, 0x4e20, 0x101, @empty, 0x7}}, [0x6, 0x100000000, 0x5, 0xffffe00000000000, 0x2, 0x800, 0x1f, 0x3, 0x1, 0x3, 0xb6, 0x66, 0x4, 0xa1, 0x8]}, &(0x7f00000003c0)=0x100) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) ioctl$sock_bt_bnep_BNEPCONNADD(r1, 0x400442c8, &(0x7f0000000400)={r1, 0x4, 0x55, "89ac65288515d79886137935c6f510348b47c9111b7ca053ce70cf7d008b0e3ba3532c0ccb469642b68407fa3d99be5bd3e74e273c"}) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$KVM_ASSIGN_SET_INTX_MASK(r0, 0x4040aea4, &(0x7f0000000040)={0x3, 0x800, 0x10001, 0x1, 0x5}) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r3, 0x6612) write$P9_RLERRORu(r4, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r5 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r5, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3578.610197][T23324] ? do_syscall_64+0x26/0x610 [ 3578.620572][T23324] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3578.620587][T23324] ? do_syscall_64+0x26/0x610 [ 3578.620610][T23324] __x64_sys_write+0x73/0xb0 [ 3578.620627][T23324] do_syscall_64+0x103/0x610 [ 3578.620647][T23324] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3578.631540][T23324] RIP: 0033:0x457f29 [ 3578.631557][T23324] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3578.631565][T23324] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3578.631586][T23324] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3578.642047][T23324] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3578.642056][T23324] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3578.642065][T23324] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3578.642074][T23324] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 02:20:43 executing program 5: pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffff9c, 0x84, 0x1, &(0x7f0000000140)={0x0, 0x5, 0x8, 0x6, 0x2000, 0x851c}, &(0x7f0000000280)=0x14) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f00000002c0)={r2, @in6={{0xa, 0x4e20, 0x101, @empty, 0x7}}, [0x6, 0x100000000, 0x5, 0xffffe00000000000, 0x2, 0x800, 0x1f, 0x3, 0x1, 0x3, 0xb6, 0x66, 0x4, 0xa1, 0x8]}, &(0x7f00000003c0)=0x100) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) ioctl$sock_bt_bnep_BNEPCONNADD(r1, 0x400442c8, &(0x7f0000000400)={r1, 0x4, 0x55, "89ac65288515d79886137935c6f510348b47c9111b7ca053ce70cf7d008b0e3ba3532c0ccb469642b68407fa3d99be5bd3e74e273c"}) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$KVM_ASSIGN_SET_INTX_MASK(r0, 0x4040aea4, &(0x7f0000000040)={0x3, 0x800, 0x10001, 0x1, 0x5}) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r3, 0x6612) write$P9_RLERRORu(r4, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r5 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r5, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:43 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x1fa}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:43 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) tkill(r0, 0x16) 02:20:43 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(0xffffffffffffffff, 0x400, 0x1) fcntl$setown(0xffffffffffffffff, 0x8, 0x0) execveat(0xffffffffffffffff, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:20:43 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = semget(0x1, 0x1, 0x1) semctl$SEM_STAT(r0, 0x3, 0x12, &(0x7f0000000280)=""/4096) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r2, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3579.075399][T23350] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:43 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(0xffffffffffffffff, 0x400, 0x1) fcntl$setown(0xffffffffffffffff, 0x8, 0x0) execveat(0xffffffffffffffff, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) [ 3579.170883][T23357] IPVS: ftp: loaded support on port[0] = 21 02:20:43 executing program 2 (fault-call:2 fault-nth:16): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3579.420817][T23374] FAULT_INJECTION: forcing a failure. [ 3579.420817][T23374] name failslab, interval 1, probability 0, space 0, times 0 [ 3579.456897][T23374] CPU: 0 PID: 23374 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3579.465621][T23374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3579.475688][T23374] Call Trace: [ 3579.479008][T23374] dump_stack+0x172/0x1f0 [ 3579.483354][T23374] should_fail.cold+0xa/0x15 [ 3579.487955][T23374] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3579.493762][T23374] ? find_held_lock+0x35/0x130 [ 3579.498531][T23374] ? __debug_object_init+0x4aa/0xe00 [ 3579.503826][T23374] __should_failslab+0x121/0x190 [ 3579.508770][T23374] should_failslab+0x9/0x14 [ 3579.513286][T23374] kmem_cache_alloc+0x47/0x6f0 [ 3579.518056][T23374] ? trace_hardirqs_on+0x67/0x230 [ 3579.523078][T23374] ? kasan_check_read+0x11/0x20 [ 3579.528568][T23374] __debug_object_init+0x7cb/0xe00 [ 3579.533710][T23374] ? debug_object_fixup+0x30/0x30 [ 3579.538768][T23374] ? lockdep_init_map+0x1be/0x6d0 [ 3579.543807][T23374] debug_object_init+0x16/0x20 [ 3579.548578][T23374] __init_work+0x50/0x60 [ 3579.552824][T23374] hci_alloc_dev+0x1176/0x1d00 [ 3579.557604][T23374] __vhci_create_device+0x101/0x5a0 [ 3579.562812][T23374] vhci_write+0x2d0/0x470 [ 3579.567149][T23374] new_sync_write+0x4c7/0x760 [ 3579.571832][T23374] ? default_llseek+0x2e0/0x2e0 [ 3579.576693][T23374] ? common_file_perm+0x238/0x720 [ 3579.581720][T23374] ? __fget+0x381/0x550 [ 3579.585891][T23374] ? apparmor_file_permission+0x25/0x30 [ 3579.591444][T23374] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3579.597694][T23374] ? security_file_permission+0x94/0x380 [ 3579.603339][T23374] __vfs_write+0xe4/0x110 [ 3579.607681][T23374] vfs_write+0x20c/0x580 [ 3579.611936][T23374] ksys_write+0xea/0x1f0 [ 3579.616193][T23374] ? __ia32_sys_read+0xb0/0xb0 [ 3579.620973][T23374] ? do_syscall_64+0x26/0x610 [ 3579.625659][T23374] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3579.631734][T23374] ? do_syscall_64+0x26/0x610 [ 3579.636422][T23374] __x64_sys_write+0x73/0xb0 [ 3579.641021][T23374] do_syscall_64+0x103/0x610 [ 3579.645621][T23374] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3579.651515][T23374] RIP: 0033:0x457f29 [ 3579.655416][T23374] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3579.675035][T23374] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3579.683466][T23374] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3579.691450][T23374] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3579.699429][T23374] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3579.707434][T23374] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3579.715413][T23374] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3579.724979][ C0] net_ratelimit: 9 callbacks suppressed [ 3579.725021][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3579.736595][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3579.743389][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3579.750485][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3579.757545][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3579.764065][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:20:44 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{0x0}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:44 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x206}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:44 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r2, &(0x7f0000000140)=[{&(0x7f0000000180)=""/217, 0xd9}], 0x1) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000040)={0x7d22e72bf9572bdb, @dev={0xac, 0x14, 0x14, 0xc}, 0x4e22, 0x0, 'rr\x00', 0x2, 0x0, 0x4a}, 0x2c) [ 3579.771063][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3579.777318][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:20:44 executing program 1: r0 = open$dir(&(0x7f0000000800)='./file0\x00', 0x400, 0x80) unlinkat(r0, &(0x7f0000000840)='./file0\x00', 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x6102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r2 = accept$inet(0xffffffffffffff9c, &(0x7f0000000440)={0x2, 0x0, @empty}, &(0x7f0000000480)=0x10) setsockopt$inet_MCAST_MSFILTER(r2, 0x0, 0x30, &(0x7f00000004c0)={0x80, {{0x2, 0x4e20, @rand_addr=0x8001}}, 0x1, 0x5, [{{0x2, 0x4e22, @multicast2}}, {{0x2, 0x4e22, @broadcast}}, {{0x2, 0x4e22, @empty}}, {{0x2, 0x4e24, @empty}}, {{0x2, 0x4e24, @broadcast}}]}, 0x310) r3 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r3, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) r4 = creat(&(0x7f0000000040)='./file0\x00', 0x40) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'dummy0\x00', 0x0}) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@empty, @in6=@dev={0xfe, 0x80, [], 0x2b}, 0x4e21, 0x9, 0x4e23, 0x227, 0xa, 0x80, 0x0, 0x7f, r5, r6}, {0xffffffffffffff18, 0x7, 0x7, 0x9, 0x1, 0xc20b, 0x0, 0xffffffff00000000}, {0x1, 0x7, 0x6f, 0x6f8b}, 0xfffffffffffffffc, 0x6e6bb8, 0x2, 0x1, 0x1, 0x1}, {{@in=@multicast1, 0x4d6, 0xff}, 0x2, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x0, 0x7, 0x0, 0x3f, 0x7, 0x2, 0xaed}}, 0xe8) 02:20:44 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) tkill(r0, 0x16) [ 3580.029336][T23367] IPVS: ftp: loaded support on port[0] = 21 [ 3580.040739][T23386] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:44 executing program 2 (fault-call:2 fault-nth:17): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3580.249659][T23396] IPVS: ftp: loaded support on port[0] = 21 [ 3580.335391][T23386] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3580.381181][T23402] FAULT_INJECTION: forcing a failure. [ 3580.381181][T23402] name failslab, interval 1, probability 0, space 0, times 0 [ 3580.421923][T23402] CPU: 0 PID: 23402 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3580.430657][T23402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3580.440729][T23402] Call Trace: [ 3580.444048][T23402] dump_stack+0x172/0x1f0 [ 3580.448408][T23402] should_fail.cold+0xa/0x15 [ 3580.448435][T23402] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3580.448463][T23402] ? ___might_sleep+0x163/0x280 [ 3580.448490][T23402] __should_failslab+0x121/0x190 [ 3580.448516][T23402] should_failslab+0x9/0x14 [ 3580.448539][T23402] kmem_cache_alloc_trace+0x2d1/0x760 [ 3580.448554][T23402] ? retint_kernel+0x2d/0x2d [ 3580.448587][T23402] alloc_workqueue_attrs+0x82/0x120 [ 3580.448609][T23402] apply_wqattrs_prepare+0xbb/0x970 [ 3580.448639][T23402] apply_workqueue_attrs_locked+0xcb/0x140 [ 3580.448659][T23402] apply_workqueue_attrs+0x31/0x50 [ 3580.448678][T23402] alloc_workqueue+0x84c/0xe70 [ 3580.448706][T23402] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 3580.448735][T23402] ? retint_kernel+0x2d/0x2d [ 3580.463968][T23402] hci_register_dev+0x1b8/0x860 [ 3580.463988][T23402] ? __vhci_create_device+0x2c8/0x5a0 [ 3580.464009][T23402] __vhci_create_device+0x2d0/0x5a0 [ 3580.464030][T23402] vhci_write+0x2d0/0x470 [ 3580.478819][T23402] new_sync_write+0x4c7/0x760 [ 3580.478841][T23402] ? default_llseek+0x2e0/0x2e0 [ 3580.478867][T23402] ? common_file_perm+0x238/0x720 [ 3580.478882][T23402] ? __fget+0x381/0x550 [ 3580.478904][T23402] ? apparmor_file_permission+0x25/0x30 [ 3580.478920][T23402] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3580.478938][T23402] ? security_file_permission+0x94/0x380 [ 3580.478958][T23402] __vfs_write+0xe4/0x110 [ 3580.478975][T23402] vfs_write+0x20c/0x580 [ 3580.479001][T23402] ksys_write+0xea/0x1f0 [ 3580.494064][T23402] ? __ia32_sys_read+0xb0/0xb0 [ 3580.494086][T23402] ? do_syscall_64+0x26/0x610 [ 3580.494103][T23402] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3580.494117][T23402] ? do_syscall_64+0x26/0x610 [ 3580.494142][T23402] __x64_sys_write+0x73/0xb0 [ 3580.505058][T23402] do_syscall_64+0x103/0x610 [ 3580.505081][T23402] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3580.505095][T23402] RIP: 0033:0x457f29 [ 3580.505112][T23402] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3580.505127][T23402] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3580.525006][T23402] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3580.525016][T23402] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3580.525025][T23402] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3580.525035][T23402] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3580.525044][T23402] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3580.689983][T23402] Bluetooth: Can't register HCI device 02:20:45 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:45 executing program 5: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = semget(0x1, 0x1, 0x1) semctl$SEM_STAT(r0, 0x3, 0x12, &(0x7f0000000280)=""/4096) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r2, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3580.893042][ T26] audit: type=1804 audit(1552530045.305:123): pid=23393 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir758383866/syzkaller.veMiVD/4134/file0" dev="sda1" ino=18439 res=1 02:20:45 executing program 5: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = semget(0x1, 0x1, 0x1) semctl$SEM_STAT(r0, 0x3, 0x12, &(0x7f0000000280)=""/4096) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r2, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3580.982931][ T26] audit: type=1804 audit(1552530045.385:124): pid=23393 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir758383866/syzkaller.veMiVD/4134/file0" dev="sda1" ino=18439 res=1 [ 3581.007535][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:20:45 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="ffffffff"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3581.816582][ C0] protocol 88fb is buggy, dev hsr_slave_0 02:20:46 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(0xffffffffffffffff, 0x400, 0x1) fcntl$setown(0xffffffffffffffff, 0x8, 0x0) execveat(0xffffffffffffffff, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:20:46 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x214}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:46 executing program 5: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = semget(0x1, 0x1, 0x1) semctl$SEM_STAT(r0, 0x3, 0x12, &(0x7f0000000280)=""/4096) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r2, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:46 executing program 2 (fault-call:2 fault-nth:18): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:46 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="e6a99e4e870d323c12898ee3bb19b2685ba7c6172bfd003344eedefb22e533cf4bfda81d7208a4e993c1a2e72cdc61800196a5ab8500ae4801110e3ee9bd820386e9cc943c2a0ecfc22f7c2c9f876f2807eea66115f08f4d7617f9fe2e17f32538df7c7ddff809de02d510e94cddab3960595cea46f86e8b7e8487b22aaad0ed87574618"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:46 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:46 executing program 5: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) tkill(r0, 0x16) [ 3582.070444][T23438] FAULT_INJECTION: forcing a failure. [ 3582.070444][T23438] name failslab, interval 1, probability 0, space 0, times 0 [ 3582.077425][T23429] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3582.137311][T23438] CPU: 0 PID: 23438 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3582.146025][T23438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3582.156086][T23438] Call Trace: [ 3582.159398][T23438] dump_stack+0x172/0x1f0 [ 3582.163752][T23438] should_fail.cold+0xa/0x15 [ 3582.168368][T23438] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3582.174200][T23438] ? ___might_sleep+0x163/0x280 [ 3582.179065][T23438] __should_failslab+0x121/0x190 [ 3582.184007][T23438] should_failslab+0x9/0x14 [ 3582.188523][T23438] __kmalloc_track_caller+0x2d8/0x740 [ 3582.188540][T23438] ? pointer+0x910/0x910 [ 3582.188555][T23438] ? set_precision+0x180/0x180 [ 3582.188574][T23438] ? kasan_check_read+0x11/0x20 [ 3582.188592][T23438] ? do_raw_spin_unlock+0x57/0x270 [ 3582.188607][T23438] ? kasprintf+0xbb/0xf0 [ 3582.188624][T23438] kvasprintf+0xc8/0x170 [ 3582.188638][T23438] ? bust_spinlocks+0xe0/0xe0 [ 3582.188664][T23438] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3582.198269][T23438] ? find_next_bit+0x107/0x130 [ 3582.198287][T23438] kasprintf+0xbb/0xf0 [ 3582.198310][T23438] ? kvasprintf_const+0x190/0x190 [ 3582.198337][T23438] ? kasan_check_read+0x11/0x20 [ 3582.198363][T23438] alloc_workqueue+0x442/0xe70 [ 3582.198389][T23438] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 3582.198415][T23438] ? __init_waitqueue_head+0x36/0x90 [ 3582.208018][T23438] hci_register_dev+0x1b8/0x860 [ 3582.208035][T23438] ? hci_init_sysfs+0x7c/0xa0 [ 3582.208061][T23438] __vhci_create_device+0x2d0/0x5a0 [ 3582.208081][T23438] vhci_write+0x2d0/0x470 [ 3582.208102][T23438] new_sync_write+0x4c7/0x760 [ 3582.208129][T23438] ? default_llseek+0x2e0/0x2e0 [ 3582.217488][T23438] ? common_file_perm+0x238/0x720 [ 3582.217505][T23438] ? __fget+0x381/0x550 [ 3582.217527][T23438] ? apparmor_file_permission+0x25/0x30 [ 3582.217544][T23438] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3582.217562][T23438] ? security_file_permission+0x94/0x380 [ 3582.217583][T23438] __vfs_write+0xe4/0x110 [ 3582.217603][T23438] vfs_write+0x20c/0x580 [ 3582.217625][T23438] ksys_write+0xea/0x1f0 [ 3582.226524][T23438] ? __ia32_sys_read+0xb0/0xb0 [ 3582.226544][T23438] ? do_syscall_64+0x26/0x610 [ 3582.226561][T23438] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3582.226575][T23438] ? do_syscall_64+0x26/0x610 [ 3582.226598][T23438] __x64_sys_write+0x73/0xb0 [ 3582.226616][T23438] do_syscall_64+0x103/0x610 [ 3582.226635][T23438] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3582.226657][T23438] RIP: 0033:0x457f29 [ 3582.237147][T23438] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3582.237156][T23438] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3582.237172][T23438] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3582.237181][T23438] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3582.237191][T23438] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3582.237201][T23438] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3582.237210][T23438] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3582.352433][T23447] IPVS: ftp: loaded support on port[0] = 21 [ 3582.524132][T23449] IPVS: ftp: loaded support on port[0] = 21 02:20:47 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x218}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3582.794341][T23455] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:47 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:47 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000040)={0x0, 0x4}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000280)={0x1000, 0xbc, 0x0, 0x3, 0xfffffffffffff801, 0x80000000, 0xfffffffffffffffe, 0x387, r1}, &(0x7f00000002c0)=0x20) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff72"], 0x2) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) r3 = fcntl$dupfd(r0, 0x406, r2) ioctl$VIDIOC_G_DV_TIMINGS(r3, 0xc0845658, &(0x7f0000000180)={0x0, @bt={0x3f, 0x1f, 0x1, 0x3, 0x8, 0x101, 0xffffffffffff0001, 0x9, 0x3, 0x73, 0x3, 0x23, 0x4, 0x20, 0x13, 0x2d}}) readv(r2, &(0x7f0000000080), 0x0) 02:20:47 executing program 5 (fault-call:1 fault-nth:0): futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x0) 02:20:47 executing program 2 (fault-call:2 fault-nth:19): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3583.152482][T23469] FAULT_INJECTION: forcing a failure. [ 3583.152482][T23469] name failslab, interval 1, probability 0, space 0, times 0 [ 3583.190422][T23469] CPU: 0 PID: 23469 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3583.199142][T23469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3583.199150][T23469] Call Trace: [ 3583.199182][T23469] dump_stack+0x172/0x1f0 [ 3583.199211][T23469] should_fail.cold+0xa/0x15 [ 3583.199232][T23469] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3583.199268][T23469] ? ___might_sleep+0x163/0x280 [ 3583.199302][T23469] __should_failslab+0x121/0x190 [ 3583.199338][T23469] should_failslab+0x9/0x14 [ 3583.212694][T23469] __kmalloc_track_caller+0x2d8/0x740 [ 3583.212713][T23469] ? pointer+0x910/0x910 [ 3583.212733][T23469] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3583.212755][T23469] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3583.221668][T23469] ? kasprintf+0xbb/0xf0 [ 3583.221688][T23469] kvasprintf+0xc8/0x170 [ 3583.221704][T23469] ? bust_spinlocks+0xe0/0xe0 [ 3583.221730][T23469] kasprintf+0xbb/0xf0 [ 3583.221750][T23469] ? kvasprintf_const+0x190/0x190 [ 3583.232420][T23469] ? kasan_check_read+0x11/0x20 [ 3583.232447][T23469] alloc_workqueue+0x442/0xe70 [ 3583.232471][T23469] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 3583.232497][T23469] ? retint_kernel+0x2d/0x2d [ 3583.241922][T23469] hci_register_dev+0x209/0x860 [ 3583.241949][T23469] __vhci_create_device+0x2d0/0x5a0 [ 3583.241978][T23469] vhci_write+0x2d0/0x470 [ 3583.251579][T23469] new_sync_write+0x4c7/0x760 [ 3583.251600][T23469] ? default_llseek+0x2e0/0x2e0 [ 3583.251615][T23469] ? retint_kernel+0x2d/0x2d [ 3583.251639][T23469] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3583.262560][T23469] ? retint_kernel+0x2d/0x2d [ 3583.262588][T23469] __vfs_write+0xe4/0x110 [ 3583.262614][T23469] vfs_write+0x20c/0x580 [ 3583.271091][T23469] ksys_write+0xea/0x1f0 [ 3583.271113][T23469] ? __ia32_sys_read+0xb0/0xb0 [ 3583.271131][T23469] ? do_syscall_64+0x26/0x610 [ 3583.271153][T23469] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3583.279888][T23469] ? do_syscall_64+0x26/0x610 [ 3583.279911][T23469] __x64_sys_write+0x73/0xb0 [ 3583.279928][T23469] do_syscall_64+0x103/0x610 [ 3583.279950][T23469] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3583.279963][T23469] RIP: 0033:0x457f29 [ 3583.279979][T23469] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3583.279987][T23469] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3583.280000][T23469] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3583.280008][T23469] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3583.280017][T23469] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3583.280032][T23469] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3583.289886][T23469] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 02:20:49 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:20:49 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x22e}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:49 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x0) 02:20:49 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r1, 0xc08c5336, &(0x7f0000000280)={0x5d0, 0x4, 0x100, 'queue1\x00', 0x78b}) write$P9_RLERRORu(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="fff82ae811adbaf39ba3a31c2cea3fd06e808cc5b2015370ccecf55c1fd4011177140ababab0d582ab04004c38d2e82a3f837fb00734968fd5a0170fe902a6979564568800b4f7bbcb8722d5f0e0ca8f85fe4d37566d929b"], 0x2) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vhci\x00', 0x0) readv(r2, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:49 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c0006000000190015", 0x2b}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:49 executing program 2 (fault-call:2 fault-nth:20): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3584.669370][T23486] FAULT_INJECTION: forcing a failure. [ 3584.669370][T23486] name failslab, interval 1, probability 0, space 0, times 0 [ 3584.682962][T23487] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3584.687184][T23486] CPU: 1 PID: 23486 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3584.699824][T23486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3584.709881][T23486] Call Trace: [ 3584.713187][T23486] dump_stack+0x172/0x1f0 [ 3584.717532][T23486] should_fail.cold+0xa/0x15 [ 3584.722134][T23486] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3584.727951][T23486] ? ___might_sleep+0x163/0x280 [ 3584.732812][T23486] __should_failslab+0x121/0x190 [ 3584.737752][T23486] should_failslab+0x9/0x14 [ 3584.742263][T23486] kmem_cache_alloc_trace+0x2d1/0x760 [ 3584.747637][T23486] ? rcu_read_lock_sched_held+0x110/0x130 [ 3584.753390][T23486] ? __kmalloc+0x5d5/0x740 [ 3584.757826][T23486] alloc_workqueue_attrs+0x82/0x120 [ 3584.763032][T23486] apply_wqattrs_prepare+0xbb/0x970 [ 3584.768245][T23486] apply_workqueue_attrs_locked+0xcb/0x140 [ 3584.774069][T23486] apply_workqueue_attrs+0x31/0x50 [ 3584.779180][T23486] alloc_workqueue+0x84c/0xe70 [ 3584.783954][T23486] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 3584.789688][T23486] ? __init_waitqueue_head+0x36/0x90 [ 3584.794996][T23486] hci_register_dev+0x209/0x860 [ 3584.799883][T23486] __vhci_create_device+0x2d0/0x5a0 [ 3584.805086][T23486] vhci_write+0x2d0/0x470 [ 3584.809426][T23486] new_sync_write+0x4c7/0x760 [ 3584.814110][T23486] ? default_llseek+0x2e0/0x2e0 [ 3584.818967][T23486] ? common_file_perm+0x238/0x720 [ 3584.824000][T23486] ? __fget+0x381/0x550 [ 3584.828164][T23486] ? apparmor_file_permission+0x25/0x30 [ 3584.833891][T23486] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3584.840136][T23486] ? security_file_permission+0x94/0x380 [ 3584.845771][T23486] __vfs_write+0xe4/0x110 [ 3584.850115][T23486] vfs_write+0x20c/0x580 [ 3584.854380][T23486] ksys_write+0xea/0x1f0 [ 3584.858642][T23486] ? __ia32_sys_read+0xb0/0xb0 [ 3584.863408][T23486] ? do_syscall_64+0x26/0x610 [ 3584.868087][T23486] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3584.874156][T23486] ? do_syscall_64+0x26/0x610 [ 3584.878845][T23486] __x64_sys_write+0x73/0xb0 [ 3584.883437][T23486] do_syscall_64+0x103/0x610 [ 3584.888032][T23486] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3584.893938][T23486] RIP: 0033:0x457f29 [ 3584.897836][T23486] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 02:20:49 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000001800)='/dev/sequencer\x00', 0xa0200, 0x0) accept$packet(r1, &(0x7f0000001840)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000001880)=0x14) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) r3 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x8000, 0x0) write$P9_RLOCK(r3, &(0x7f0000000280)={0x8, 0x35, 0x1, 0x1}, 0x8) r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rfkill\x00', 0x22003, 0x0) readv(r2, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) sendmsg(r4, &(0x7f00000017c0)={0x0, 0x0, &(0x7f0000001780)=[{&(0x7f0000001ac0)="a965a4f934e91e65dd1fe17894f85c96b25ef2de065d167df435fed234f05851a21bf4d207888dca92a05923b455d383ca216fe4456d630d9b50b819d8c94d98c3a78bf6501a8f643a5ff3cb86178ead1d8c3e4703152c8701b157e456938c7a91a4ce52e880962a9200fd3dbb7d6f489423cfc68e516a840b6414c81d53aa8031f1b4f04c3de3c7e5d4c20c5569a086ef56d65b8ce8b61acd651031acea7a9cfe547555cadc1f7719bd869ec3f06e4814e6f33fac976da13b542a80a226536e486cf7ee864f750c8cdbd685aa4cb16122c47fd488b17631e5c178b1e8f4ca97", 0xc0}, {&(0x7f0000000580)="cbf4fb3a663bd8060d964dcb06f6e3de4149fb591331e61cd265cd165507af65b4f322056b5012da9850eaee83d191d5231972c50563a02808cf970acb0651ba00a2961d6b68fde28435fc18df4165d7750b262f08debde737f171880c4efe203193cffbfff4a932101f5d76d4a75898fcc7afcd7846c10e555e4463ac08a4831699820f83e3c410b64917ea855b89e552106fe832ede235ce7f0966be22e9b229506bd6660a2e6948c1ffc72c797d42fab2bae84e7247b88262c73df0413f59399334eb022d9b60d2cf839d071605bf", 0x309}, {&(0x7f0000000680)="343f259f34018287b936ed2117632d0c3c9079def072f33879ce1c9da3ef8efaa4ade9a0f7c3119c8b8658dd7cd046bf4ed67673948a15a4518296b17439adaa69fa1e8d73bed89a9145120536f40f3a893aa4b18a92b422f55bf17ca6305cc881be864cfab1813153d01fae79ba8f683d4d42ef9cd1f5a37aa4e1dfaa1297eca40a32a4d8ee1f4aba85ba60c487d6b1aee18e214d1435368f34cb6b5cdee0761f5ae2d12e95dccd3e27df3bec0c7395bd000eb371ea955bf6746d861b8d9b9dfb2ad6bc10e32cd2d793", 0x1afb3180a3051b26}, {&(0x7f0000000780)="1a3c2ed4c652cf5ac9c7db9f181c15c7b88666e8ca9c09009d38195069486d5049823f847beecb6a6cd8354a0711b1249fa6f7428653e5b5389c1c1c61afa2fb0f45192f6e9e196bbb181035d7c22c681b7859943e41d0c347067fb30a73eaef8b70242537ade6deb24080e41faa27a30b21b044593b8b3cb1ddc02483744aa2c07790714ecee19ac8277920819be961c2ddc655579fb5e3367d2ebff4af66d1710c7b409b7b0deabea2f079677612ed2551fc0a79a16c6f3ff7491198ecb1aa9e0ed152dfe238b16f3beb51b16899a10d822fc5e0c7abf3b3e14b8c96e330205001e5e1706dbd697e7fcb510fb8b55f067e389a20a037bb41819f27fdc62887be23b8086328b84045e045b119f8c1758e416b37b28339064c3b4fe8ed173d465a888266dd73cf1a20faafedf8c2e06a17f950b7cb3cfc21c9b13be253ac94c8be21b57a254a639bfe5086a177ea95f40b7e2e4b1d50d3e7eac47fcf58c07455b8864fc09f6caa198446ceac2c87b6e4a2465973977e6669407a7e71265f036036400db371f59b5d0b347bc83b8834752c8babd097ee03e21d4fe1b00ea2b34c8ecf1956ce369028d66ff7fddb925356606cb128293b73d0fb5a2e77d245f3e333e59fd381ec36f685e448cca84960ea584877cc716d56f78a09cd3163b79e8db0470c696a92523ea7d5d7a77d138a607c1982a468bc686febafd39b71bd316fee6ebc85dc0f3d08b1e4fc4408dc703b1eaac7c33b0800a660909bca6c79bc494b40f04dc5d3d04d3c82ca84b359731c26d1a7dc49aea264f7ee39d6cd33aeedddadb650c67eaee7b625a7b04fd9c722635b1ce050e15b47c7d1271a8c776db0303a53f49decab9dafc66398eb6d872ddc1f6f195ca96d48529d9637f59ad7ff67e2cbd46163e9d34176c48683d783a2072d82930657aad3fa2850dc77dd8444bb45ba196eb059befa2d84b9723a0bcfc5e86358979ff9d72e56220170c582dfc68591e8d6101a26117c3f4e21f9e9fe05e42af90e0c28e7d44508cc41f2ec2162e9bac69a52071e1f042a4ecd4c19606b779d63091f7589bbd694cc56e4e5fc6cf85a1d2075a72711db293b1283ab57c1eb783527497f7d00fbf69430ba870f49f0fda7a673ba6fe24be14c32051bcacb7a05d01570c7832f880f6167e479c41d0bb31849061720e3c23f488e8292b56c1647d7f1fd3aef68554ca576776086451c647f080822a1270d8340134eecfcf29c710577d7f2f7d8feaf51af29b3e2b55f854d8d2bc38d43018b8ffad604eff9b79996115e84b2847d591832189f41c4bca7a7de69f2a92381cac8c70cd28fc3e991d76a4298448279fcdd79e790c45614a802c442b87e1efd024e8927aa24251ff828673d7a5ba08fee66ad255a1f3f12979ceea96a341c500d4454756819ac0db951b49e34246d00b438f18099a73084cd6b9999474cf8b3d3705fa93a45681e2183599345a2814053fb800667de3d61befa225d40046149c79ede91a5df58c1bc6e14fc6a4479af7c4503d093cc12d8e4706267ae6e59072f8c74f245f6dda0b01bd5b17502d0b75eb006c0f28123289c24e72f06ecd4649a5581e7b27f300ddf9f8709af8231c2d7efbad097383ce2ea36d948242e7aa38263aa2345dab35d3bcefb308fba7b7cd759c3a9c3e29caf076014bf453bd72c2da8f1fa3a029de09df8893ab1ba7a4b9b563f34bd02ca16dd2fc316e0470ae612e84a01156de3c62e05ab318a0b1bb434f7e861261206f0f45a8c5010bbd26515713d31c8614dc1a69df3997d645c6d2c8522d8b9235e662728010e5c2f52f2b92773fd505f9093dc640b937176a21ab44436e18801caf906f79474b9571fc18e75f569046cc3675acc064b4514496a150891cab207c9128757c01c1a8949a3fd49921c31fe43af3bed8fd8f06a44eed4857059efb2ee37bed0907cd887def9f27134b117b46c9c5dc36d66ac06e7cbf9ca0f08f6fc702eb48613417991ce130f09f5d69a63b242b3ffa7a0cc54b68a04ea4723e763e6667685d51350737dbbc466dc565e2ff9e486f95d4fafae9124d1a4205280801f0260a500acdbd9c7fe8caea42c31af9f3b1b5506b60eb946ba37c112fee3cbcc6913bc306fbfcd0ca7442fcded511fc9a08605b9110394392b7d4789dc738c1ef5698507e642a0e52635f392f4687c0df03e926b9a52dfa94fcf330f03c1a6743995a1a6c4118f73a5693e6be005ad21c3226e340ecf5ae60d273b9a4f89437f5a044975707f616457ae6a7ef9e45f1583633cf6f541888afedbefca2cc46183101bd587d724e91d185e332fab9f57d00fbb1863d61f5ac732f573779c9054152b968021ad6a0d50af69d75cb4e84ebd2d9cc9837e86f2404b5913d989a2ad3b97b21667560f255ce61679dd8d1ac40396824b374a15212adb6cca26ced7815795086d28643b83132b79528bd3d2b18dffa2e8afb02f0d9c9eee467f3c646d918972f59d2be4895dc81de1e457d8962907380eecc0293a49e40007d891cfedcfd1009bc5ff4cdbc066d46f42c4df106cbbedf3bfb8a0bdec817c75284ff73292ea1f02a94ce15dc5bb381a342570a56ca23e41d331cf2d44a89c529f92f20c9e151daebe44caa2bffc7e656c63b0d70525f7f7e2f2d4dbcf91dcd043381c43c63cab654b5224947a44254fec1a8b55f460752768f94dc604d25c9414b7ac6951d707508c1d2d3e1c55a7eadd7b0853bc70f79ccb66c2b47765b8fba20fbcb16045845de59e07d0963e95eb300b88e65c768542ee57c05413306b87d3cc3f08fcc16613c810d2f41b1c4ca07c3e83441eb55975d4d46b224e0cf6885a81cf42df4285b52a2842fd21aba8e41c199f17b045881a9569809b1361b36405ccbabefda08d0d213d33a6f60d4add5d36c0c8d255ca5eea74adddff910bf4c1c244ff13cd60ee9f9a9168bb783021a159fe966eae4026b8b7052717fd7c4a1817f03d0f7f5f6fb092fedcd488d76a3ff0b1bcac251ad6bfc2d903cd3d430842dfefcfcd6eabffdd2593ba0205856ec4abb5293304cf17ff9d32cde34a783553aec1ff8e8a021ceb7988c16b6d11c7751a65cd2c74453c5f5c77144b4491423967bf88adc0b96d0d4ac8270c26d036f4866ed135c4827b52262692ce722e5f17f46d0cf6784c0d191241de6c72649b3272240f17b7d9cae9e86b99271090c33c0c92986fb4367b223fe1bbd2b8e3523d43d08d6f7b0c0933b01b82487abe826dbfc7daae635bef70a58fdc8129db90f11f90be547fecc558375e5e8262d871ab35b8185edac3f2c225f8c00979e496c89473d2feb5b50f9ecea82d07aabfaf5d05c7901fe1a3dd529c4062f035de61a2f0ae1a45478e4c2fdacd47c0d590affb0fde818dacc0e0d50c9e996aa1ac86cc22f05b8aba616ab77ee37f3b7f7aaebebcde481453067863e1fbf8881c64ac5ac3532da2ccccd54dbba7cd6908c0b059682704e24a22038029fe3610caa9fda5ea3ec5aea5b89c5fe12698b8e9f6136f11c9340ee02acdcd76baa1d7f4c11a7aa34a626c6c9fb40667d945b1c8067852dedb76e61f0766e7172688efcffa6d3f455f4f08665101e1e4f459208ab48561f9f530d3f4d9f1a73b81b1c1de65ee8df6a5235133a54a4731f9a30cedb1ae5d31278d7fbb92b4d52a2c797bcf0254af2f7ad6ceb74f98c62d4846ccff013f1898d65215846adf38e1cbc9d9af8edcc9fd1d77d5a8fb3947d23854c4a399e32d5dafabbad255b08a6380c3550ab2ede6bcd8b0d7580bab5483e99e2b75966d4811210328eaa9010549e79ff86ba01c08bc524cf65579be2f680813f505667cc44b0162ad023b7c684c977b55417300a10b24d329fd20e2c65a2dcc7354d3ebdd95b90b3459a496c2f39c299d3e58bbbe243bfc38ddf7296b00449eeb4f2914c83ca2d8ec6f898b2e8f2845b3c2907b93b8ac08ea2b5b67c35f2b72cc801134d4ffce0d10c2d45f4caa0b007ff0c1a80bd0ca2af5556f2b18cdce4f23ef3e7de3fa029c9c9d40be5c890f65157188e32182413f4559857c9c40c4538a0b933f6041c7e98b043372d7a8e81bffaf523f82e82546ce218d9e90536414439831fc9b90d8cbdb31986bded7aeb97ea0348b03be1b032ba697ade7e8c103252e7c5e239ed5378b9b4acdd14c43f317100c5e02bce41fb9defa48cfad77ee49b71bfe22cf4d722d9a33cb5b70cbf948d466096d736546aa3b4e6b5636935751e5f16f10808cb280e9ddf6ee64f4986d20daa00ecef043c695c45c15a573d7a818ec16779d6c504f3f555b0b66f8cdba50fc83d81c6945a5b944d747d55c924d7373eae3babc8f520c2fdc90c2953c3c767db71f12c57cb2c95f34417343c4ea760430bad404d80b1f223da2d36ea544e40ab8202d5c6f083b52472536cec02e1beadbc1fdf8275f4cc06d93c3c8b3228478d385c091d050dd061557cc0209a5b335b4387719f83ba71234d9110425f2a986bff240b42aff807be09cd87abba62f4e92bd2b4b9bbfbd5b6dd814623dd328822b8d9d75a4efda3311fb199310f3194f24f6d80ff9a424bd32299b77519dd794e4fc3f47221b29d37b9e93c5909de2b894661c1e1f18ffecd8ced7fae96204d3d72be831640a8b94327ad8021f0d048e22b12fd1192e6f96c9a6fc446c434935f5d3cae963a5c9fe85c3147aedd221ccc1ced97f1747e136ad23de51b1d3c07415f6088ee68c73eef636be8e099010625b4dd91ef9d5575f2127dd9ce0034231c355f5d13db603498d3de7715af56df9d2f5c30649de92c780d64d7b8183bf977d936e05e253bab483ccbf35953334b94cd353cda193243c53bf63cc81fa665c408503a20e4dabd32b02a861281530276ab9f4dc50c7403ed869ac3e902c2e127014fe6b90f54439f7ae9c68ed486668e36d558600a9224d0bbae43493bf4558d20c1c1fde1a31c24d868dafbae9cfd32f75d40b2254b394b2524d4c4330d26ebb52822049c6b0add4c190db2017de63f6760120bcff5559657fbdcb1a2f1a6290df954f8bf829b766771eeb8d245e4857c4203d17fdd89559f68f0dc3c1392a3a34341f2953954c8de3b736a297c42f849683ba0fcf6a6add5b2a56fc2a6ab070293d1de58f99b475c69bb545f9f059a960c145217d0c5e54f436b42caaf2f1d1ef5f08ab0222690e5632dfc9f5f6aa7a3850fd58ef8396454662fb720bb1ecd85f98cf806af2587dc60228b7f7ff9716158adcad2e70e975fe714ea50c1fe947981663e58b1a87640e386d6dab160ad46d0c26caddb5b1cdba774f8b71c039eda4fe25d7ddaf37a5d7bceeda46f5fa904a26155a852d669c5f8ab3a264708ec57029fe0aa3cf94318acd08f3737f642be69e1ddf07211e85e824cdae489a0af093eba50f973266547f12cdbe337f3e5969ee8ff3afb55be101ee6f8865b84344970c435840d15333ecbb1faaa579ce9156535438293f6d1b64dda099a76a9c5b6dc7e7c49b649de4b55e4a6400b88d619ffb574b5425635a720b07f88e2ee52c744a25ebea7b9122686e24874d77b4c0aa6e764f8d39d08ceda7e3b389690ba082c73689ccde7acd03d56c8b826d0c39b17e91a5d7ca14805a63e32bfa29c2ec0be6c792b077fd265c70cc431205f2de0a9e5f4277539b5db28ab9f02c42949d4272ef798491397e8cf00c83bf2b0d0c4172a0b8fb1903f708a43de941a3357f93ec34630659596944c0b2c8d38bda47ba4d79c64ae2a7fedec95d352285ef7929512f12244018cc2250111615b17e77461aeb4e", 0x1000}], 0xffffffffffffffe6}, 0x4010) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r4, 0x84, 0x1a, &(0x7f00000002c0)={0x0, 0xfe, "2f3e2037c2c63ec61a1fcea388a8d5dbb3824f3074cb25ea0867c03a832cb7f0dca833a0feec9d2c60d267b747b4b884240cbf81f8ab3569cca69a98a890fbbe06654a5c96d3cd77987ef65c5eba603e753250956631c18dd18053d95e118b62c18c8e547f9e4f79382fc88e71873a3c73d89a170fc9d5dd0613b769d4373f6095012a2f27942c69e1b56dbfb8529ab8cb04447a0c0f5316cef08ee19080a476e2bc28459b74f7caa7d55fb91afbe8d7e9e169e19bdce7e46c4ecb883d8bfba8edd3e39a15d8595896490eedc63cdb0b9b15bd6cdb1f5eaf60a687b18642902dfe451eacbe1d5ebeaee2505ee2dc8562ccaee1b00b93937477cd0d32966d"}, &(0x7f0000000400)=0x106) getsockopt$inet_sctp_SCTP_MAXSEG(r3, 0x84, 0xd, &(0x7f0000000440)=@assoc_id=r5, &(0x7f0000000480)=0x4) [ 3584.917441][T23486] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3584.925853][T23486] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3584.933830][T23486] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3584.941831][T23486] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3584.949810][T23486] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3584.957781][T23486] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 02:20:49 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) [ 3585.023724][T23486] Bluetooth: Can't register HCI device [ 3585.123596][T23504] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:49 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) [ 3585.166685][ C0] net_ratelimit: 16 callbacks suppressed [ 3585.166692][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:20:49 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x244}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:49 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) [ 3585.377358][T23515] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:49 executing program 2 (fault-call:2 fault-nth:21): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:49 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c0006000000190015", 0x2b}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:49 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc)=0x8000000000000000, 0x1, 0x0, 0x0, 0x0, 0x0) [ 3585.488147][T23520] IPVS: ftp: loaded support on port[0] = 21 [ 3585.542579][T23521] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3585.604908][T23526] FAULT_INJECTION: forcing a failure. [ 3585.604908][T23526] name failslab, interval 1, probability 0, space 0, times 0 [ 3585.650726][T23526] CPU: 1 PID: 23526 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3585.659476][T23526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3585.659485][T23526] Call Trace: [ 3585.659518][T23526] dump_stack+0x172/0x1f0 [ 3585.659554][T23526] should_fail.cold+0xa/0x15 [ 3585.672928][T23526] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3585.672952][T23526] ? ___might_sleep+0x163/0x280 [ 3585.681875][T23526] __should_failslab+0x121/0x190 [ 3585.681896][T23526] should_failslab+0x9/0x14 [ 3585.681914][T23526] kmem_cache_alloc_trace+0x2d1/0x760 [ 3585.681929][T23526] ? rcu_read_lock_sched_held+0x110/0x130 [ 3585.681944][T23526] ? __kmalloc+0x5d5/0x740 [ 3585.681970][T23526] alloc_workqueue_attrs+0x82/0x120 [ 3585.681989][T23526] apply_wqattrs_prepare+0xbb/0x970 [ 3585.682017][T23526] apply_workqueue_attrs_locked+0xcb/0x140 [ 3585.692690][T23526] apply_workqueue_attrs+0x31/0x50 [ 3585.692710][T23526] alloc_workqueue+0x84c/0xe70 [ 3585.692737][T23526] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 3585.692760][T23526] ? __init_waitqueue_head+0x36/0x90 [ 3585.692786][T23526] hci_register_dev+0x209/0x860 [ 3585.692819][T23526] __vhci_create_device+0x2d0/0x5a0 [ 3585.702338][T23526] vhci_write+0x2d0/0x470 [ 3585.702361][T23526] new_sync_write+0x4c7/0x760 [ 3585.702382][T23526] ? default_llseek+0x2e0/0x2e0 [ 3585.702408][T23526] ? common_file_perm+0x238/0x720 [ 3585.713526][T23526] ? __fget+0x381/0x550 [ 3585.713552][T23526] ? apparmor_file_permission+0x25/0x30 [ 3585.713570][T23526] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3585.713594][T23526] ? security_file_permission+0x94/0x380 [ 3585.723199][T23526] __vfs_write+0xe4/0x110 [ 3585.723222][T23526] vfs_write+0x20c/0x580 [ 3585.723245][T23526] ksys_write+0xea/0x1f0 [ 3585.723273][T23526] ? __ia32_sys_read+0xb0/0xb0 [ 3585.723296][T23526] ? do_syscall_64+0x26/0x610 [ 3585.734294][T23526] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3585.734310][T23526] ? do_syscall_64+0x26/0x610 [ 3585.734335][T23526] __x64_sys_write+0x73/0xb0 [ 3585.734355][T23526] do_syscall_64+0x103/0x610 [ 3585.734373][T23526] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3585.734385][T23526] RIP: 0033:0x457f29 [ 3585.734401][T23526] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3585.734416][T23526] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3585.744281][T23526] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3585.744290][T23526] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3585.744298][T23526] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3585.744307][T23526] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3585.744317][T23526] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3585.793849][T23526] Bluetooth: Can't register HCI device 02:20:50 executing program 1: r0 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cachefiles\x00', 0x101001, 0x0) ioctl$EVIOCGBITSW(r0, 0x80404525, &(0x7f0000000140)=""/27) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000280)={r0}) getsockname$packet(r0, &(0x7f00000002c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) bind$bt_hci(r1, &(0x7f0000000340)={0x1f, r2, 0x3}, 0xc) r3 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r3, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r4 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r4, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3585.966636][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3585.972502][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3585.978453][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3585.984287][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3585.990220][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3585.996092][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3586.002011][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3586.007866][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:20:50 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x300}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:50 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x100, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffff9c, 0x84, 0xf, &(0x7f0000000280)={0x0, @in6={{0xa, 0x4e21, 0x40, @local, 0x20}}, 0x8, 0x800, 0x9, 0x1, 0x3218}, &(0x7f0000000140)=0x98) setsockopt$inet_sctp_SCTP_AUTH_KEY(r0, 0x84, 0x17, &(0x7f0000000340)={r1, 0xfffffffffffffffc, 0x8f, "ec82ff1c9b718be352d78b0e626c21540ec9e6fe58e216acd266a0070f73892c72d0e1401bc03056a33b075cfb537aee465382fbf5fd039c1c1980494a2e703fabf9bdbcb15b86e13605d1ed8dcae8e6fee39b1a1cb68f09a2f417b2c144d121d75f8f09083b4802c10952f62b90e4bdf2e614155a690a01716b911c703342bed24e83947d31cf1ab846a2e6b2e623"}, 0x97) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r2, &(0x7f0000000400)=ANY=[@ANYBLOB="bf806cd33df2c0303035608162d89c356d4e997345dd18f277409425c998bc77"], 0x2) r3 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r3, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:50 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) [ 3586.184392][T23541] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:50 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x384}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3586.326190][T23552] IPVS: ftp: loaded support on port[0] = 21 02:20:50 executing program 2 (fault-call:2 fault-nth:22): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:50 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c0006000000190015", 0x2b}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:50 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x3, 0x0, 0x0, 0x0, 0x0) [ 3586.540950][T23560] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3586.552909][T23562] FAULT_INJECTION: forcing a failure. [ 3586.552909][T23562] name failslab, interval 1, probability 0, space 0, times 0 [ 3586.587749][T23562] CPU: 0 PID: 23562 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3586.596462][T23562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3586.606538][T23562] Call Trace: [ 3586.609851][T23562] dump_stack+0x172/0x1f0 [ 3586.614203][T23562] should_fail.cold+0xa/0x15 [ 3586.618814][T23562] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3586.624668][T23562] ? ___might_sleep+0x163/0x280 [ 3586.624690][T23562] __should_failslab+0x121/0x190 [ 3586.624719][T23562] should_failslab+0x9/0x14 [ 3586.638993][T23562] kmem_cache_alloc_node+0x264/0x710 [ 3586.639024][T23562] alloc_unbound_pwq+0x4c5/0xcf0 [ 3586.639049][T23562] apply_wqattrs_prepare+0x35e/0x970 [ 3586.639078][T23562] apply_workqueue_attrs_locked+0xcb/0x140 [ 3586.639098][T23562] apply_workqueue_attrs+0x31/0x50 [ 3586.639116][T23562] alloc_workqueue+0x84c/0xe70 [ 3586.639141][T23562] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 3586.654631][T23562] ? __init_waitqueue_head+0x36/0x90 [ 3586.654659][T23562] hci_register_dev+0x209/0x860 [ 3586.654684][T23562] __vhci_create_device+0x2d0/0x5a0 [ 3586.654704][T23562] vhci_write+0x2d0/0x470 [ 3586.665613][T23562] new_sync_write+0x4c7/0x760 [ 3586.665634][T23562] ? default_llseek+0x2e0/0x2e0 [ 3586.665659][T23562] ? common_file_perm+0x238/0x720 [ 3586.665675][T23562] ? __fget+0x381/0x550 [ 3586.665696][T23562] ? apparmor_file_permission+0x25/0x30 [ 3586.681437][T23562] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3586.681458][T23562] ? security_file_permission+0x94/0x380 [ 3586.681480][T23562] __vfs_write+0xe4/0x110 [ 3586.681500][T23562] vfs_write+0x20c/0x580 [ 3586.695876][T23562] ksys_write+0xea/0x1f0 [ 3586.695897][T23562] ? __ia32_sys_read+0xb0/0xb0 [ 3586.695916][T23562] ? do_syscall_64+0x26/0x610 [ 3586.695938][T23562] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3586.705462][T23562] ? do_syscall_64+0x26/0x610 [ 3586.705487][T23562] __x64_sys_write+0x73/0xb0 [ 3586.705506][T23562] do_syscall_64+0x103/0x610 [ 3586.705527][T23562] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3586.720227][T23562] RIP: 0033:0x457f29 [ 3586.720244][T23562] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3586.720262][T23562] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3586.720278][T23562] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3586.720294][T23562] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3586.736481][T23562] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3586.736490][T23562] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3586.736499][T23562] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3586.769656][T23562] Bluetooth: Can't register HCI device 02:20:51 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x3b4}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:51 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:51 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) [ 3587.013840][T23572] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3587.210483][T23584] IPVS: ftp: loaded support on port[0] = 21 [ 3587.220195][T23582] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3587.246925][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:20:51 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x3f0}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:51 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75a", 0x40}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:51 executing program 2 (fault-call:2 fault-nth:23): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:51 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x4, 0x0, 0x0, 0x0, 0x0) [ 3587.494455][T23596] FAULT_INJECTION: forcing a failure. [ 3587.494455][T23596] name failslab, interval 1, probability 0, space 0, times 0 [ 3587.516797][T23596] CPU: 0 PID: 23596 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3587.525514][T23596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3587.536310][T23596] Call Trace: [ 3587.539661][T23596] dump_stack+0x172/0x1f0 [ 3587.544025][T23596] should_fail.cold+0xa/0x15 [ 3587.548637][T23596] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3587.554458][T23596] ? ___might_sleep+0x163/0x280 [ 3587.559321][T23596] __should_failslab+0x121/0x190 [ 3587.564275][T23596] should_failslab+0x9/0x14 [ 3587.568791][T23596] kmem_cache_alloc_node+0x264/0x710 [ 3587.574089][T23596] alloc_unbound_pwq+0x4c5/0xcf0 [ 3587.579045][T23596] apply_wqattrs_prepare+0x35e/0x970 [ 3587.584357][T23596] apply_workqueue_attrs_locked+0xcb/0x140 [ 3587.590172][T23596] apply_workqueue_attrs+0x31/0x50 [ 3587.595291][T23596] alloc_workqueue+0x84c/0xe70 [ 3587.600088][T23596] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 3587.605819][T23596] ? __init_waitqueue_head+0x36/0x90 [ 3587.611133][T23596] hci_register_dev+0x209/0x860 [ 3587.615992][T23596] __vhci_create_device+0x2d0/0x5a0 [ 3587.621209][T23596] vhci_write+0x2d0/0x470 [ 3587.625547][T23596] new_sync_write+0x4c7/0x760 [ 3587.630231][T23596] ? default_llseek+0x2e0/0x2e0 [ 3587.635102][T23596] ? common_file_perm+0x238/0x720 [ 3587.640309][T23596] ? __fget+0x381/0x550 [ 3587.644472][T23596] ? apparmor_file_permission+0x25/0x30 [ 3587.650021][T23596] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3587.656272][T23596] ? security_file_permission+0x94/0x380 [ 3587.661925][T23596] __vfs_write+0xe4/0x110 [ 3587.666272][T23596] vfs_write+0x20c/0x580 [ 3587.670528][T23596] ksys_write+0xea/0x1f0 [ 3587.674774][T23596] ? __ia32_sys_read+0xb0/0xb0 [ 3587.679544][T23596] ? do_syscall_64+0x26/0x610 [ 3587.684239][T23596] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3587.690323][T23596] ? do_syscall_64+0x26/0x610 [ 3587.695009][T23596] __x64_sys_write+0x73/0xb0 [ 3587.699607][T23596] do_syscall_64+0x103/0x610 [ 3587.704206][T23596] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3587.710121][T23596] RIP: 0033:0x457f29 [ 3587.714014][T23596] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3587.733628][T23596] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3587.742047][T23596] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3587.750020][T23596] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3587.757993][T23596] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3587.765967][T23596] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3587.773941][T23596] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3587.793289][T23594] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:52 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:20:52 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x3f2}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3587.893062][T23596] Bluetooth: Can't register HCI device [ 3588.012208][T23609] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:52 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x5, 0x10000) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000140)=0x1, 0x4) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r2, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x3aa116e30fd5123e}], 0x1000000000000048) [ 3588.077532][T23611] IPVS: ftp: loaded support on port[0] = 21 02:20:52 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000040)=0x208000000) ioctl$VHOST_GET_FEATURES(r0, 0x8008af00, &(0x7f0000000140)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r2, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:52 executing program 2 (fault-call:2 fault-nth:24): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:52 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75a", 0x40}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:52 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x3f6}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3588.507475][T23631] FAULT_INJECTION: forcing a failure. [ 3588.507475][T23631] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3588.520733][T23631] CPU: 1 PID: 23631 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3588.520744][T23631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3588.520751][T23631] Call Trace: [ 3588.520785][T23631] dump_stack+0x172/0x1f0 [ 3588.520819][T23631] should_fail.cold+0xa/0x15 [ 3588.520841][T23631] ? save_stack+0x45/0xd0 [ 3588.520863][T23631] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3588.520894][T23631] ? __lock_acquire+0x548/0x3fb0 [ 3588.539642][T23631] ? new_sync_write+0x4c7/0x760 [ 3588.539656][T23631] ? __vfs_write+0xe4/0x110 [ 3588.539670][T23631] ? vfs_write+0x20c/0x580 [ 3588.539685][T23631] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3588.539708][T23631] should_fail_alloc_page+0x50/0x60 [ 3588.539732][T23631] __alloc_pages_nodemask+0x1a1/0x7e0 [ 3588.547433][T23631] ? __alloc_pages_slowpath+0x2900/0x2900 [ 3588.547448][T23631] ? find_held_lock+0x35/0x130 [ 3588.547473][T23631] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3588.547495][T23631] cache_grow_begin+0x9c/0x860 [ 3588.547522][T23631] ? alloc_workqueue_attrs+0x82/0x120 [ 3588.556448][T23631] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3588.556471][T23631] kmem_cache_alloc_trace+0x67f/0x760 [ 3588.556486][T23631] ? rcu_read_lock_sched_held+0x110/0x130 [ 3588.556512][T23631] alloc_workqueue_attrs+0x82/0x120 [ 3588.556532][T23631] apply_wqattrs_prepare+0xbb/0x970 [ 3588.556559][T23631] apply_workqueue_attrs_locked+0xcb/0x140 [ 3588.567299][T23631] apply_workqueue_attrs+0x31/0x50 [ 3588.567316][T23631] alloc_workqueue+0x84c/0xe70 [ 3588.567339][T23631] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 3588.567363][T23631] ? __init_waitqueue_head+0x36/0x90 [ 3588.567389][T23631] hci_register_dev+0x1b8/0x860 [ 3588.587378][T23631] ? hci_init_sysfs+0x7c/0xa0 [ 3588.587404][T23631] __vhci_create_device+0x2d0/0x5a0 [ 3588.587424][T23631] vhci_write+0x2d0/0x470 [ 3588.587445][T23631] new_sync_write+0x4c7/0x760 [ 3588.587463][T23631] ? default_llseek+0x2e0/0x2e0 [ 3588.587488][T23631] ? common_file_perm+0x238/0x720 [ 3588.598051][T23631] ? __fget+0x381/0x550 [ 3588.598075][T23631] ? apparmor_file_permission+0x25/0x30 [ 3588.598092][T23631] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3588.598108][T23631] ? security_file_permission+0x94/0x380 [ 3588.598129][T23631] __vfs_write+0xe4/0x110 [ 3588.598153][T23631] vfs_write+0x20c/0x580 [ 3588.608729][T23631] ksys_write+0xea/0x1f0 [ 3588.608749][T23631] ? __ia32_sys_read+0xb0/0xb0 [ 3588.608767][T23631] ? do_syscall_64+0x26/0x610 [ 3588.608783][T23631] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3588.608804][T23631] ? do_syscall_64+0x26/0x610 [ 3588.608837][T23631] __x64_sys_write+0x73/0xb0 [ 3588.608855][T23631] do_syscall_64+0x103/0x610 [ 3588.608881][T23631] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3588.619477][T23631] RIP: 0033:0x457f29 [ 3588.619494][T23631] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 02:20:53 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x5, 0x0, 0x0, 0x0, 0x0) 02:20:53 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) [ 3588.619503][T23631] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3588.619517][T23631] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3588.619525][T23631] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3588.619533][T23631] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3588.619542][T23631] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3588.619550][T23631] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 02:20:53 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) set_tid_address(&(0x7f0000000280)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x7, 0x220100) ioctl$KVM_ASSIGN_SET_INTX_MASK(r2, 0x4040aea4, &(0x7f0000000140)={0x9, 0x38, 0x1, 0x4, 0x20000000000000}) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f00000002c0)={{{@in, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@initdev}, 0x0, @in6=@dev}}, &(0x7f00000003c0)=0xe8) lstat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fchown(r0, r3, r4) [ 3589.075613][T23651] IPVS: ftp: loaded support on port[0] = 21 02:20:53 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x3fa}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:53 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75a", 0x40}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:53 executing program 1: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x206040, 0x0) ioctl$HDIO_GETGEO(r0, 0x301, &(0x7f0000000140)) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r2, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:53 executing program 2 (fault-call:2 fault-nth:25): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3589.556392][T23673] FAULT_INJECTION: forcing a failure. [ 3589.556392][T23673] name failslab, interval 1, probability 0, space 0, times 0 [ 3589.587892][T23673] CPU: 1 PID: 23673 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3589.596608][T23673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3589.596615][T23673] Call Trace: [ 3589.596647][T23673] dump_stack+0x172/0x1f0 [ 3589.596678][T23673] should_fail.cold+0xa/0x15 [ 3589.596705][T23673] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3589.596731][T23673] ? ___might_sleep+0x163/0x280 [ 3589.596756][T23673] __should_failslab+0x121/0x190 [ 3589.596779][T23673] should_failslab+0x9/0x14 [ 3589.596808][T23673] __kmalloc_track_caller+0x2d8/0x740 [ 3589.596827][T23673] ? pointer+0x910/0x910 [ 3589.596849][T23673] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3589.596868][T23673] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3589.596884][T23673] ? kasprintf+0xbb/0xf0 [ 3589.596904][T23673] kvasprintf+0xc8/0x170 [ 3589.596922][T23673] ? bust_spinlocks+0xe0/0xe0 [ 3589.596950][T23673] ? retint_kernel+0x2d/0x2d [ 3589.596973][T23673] kasprintf+0xbb/0xf0 [ 3589.596992][T23673] ? kvasprintf_const+0x190/0x190 [ 3589.597026][T23673] ? kasan_check_read+0x11/0x20 [ 3589.629930][T23673] alloc_workqueue+0x442/0xe70 [ 3589.629959][T23673] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 3589.629988][T23673] ? retint_kernel+0x2d/0x2d [ 3589.630011][T23673] hci_register_dev+0x1b8/0x860 [ 3589.639454][T23673] __vhci_create_device+0x2d0/0x5a0 [ 3589.639475][T23673] vhci_write+0x2d0/0x470 [ 3589.639497][T23673] new_sync_write+0x4c7/0x760 [ 3589.639517][T23673] ? default_llseek+0x2e0/0x2e0 [ 3589.649142][T23673] ? common_file_perm+0x238/0x720 [ 3589.649160][T23673] ? __fget+0x381/0x550 [ 3589.649180][T23673] ? apparmor_file_permission+0x25/0x30 [ 3589.649197][T23673] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3589.649215][T23673] ? security_file_permission+0x94/0x380 [ 3589.649237][T23673] __vfs_write+0xe4/0x110 [ 3589.649267][T23673] vfs_write+0x20c/0x580 [ 3589.649289][T23673] ksys_write+0xea/0x1f0 [ 3589.649308][T23673] ? __ia32_sys_read+0xb0/0xb0 [ 3589.649335][T23673] __x64_sys_write+0x73/0xb0 [ 3589.649352][T23673] ? do_syscall_64+0x5b/0x610 [ 3589.649369][T23673] do_syscall_64+0x103/0x610 [ 3589.649391][T23673] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3589.649403][T23673] RIP: 0033:0x457f29 [ 3589.649419][T23673] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3589.649428][T23673] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3589.649443][T23673] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3589.649452][T23673] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3589.649462][T23673] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 02:20:54 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:20:54 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x6, 0x0, 0x0, 0x0, 0x0) 02:20:54 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="fb8059639fd2b94ce87e47b262e8b173e4eebd9706939a3613d2ded0774de03426e30a1764765e844f57f556169bf101d6ba78a832cc73173a16a157a7c3733d650c0d7c9cbdd9f05d21c58cba6ebd8b939f223a09aeb9dd9b53c7bb7581342227692948b25100f18721d0427acb59c41451f8a8490488202109c2d97b88d0e689dfd2e46c178bd7d860bec8fac4d5310eda0c7c521ce0ba8802b250368c6b"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3589.649471][T23673] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3589.649480][T23673] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 02:20:54 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x3fc}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3590.055971][T23688] IPVS: ftp: loaded support on port[0] = 21 [ 3590.142206][T23694] validate_nla: 3 callbacks suppressed [ 3590.142216][T23694] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:54 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x3fe}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:54 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8", 0x4b}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:54 executing program 2 (fault-call:2 fault-nth:26): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3590.477842][T23704] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3590.553416][T23706] FAULT_INJECTION: forcing a failure. [ 3590.553416][T23706] name failslab, interval 1, probability 0, space 0, times 0 [ 3590.597674][T23706] CPU: 1 PID: 23706 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3590.606407][T23706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3590.616482][T23706] Call Trace: [ 3590.619814][T23706] dump_stack+0x172/0x1f0 [ 3590.624174][T23706] should_fail.cold+0xa/0x15 [ 3590.628788][T23706] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3590.634628][T23706] ? ___might_sleep+0x163/0x280 [ 3590.639500][T23706] __should_failslab+0x121/0x190 [ 3590.644461][T23706] should_failslab+0x9/0x14 [ 3590.648976][T23706] __kmalloc_track_caller+0x2d8/0x740 [ 3590.654370][T23706] ? pointer+0x910/0x910 [ 3590.658619][T23706] ? mark_held_locks+0xa4/0xf0 [ 3590.663381][T23706] ? kasprintf+0xbb/0xf0 [ 3590.667614][T23706] kvasprintf+0xc8/0x170 [ 3590.671858][T23706] ? bust_spinlocks+0xe0/0xe0 [ 3590.676555][T23706] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3590.682132][T23706] kasprintf+0xbb/0xf0 [ 3590.686307][T23706] ? kvasprintf_const+0x190/0x190 [ 3590.691344][T23706] ? lockdep_register_key+0x158/0x490 [ 3590.696720][T23706] ? lockdep_register_key+0x214/0x490 [ 3590.702120][T23706] alloc_workqueue+0x442/0xe70 [ 3590.706918][T23706] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 3590.712684][T23706] hci_register_dev+0x1b8/0x860 [ 3590.717563][T23706] ? hci_init_sysfs+0x7c/0xa0 [ 3590.722274][T23706] __vhci_create_device+0x2d0/0x5a0 [ 3590.727490][T23706] vhci_write+0x2d0/0x470 [ 3590.731830][T23706] new_sync_write+0x4c7/0x760 [ 3590.736544][T23706] ? default_llseek+0x2e0/0x2e0 [ 3590.741595][T23706] ? retint_kernel+0x2d/0x2d [ 3590.746199][T23706] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3590.752464][T23706] ? security_file_permission+0x94/0x380 [ 3590.758118][T23706] __vfs_write+0xe4/0x110 [ 3590.762460][T23706] vfs_write+0x20c/0x580 [ 3590.766711][T23706] ksys_write+0xea/0x1f0 [ 3590.770963][T23706] ? __ia32_sys_read+0xb0/0xb0 [ 3590.775723][T23706] ? do_syscall_64+0x26/0x610 [ 3590.780400][T23706] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3590.786479][T23706] ? do_syscall_64+0x26/0x610 [ 3590.791187][T23706] __x64_sys_write+0x73/0xb0 [ 3590.795792][T23706] do_syscall_64+0x103/0x610 [ 3590.800401][T23706] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3590.806319][T23706] RIP: 0033:0x457f29 [ 3590.810202][T23706] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3590.829824][T23706] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3590.838240][T23706] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 02:20:55 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x500}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:55 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r1 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r1, 0x400, 0x1) fcntl$setown(r1, 0x8, 0x0) execveat(r1, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) [ 3590.846230][T23706] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3590.854207][T23706] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3590.862201][T23706] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3590.870194][T23706] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 02:20:55 executing program 1: r0 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vfio/vfio\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) ioctl$KVM_RUN(r0, 0xae80, 0x0) write$P9_RLERRORu(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r2, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:55 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x7, 0x0, 0x0, 0x0, 0x0) [ 3590.999011][T23715] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:55 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x600}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:55 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8", 0x4b}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:55 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x3ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:20:55 executing program 2 (fault-call:2 fault-nth:27): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3591.407405][ C0] net_ratelimit: 17 callbacks suppressed [ 3591.407443][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3591.526899][T23734] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:56 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r1 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r1, 0x400, 0x1) fcntl$setown(r1, 0x8, 0x0) execveat(r1, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) [ 3591.685668][T23739] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3591.698364][T23745] FAULT_INJECTION: forcing a failure. [ 3591.698364][T23745] name failslab, interval 1, probability 0, space 0, times 0 [ 3591.721564][T23745] CPU: 0 PID: 23745 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3591.730312][T23745] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3591.740394][T23745] Call Trace: [ 3591.743796][T23745] dump_stack+0x172/0x1f0 [ 3591.748157][T23745] should_fail.cold+0xa/0x15 [ 3591.748186][T23750] IPVS: ftp: loaded support on port[0] = 21 [ 3591.752773][T23745] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3591.752796][T23745] ? ___might_sleep+0x163/0x280 [ 3591.752817][T23745] __should_failslab+0x121/0x190 [ 3591.752837][T23745] should_failslab+0x9/0x14 [ 3591.752853][T23745] kmem_cache_alloc_node+0x264/0x710 [ 3591.752881][T23745] alloc_unbound_pwq+0x4c5/0xcf0 [ 3591.789095][T23745] apply_wqattrs_prepare+0x35e/0x970 [ 3591.794410][T23745] apply_workqueue_attrs_locked+0xcb/0x140 [ 3591.800241][T23745] apply_workqueue_attrs+0x31/0x50 [ 3591.805393][T23745] alloc_workqueue+0x84c/0xe70 [ 3591.810189][T23745] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 3591.815941][T23745] ? __init_waitqueue_head+0x36/0x90 [ 3591.821243][T23745] hci_register_dev+0x209/0x860 [ 3591.826247][T23745] __vhci_create_device+0x2d0/0x5a0 [ 3591.831476][T23745] vhci_write+0x2d0/0x470 [ 3591.835812][T23745] new_sync_write+0x4c7/0x760 [ 3591.840514][T23745] ? default_llseek+0x2e0/0x2e0 [ 3591.845361][T23745] ? retint_kernel+0x2d/0x2d [ 3591.850005][T23745] ? common_file_perm+0x238/0x720 [ 3591.855071][T23745] ? apparmor_file_permission+0x25/0x30 [ 3591.860624][T23745] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3591.866862][T23745] ? security_file_permission+0x94/0x380 [ 3591.872595][T23745] __vfs_write+0xe4/0x110 [ 3591.876945][T23745] vfs_write+0x20c/0x580 [ 3591.881192][T23745] ksys_write+0xea/0x1f0 [ 3591.885436][T23745] ? __ia32_sys_read+0xb0/0xb0 [ 3591.892073][T23745] ? do_syscall_64+0x26/0x610 [ 3591.896757][T23745] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3591.902820][T23745] ? do_syscall_64+0x26/0x610 [ 3591.907502][T23745] __x64_sys_write+0x73/0xb0 [ 3591.912094][T23745] do_syscall_64+0x103/0x610 [ 3591.916968][T23745] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3591.922868][T23745] RIP: 0033:0x457f29 [ 3591.926749][T23745] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3591.946528][T23745] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3591.955052][T23745] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3591.963021][T23745] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3591.971023][T23745] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3591.978992][T23745] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 02:20:56 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x602}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3591.986967][T23745] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3592.004547][T23745] Bluetooth: Can't register HCI device 02:20:56 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x8, 0x0, 0x0, 0x0, 0x0) [ 3592.093664][T23754] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3592.206602][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3592.212475][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3592.218424][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3592.224232][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3592.230140][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3592.235925][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3592.242133][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3592.247967][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:20:56 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x61d}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:56 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8", 0x4b}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:56 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r1 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r1, 0x400, 0x1) fcntl$setown(r1, 0x8, 0x0) execveat(r1, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:20:56 executing program 2 (fault-call:2 fault-nth:28): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3592.445543][T23766] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:56 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$amidi(&(0x7f00000000c0)='/dev/amidi#\x00', 0x3, 0x4000) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000140)='-proc\x95selfkeyring}posix_acl_accessvmnet0GPL\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="ac61fda57fdc9750ece78022f3f8318dabe2a79d973cc882140a0dc579287a3946542cd7d188dd23f4d5510cf7411e0d8d5335bdfaf9090831d170b815b14a42dfa6330f3fa350d581360cf06a2e673d36a752f790186cf9372069b0a36d0f365a236ae493efa75077bd01a5ad804a294937"], 0x2) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r2, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x1, 0x4002) [ 3592.601373][T23777] FAULT_INJECTION: forcing a failure. [ 3592.601373][T23777] name failslab, interval 1, probability 0, space 0, times 0 [ 3592.617786][T23777] CPU: 1 PID: 23777 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3592.627044][T23777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3592.637122][T23777] Call Trace: [ 3592.640454][T23777] dump_stack+0x172/0x1f0 [ 3592.644840][T23777] should_fail.cold+0xa/0x15 [ 3592.649472][T23777] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3592.655312][T23777] ? ___might_sleep+0x163/0x280 [ 3592.660174][T23777] __should_failslab+0x121/0x190 [ 3592.665128][T23777] should_failslab+0x9/0x14 [ 3592.669650][T23777] kmem_cache_alloc+0x2b2/0x6f0 [ 3592.674510][T23777] ? lookup_one_len+0x10e/0x1a0 [ 3592.679369][T23777] alloc_inode+0xb8/0x190 [ 3592.683722][T23777] new_inode_pseudo+0x19/0xf0 [ 3592.688414][T23777] new_inode+0x1f/0x40 [ 3592.692544][T23777] debugfs_get_inode+0x1a/0x130 [ 3592.697400][T23777] debugfs_create_dir+0x7a/0x3d0 [ 3592.702356][T23777] hci_register_dev+0x299/0x860 [ 3592.707228][T23777] __vhci_create_device+0x2d0/0x5a0 [ 3592.712455][T23777] vhci_write+0x2d0/0x470 [ 3592.716820][T23777] new_sync_write+0x4c7/0x760 [ 3592.721518][T23777] ? default_llseek+0x2e0/0x2e0 [ 3592.726393][T23777] ? common_file_perm+0x238/0x720 [ 3592.731433][T23777] ? __fget+0x381/0x550 [ 3592.735610][T23777] ? apparmor_file_permission+0x25/0x30 [ 3592.741176][T23777] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3592.747433][T23777] ? security_file_permission+0x94/0x380 [ 3592.753083][T23777] __vfs_write+0xe4/0x110 [ 3592.757428][T23777] vfs_write+0x20c/0x580 [ 3592.761696][T23777] ksys_write+0xea/0x1f0 [ 3592.765957][T23777] ? __ia32_sys_read+0xb0/0xb0 [ 3592.770735][T23777] ? do_syscall_64+0x26/0x610 [ 3592.775435][T23777] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3592.781520][T23777] ? do_syscall_64+0x26/0x610 [ 3592.786220][T23777] __x64_sys_write+0x73/0xb0 [ 3592.790843][T23777] do_syscall_64+0x103/0x610 [ 3592.795457][T23777] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3592.801357][T23777] RIP: 0033:0x457f29 [ 3592.805272][T23777] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3592.824889][T23777] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3592.833499][T23777] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3592.841490][T23777] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3592.849489][T23777] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3592.849499][T23777] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3592.849508][T23777] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 02:20:57 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) [ 3592.949684][T23787] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:57 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x700}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:57 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x9, 0x0, 0x0, 0x0, 0x0) [ 3593.057744][T23790] IPVS: ftp: loaded support on port[0] = 21 [ 3593.180309][T23796] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:20:57 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060c", 0x50}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:57 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x900}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:57 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:20:57 executing program 2 (fault-call:2 fault-nth:29): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3593.473395][T23808] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3593.486608][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3593.512351][T23812] FAULT_INJECTION: forcing a failure. [ 3593.512351][T23812] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3593.525961][T23812] CPU: 1 PID: 23812 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3593.535625][T23812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3593.545701][T23812] Call Trace: [ 3593.549021][T23812] dump_stack+0x172/0x1f0 [ 3593.553383][T23812] should_fail.cold+0xa/0x15 [ 3593.558007][T23812] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3593.563827][T23812] ? __lock_acquire+0x548/0x3fb0 [ 3593.568771][T23812] ? alloc_workqueue+0x84c/0xe70 [ 3593.573714][T23812] ? hci_register_dev+0x209/0x860 [ 3593.578831][T23812] ? __vhci_create_device+0x2d0/0x5a0 [ 3593.584210][T23812] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3593.590465][T23812] should_fail_alloc_page+0x50/0x60 [ 3593.595681][T23812] __alloc_pages_nodemask+0x1a1/0x7e0 [ 3593.601077][T23812] ? __alloc_pages_slowpath+0x2900/0x2900 [ 3593.606808][T23812] ? find_held_lock+0x35/0x130 [ 3593.611701][T23812] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3593.617518][T23812] cache_grow_begin+0x9c/0x860 [ 3593.622292][T23812] ? alloc_unbound_pwq+0x4c5/0xcf0 [ 3593.627409][T23812] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3593.633744][T23812] kmem_cache_alloc_node+0x645/0x710 [ 3593.639061][T23812] alloc_unbound_pwq+0x4c5/0xcf0 [ 3593.644103][T23812] apply_wqattrs_prepare+0x35e/0x970 [ 3593.649407][T23812] apply_workqueue_attrs_locked+0xcb/0x140 [ 3593.655218][T23812] apply_workqueue_attrs+0x31/0x50 [ 3593.660343][T23812] alloc_workqueue+0x84c/0xe70 [ 3593.665119][T23812] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 3593.670852][T23812] ? __init_waitqueue_head+0x36/0x90 [ 3593.676151][T23812] hci_register_dev+0x209/0x860 [ 3593.681024][T23812] __vhci_create_device+0x2d0/0x5a0 [ 3593.686230][T23812] vhci_write+0x2d0/0x470 [ 3593.690581][T23812] new_sync_write+0x4c7/0x760 [ 3593.695294][T23812] ? default_llseek+0x2e0/0x2e0 [ 3593.700163][T23812] ? common_file_perm+0x238/0x720 [ 3593.705193][T23812] ? __fget+0x381/0x550 [ 3593.709374][T23812] ? apparmor_file_permission+0x25/0x30 [ 3593.714924][T23812] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3593.721176][T23812] ? security_file_permission+0x94/0x380 [ 3593.726828][T23812] __vfs_write+0xe4/0x110 [ 3593.731187][T23812] vfs_write+0x20c/0x580 [ 3593.735441][T23812] ksys_write+0xea/0x1f0 [ 3593.739724][T23812] ? __ia32_sys_read+0xb0/0xb0 [ 3593.744513][T23812] ? do_syscall_64+0x26/0x610 [ 3593.749194][T23812] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3593.755273][T23812] ? do_syscall_64+0x26/0x610 [ 3593.759963][T23812] __x64_sys_write+0x73/0xb0 [ 3593.764564][T23812] do_syscall_64+0x103/0x610 [ 3593.769162][T23812] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3593.775052][T23812] RIP: 0033:0x457f29 [ 3593.778948][T23812] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3593.798992][T23812] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3593.807410][T23812] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3593.815493][T23812] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 02:20:58 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000440)='/proc/capi/capi20\x00', 0x80, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r1, 0xc0bc5351, &(0x7f0000000280)={0x9, 0x0, 'client1\x00', 0xffffffff80000002, "41a41c4bf8073367", "2049ea979b43cdfeabd82cde302ec97e374f5f4c2ecd70149cd802636a1b5624", 0x81, 0x5}) ioctl$KVM_GET_XCRS(r1, 0x8188aea6, &(0x7f0000000140)={0x2, 0x80, [{0x7, 0x0, 0x8}, {0xb34, 0x0, 0x6}]}) ioctl$EVIOCGPHYS(r1, 0x80404507, &(0x7f0000000380)=""/107) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="ff982d1389"], 0x2) write$apparmor_current(r1, &(0x7f00000000c0)=@profile={'stack ', '\x8f\x00'}, 0x8) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) ioctl$GIO_FONTX(r1, 0x4b6b, &(0x7f0000000340)=""/64) open(&(0x7f0000000400)='./file0\x00', 0x300, 0x82) readv(r2, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x3) [ 3593.823468][T23812] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3593.831442][T23812] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3593.839414][T23812] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3593.854819][T23814] IPVS: ftp: loaded support on port[0] = 21 02:20:58 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0xa00}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:58 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xa, 0x0, 0x0, 0x0, 0x0) 02:20:58 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060c", 0x50}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:58 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0xa01}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:58 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:20:58 executing program 2 (fault-call:2 fault-nth:30): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3594.454219][T23841] IPVS: ftp: loaded support on port[0] = 21 [ 3594.482329][T23843] FAULT_INJECTION: forcing a failure. [ 3594.482329][T23843] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3594.495583][T23843] CPU: 0 PID: 23843 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3594.504272][T23843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3594.504280][T23843] Call Trace: [ 3594.504319][T23843] dump_stack+0x172/0x1f0 [ 3594.504347][T23843] should_fail.cold+0xa/0x15 [ 3594.504373][T23843] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3594.504399][T23843] ? __lock_acquire+0x548/0x3fb0 [ 3594.522121][T23843] should_fail_alloc_page+0x50/0x60 [ 3594.522142][T23843] __alloc_pages_nodemask+0x1a1/0x7e0 [ 3594.522166][T23843] ? __alloc_pages_slowpath+0x2900/0x2900 [ 3594.522182][T23843] ? find_held_lock+0x35/0x130 [ 3594.522206][T23843] ? kasan_check_write+0x14/0x20 [ 3594.522229][T23843] cache_grow_begin+0x9c/0x860 [ 3594.532661][T23843] ? kasan_check_read+0x11/0x20 [ 3594.532682][T23843] ? do_raw_spin_unlock+0x57/0x270 [ 3594.532703][T23843] ____cache_alloc_node+0x17c/0x1e0 [ 3594.532720][T23843] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3594.532741][T23843] __kmalloc_track_caller+0x215/0x740 [ 3594.532758][T23843] ? pointer+0x910/0x910 [ 3594.532779][T23843] ? set_precision+0x180/0x180 [ 3594.542928][T23843] ? kasprintf+0xbb/0xf0 [ 3594.542949][T23843] kvasprintf+0xc8/0x170 [ 3594.542966][T23843] ? bust_spinlocks+0xe0/0xe0 [ 3594.542991][T23843] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3594.543008][T23843] ? find_next_bit+0x107/0x130 [ 3594.543033][T23843] kasprintf+0xbb/0xf0 [ 3594.554249][T23843] ? kvasprintf_const+0x190/0x190 [ 3594.554291][T23843] ? kasan_check_read+0x11/0x20 [ 3594.554324][T23843] alloc_workqueue+0x442/0xe70 [ 3594.554349][T23843] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 3594.554373][T23843] ? __init_waitqueue_head+0x36/0x90 [ 3594.564079][T23843] hci_register_dev+0x209/0x860 [ 3594.564107][T23843] __vhci_create_device+0x2d0/0x5a0 [ 3594.564128][T23843] vhci_write+0x2d0/0x470 [ 3594.564151][T23843] new_sync_write+0x4c7/0x760 [ 3594.564177][T23843] ? default_llseek+0x2e0/0x2e0 [ 3594.573790][T23843] ? common_file_perm+0x238/0x720 [ 3594.573807][T23843] ? __fget+0x381/0x550 [ 3594.573829][T23843] ? apparmor_file_permission+0x25/0x30 [ 3594.573848][T23843] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3594.573867][T23843] ? security_file_permission+0x94/0x380 [ 3594.573887][T23843] __vfs_write+0xe4/0x110 [ 3594.573908][T23843] vfs_write+0x20c/0x580 [ 3594.584213][T23843] ksys_write+0xea/0x1f0 [ 3594.584235][T23843] ? __ia32_sys_read+0xb0/0xb0 [ 3594.584265][T23843] ? do_syscall_64+0x26/0x610 [ 3594.584283][T23843] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3594.584304][T23843] ? do_syscall_64+0x26/0x610 [ 3594.584334][T23843] __x64_sys_write+0x73/0xb0 [ 3594.595959][T23843] do_syscall_64+0x103/0x610 [ 3594.595982][T23843] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3594.595995][T23843] RIP: 0033:0x457f29 [ 3594.596012][T23843] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3594.596021][T23843] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3594.596036][T23843] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 02:20:59 executing program 1: r0 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x0, 0x2) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm-monitor\x00', 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r1, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$nfc_llcp(r1, &(0x7f0000000280)={0x27, 0x1, 0x2, 0x6, 0x10000, 0x6, "e77ce3a0f049e74e99338d323d9357eb2286a5d80011cf69ec091578f7c8eb810c0ad6fc63022e34bcf26852dc2421cb591c96cdf4a237f34cdbdb0884932a", 0x22}, 0x60) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="f4b4"], 0x2) ioctl$SIOCAX25DELFWD(r0, 0x89eb, &(0x7f0000000340)={@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast}) setsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, &(0x7f0000000300)=0x2, 0x4) r3 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r3, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3594.596045][T23843] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3594.596060][T23843] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3594.605066][T23843] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3594.605076][T23843] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 02:20:59 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) pipe2(&(0x7f0000000040), 0x0) 02:20:59 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xb, 0x0, 0x0, 0x0, 0x0) 02:20:59 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0xb00}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:20:59 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060c", 0x50}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:20:59 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:20:59 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) fcntl$dupfd(r1, 0x406, r0) write$P9_RLERRORu(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="5ba0ab74a548fa0e03d04a11cfae1ac3e81fd3ee27fe26ac1f205b64ef03e1047639f1bb10d4cff8a844e107484951b8615ed940a9b83f556a1eb6f157996bc5ea79e8559c90a718816f592872f5ec5941a9daec18cc3a6cac25ce4d0c91efa67ac5172a6a674bc4f5f5a7222c16"], 0x2) r2 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vsock\x00', 0x501240, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r2, 0x894b, &(0x7f0000000280)) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000380)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_STATS(r2, &(0x7f0000000440)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000800}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x1c, r3, 0x208, 0x70bd27, 0x25dfdbfd, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x4000840) fadvise64(r1, 0x0, 0x2, 0x7) openat$vhci(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhci\x00', 0x48000) readv(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) fgetxattr(0xffffffffffffffff, &(0x7f00000000c0)=@known='trusted.syz\x00', &(0x7f0000000340)=""/9, 0x9) 02:20:59 executing program 2 (fault-call:2 fault-nth:31): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3595.343072][T23876] validate_nla: 2 callbacks suppressed [ 3595.343084][T23876] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3595.415494][T23886] FAULT_INJECTION: forcing a failure. [ 3595.415494][T23886] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3595.428761][T23886] CPU: 1 PID: 23886 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3595.437496][T23886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3595.447580][T23886] Call Trace: [ 3595.450907][T23886] dump_stack+0x172/0x1f0 [ 3595.456148][T23886] should_fail.cold+0xa/0x15 [ 3595.460768][T23886] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3595.460800][T23886] ? __lock_acquire+0x548/0x3fb0 [ 3595.460834][T23886] should_fail_alloc_page+0x50/0x60 [ 3595.460856][T23886] __alloc_pages_nodemask+0x1a1/0x7e0 [ 3595.460883][T23886] ? __alloc_pages_slowpath+0x2900/0x2900 [ 3595.460903][T23886] ? find_held_lock+0x35/0x130 [ 3595.482223][T23886] ? kasan_check_write+0x14/0x20 [ 3595.482251][T23886] cache_grow_begin+0x9c/0x860 [ 3595.482281][T23886] ? kasan_check_read+0x11/0x20 [ 3595.482299][T23886] ? do_raw_spin_unlock+0x57/0x270 [ 3595.482319][T23886] ____cache_alloc_node+0x17c/0x1e0 [ 3595.482342][T23886] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3595.502628][T23886] __kmalloc_track_caller+0x215/0x740 [ 3595.502647][T23886] ? pointer+0x910/0x910 [ 3595.502666][T23886] ? kasprintf+0xbb/0xf0 [ 3595.502688][T23886] kvasprintf+0xc8/0x170 [ 3595.524267][T23886] ? bust_spinlocks+0xe0/0xe0 [ 3595.524292][T23886] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3595.524314][T23886] kasprintf+0xbb/0xf0 [ 3595.524327][T23886] ? kvasprintf_const+0x190/0x190 02:20:59 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x40, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f0000000140)=ANY=[@ANYBLOB="ff809db47ec656d2e5160dbc9a5a332fc86679990553780e7592fb361fc8d5dbfc54938e341239be42b81fb40a351e911b1b585d01ff0c4151515a7265"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3595.524346][T23886] ? lockdep_register_key+0x158/0x490 [ 3595.524372][T23886] ? lockdep_register_key+0x214/0x490 [ 3595.534595][T23886] alloc_workqueue+0x442/0xe70 [ 3595.547742][T23886] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 3595.547770][T23886] ? __init_waitqueue_head+0x36/0x90 [ 3595.547829][T23886] hci_register_dev+0x209/0x860 [ 3595.547853][T23886] __vhci_create_device+0x2d0/0x5a0 [ 3595.547872][T23886] vhci_write+0x2d0/0x470 [ 3595.547895][T23886] new_sync_write+0x4c7/0x760 [ 3595.562443][T23886] ? default_llseek+0x2e0/0x2e0 [ 3595.562471][T23886] ? common_file_perm+0x238/0x720 [ 3595.562488][T23886] ? __fget+0x381/0x550 [ 3595.562509][T23886] ? apparmor_file_permission+0x25/0x30 [ 3595.562527][T23886] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3595.562546][T23886] ? security_file_permission+0x94/0x380 [ 3595.562569][T23886] __vfs_write+0xe4/0x110 [ 3595.578062][T23886] vfs_write+0x20c/0x580 [ 3595.578087][T23886] ksys_write+0xea/0x1f0 [ 3595.578108][T23886] ? __ia32_sys_read+0xb0/0xb0 [ 3595.578126][T23886] ? do_syscall_64+0x26/0x610 [ 3595.578142][T23886] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3595.578156][T23886] ? do_syscall_64+0x26/0x610 [ 3595.578178][T23886] __x64_sys_write+0x73/0xb0 [ 3595.578198][T23886] do_syscall_64+0x103/0x610 [ 3595.589203][T23886] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3595.589218][T23886] RIP: 0033:0x457f29 [ 3595.589235][T23886] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3595.589244][T23886] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3595.589268][T23886] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3595.589278][T23886] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3595.589287][T23886] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3595.589296][T23886] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3595.589306][T23886] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3595.699705][T23892] IPVS: ftp: loaded support on port[0] = 21 [ 3595.934072][T23876] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:21:00 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x0, 0x0, 0x0, 0x0) 02:21:00 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab", 0x53}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:21:00 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0x3, 0x2) epoll_pwait(r1, &(0x7f0000000140)=[{}, {}, {}], 0x3, 0xff, &(0x7f0000000280), 0x8) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r2, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:21:00 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0xc00}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:21:00 executing program 2 (fault-call:2 fault-nth:32): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3596.328702][T23916] FAULT_INJECTION: forcing a failure. [ 3596.328702][T23916] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3596.341952][T23916] CPU: 1 PID: 23916 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3596.341965][T23916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3596.341971][T23916] Call Trace: [ 3596.342000][T23916] dump_stack+0x172/0x1f0 [ 3596.342027][T23916] should_fail.cold+0xa/0x15 [ 3596.342051][T23916] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3596.342074][T23916] ? __lock_acquire+0x548/0x3fb0 [ 3596.342096][T23916] ? alloc_workqueue+0x84c/0xe70 [ 3596.342116][T23916] ? hci_register_dev+0x209/0x860 [ 3596.342137][T23916] ? __vhci_create_device+0x2d0/0x5a0 [ 3596.342156][T23916] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3596.342182][T23916] should_fail_alloc_page+0x50/0x60 [ 3596.342204][T23916] __alloc_pages_nodemask+0x1a1/0x7e0 [ 3596.342231][T23916] ? __alloc_pages_slowpath+0x2900/0x2900 [ 3596.342245][T23916] ? find_held_lock+0x35/0x130 [ 3596.342288][T23916] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3596.342315][T23916] cache_grow_begin+0x9c/0x860 [ 3596.342336][T23916] ? alloc_unbound_pwq+0x4c5/0xcf0 [ 3596.342357][T23916] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3596.342382][T23916] kmem_cache_alloc_node+0x645/0x710 [ 3596.342416][T23916] alloc_unbound_pwq+0x4c5/0xcf0 [ 3596.342446][T23916] apply_wqattrs_prepare+0x35e/0x970 [ 3596.342477][T23916] apply_workqueue_attrs_locked+0xcb/0x140 [ 3596.342501][T23916] apply_workqueue_attrs+0x31/0x50 [ 3596.342523][T23916] alloc_workqueue+0x84c/0xe70 [ 3596.342563][T23916] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 3596.379312][T23916] ? __init_waitqueue_head+0x36/0x90 [ 3596.379339][T23916] hci_register_dev+0x209/0x860 [ 3596.379365][T23916] __vhci_create_device+0x2d0/0x5a0 [ 3596.379385][T23916] vhci_write+0x2d0/0x470 [ 3596.379407][T23916] new_sync_write+0x4c7/0x760 [ 3596.379426][T23916] ? default_llseek+0x2e0/0x2e0 [ 3596.379452][T23916] ? common_file_perm+0x238/0x720 [ 3596.379468][T23916] ? __fget+0x381/0x550 [ 3596.379495][T23916] ? apparmor_file_permission+0x25/0x30 [ 3596.394390][T23916] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3596.394410][T23916] ? security_file_permission+0x94/0x380 [ 3596.394434][T23916] __vfs_write+0xe4/0x110 [ 3596.394454][T23916] vfs_write+0x20c/0x580 [ 3596.438581][T23916] ksys_write+0xea/0x1f0 [ 3596.438601][T23916] ? __ia32_sys_read+0xb0/0xb0 [ 3596.438618][T23916] ? do_syscall_64+0x26/0x610 [ 3596.438633][T23916] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3596.438647][T23916] ? do_syscall_64+0x26/0x610 [ 3596.438668][T23916] __x64_sys_write+0x73/0xb0 [ 3596.438685][T23916] do_syscall_64+0x103/0x610 [ 3596.438703][T23916] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3596.438716][T23916] RIP: 0033:0x457f29 [ 3596.438734][T23916] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3596.438742][T23916] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3596.438755][T23916] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3596.438764][T23916] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3596.438772][T23916] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3596.438780][T23916] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3596.438789][T23916] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 02:21:01 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20ncci\x00', 0x101201, 0x0) write$vhci(r0, &(0x7f0000000140)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r2, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3596.698207][T23914] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:21:01 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) r2 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video0\x00', 0x2, 0x0) ioctl$VIDIOC_G_MODULATOR(r2, 0xc0445636, &(0x7f0000000280)={0x80000001, "1ea255015921b73c444acde75ccb794f318cbfbcadf48abc827723632315f444", 0x21, 0x2, 0xfffffffffffffff9, 0x18, 0x7}) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:21:01 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xfffffff2, 0x0, 0x0, 0x0, 0x0) [ 3596.940332][T23914] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3597.646579][ C0] net_ratelimit: 17 callbacks suppressed [ 3597.646585][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:21:02 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:21:02 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab", 0x53}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:21:02 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0xe00}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:21:02 executing program 2 (fault-call:2 fault-nth:33): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:21:02 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="13bd8344298e3fff77ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:21:02 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x1, 0x8000000000000000, 0x0, 0x0, 0x0) [ 3598.421376][T23946] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3598.422347][T23954] FAULT_INJECTION: forcing a failure. [ 3598.422347][T23954] name failslab, interval 1, probability 0, space 0, times 0 [ 3598.451704][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3598.457631][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3598.464665][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3598.471003][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3598.477822][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3598.484043][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3598.490913][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3598.497344][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3598.510798][T23954] CPU: 0 PID: 23954 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3598.519506][T23954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3598.529564][T23954] Call Trace: [ 3598.529590][T23954] dump_stack+0x172/0x1f0 [ 3598.529613][T23954] should_fail.cold+0xa/0x15 [ 3598.529631][T23954] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3598.529652][T23954] ? ___might_sleep+0x163/0x280 [ 3598.529673][T23954] __should_failslab+0x121/0x190 [ 3598.529695][T23954] should_failslab+0x9/0x14 [ 3598.562015][T23954] kmem_cache_alloc_trace+0x2d1/0x760 [ 3598.564862][T23960] IPVS: ftp: loaded support on port[0] = 21 [ 3598.567401][T23954] ? rcu_read_lock_sched_held+0x110/0x130 [ 3598.567419][T23954] ? __kmalloc+0x5d5/0x740 [ 3598.567445][T23954] alloc_workqueue_attrs+0x82/0x120 [ 3598.567463][T23954] alloc_workqueue+0x166/0xe70 [ 3598.567487][T23954] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 3598.567510][T23954] ? scnprintf+0x140/0x140 [ 3598.603760][T23954] ? __init_waitqueue_head+0x36/0x90 [ 3598.609068][T23954] hci_register_dev+0x1b8/0x860 [ 3598.609086][T23954] ? hci_init_sysfs+0x7c/0xa0 [ 3598.609112][T23954] __vhci_create_device+0x2d0/0x5a0 [ 3598.609131][T23954] vhci_write+0x2d0/0x470 [ 3598.609155][T23954] new_sync_write+0x4c7/0x760 [ 3598.618678][T23954] ? default_llseek+0x2e0/0x2e0 [ 3598.618704][T23954] ? common_file_perm+0x238/0x720 [ 3598.618720][T23954] ? __fget+0x381/0x550 [ 3598.618741][T23954] ? apparmor_file_permission+0x25/0x30 [ 3598.618759][T23954] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3598.618782][T23954] ? security_file_permission+0x94/0x380 [ 3598.628323][T23954] __vfs_write+0xe4/0x110 [ 3598.628345][T23954] vfs_write+0x20c/0x580 [ 3598.628368][T23954] ksys_write+0xea/0x1f0 [ 3598.628389][T23954] ? __ia32_sys_read+0xb0/0xb0 [ 3598.628408][T23954] ? do_syscall_64+0x26/0x610 [ 3598.628423][T23954] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3598.628436][T23954] ? do_syscall_64+0x26/0x610 [ 3598.628457][T23954] __x64_sys_write+0x73/0xb0 [ 3598.628474][T23954] do_syscall_64+0x103/0x610 [ 3598.628493][T23954] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3598.628505][T23954] RIP: 0033:0x457f29 [ 3598.628521][T23954] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3598.628528][T23954] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3598.628543][T23954] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3598.628551][T23954] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3598.628559][T23954] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3598.628568][T23954] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3598.628577][T23954] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3598.638776][T23954] Bluetooth: Can't register HCI device 02:21:03 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0xf23}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3598.923376][T23965] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3599.028268][T23966] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:21:03 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x1100}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:21:03 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab", 0x53}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 3599.174341][T23969] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:21:03 executing program 2 (fault-call:2 fault-nth:34): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:21:03 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x8000000000000000) 02:21:03 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x0, 0x0) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3599.361858][T23981] FAULT_INJECTION: forcing a failure. [ 3599.361858][T23981] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3599.375108][T23981] CPU: 1 PID: 23981 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3599.383804][T23981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3599.393880][T23981] Call Trace: [ 3599.397195][T23981] dump_stack+0x172/0x1f0 [ 3599.401550][T23981] should_fail.cold+0xa/0x15 [ 3599.406160][T23981] ? do_syscall_64+0x103/0x610 [ 3599.411141][T23981] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3599.416964][T23981] ? __lock_acquire+0x548/0x3fb0 [ 3599.421917][T23981] should_fail_alloc_page+0x50/0x60 [ 3599.427138][T23981] __alloc_pages_nodemask+0x1a1/0x7e0 [ 3599.432534][T23981] ? __alloc_pages_slowpath+0x2900/0x2900 [ 3599.438293][T23981] ? find_held_lock+0x35/0x130 [ 3599.443074][T23981] ? kasan_check_write+0x14/0x20 [ 3599.448032][T23981] cache_grow_begin+0x9c/0x860 [ 3599.452811][T23981] ? kasan_check_read+0x11/0x20 [ 3599.452831][T23981] ? do_raw_spin_unlock+0x57/0x270 [ 3599.452853][T23981] ____cache_alloc_node+0x17c/0x1e0 [ 3599.468010][T23981] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3599.468035][T23981] kmem_cache_alloc_trace+0x217/0x760 [ 3599.468145][T23981] device_add+0xfdc/0x18a0 [ 3599.468165][T23981] ? device_initialize+0x440/0x440 [ 3599.468187][T23981] ? get_device_parent.isra.0+0x570/0x570 [ 3599.468213][T23981] hci_register_dev+0x2e8/0x860 [ 3599.468238][T23981] __vhci_create_device+0x2d0/0x5a0 [ 3599.484294][T23981] vhci_write+0x2d0/0x470 [ 3599.484319][T23981] new_sync_write+0x4c7/0x760 [ 3599.484339][T23981] ? default_llseek+0x2e0/0x2e0 [ 3599.484365][T23981] ? common_file_perm+0x238/0x720 [ 3599.484386][T23981] ? __fget+0x381/0x550 [ 3599.495367][T23981] ? apparmor_file_permission+0x25/0x30 [ 3599.495384][T23981] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3599.495402][T23981] ? security_file_permission+0x94/0x380 [ 3599.495423][T23981] __vfs_write+0xe4/0x110 [ 3599.495444][T23981] vfs_write+0x20c/0x580 [ 3599.495466][T23981] ksys_write+0xea/0x1f0 [ 3599.495485][T23981] ? __ia32_sys_read+0xb0/0xb0 [ 3599.495504][T23981] ? do_syscall_64+0x26/0x610 [ 3599.495520][T23981] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3599.495541][T23981] ? do_syscall_64+0x26/0x610 [ 3599.509945][T23981] __x64_sys_write+0x73/0xb0 [ 3599.519475][T23981] do_syscall_64+0x103/0x610 [ 3599.519498][T23981] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3599.519511][T23981] RIP: 0033:0x457f29 [ 3599.519528][T23981] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3599.519537][T23981] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3599.519550][T23981] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3599.519558][T23981] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3599.519565][T23981] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3599.519574][T23981] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3599.519582][T23981] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3599.694789][T23992] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3599.730130][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:21:05 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:21:05 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0xffffffffffffffff, 0xfffffffffffffffe, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7338ecaff11833fe70aa3c6b99f1"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:21:05 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x1200}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:21:05 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91", 0x54}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:21:05 executing program 2 (fault-call:2 fault-nth:35): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:21:05 executing program 5: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x10) lsetxattr(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=@known='trusted.overlay.opaque\x00', &(0x7f00000001c0)='/dev/adsp#\x00', 0xb, 0x1) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0xd) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000280)={{{@in6=@local, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}}}, &(0x7f0000000380)=0xe8) getsockname(r0, &(0x7f0000000440)=@vsock, &(0x7f00000004c0)=0x80) lsetxattr$security_capability(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='security.capability\x00', &(0x7f00000003c0)=@v3={0x3000000, [{0x40000000000000, 0x8001}, {0xfffffffffffffe70, 0x400}], r1}, 0x18, 0x3) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) r4 = syz_open_dev$adsp(&(0x7f0000000080)='/dev/adsp#\x00', 0x100000001, 0x200002) ioctl$VIDIOC_QBUF(r0, 0xc058560f, &(0x7f00000000c0)={0x10001, 0xa, 0x4, 0x10, {r2, r3/1000+30000}, {0x0, 0x2, 0x10000, 0x7, 0x2, 0xfffffffffffff922, "b9027b4a"}, 0x9, 0x0, @fd=r4, 0x4}) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x1, 0x1, 0x0, 0x0, 0x0) syz_open_dev$media(&(0x7f0000000400)='/dev/media#\x00', 0x5, 0x42) 02:21:05 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3601.431120][T24000] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3601.452813][T24002] FAULT_INJECTION: forcing a failure. [ 3601.452813][T24002] name failslab, interval 1, probability 0, space 0, times 0 [ 3601.502680][T24002] CPU: 0 PID: 24002 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3601.511411][T24002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3601.521525][T24002] Call Trace: [ 3601.524856][T24002] dump_stack+0x172/0x1f0 [ 3601.530387][T24002] should_fail.cold+0xa/0x15 [ 3601.535025][T24002] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3601.540871][T24002] __should_failslab+0x121/0x190 [ 3601.545838][T24002] should_failslab+0x9/0x14 [ 3601.550364][T24002] __kmalloc_track_caller+0x2d8/0x740 [ 3601.555756][T24002] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3601.561414][T24002] ? kstrdup_const+0x66/0x80 [ 3601.566025][T24002] kstrdup+0x3a/0x70 [ 3601.569937][T24002] kstrdup_const+0x66/0x80 [ 3601.574373][T24002] __kernfs_new_node+0xb0/0x690 [ 3601.579279][T24002] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 3601.584792][T24002] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3601.590275][T24002] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3601.595616][T24002] ? retint_kernel+0x2d/0x2d [ 3601.600219][T24002] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3601.600243][T24002] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3601.600283][T24002] kernfs_new_node+0x99/0x130 [ 3601.600318][T24002] kernfs_create_dir_ns+0x52/0x160 [ 3601.600400][T24002] sysfs_create_dir_ns+0x131/0x2a0 [ 3601.600423][T24002] ? sysfs_create_mount_point+0xa0/0xa0 [ 3601.616198][T24002] ? class_dir_child_ns_type+0xd/0x60 [ 3601.616227][T24002] kobject_add_internal.cold+0xe5/0x5d4 [ 3601.616249][T24002] kobject_add+0x150/0x1c0 [ 3601.616280][T24002] ? kset_create_and_add+0x1a0/0x1a0 [ 3601.616321][T24002] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 3601.629930][T24017] IPVS: ftp: loaded support on port[0] = 21 [ 3601.632083][T24002] ? mutex_unlock+0xe/0x10 [ 3601.632113][T24002] device_add+0x3d5/0x18a0 [ 3601.632130][T24002] ? device_initialize+0x440/0x440 [ 3601.632153][T24002] ? get_device_parent.isra.0+0x570/0x570 [ 3601.647667][T24002] hci_register_dev+0x2e8/0x860 [ 3601.647695][T24002] __vhci_create_device+0x2d0/0x5a0 [ 3601.647716][T24002] vhci_write+0x2d0/0x470 [ 3601.647737][T24002] new_sync_write+0x4c7/0x760 [ 3601.647758][T24002] ? default_llseek+0x2e0/0x2e0 [ 3601.647790][T24002] ? common_file_perm+0x238/0x720 [ 3601.684134][T24002] ? __fget+0x381/0x550 [ 3601.684160][T24002] ? apparmor_file_permission+0x25/0x30 [ 3601.684178][T24002] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3601.684196][T24002] ? security_file_permission+0x94/0x380 [ 3601.684219][T24002] __vfs_write+0xe4/0x110 [ 3601.684240][T24002] vfs_write+0x20c/0x580 [ 3601.684280][T24002] ksys_write+0xea/0x1f0 [ 3601.713183][T24002] ? __ia32_sys_read+0xb0/0xb0 [ 3601.713205][T24002] ? do_syscall_64+0x26/0x610 [ 3601.713222][T24002] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3601.713237][T24002] ? do_syscall_64+0x26/0x610 [ 3601.713273][T24002] __x64_sys_write+0x73/0xb0 [ 3601.713299][T24002] do_syscall_64+0x103/0x610 [ 3601.713328][T24002] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3601.713353][T24002] RIP: 0033:0x457f29 [ 3601.713376][T24002] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3601.723136][T24002] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3601.723152][T24002] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3601.723160][T24002] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3601.723170][T24002] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3601.723179][T24002] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3601.723189][T24002] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3601.749922][T24002] kobject_add_internal failed for hci21 (error: -12 parent: bluetooth) [ 3601.777547][T24002] Bluetooth: Can't register HCI device 02:21:06 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x1300}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3602.091658][T24026] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:21:06 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x1402}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:21:06 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91", 0x54}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:21:06 executing program 2 (fault-call:2 fault-nth:36): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:21:06 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20\x00', 0x10000, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffff9c, 0x0, 0x11, &(0x7f0000000080)={{{@in=@dev, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in6=@initdev}}, &(0x7f0000000180)=0xe8) fstat(0xffffffffffffff9c, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = geteuid() write$P9_RSTATu(r0, &(0x7f0000000240)={0xc4, 0x7d, 0x1, {{0x0, 0x9a, 0x200, 0x101, {0x80}, 0x0, 0x9, 0x8eaa, 0x4, 0x15, '/dev/bus/usb/00#/00#\x00', 0x12, '{wlan1-\\\',bdev.+$)', 0x1b, '-user*\x13[posix_acl_access*^-', 0x25, 'ppp0trusteduserppp0wlan0em1\'+(keyring'}, 0x15, '/dev/bus/usb/00#/00#\x00', r1, r2, r3}}, 0xc4) futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x0) r4 = timerfd_create(0x7, 0x80000) syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x8, 0x8000) sync_file_range(r4, 0x6, 0x400, 0x6) [ 3602.291413][T24032] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3602.363053][T24039] FAULT_INJECTION: forcing a failure. [ 3602.363053][T24039] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3602.376329][T24039] CPU: 1 PID: 24039 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3602.385032][T24039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3602.395116][T24039] Call Trace: [ 3602.398472][T24039] dump_stack+0x172/0x1f0 [ 3602.402851][T24039] should_fail.cold+0xa/0x15 [ 3602.407462][T24039] ? save_stack+0x45/0xd0 [ 3602.407489][T24039] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3602.407513][T24039] ? __lock_acquire+0x548/0x3fb0 [ 3602.407530][T24039] ? new_sync_write+0x4c7/0x760 [ 3602.407548][T24039] ? __vfs_write+0xe4/0x110 [ 3602.407568][T24039] ? vfs_write+0x20c/0x580 [ 3602.407591][T24039] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3602.407618][T24039] should_fail_alloc_page+0x50/0x60 [ 3602.407648][T24039] __alloc_pages_nodemask+0x1a1/0x7e0 [ 3602.428651][T24039] ? __alloc_pages_slowpath+0x2900/0x2900 [ 3602.428666][T24039] ? find_held_lock+0x35/0x130 [ 3602.428690][T24039] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3602.428713][T24039] cache_grow_begin+0x9c/0x860 [ 3602.428733][T24039] ? alloc_workqueue_attrs+0x82/0x120 [ 3602.428750][T24039] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3602.428770][T24039] kmem_cache_alloc_trace+0x67f/0x760 [ 3602.428785][T24039] ? rcu_read_lock_sched_held+0x110/0x130 [ 3602.428822][T24039] alloc_workqueue_attrs+0x82/0x120 [ 3602.449196][T24039] apply_wqattrs_prepare+0xbb/0x970 [ 3602.449229][T24039] apply_workqueue_attrs_locked+0xcb/0x140 [ 3602.449259][T24039] apply_workqueue_attrs+0x31/0x50 [ 3602.449277][T24039] alloc_workqueue+0x84c/0xe70 [ 3602.449299][T24039] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 3602.449322][T24039] ? __init_waitqueue_head+0x36/0x90 [ 3602.449347][T24039] hci_register_dev+0x209/0x860 [ 3602.449370][T24039] __vhci_create_device+0x2d0/0x5a0 [ 3602.449388][T24039] vhci_write+0x2d0/0x470 [ 3602.449410][T24039] new_sync_write+0x4c7/0x760 [ 3602.449428][T24039] ? default_llseek+0x2e0/0x2e0 [ 3602.449453][T24039] ? common_file_perm+0x238/0x720 [ 3602.449469][T24039] ? __fget+0x381/0x550 [ 3602.449488][T24039] ? apparmor_file_permission+0x25/0x30 [ 3602.449504][T24039] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3602.449522][T24039] ? security_file_permission+0x94/0x380 [ 3602.449541][T24039] __vfs_write+0xe4/0x110 [ 3602.449561][T24039] vfs_write+0x20c/0x580 [ 3602.449582][T24039] ksys_write+0xea/0x1f0 [ 3602.449602][T24039] ? __ia32_sys_read+0xb0/0xb0 [ 3602.449620][T24039] ? do_syscall_64+0x26/0x610 [ 3602.449637][T24039] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3602.449651][T24039] ? do_syscall_64+0x26/0x610 [ 3602.449672][T24039] __x64_sys_write+0x73/0xb0 [ 3602.449689][T24039] do_syscall_64+0x103/0x610 [ 3602.449709][T24039] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3602.449721][T24039] RIP: 0033:0x457f29 [ 3602.449737][T24039] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3602.449746][T24039] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3602.449762][T24039] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3602.449771][T24039] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3602.449780][T24039] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3602.449789][T24039] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3602.449806][T24039] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3603.886813][ C0] net_ratelimit: 17 callbacks suppressed [ 3603.886823][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:21:09 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91", 0x54}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:21:09 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x1802}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:21:09 executing program 2 (fault-call:2 fault-nth:37): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:21:09 executing program 5: futex(&(0x7f0000000080), 0x80, 0x0, 0x0, &(0x7f0000048000), 0x0) r0 = syz_open_dev$admmidi(&(0x7f0000000100)='/dev/admmidi#\x00', 0x101, 0x10402) ioctl$KVM_X86_GET_MCE_CAP_SUPPORTED(r0, 0x8008ae9d, &(0x7f0000000140)=""/211) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x101000, 0x0) ioctl$VIDIOC_DQBUF(r1, 0xc0585611, &(0x7f0000000340)={0x2e3fc545, 0x8, 0x4, 0x44016, {}, {0x5, 0x0, 0xfff, 0x80, 0x2, 0x0, "f76afd1c"}, 0x3, 0x4, @planes=&(0x7f0000000300)={0xe8, 0x8, @userptr=0x9, 0x5}, 0x4}) ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f00000002c0)) bind$x25(r1, &(0x7f0000000040)={0x9, @remote={[], 0x3}}, 0x12) futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x0) bind$vsock_stream(r1, &(0x7f00000003c0)={0x28, 0x0, 0x0, @hyper}, 0x10) ioctl$sock_SIOCBRDELBR(r1, 0x89a1, &(0x7f00000000c0)='veth0_to_bridge\x00') getsockopt$TIPC_SOCK_RECVQ_DEPTH(r0, 0x10f, 0x84, &(0x7f0000000240), &(0x7f0000000280)=0x4) 02:21:09 executing program 0: r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) [ 3604.667669][T24055] FAULT_INJECTION: forcing a failure. [ 3604.667669][T24055] name failslab, interval 1, probability 0, space 0, times 0 [ 3604.686572][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3604.688491][T24055] CPU: 1 PID: 24055 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3604.692450][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3604.700997][T24055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3604.701003][T24055] Call Trace: [ 3604.701029][T24055] dump_stack+0x172/0x1f0 [ 3604.701051][T24055] should_fail.cold+0xa/0x15 [ 3604.701074][T24055] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3604.706946][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3604.716855][T24055] ? ___might_sleep+0x163/0x280 [ 3604.716877][T24055] __should_failslab+0x121/0x190 [ 3604.716898][T24055] should_failslab+0x9/0x14 [ 3604.720212][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3604.724500][T24055] kmem_cache_alloc+0x2b2/0x6f0 [ 3604.729260][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3604.734888][T24055] ? kasan_check_write+0x14/0x20 [ 3604.740668][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3604.745438][T24055] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 3604.750497][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3604.754884][T24055] __kernfs_new_node+0xef/0x690 [ 3604.760645][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3604.765433][T24055] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 3604.809069][T24055] ? mutex_unlock+0xd/0x10 [ 3604.813492][T24055] ? kernfs_activate+0x192/0x1f0 [ 3604.818460][T24055] ? __lock_acquire+0x548/0x3fb0 [ 3604.823415][T24055] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3604.829664][T24055] ? debug_smp_processor_id+0x3c/0x280 [ 3604.835138][T24055] kernfs_new_node+0x99/0x130 [ 3604.839829][T24055] __kernfs_create_file+0x51/0x340 [ 3604.844958][T24055] sysfs_add_file_mode_ns+0x222/0x560 [ 3604.850339][T24055] sysfs_create_file_ns+0x13d/0x1d0 [ 3604.855641][T24055] ? acpi_unbind_one+0x4a0/0x4a0 [ 3604.860591][T24055] ? sysfs_add_file_mode_ns+0x560/0x560 [ 3604.866140][T24055] ? kasan_check_write+0x14/0x20 [ 3604.871135][T24055] ? dev_fwnode+0xd/0x40 [ 3604.875392][T24055] device_create_file+0xfa/0x1e0 [ 3604.880335][T24055] device_add+0x5cd/0x18a0 [ 3604.884753][T24055] ? device_initialize+0x440/0x440 [ 3604.889875][T24055] ? get_device_parent.isra.0+0x570/0x570 [ 3604.895604][T24055] hci_register_dev+0x2e8/0x860 [ 3604.900464][T24055] __vhci_create_device+0x2d0/0x5a0 [ 3604.905667][T24055] vhci_write+0x2d0/0x470 [ 3604.910006][T24055] new_sync_write+0x4c7/0x760 [ 3604.914692][T24055] ? default_llseek+0x2e0/0x2e0 [ 3604.919563][T24055] ? common_file_perm+0x238/0x720 [ 3604.924592][T24055] ? __fget+0x381/0x550 [ 3604.928790][T24055] ? apparmor_file_permission+0x25/0x30 [ 3604.934347][T24055] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3604.940589][T24055] ? security_file_permission+0x94/0x380 [ 3604.946257][T24055] __vfs_write+0xe4/0x110 [ 3604.950596][T24055] vfs_write+0x20c/0x580 [ 3604.954852][T24055] ksys_write+0xea/0x1f0 [ 3604.959112][T24055] ? __ia32_sys_read+0xb0/0xb0 [ 3604.963877][T24055] ? do_syscall_64+0x26/0x610 [ 3604.968557][T24055] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3604.974621][T24055] ? do_syscall_64+0x26/0x610 [ 3604.979306][T24055] __x64_sys_write+0x73/0xb0 [ 3604.983906][T24055] do_syscall_64+0x103/0x610 [ 3604.988674][T24055] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3604.994565][T24055] RIP: 0033:0x457f29 [ 3604.998461][T24055] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3605.018069][T24055] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3605.026481][T24055] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3605.034459][T24055] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3605.042429][T24055] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3605.050744][T24055] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3605.058902][T24055] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 02:21:09 executing program 0: r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) [ 3605.083464][T24057] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3605.141924][T24055] Bluetooth: Can't register HCI device [ 3605.234382][T24071] IPVS: ftp: loaded support on port[0] = 21 [ 3605.966558][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3610.126702][ C0] net_ratelimit: 17 callbacks suppressed [ 3610.126711][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3610.926732][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3610.932607][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3610.938518][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3610.944326][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3610.950183][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3610.955971][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3610.961867][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3610.967653][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3612.206873][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:21:18 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r1 = socket$inet(0x2, 0x3, 0x2) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x10005, 0x0) 02:21:18 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x1d06}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:21:18 executing program 0: r0 = gettid() timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:21:18 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x200, 0x0) ioctl$BLKFLSBUF(r0, 0x1261, &(0x7f0000000140)=0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r2, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:21:18 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r0 = accept(0xffffffffffffff9c, &(0x7f0000000000)=@tipc=@name, &(0x7f0000000080)=0x80) accept$netrom(r0, &(0x7f00000000c0)={{0x3, @netrom}, [@rose, @bcast, @netrom, @bcast, @null, @bcast, @netrom, @default]}, &(0x7f0000000140)=0x48) futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x0) 02:21:18 executing program 2 (fault-call:2 fault-nth:38): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3614.048228][T24090] QAT: Invalid ioctl [ 3614.057055][T24086] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3614.062015][T24085] FAULT_INJECTION: forcing a failure. [ 3614.062015][T24085] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3614.078489][T24085] CPU: 0 PID: 24085 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3614.087175][T24085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3614.097288][T24085] Call Trace: [ 3614.097320][T24085] dump_stack+0x172/0x1f0 [ 3614.097343][T24085] should_fail.cold+0xa/0x15 [ 3614.097362][T24085] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3614.097380][T24085] ? __lock_acquire+0x548/0x3fb0 [ 3614.097403][T24085] should_fail_alloc_page+0x50/0x60 [ 3614.105017][T24085] __alloc_pages_nodemask+0x1a1/0x7e0 [ 3614.105041][T24085] ? __alloc_pages_slowpath+0x2900/0x2900 [ 3614.105057][T24085] ? find_held_lock+0x35/0x130 [ 3614.105080][T24085] ? kasan_check_write+0x14/0x20 02:21:18 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r1 = socket$inet(0x2, 0x3, 0x2) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x10005, 0x0) [ 3614.115476][T24085] cache_grow_begin+0x9c/0x860 [ 3614.115497][T24085] ? kasan_check_read+0x11/0x20 [ 3614.115515][T24085] ? do_raw_spin_unlock+0x57/0x270 [ 3614.115535][T24085] ____cache_alloc_node+0x17c/0x1e0 [ 3614.115558][T24085] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3614.125686][T24085] __kmalloc_track_caller+0x215/0x740 [ 3614.125704][T24085] ? pointer+0x910/0x910 [ 3614.125724][T24085] ? kasprintf+0xbb/0xf0 [ 3614.125741][T24085] kvasprintf+0xc8/0x170 [ 3614.125760][T24085] ? bust_spinlocks+0xe0/0xe0 [ 3614.136843][T24085] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3614.136869][T24085] kasprintf+0xbb/0xf0 [ 3614.136885][T24085] ? kvasprintf_const+0x190/0x190 [ 3614.136903][T24085] ? lockdep_register_key+0x158/0x490 [ 3614.136919][T24085] ? lockdep_register_key+0x214/0x490 [ 3614.136947][T24085] alloc_workqueue+0x442/0xe70 [ 3614.146642][T24085] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 3614.146681][T24085] hci_register_dev+0x209/0x860 [ 3614.146705][T24085] __vhci_create_device+0x2d0/0x5a0 [ 3614.146724][T24085] vhci_write+0x2d0/0x470 [ 3614.146746][T24085] new_sync_write+0x4c7/0x760 [ 3614.156346][T24085] ? default_llseek+0x2e0/0x2e0 [ 3614.156374][T24085] ? retint_kernel+0x2d/0x2d [ 3614.156414][T24085] __vfs_write+0xe4/0x110 [ 3614.166721][T24085] vfs_write+0x20c/0x580 [ 3614.166745][T24085] ksys_write+0xea/0x1f0 [ 3614.166766][T24085] ? __ia32_sys_read+0xb0/0xb0 [ 3614.166783][T24085] ? do_syscall_64+0x26/0x610 [ 3614.166799][T24085] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3614.166813][T24085] ? do_syscall_64+0x26/0x610 [ 3614.166835][T24085] __x64_sys_write+0x73/0xb0 [ 3614.178460][T24085] do_syscall_64+0x103/0x610 [ 3614.178481][T24085] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3614.178494][T24085] RIP: 0033:0x457f29 [ 3614.178510][T24085] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3614.178518][T24085] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 02:21:18 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r1 = socket$inet(0x2, 0x3, 0x2) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x10005, 0x0) [ 3614.178531][T24085] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3614.178538][T24085] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3614.178547][T24085] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3614.178554][T24085] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3614.178562][T24085] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3614.426035][T24098] IPVS: ftp: loaded support on port[0] = 21 02:21:18 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(0xffffffffffffffff) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 3614.519828][T24106] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3614.582939][T24099] QAT: Invalid ioctl 02:21:19 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x1f00}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:21:19 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x100, 0x34) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000140)={r1, &(0x7f0000000280)="4a8b6147138fae4302fca35410843a948199c65bc37b6537720bb427e9c2e75818bd167059a9e97f0a67129fca57852f8ee7881e81cdd1ab00890656dd181a17ea75ddbcd37e65aafedd858b5ad18b1b841b8b6fc60b", &(0x7f0000000300)=""/180}, 0x18) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r2, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:21:19 executing program 2 (fault-call:2 fault-nth:39): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3614.870862][T24120] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:21:19 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x3, 0x0, 0x0, 0x0, 0x0) [ 3614.947542][T24125] FAULT_INJECTION: forcing a failure. [ 3614.947542][T24125] name failslab, interval 1, probability 0, space 0, times 0 [ 3614.984515][T24125] CPU: 1 PID: 24125 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3614.993269][T24125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3614.993278][T24125] Call Trace: [ 3614.993312][T24125] dump_stack+0x172/0x1f0 [ 3614.993350][T24125] should_fail.cold+0xa/0x15 [ 3615.015602][T24125] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3615.015626][T24125] ? ___might_sleep+0x163/0x280 [ 3615.015648][T24125] __should_failslab+0x121/0x190 [ 3615.031232][T24125] should_failslab+0x9/0x14 [ 3615.035761][T24125] __kmalloc_track_caller+0x2d8/0x740 [ 3615.041147][T24125] ? kernfs_activate+0x192/0x1f0 [ 3615.041167][T24125] ? kstrdup_const+0x66/0x80 [ 3615.041185][T24125] kstrdup+0x3a/0x70 [ 3615.041202][T24125] kstrdup_const+0x66/0x80 [ 3615.041221][T24125] __kernfs_new_node+0xb0/0x690 [ 3615.041237][T24125] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3615.041268][T24125] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 3615.041289][T24125] ? sysfs_do_create_link_sd.isra.0+0x82/0x140 [ 3615.054724][T24125] ? find_held_lock+0x35/0x130 [ 3615.054744][T24125] ? sysfs_do_create_link_sd.isra.0+0x82/0x140 [ 3615.054765][T24125] ? kasan_check_write+0x14/0x20 [ 3615.054787][T24125] kernfs_new_node+0x99/0x130 [ 3615.064044][T24125] kernfs_create_link+0xdd/0x250 [ 3615.064066][T24125] sysfs_do_create_link_sd.isra.0+0x90/0x140 [ 3615.064088][T24125] sysfs_create_link+0x65/0xc0 [ 3615.075788][T24125] device_add+0x78f/0x18a0 [ 3615.075831][T24125] ? get_device_parent.isra.0+0x570/0x570 [ 3615.086747][T24125] ? start_creating+0x163/0x1e0 [ 3615.086768][T24125] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3615.086799][T24125] hci_register_dev+0x2e8/0x860 [ 3615.086824][T24125] __vhci_create_device+0x2d0/0x5a0 [ 3615.086843][T24125] vhci_write+0x2d0/0x470 [ 3615.086864][T24125] new_sync_write+0x4c7/0x760 [ 3615.086883][T24125] ? default_llseek+0x2e0/0x2e0 [ 3615.086906][T24125] ? common_file_perm+0x238/0x720 [ 3615.086922][T24125] ? __fget+0x381/0x550 [ 3615.086941][T24125] ? apparmor_file_permission+0x25/0x30 [ 3615.086955][T24125] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3615.086972][T24125] ? security_file_permission+0x94/0x380 [ 3615.086991][T24125] __vfs_write+0xe4/0x110 02:21:19 executing program 1: syz_open_procfs(0x0, &(0x7f0000000040)='attr/prev\x00') r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000140)='/proc/capi/capi20ncci\x00', 0x0, 0x0) r1 = open(&(0x7f0000000280)='./file0\x00', 0x800, 0x40) getpeername(0xffffffffffffffff, &(0x7f00000002c0)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}}}, &(0x7f0000000340)=0x80) r2 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000380)='/proc/capi/capi20\x00', 0x8000, 0x0) r3 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/capi/capi20\x00', 0x400001, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r3, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f00000000c0)={0x6a05, 0x0, 0x0, 0x1a7}) ioctl$DRM_IOCTL_AGP_FREE(r3, 0x40206435, &(0x7f00000005c0)={0x7ea, r5, 0x10002, 0xd0b}) write$P9_RLERRORu(r4, &(0x7f0000000500)=ANY=[@ANYBLOB="dffe38ac5e088ccc252ef2fea8a56ad3e8ebcdecb627cc73ecb60cbb65029811d5a3d8431a914a899d325fc1e90fa0d1fe8245dd5d0d81f27285eeecaeff68edc7c6bf850af42abd52098941ff1dffc0ec611f3a01c927aab33b86b2f34c50bf947f11d4d887623a22d059412e5694d44d172e82b8b4e0710d96497c9f06b0f35193"], 0x2) r6 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r6, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r8 = socket(0x22, 0x2, 0x4) recvmsg(r8, &(0x7f0000001280)={0x0, 0x0, 0x0}, 0x0) getsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000400)={0x0, 0x1}, &(0x7f0000000440)=0x8) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000000480)={r9, 0x7}, &(0x7f00000004c0)=0x8) [ 3615.087012][T24125] vfs_write+0x20c/0x580 [ 3615.087034][T24125] ksys_write+0xea/0x1f0 [ 3615.087053][T24125] ? __ia32_sys_read+0xb0/0xb0 [ 3615.087070][T24125] ? do_syscall_64+0x26/0x610 [ 3615.087087][T24125] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3615.087101][T24125] ? do_syscall_64+0x26/0x610 [ 3615.087123][T24125] __x64_sys_write+0x73/0xb0 [ 3615.087141][T24125] do_syscall_64+0x103/0x610 [ 3615.087161][T24125] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3615.087173][T24125] RIP: 0033:0x457f29 [ 3615.087189][T24125] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3615.087198][T24125] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3615.087214][T24125] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3615.087222][T24125] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3615.087231][T24125] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3615.087241][T24125] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3615.087262][T24125] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3615.204832][T24125] Bluetooth: Can't register HCI device 02:21:19 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000080)=0x0) ptrace$peek(0x2, r0, &(0x7f0000000180)) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r2 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20\x00', 0x101000, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(0xffffffffffffff9c, 0x84, 0x66, &(0x7f0000000140)={0x0, 0x1}, &(0x7f0000000280)=0x8) setsockopt$inet_sctp_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f00000002c0)=@assoc_id=r3, 0x4) r4 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) ioctl$EXT4_IOC_MIGRATE(r4, 0x6609) readv(r4, &(0x7f0000000080), 0x0) [ 3616.366824][ C0] net_ratelimit: 17 callbacks suppressed [ 3616.366833][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:21:21 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x2000}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:21:21 executing program 0: timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r0 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r0, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r1 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r1, 0x400, 0x1) fcntl$setown(r1, 0x8, 0x0) execveat(r1, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r0, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(0x0, 0x16) 02:21:21 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(0xffffffffffffffff) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:21:21 executing program 1: socketpair(0x1f, 0x3, 0x2, &(0x7f0000000040)) syz_open_dev$sndpcmc(&(0x7f0000000140)='/dev/snd/pcmC#D#c\x00', 0xfff, 0x40000) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000001640)='/dev/vcs\x00', 0x40001, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r2, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) accept4$vsock_stream(r0, &(0x7f0000000280)={0x28, 0x0, 0x0, @hyper}, 0x10, 0x800) 02:21:21 executing program 2 (fault-call:2 fault-nth:40): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:21:21 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f0000000000)=0x1, 0x0, 0x0, 0x0, 0x0, 0x0) [ 3617.157718][T24158] FAULT_INJECTION: forcing a failure. [ 3617.157718][T24158] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3617.170988][T24158] CPU: 1 PID: 24158 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3617.171000][T24158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3617.171006][T24158] Call Trace: [ 3617.171037][T24158] dump_stack+0x172/0x1f0 [ 3617.171061][T24158] should_fail.cold+0xa/0x15 [ 3617.171086][T24158] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3617.171109][T24158] ? __lock_acquire+0x548/0x3fb0 [ 3617.171131][T24158] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3617.171155][T24158] should_fail_alloc_page+0x50/0x60 [ 3617.171174][T24158] __alloc_pages_nodemask+0x1a1/0x7e0 [ 3617.171181][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3617.171200][T24158] ? __alloc_pages_slowpath+0x2900/0x2900 [ 3617.171214][T24158] ? find_held_lock+0x35/0x130 [ 3617.171242][T24158] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3617.171259][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3617.171288][T24158] cache_grow_begin+0x9c/0x860 [ 3617.171314][T24158] ? alloc_workqueue+0x13c/0xe70 [ 3617.171335][T24158] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3617.171359][T24158] __kmalloc+0x67f/0x740 [ 3617.171385][T24158] ? alloc_workqueue+0x13c/0xe70 [ 3617.171391][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3617.171409][T24158] alloc_workqueue+0x13c/0xe70 [ 3617.171436][T24158] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 3617.171441][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3617.171463][T24158] ? __init_waitqueue_head+0x36/0x90 [ 3617.171494][T24158] hci_register_dev+0x209/0x860 [ 3617.171523][T24158] __vhci_create_device+0x2d0/0x5a0 [ 3617.171529][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3617.171544][T24158] vhci_write+0x2d0/0x470 [ 3617.171569][T24158] new_sync_write+0x4c7/0x760 [ 3617.171574][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3617.171592][T24158] ? default_llseek+0x2e0/0x2e0 [ 3617.171620][T24158] ? common_file_perm+0x238/0x720 [ 3617.171639][T24158] ? __fget+0x381/0x550 [ 3617.171663][T24158] ? apparmor_file_permission+0x25/0x30 [ 3617.171670][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3617.171687][T24158] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3617.171708][T24158] ? security_file_permission+0x94/0x380 [ 3617.171713][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3617.171732][T24158] __vfs_write+0xe4/0x110 [ 3617.171757][T24158] vfs_write+0x20c/0x580 [ 3617.171781][T24158] ksys_write+0xea/0x1f0 [ 3617.171816][T24158] ? __ia32_sys_read+0xb0/0xb0 [ 3617.171838][T24158] ? do_syscall_64+0x26/0x610 [ 3617.171857][T24158] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3617.171872][T24158] ? do_syscall_64+0x26/0x610 [ 3617.171901][T24158] __x64_sys_write+0x73/0xb0 [ 3617.171924][T24158] do_syscall_64+0x103/0x610 [ 3617.171948][T24158] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3617.171964][T24158] RIP: 0033:0x457f29 [ 3617.171987][T24158] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3617.171995][T24158] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3617.172010][T24158] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3617.172017][T24158] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3617.172024][T24158] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3617.172034][T24158] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3617.172043][T24158] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3617.329143][T24172] IPVS: ftp: loaded support on port[0] = 21 [ 3617.544918][T24170] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:21:22 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x81, 0x200042) epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r2, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:21:22 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x230f}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:21:22 executing program 2 (fault-call:2 fault-nth:41): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:21:22 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(0xffffffffffffffff) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:21:22 executing program 0: timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r0 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r0, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r1 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r1, 0x400, 0x1) fcntl$setown(r1, 0x8, 0x0) execveat(r1, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r0, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(0x0, 0x16) 02:21:22 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="3f042656b2746f0bfcd593e5fba14ac3f5ca5c683858f3795e7663d873d4286ffe5d210828d5"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3618.040122][T24183] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3618.104059][T24193] FAULT_INJECTION: forcing a failure. [ 3618.104059][T24193] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3618.117344][T24193] CPU: 1 PID: 24193 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3618.126039][T24193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3618.136103][T24193] Call Trace: [ 3618.136136][T24193] dump_stack+0x172/0x1f0 [ 3618.136165][T24193] should_fail.cold+0xa/0x15 [ 3618.143785][T24193] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3618.143812][T24193] ? __lock_acquire+0x548/0x3fb0 [ 3618.143831][T24193] ? unwind_get_return_address+0x61/0xa0 [ 3618.143854][T24193] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3618.154337][T24193] should_fail_alloc_page+0x50/0x60 [ 3618.154354][T24193] __alloc_pages_nodemask+0x1a1/0x7e0 [ 3618.154377][T24193] ? __alloc_pages_slowpath+0x2900/0x2900 [ 3618.164942][T24193] ? find_held_lock+0x35/0x130 [ 3618.164970][T24193] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3618.164993][T24193] cache_grow_begin+0x9c/0x860 [ 3618.176434][T24193] ? kvasprintf+0xc8/0x170 [ 3618.176452][T24193] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3618.176473][T24193] __kmalloc_track_caller+0x67b/0x740 [ 3618.176489][T24193] ? pointer+0x910/0x910 [ 3618.176502][T24193] ? set_precision+0x180/0x180 [ 3618.176517][T24193] ? kasprintf+0xbb/0xf0 [ 3618.176534][T24193] kvasprintf+0xc8/0x170 [ 3618.176550][T24193] ? bust_spinlocks+0xe0/0xe0 [ 3618.176569][T24193] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 3618.176581][T24193] ? find_next_bit+0x107/0x130 [ 3618.176595][T24193] kasprintf+0xbb/0xf0 [ 3618.176607][T24193] ? kvasprintf_const+0x190/0x190 [ 3618.176631][T24193] ? kasan_check_read+0x11/0x20 [ 3618.176654][T24193] alloc_workqueue+0x442/0xe70 [ 3618.176676][T24193] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 3618.176703][T24193] ? __init_waitqueue_head+0x36/0x90 [ 3618.198373][T24193] hci_register_dev+0x209/0x860 [ 3618.198399][T24193] __vhci_create_device+0x2d0/0x5a0 [ 3618.219358][T24193] vhci_write+0x2d0/0x470 [ 3618.219383][T24193] new_sync_write+0x4c7/0x760 02:21:22 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x2, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040)={0x0}, &(0x7f0000000080)=0xc) setpriority(0x53c896e304be1719, r0, 0x1aac8458) mkdir(&(0x7f0000000000)='./file0\x00', 0x80) 02:21:22 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000002640)='/dev/autofs\x00', 0x100, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000280)={0x0, @in={{0x2, 0x4e23, @rand_addr=0x1}}}, &(0x7f0000000340)=0x84) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000380)={r1, 0x9b, "8107d815c4fe498941ef2a22b6262f09d502c54cfc04b19f61d44145c66526845ee8cc3efa774e09ac701e47b47e93627a957c70332416e1667ee9e6d100079d7cfa09ef7b39d54414a8818136e9a7896fc9e55aa52facbeac4b76f6650d43a19095609c33e343a7013472c4afd23abf93398950be347eeb274f57a46df87ddd73b2a947d79940f13fadd3c153645cf4a9ef4347fe6a6f48756701"}, &(0x7f0000000440)=0xa3) ioctl$sock_x25_SIOCADDRT(r0, 0x890b, &(0x7f0000002680)={@null=' \x00', 0x9, 'team_slave_0\x00'}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SG_GET_SCSI_ID(r0, 0x2276, &(0x7f0000000040)) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r3 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r3, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e21, @remote}, 0x10) [ 3618.219401][T24193] ? default_llseek+0x2e0/0x2e0 [ 3618.219428][T24193] ? common_file_perm+0x238/0x720 [ 3618.232681][T24193] ? __fget+0x381/0x550 [ 3618.232706][T24193] ? apparmor_file_permission+0x25/0x30 [ 3618.232722][T24193] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3618.232746][T24193] ? security_file_permission+0x94/0x380 [ 3618.241702][T24193] __vfs_write+0xe4/0x110 [ 3618.241724][T24193] vfs_write+0x20c/0x580 [ 3618.241754][T24193] ksys_write+0xea/0x1f0 [ 3618.256319][T24193] ? __ia32_sys_read+0xb0/0xb0 [ 3618.256340][T24193] ? do_syscall_64+0x26/0x610 [ 3618.256357][T24193] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3618.256371][T24193] ? do_syscall_64+0x26/0x610 [ 3618.256393][T24193] __x64_sys_write+0x73/0xb0 [ 3618.266324][T24193] do_syscall_64+0x103/0x610 [ 3618.266345][T24193] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3618.266359][T24193] RIP: 0033:0x457f29 [ 3618.266375][T24193] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3618.266383][T24193] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3618.266405][T24193] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3618.276879][T24193] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3618.276888][T24193] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3618.276897][T24193] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3618.276906][T24193] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 02:21:22 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) syz_emit_ethernet(0x66, &(0x7f0000000080)={@empty=[0x2b], @remote, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x13, 0x0, 0x0, 0x0, 0x0, 0x0, @local={0xac, 0x18}, @local}, @gre={{0x0, 0x0, 0x1, 0x0, 0x3, 0x0, 0x0, 0x1, 0x8100}}}}}}, 0x0) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x0, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e20, 0x0, @loopback, 0x10001}, @in={0x2, 0x4e24, @rand_addr=0xc3}, @in={0x2, 0x4e21}], 0x3c) futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x0) [ 3618.447308][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3618.512870][T24215] IPVS: ftp: loaded support on port[0] = 21 02:21:23 executing program 1: clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f0000000340)={r0, 0x0, 0xfffffffffffeffff, 0x1, 0x1}) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000140)='/dev/hwrng\x00', 0x103080, 0x0) bind$tipc(r2, &(0x7f00000004c0)=@name={0x1e, 0x2, 0x3, {{0x0, 0x1}, 0x3}}, 0x10) write$P9_RLERRORu(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) write$P9_RREADLINK(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="1000000017020007002e2f66696c653000617f772d088a17969bbf4a950ed6a64e1538f5f4b2752e0837b54b016e3a488f6de6bdaff114ac70f46d7bbae3a693c23602b973c2536df0397da30609e7f6c8748d02d5a996f072595c26b33ecb4bb6fc1cdd1202723190994f41ab0a86e3a45be6573947b05b242db943b67b860992f8b70a1a6e3269e762f670000000000000000000000000000000"], 0x10) r3 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) r4 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20ncci\x00', 0x410001, 0x0) ioctl$KVM_GET_DEBUGREGS(r4, 0x8080aea1, &(0x7f0000000440)) write$cgroup_subtree(r4, &(0x7f0000000280)=ANY=[@ANYBLOB="00737d2000000000e0ff9b5f200687ade2889254000000000000000079e629bdb0a655eb4411959ba10cd20434ba1943200548f85ec36018776483040746421bd94c323d2d218e142d13f500f581db123ef8135b98e25c1a54319e1d169f1a7ce637c39d8f2d85e194fa0ad1358b050c2b10634de4e48fc8ab4644992e85ab89a7c3a3517272c09fe4702aff7e90a56b5b8d36ee2f83e468ac"], 0x12) readv(r3, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3618.768848][T24187] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:21:23 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='pids.events\x00', 0x0, 0x0) getpeername$tipc(r2, &(0x7f0000000140)=@name, &(0x7f0000000280)=0x10) 02:21:23 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x2e02}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:21:23 executing program 2 (fault-call:2 fault-nth:42): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:21:23 executing program 0: timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r0 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r0, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r1 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r1, 0x400, 0x1) fcntl$setown(r1, 0x8, 0x0) execveat(r1, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r0, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(0x0, 0x16) [ 3619.080820][T24241] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3619.143693][T24244] FAULT_INJECTION: forcing a failure. [ 3619.143693][T24244] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3619.156942][T24244] CPU: 0 PID: 24244 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3619.165618][T24244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3619.175677][T24244] Call Trace: [ 3619.178986][T24244] dump_stack+0x172/0x1f0 [ 3619.183337][T24244] should_fail.cold+0xa/0x15 [ 3619.187935][T24244] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3619.193744][T24244] ? mark_held_locks+0xa4/0xf0 [ 3619.198510][T24244] ? __lock_acquire+0x548/0x3fb0 [ 3619.203457][T24244] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3619.208927][T24244] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3619.214397][T24244] should_fail_alloc_page+0x50/0x60 [ 3619.219616][T24244] __alloc_pages_nodemask+0x1a1/0x7e0 [ 3619.225001][T24244] ? __alloc_pages_slowpath+0x2900/0x2900 [ 3619.230732][T24244] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3619.236549][T24244] cache_grow_begin+0x9c/0x860 [ 3619.241339][T24244] ? __kernfs_new_node+0xef/0x690 [ 3619.246369][T24244] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3619.252625][T24244] kmem_cache_alloc+0x62d/0x6f0 [ 3619.257497][T24244] ? kasan_check_write+0x14/0x20 [ 3619.262444][T24244] __kernfs_new_node+0xef/0x690 [ 3619.267327][T24244] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 3619.272804][T24244] ? mark_held_locks+0xa4/0xf0 [ 3619.277579][T24244] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3619.283058][T24244] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3619.288350][T24244] ? __lock_acquire+0x548/0x3fb0 [ 3619.293322][T24244] kernfs_new_node+0x99/0x130 [ 3619.298009][T24244] __kernfs_create_file+0x51/0x340 [ 3619.303145][T24244] sysfs_add_file_mode_ns+0x222/0x560 [ 3619.308532][T24244] sysfs_create_file_ns+0x13d/0x1d0 [ 3619.313736][T24244] ? sysfs_add_file_mode_ns+0x560/0x560 [ 3619.319298][T24244] ? container_offline+0x70/0x70 [ 3619.324235][T24244] ? dev_fwnode+0xd/0x40 [ 3619.328506][T24244] device_create_file+0xfa/0x1e0 [ 3619.333472][T24244] device_add+0x5cd/0x18a0 [ 3619.337892][T24244] ? device_initialize+0x440/0x440 [ 3619.343106][T24244] ? get_device_parent.isra.0+0x570/0x570 [ 3619.348842][T24244] hci_register_dev+0x2e8/0x860 [ 3619.353700][T24244] __vhci_create_device+0x2d0/0x5a0 [ 3619.358904][T24244] vhci_write+0x2d0/0x470 [ 3619.363245][T24244] new_sync_write+0x4c7/0x760 [ 3619.367943][T24244] ? default_llseek+0x2e0/0x2e0 [ 3619.372806][T24244] ? common_file_perm+0x238/0x720 [ 3619.377834][T24244] ? __fget+0x381/0x550 [ 3619.381996][T24244] ? apparmor_file_permission+0x25/0x30 [ 3619.387549][T24244] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3619.393798][T24244] ? security_file_permission+0x94/0x380 [ 3619.399444][T24244] __vfs_write+0xe4/0x110 [ 3619.405024][T24244] vfs_write+0x20c/0x580 [ 3619.413968][T24244] ksys_write+0xea/0x1f0 [ 3619.418218][T24244] ? __ia32_sys_read+0xb0/0xb0 [ 3619.423447][T24244] ? do_syscall_64+0x26/0x610 [ 3619.428126][T24244] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3619.434197][T24244] ? do_syscall_64+0x26/0x610 [ 3619.438888][T24244] __x64_sys_write+0x73/0xb0 [ 3619.443490][T24244] do_syscall_64+0x103/0x610 [ 3619.448089][T24244] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3619.454083][T24244] RIP: 0033:0x457f29 [ 3619.457981][T24244] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3619.477594][T24244] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3619.486016][T24244] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 02:21:23 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$inet(0x2, 0x3, 0x2) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r1, 0x0, 0x10005, 0x0) [ 3619.493990][T24244] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3619.501986][T24244] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3619.509986][T24244] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3619.518064][T24244] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 02:21:24 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x2c0000, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000040)={0x8, 0x7, 0x6, 0x1, 0x6, 0x8, 0xff, 0x21, 0x40, 0xe3f5, 0x4}, 0xb) futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x0) 02:21:24 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="6388"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) r2 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x1, 0x101481) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) [ 3619.707882][T24252] IPVS: ftp: loaded support on port[0] = 21 02:21:24 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x3f00}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3620.031980][T24269] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:21:24 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x4000}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:21:24 executing program 0: r0 = gettid() timer_create(0x0, 0x0, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:21:24 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$inet(0x2, 0x3, 0x2) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r1, 0x0, 0x10005, 0x0) [ 3620.423959][T24273] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:21:24 executing program 0: r0 = gettid() timer_create(0x0, 0x0, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:21:25 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f00000001c0)={{{@in6=@initdev, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6=@dev}}, &(0x7f0000000140)=0xe8) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000180)={@initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x5e, r1}) futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x0) 02:21:25 executing program 0: r0 = gettid() timer_create(0x0, 0x0, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:21:25 executing program 2 (fault-call:2 fault-nth:43): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:21:25 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x4402}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:21:25 executing program 1: lstat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000380)) r0 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x2, 0x2) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vhci\x00', 0x243) write$P9_RLERRORu(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) ioctl$EVIOCGUNIQ(r0, 0x80404508, &(0x7f0000000280)=""/244) readv(r2, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:21:25 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) [ 3621.111133][T24297] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3621.148185][T24303] FAULT_INJECTION: forcing a failure. [ 3621.148185][T24303] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3621.161468][T24303] CPU: 0 PID: 24303 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3621.170158][T24303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3621.180320][T24303] Call Trace: [ 3621.183654][T24303] dump_stack+0x172/0x1f0 [ 3621.188017][T24303] should_fail.cold+0xa/0x15 [ 3621.192647][T24303] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3621.198484][T24303] ? __lock_acquire+0x548/0x3fb0 [ 3621.203448][T24303] should_fail_alloc_page+0x50/0x60 [ 3621.208661][T24303] __alloc_pages_nodemask+0x1a1/0x7e0 [ 3621.214056][T24303] ? __alloc_pages_slowpath+0x2900/0x2900 [ 3621.219785][T24303] ? find_held_lock+0x35/0x130 [ 3621.224570][T24303] ? kasan_check_write+0x14/0x20 [ 3621.229534][T24303] cache_grow_begin+0x9c/0x860 [ 3621.234327][T24303] ? kasan_check_read+0x11/0x20 [ 3621.239210][T24303] ? do_raw_spin_unlock+0x57/0x270 [ 3621.239234][T24303] ____cache_alloc_node+0x17c/0x1e0 [ 3621.239261][T24303] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3621.239284][T24303] kmem_cache_alloc_trace+0x217/0x760 [ 3621.239305][T24303] ? rcu_read_lock_sched_held+0x110/0x130 [ 3621.239332][T24303] alloc_workqueue_attrs+0x82/0x120 [ 3621.239353][T24303] apply_wqattrs_prepare+0xbb/0x970 [ 3621.267042][T24303] apply_workqueue_attrs_locked+0xcb/0x140 [ 3621.267063][T24303] apply_workqueue_attrs+0x31/0x50 [ 3621.267082][T24303] alloc_workqueue+0x84c/0xe70 [ 3621.267107][T24303] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 3621.267129][T24303] ? __init_waitqueue_head+0x36/0x90 [ 3621.267155][T24303] hci_register_dev+0x209/0x860 [ 3621.267180][T24303] __vhci_create_device+0x2d0/0x5a0 [ 3621.288486][T24303] vhci_write+0x2d0/0x470 [ 3621.309105][T24303] new_sync_write+0x4c7/0x760 [ 3621.309127][T24303] ? default_llseek+0x2e0/0x2e0 [ 3621.309153][T24303] ? common_file_perm+0x238/0x720 [ 3621.309169][T24303] ? __fget+0x381/0x550 [ 3621.309190][T24303] ? apparmor_file_permission+0x25/0x30 [ 3621.323391][T24303] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3621.343010][T24303] ? security_file_permission+0x94/0x380 [ 3621.343034][T24303] __vfs_write+0xe4/0x110 [ 3621.343056][T24303] vfs_write+0x20c/0x580 [ 3621.343078][T24303] ksys_write+0xea/0x1f0 [ 3621.343099][T24303] ? __ia32_sys_read+0xb0/0xb0 [ 3621.372599][T24303] ? do_syscall_64+0x26/0x610 [ 3621.372617][T24303] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3621.372632][T24303] ? do_syscall_64+0x26/0x610 [ 3621.372655][T24303] __x64_sys_write+0x73/0xb0 [ 3621.372681][T24303] do_syscall_64+0x103/0x610 [ 3621.397284][T24303] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3621.397306][T24303] RIP: 0033:0x457f29 02:21:25 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) [ 3621.397323][T24303] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3621.397332][T24303] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3621.397345][T24303] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3621.397353][T24303] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3621.397362][T24303] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 02:21:25 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) close(r1) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = socket$inet(0x2, 0x3, 0x2) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r1, 0x0, 0x10005, 0x0) [ 3621.397370][T24303] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3621.397387][T24303] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3621.568266][ C0] net_ratelimit: 9 callbacks suppressed [ 3621.568333][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3621.580353][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3621.588354][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3621.594356][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3621.601346][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3621.607220][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3621.614447][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3621.621226][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:21:26 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x0) r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) r1 = add_key$user(&(0x7f0000000540)='user\x00', &(0x7f0000000580)={'syz', 0x0}, &(0x7f00000005c0)="ac0a5a76738cdfabe07711b69deff683", 0x10, 0xfffffffffffffffc) keyctl$instantiate_iov(0x14, r0, &(0x7f00000004c0)=[{&(0x7f0000000080)="15de06d806847b8deafafa3433a90a178247383c3325002763bc5f695e6aeaef9c280503cd01b739ae5b0ba2f29a1b98b4196b53a82a08e354a06e9a8f45e75c2f9f15e6af01b15a42626367e9cf5a740f8c72867acaf03bcd167238ffb0493df9534869ff89e05ee8e203f12dc1c50940e749e5e71d838311f0adda426bf4cddc12b4ae481d60c04c075ce1d1b2b64819601b208bec8d84d736f2f151b59b6ade512c7c8d8b001f8becfbaa14cb891c0c253f30fa84fb08c2d431bb7f79210c5123163dac51e98c5eec82dc58525f5526ac8b7cca0106e42091f6aff7918e5151ba428375d3e367033daab97584333a70c0e3a3", 0xf4}, {&(0x7f0000000180)="4ba2d30b49823de0e114ed9e7076bc69b561171b9acedd4d6c6799960012a96499846ac9305399ba0aead2e095039e02c85775db7a28d92d3fd8b740acdf5f4376ee96d2fb1a1e362e21db07f51ea9349f5627d1e41f469d4aadc401871033e43447b2a8813de1bafe56125fe5fead2db97284a4f823ce74a7fa272e3045649a7dd9b900e55435676165a01699bdf4e6235f21b5e69ed87e4c2980f31377afc42e2638eb47d891b8898091612b3cc4895318c7b1e09a31e2af45282c41df44abbad57f563843923782ee6cfb71dd7089eb5ad2f2b2e79f53e988e7da9baea026", 0xe0}, {&(0x7f0000000280)="e7d888b481499f391f10870703bf30b7ae86075792439180f55bd7bd2db860762b20bd9a265b5d2e976d32c8b77ada2dd7dca5588e3054433c64a6962dabe1bfd0d21ebb85a61db8417bfd6d487bbe7fcac21e24a1c2ab56a2afbad02877bbbb1fcbdfdaf504675d44f55ef2207f1affcfa85923034bf3fad143a41ecc7ac9d263d26aab3ab329b49d070b8cc1ce2e42e6db2b48f83d458e4f930affd49176d2ee02620dbe10cfff2bfb32fd9d48d9e45cf37f6fcd1b7bd1f3bec4c6d83ac3cdbc442c8535aeec3e", 0xc8}, {&(0x7f0000000380)="280906918a9fd5173306c715f317dbf62d00566a", 0x14}, {&(0x7f00000003c0)="91e46edb038d912ccbbfa2949cd97084f9089b776a3851e38e60f49bdc08ad351edb6c30fc3c9623b90e617273eaaab88a3efd9aa9ba59aafd148bdbf522a9003ca3c17094befd83e7d8ddb8a45b213feb46b732819d5e91f22dd0794f0ce85655c765e0546a80e9b58f238b97639c28247e11ab53a9350b7c0352690db42ec153ac75f27cedd918829e382bb46574954f121466c44b0145a93f3dc253264951e63a051839916b48000dd42e91e46d31", 0xb0}, {&(0x7f0000000480)="a14cbfb4afb070254539f8723a75e652e210262453320dc7", 0x18}], 0x6, r1) 02:21:26 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x4800}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:21:26 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff45"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$SIOCAX25NOUID(r2, 0x89e3, &(0x7f0000000140)) 02:21:26 executing program 2 (fault-call:2 fault-nth:44): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3622.041786][T24312] IPVS: ftp: loaded support on port[0] = 21 [ 3622.123737][T24328] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3622.136672][T24334] FAULT_INJECTION: forcing a failure. [ 3622.136672][T24334] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3622.149929][T24334] CPU: 1 PID: 24334 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3622.158626][T24334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3622.168696][T24334] Call Trace: [ 3622.172015][T24334] dump_stack+0x172/0x1f0 [ 3622.176470][T24334] should_fail.cold+0xa/0x15 [ 3622.181093][T24334] ? do_syscall_64+0x103/0x610 [ 3622.185888][T24334] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3622.191721][T24334] ? __lock_acquire+0x548/0x3fb0 [ 3622.196689][T24334] should_fail_alloc_page+0x50/0x60 [ 3622.201915][T24334] __alloc_pages_nodemask+0x1a1/0x7e0 [ 3622.207324][T24334] ? __alloc_pages_slowpath+0x2900/0x2900 [ 3622.213071][T24334] ? find_held_lock+0x35/0x130 [ 3622.217869][T24334] ? kasan_check_write+0x14/0x20 [ 3622.222847][T24334] cache_grow_begin+0x9c/0x860 [ 3622.227644][T24334] ? kasan_check_read+0x11/0x20 [ 3622.232526][T24334] ? do_raw_spin_unlock+0x57/0x270 [ 3622.237667][T24334] ____cache_alloc_node+0x17c/0x1e0 [ 3622.242878][T24334] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3622.249157][T24334] kmem_cache_alloc_trace+0x217/0x760 [ 3622.254538][T24334] device_add+0xfdc/0x18a0 [ 3622.258959][T24334] ? device_initialize+0x440/0x440 [ 3622.264072][T24334] ? get_device_parent.isra.0+0x570/0x570 [ 3622.269805][T24334] hci_register_dev+0x2e8/0x860 [ 3622.274683][T24334] __vhci_create_device+0x2d0/0x5a0 [ 3622.279901][T24334] vhci_write+0x2d0/0x470 [ 3622.284260][T24334] new_sync_write+0x4c7/0x760 [ 3622.288968][T24334] ? default_llseek+0x2e0/0x2e0 [ 3622.293845][T24334] ? common_file_perm+0x238/0x720 [ 3622.298882][T24334] ? __fget+0x381/0x550 [ 3622.303056][T24334] ? apparmor_file_permission+0x25/0x30 [ 3622.308628][T24334] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3622.314880][T24334] ? security_file_permission+0x94/0x380 [ 3622.314905][T24334] __vfs_write+0xe4/0x110 [ 3622.314926][T24334] vfs_write+0x20c/0x580 [ 3622.329138][T24334] ksys_write+0xea/0x1f0 [ 3622.329159][T24334] ? __ia32_sys_read+0xb0/0xb0 [ 3622.329178][T24334] ? do_syscall_64+0x26/0x610 [ 3622.329195][T24334] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3622.329208][T24334] ? do_syscall_64+0x26/0x610 [ 3622.329230][T24334] __x64_sys_write+0x73/0xb0 [ 3622.329258][T24334] do_syscall_64+0x103/0x610 [ 3622.329277][T24334] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3622.329303][T24334] RIP: 0033:0x457f29 02:21:26 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, 0x0, 0x0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 3622.349049][T24334] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3622.358305][T24334] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3622.358322][T24334] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3622.358331][T24334] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3622.358340][T24334] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3622.358348][T24334] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3622.358356][T24334] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3622.428003][T24335] QAT: Invalid ioctl 02:21:27 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f0000000080)=0x2, 0x28f, 0x0, 0x0, 0x0, 0x8000000000000) [ 3622.606901][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3622.704812][T24333] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:21:27 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x4a00}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3622.923668][T24348] QAT: Invalid ioctl 02:21:27 executing program 2 (fault-call:2 fault-nth:45): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:21:27 executing program 1: syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x7, 0x80000) syz_open_dev$cec(&(0x7f0000000140)='/dev/cec#\x00', 0x0, 0x2) r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000280)='/proc/capi/capi20\x00', 0x404002, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="0e812b39ab1800000000b0992ff21ddfc66a55c2b0096f30d907ebc82a2d01b8f43596e7c67ab967a56774de234f42e42b068a85988628b1efd9dc8447af000000000000"], 0x2) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r2, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3623.171265][T24358] FAULT_INJECTION: forcing a failure. [ 3623.171265][T24358] name failslab, interval 1, probability 0, space 0, times 0 [ 3623.196776][T24358] CPU: 1 PID: 24358 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3623.198891][T24352] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3623.205626][T24358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3623.205635][T24358] Call Trace: [ 3623.205670][T24358] dump_stack+0x172/0x1f0 [ 3623.205704][T24358] should_fail.cold+0xa/0x15 [ 3623.236114][T24358] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3623.241936][T24358] ? ___might_sleep+0x163/0x280 [ 3623.246829][T24358] __should_failslab+0x121/0x190 [ 3623.251786][T24358] should_failslab+0x9/0x14 [ 3623.256305][T24358] kmem_cache_alloc+0x2b2/0x6f0 [ 3623.261183][T24358] ? memcpy+0x46/0x50 [ 3623.265191][T24358] ? kstrdup+0x5a/0x70 [ 3623.269290][T24358] __kernfs_new_node+0xef/0x690 [ 3623.274170][T24358] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 3623.279650][T24358] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3623.285328][T24358] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3623.290822][T24358] ? retint_kernel+0x2d/0x2d [ 3623.295444][T24358] kernfs_new_node+0x99/0x130 [ 3623.300144][T24358] kernfs_create_dir_ns+0x52/0x160 [ 3623.305275][T24358] sysfs_create_dir_ns+0x131/0x2a0 [ 3623.310414][T24358] ? sysfs_create_mount_point+0xa0/0xa0 [ 3623.315988][T24358] ? class_dir_child_ns_type+0xd/0x60 [ 3623.321381][T24358] ? class_dir_child_ns_type+0x36/0x60 [ 3623.326868][T24358] kobject_add_internal.cold+0xe5/0x5d4 [ 3623.332437][T24358] kobject_add+0x150/0x1c0 [ 3623.336870][T24358] ? kset_create_and_add+0x1a0/0x1a0 [ 3623.342188][T24358] ? kasan_check_read+0x11/0x20 [ 3623.347071][T24358] ? mutex_unlock+0xd/0x10 [ 3623.351514][T24358] device_add+0x3d5/0x18a0 [ 3623.355950][T24358] ? device_initialize+0x440/0x440 [ 3623.361084][T24358] ? get_device_parent.isra.0+0x570/0x570 [ 3623.366829][T24358] hci_register_dev+0x2e8/0x860 [ 3623.371706][T24358] __vhci_create_device+0x2d0/0x5a0 [ 3623.376967][T24358] vhci_write+0x2d0/0x470 [ 3623.381333][T24358] new_sync_write+0x4c7/0x760 [ 3623.396315][T24358] ? default_llseek+0x2e0/0x2e0 [ 3623.401195][T24358] ? common_file_perm+0x238/0x720 [ 3623.406234][T24358] ? __fget+0x381/0x550 [ 3623.410412][T24358] ? apparmor_file_permission+0x25/0x30 [ 3623.415962][T24358] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3623.422210][T24358] ? security_file_permission+0x94/0x380 [ 3623.427869][T24358] __vfs_write+0xe4/0x110 [ 3623.432212][T24358] vfs_write+0x20c/0x580 [ 3623.436490][T24358] ksys_write+0xea/0x1f0 [ 3623.440748][T24358] ? __ia32_sys_read+0xb0/0xb0 [ 3623.445529][T24358] ? do_syscall_64+0x26/0x610 [ 3623.450211][T24358] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3623.456300][T24358] ? do_syscall_64+0x26/0x610 [ 3623.461001][T24358] __x64_sys_write+0x73/0xb0 [ 3623.465611][T24358] do_syscall_64+0x103/0x610 [ 3623.470233][T24358] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3623.476156][T24358] RIP: 0033:0x457f29 [ 3623.480062][T24358] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3623.499677][T24358] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3623.508105][T24358] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 02:21:28 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, 0x0, 0x0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 3623.516091][T24358] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3623.524075][T24358] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3623.533567][T24358] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3623.542066][T24358] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3623.646742][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3623.725262][T24358] kobject_add_internal failed for hci32 (error: -12 parent: bluetooth) [ 3623.758458][T24358] Bluetooth: Can't register HCI device 02:21:29 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:21:29 executing program 5: r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x4, 0x10800) ioctl$TCGETA(r0, 0x5405, &(0x7f0000000040)) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x0) 02:21:29 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x4c00}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:21:29 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0x0, 0x2) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r0, 0x40bc5311, &(0x7f0000000280)={0x1, 0x2, 'client0\x00', 0xffffffff80000000, "a01d4a4e867f7eca", "2d135e3a02edecf716693e6100d11deb12a207f259d01c597cfb02480dd8a0d6", 0x3, 0x6}) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) setsockopt$netrom_NETROM_N2(r0, 0x103, 0x3, &(0x7f0000000140)=0x8, 0x4) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r2, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:21:29 executing program 2 (fault-call:2 fault-nth:46): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:21:29 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, 0x0, 0x0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 3624.687858][T24375] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3624.824031][T24389] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3624.858785][T24383] FAULT_INJECTION: forcing a failure. [ 3624.858785][T24383] name failslab, interval 1, probability 0, space 0, times 0 [ 3624.882402][T24383] CPU: 1 PID: 24383 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3624.891141][T24383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3624.901214][T24383] Call Trace: [ 3624.904541][T24383] dump_stack+0x172/0x1f0 [ 3624.908919][T24383] should_fail.cold+0xa/0x15 [ 3624.913550][T24383] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3624.919389][T24383] ? ___might_sleep+0x163/0x280 [ 3624.919411][T24383] __should_failslab+0x121/0x190 [ 3624.919431][T24383] should_failslab+0x9/0x14 [ 3624.919448][T24383] kmem_cache_alloc_trace+0x2d1/0x760 [ 3624.919470][T24383] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 3624.919483][T24383] ? refcount_inc_checked+0x2b/0x70 [ 3624.919502][T24383] device_add+0xfdc/0x18a0 [ 3624.919517][T24383] ? device_initialize+0x440/0x440 [ 3624.919537][T24383] ? get_device_parent.isra.0+0x570/0x570 [ 3624.919562][T24383] hci_register_dev+0x2e8/0x860 [ 3624.919585][T24383] __vhci_create_device+0x2d0/0x5a0 [ 3624.919603][T24383] vhci_write+0x2d0/0x470 [ 3624.919626][T24383] new_sync_write+0x4c7/0x760 [ 3624.929426][T24383] ? default_llseek+0x2e0/0x2e0 [ 3624.929455][T24383] ? retint_kernel+0x2d/0x2d [ 3624.929488][T24383] __vfs_write+0xe4/0x110 [ 3624.929508][T24383] vfs_write+0x20c/0x580 [ 3624.929530][T24383] ksys_write+0xea/0x1f0 [ 3624.939430][T24383] ? __ia32_sys_read+0xb0/0xb0 [ 3624.939450][T24383] ? do_syscall_64+0x26/0x610 [ 3624.939466][T24383] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3624.939482][T24383] ? do_syscall_64+0x26/0x610 [ 3624.939504][T24383] __x64_sys_write+0x73/0xb0 [ 3624.939519][T24383] do_syscall_64+0x103/0x610 [ 3624.939537][T24383] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3624.939549][T24383] RIP: 0033:0x457f29 [ 3624.939564][T24383] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3624.939572][T24383] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3624.939586][T24383] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3624.939594][T24383] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3624.939602][T24383] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3624.939611][T24383] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3624.939618][T24383] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3624.976833][T24383] Bluetooth: Can't register HCI device [ 3625.036091][T24392] IPVS: ftp: loaded support on port[0] = 21 02:21:29 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x5401}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3625.264861][T24396] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3625.374395][T24397] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:21:29 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x5865}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:21:29 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000600)='/dev/dlm_plock\x00', 0x200000, 0x0) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000680)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_SET(r1, &(0x7f00000009c0)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000980)={&(0x7f00000006c0)={0x284, r2, 0x4, 0x70bd2d, 0x25dfdbfb, {}, [@TIPC_NLA_NODE={0x2c, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7fffffff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1000}]}, @TIPC_NLA_BEARER={0xec, 0x1, [@TIPC_NLA_BEARER_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100000001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}]}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x19}}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0xeb2, @dev={0xfe, 0x80, [], 0x15}}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e24, 0x2, @loopback}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x3, @loopback, 0x100000000}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x3}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x5}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}]}, @TIPC_NLA_BEARER={0x40, 0x1, [@TIPC_NLA_BEARER_PROP={0x24, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffffffff3066}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xd77}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_BEARER_NAME={0x18, 0x1, @l2={'eth', 0x3a, 'veth1_to_bridge\x00'}}]}, @TIPC_NLA_SOCK={0x8, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_SOCK={0x10, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x4}]}, @TIPC_NLA_MEDIA={0x100, 0x5, [@TIPC_NLA_MEDIA_PROP={0x34, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffff}]}, @TIPC_NLA_MEDIA_PROP={0x54, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3ff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80000000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7fffffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}]}, 0x284}, 0x1, 0x0, 0x0, 0x20000040}, 0x4) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r3 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r3, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) r4 = syz_open_dev$cec(&(0x7f0000000280)='/dev/cec#\x00', 0x1, 0x2) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffff9c, 0x0, 0x10, &(0x7f00000002c0)={{{@in6=@mcast2, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@multicast2}, 0x0, @in=@multicast1}}, &(0x7f00000003c0)=0xe8) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000400)={{{@in6=@ipv4={[], [], @broadcast}, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in6=@loopback}}, &(0x7f0000000500)=0xe8) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x10, &(0x7f0000000a00)=ANY=[@ANYBLOB="74102b6ee07ad66fcbe2003a6d30730000106f3c", @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYBLOB=',version=9p2000.u,cache=none,uid>', @ANYRESDEC=r5, @ANYBLOB=',fowner<', @ANYRESDEC=r6, @ANYBLOB=',func=FIRMWARE_CHECK,\x00']) openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000540)='/dev/video36\x00', 0x2, 0x0) 02:21:29 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x0, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:21:30 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x20002, 0x0) ioctl$BLKDISCARD(r0, 0x1277, &(0x7f0000000040)=0x7) ioctl$BLKDISCARD(r0, 0x1277, &(0x7f0000000080)=0x80) futex(&(0x7f000000cffc), 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0) 02:21:30 executing program 2 (fault-call:2 fault-nth:47): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3625.599162][T24406] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3625.696199][T24416] FAULT_INJECTION: forcing a failure. [ 3625.696199][T24416] name failslab, interval 1, probability 0, space 0, times 0 [ 3625.748269][T24416] CPU: 1 PID: 24416 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3625.756980][T24416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3625.756989][T24416] Call Trace: [ 3625.757019][T24416] dump_stack+0x172/0x1f0 [ 3625.757046][T24416] should_fail.cold+0xa/0x15 [ 3625.757070][T24416] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3625.757099][T24416] ? ___might_sleep+0x163/0x280 [ 3625.757127][T24416] __should_failslab+0x121/0x190 [ 3625.757148][T24416] should_failslab+0x9/0x14 [ 3625.757175][T24416] __kmalloc_track_caller+0x2d8/0x740 [ 3625.804884][T24416] ? kernfs_activate+0x192/0x1f0 [ 3625.809847][T24416] ? kstrdup_const+0x66/0x80 [ 3625.814454][T24416] kstrdup+0x3a/0x70 [ 3625.814474][T24416] kstrdup_const+0x66/0x80 [ 3625.814494][T24416] __kernfs_new_node+0xb0/0x690 [ 3625.814511][T24416] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3625.814532][T24416] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 3625.814562][T24416] ? sysfs_do_create_link_sd.isra.0+0x82/0x140 [ 3625.827703][T24416] ? find_held_lock+0x35/0x130 [ 3625.827724][T24416] ? sysfs_do_create_link_sd.isra.0+0x82/0x140 [ 3625.827746][T24416] ? kasan_check_write+0x14/0x20 [ 3625.827770][T24416] kernfs_new_node+0x99/0x130 [ 3625.827797][T24416] kernfs_create_link+0xdd/0x250 [ 3625.827817][T24416] sysfs_do_create_link_sd.isra.0+0x90/0x140 [ 3625.827833][T24416] sysfs_create_link+0x65/0xc0 [ 3625.827853][T24416] device_add+0x78f/0x18a0 [ 3625.827878][T24416] ? get_device_parent.isra.0+0x570/0x570 [ 3625.827896][T24416] ? start_creating+0x163/0x1e0 [ 3625.827912][T24416] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3625.827931][T24416] hci_register_dev+0x2e8/0x860 [ 3625.827956][T24416] __vhci_create_device+0x2d0/0x5a0 [ 3625.850658][T24416] vhci_write+0x2d0/0x470 [ 3625.850683][T24416] new_sync_write+0x4c7/0x760 [ 3625.850704][T24416] ? default_llseek+0x2e0/0x2e0 [ 3625.850731][T24416] ? common_file_perm+0x238/0x720 [ 3625.850748][T24416] ? __fget+0x381/0x550 [ 3625.850768][T24416] ? apparmor_file_permission+0x25/0x30 [ 3625.850793][T24416] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3625.850818][T24416] ? security_file_permission+0x94/0x380 [ 3625.877567][T24416] __vfs_write+0xe4/0x110 [ 3625.877590][T24416] vfs_write+0x20c/0x580 [ 3625.877614][T24416] ksys_write+0xea/0x1f0 [ 3625.877635][T24416] ? __ia32_sys_read+0xb0/0xb0 [ 3625.877654][T24416] ? do_syscall_64+0x26/0x610 [ 3625.877669][T24416] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3625.877683][T24416] ? do_syscall_64+0x26/0x610 [ 3625.877704][T24416] __x64_sys_write+0x73/0xb0 [ 3625.877720][T24416] do_syscall_64+0x103/0x610 [ 3625.877740][T24416] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3625.877752][T24416] RIP: 0033:0x457f29 [ 3625.877768][T24416] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3625.877783][T24416] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3625.892683][T24416] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3625.892693][T24416] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3625.892702][T24416] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3625.892712][T24416] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3625.892721][T24416] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3626.111596][T24416] Bluetooth: Can't register HCI device [ 3626.766620][ C0] net_ratelimit: 16 callbacks suppressed [ 3626.766630][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:21:32 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:21:32 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x6000}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:21:32 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x0, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:21:32 executing program 2 (fault-call:2 fault-nth:48): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:21:32 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000000040), 0xfffffffffffffffe) futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x0) 02:21:32 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x1, 0xec) getsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000140), &(0x7f0000000280)=0xb) ioctl$KDMKTONE(r0, 0x4b30, 0xfffffffffffffffd) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) ioctl$UI_SET_LEDBIT(r0, 0x40045569, 0xf) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r2, &(0x7f00000008c0)=[{&(0x7f0000000040)=""/39}, {&(0x7f0000000800)=""/162, 0xffffffffffffff2e}, {&(0x7f00000004c0)=""/240, 0x2a0}, {&(0x7f00000005c0)=""/137}, {&(0x7f0000000680)=""/219}], 0x29e) [ 3627.806735][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3627.812617][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3627.818550][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3627.824346][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3627.830236][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3627.836043][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3627.842052][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3627.847860][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3627.945097][T24439] FAULT_INJECTION: forcing a failure. [ 3627.945097][T24439] name failslab, interval 1, probability 0, space 0, times 0 [ 3627.963732][T24437] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3627.974477][T24439] CPU: 0 PID: 24439 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3627.983177][T24439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3627.993271][T24439] Call Trace: [ 3627.996612][T24439] dump_stack+0x172/0x1f0 [ 3628.000971][T24439] should_fail.cold+0xa/0x15 [ 3628.005600][T24439] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3628.011441][T24439] ? ___might_sleep+0x163/0x280 [ 3628.016321][T24439] __should_failslab+0x121/0x190 [ 3628.021309][T24439] should_failslab+0x9/0x14 [ 3628.025829][T24439] kmem_cache_alloc+0x2b2/0x6f0 [ 3628.030697][T24439] ? memcpy+0x46/0x50 [ 3628.034696][T24439] ? kstrdup+0x5a/0x70 [ 3628.038789][T24439] __kernfs_new_node+0xef/0x690 [ 3628.043650][T24439] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3628.043673][T24439] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 3628.043690][T24439] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3628.043712][T24439] ? sysfs_do_create_link_sd.isra.0+0x82/0x140 [ 3628.043728][T24439] ? find_held_lock+0x35/0x130 [ 3628.043750][T24439] ? sysfs_do_create_link_sd.isra.0+0x82/0x140 [ 3628.062608][T24456] IPVS: ftp: loaded support on port[0] = 21 [ 3628.066434][T24439] ? kasan_check_write+0x14/0x20 [ 3628.066459][T24439] kernfs_new_node+0x99/0x130 [ 3628.066479][T24439] kernfs_create_link+0xdd/0x250 [ 3628.066499][T24439] sysfs_do_create_link_sd.isra.0+0x90/0x140 [ 3628.066517][T24439] sysfs_create_link+0x65/0xc0 [ 3628.066537][T24439] device_add+0x78f/0x18a0 [ 3628.066562][T24439] ? get_device_parent.isra.0+0x570/0x570 [ 3628.066587][T24439] ? start_creating+0x163/0x1e0 [ 3628.098068][T24439] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3628.098093][T24439] hci_register_dev+0x2e8/0x860 [ 3628.098120][T24439] __vhci_create_device+0x2d0/0x5a0 [ 3628.098141][T24439] vhci_write+0x2d0/0x470 [ 3628.098161][T24439] new_sync_write+0x4c7/0x760 [ 3628.098180][T24439] ? default_llseek+0x2e0/0x2e0 [ 3628.098205][T24439] ? common_file_perm+0x238/0x720 [ 3628.098222][T24439] ? __fget+0x381/0x550 [ 3628.098243][T24439] ? apparmor_file_permission+0x25/0x30 [ 3628.098269][T24439] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3628.098295][T24439] ? security_file_permission+0x94/0x380 [ 3628.098317][T24439] __vfs_write+0xe4/0x110 [ 3628.098338][T24439] vfs_write+0x20c/0x580 [ 3628.098369][T24439] ksys_write+0xea/0x1f0 [ 3628.130423][T24439] ? __ia32_sys_read+0xb0/0xb0 [ 3628.130444][T24439] ? do_syscall_64+0x26/0x610 [ 3628.130462][T24439] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3628.130477][T24439] ? do_syscall_64+0x26/0x610 [ 3628.130500][T24439] __x64_sys_write+0x73/0xb0 [ 3628.130521][T24439] do_syscall_64+0x103/0x610 [ 3628.159513][T24439] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3628.159528][T24439] RIP: 0033:0x457f29 [ 3628.159545][T24439] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3628.159552][T24439] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3628.159566][T24439] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3628.159575][T24439] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3628.159590][T24439] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3628.181157][T24439] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3628.181167][T24439] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 02:21:32 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="ff803cf7e792aebb1b6f9366df640fd099ca26ac237f5ae5fc2e073e1e3ad65c52414abc935af3ad051189fb8731144a016da2c584fdb5b8167a867e8cf3b5f212846d3f3080eb8a5fc29cf801afdc364dcd4b6c198d0e8ecb97e3d6e675a9e4f941063f42b09549389c3556a378593bb64fb37ac1da6705e4937289b92c4071d3a8957f467a4fd5"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) ioctl$RTC_PLL_SET(r1, 0x40207012, &(0x7f0000000040)={0x0, 0x62, 0x101, 0x9, 0x4, 0x8, 0xe8}) lstat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0}) r3 = add_key$keyring(&(0x7f0000000140)='keyring\x00', &(0x7f00000003c0)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) keyctl$get_persistent(0x16, r2, r3) fadvise64(r1, 0x0, 0x4ca4, 0x7) [ 3628.354858][T24439] Bluetooth: Can't register HCI device 02:21:32 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x6001}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3628.538898][T24467] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:21:33 executing program 2 (fault-call:2 fault-nth:49): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:21:33 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x6087}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:21:33 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x0, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:21:33 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='system\x00'}, 0x30) waitid(0x1, r0, 0x0, 0x4, &(0x7f0000000080)) [ 3628.823033][T24479] FAULT_INJECTION: forcing a failure. [ 3628.823033][T24479] name failslab, interval 1, probability 0, space 0, times 0 [ 3628.856741][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3628.877824][T24479] CPU: 1 PID: 24479 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3628.886554][T24479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3628.896633][T24479] Call Trace: [ 3628.899963][T24479] dump_stack+0x172/0x1f0 [ 3628.904331][T24479] should_fail.cold+0xa/0x15 [ 3628.908955][T24479] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3628.914777][T24479] ? ___might_sleep+0x163/0x280 [ 3628.919648][T24479] __should_failslab+0x121/0x190 [ 3628.924579][T24479] should_failslab+0x9/0x14 [ 3628.929265][T24479] kmem_cache_alloc+0x2b2/0x6f0 [ 3628.934145][T24479] __kernfs_new_node+0xef/0x690 [ 3628.939035][T24479] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 3628.944519][T24479] ? kernfs_activate+0x192/0x1f0 [ 3628.949478][T24479] ? lock_downgrade+0x880/0x880 [ 3628.954317][T24479] ? kasan_check_read+0x11/0x20 [ 3628.959157][T24479] ? mutex_trylock+0x1e0/0x1e0 [ 3628.963917][T24479] ? lock_downgrade+0x880/0x880 [ 3628.968587][T24482] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3628.968771][T24479] kernfs_new_node+0x99/0x130 [ 3628.981605][T24479] kernfs_create_dir_ns+0x52/0x160 [ 3628.986741][T24479] internal_create_group+0x7f8/0xc40 [ 3628.992142][T24479] ? remove_files.isra.0+0x190/0x190 [ 3628.997458][T24479] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 3629.003735][T24479] ? kernfs_put+0x3e3/0x600 [ 3629.008267][T24479] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3629.014526][T24479] ? kernfs_create_link+0x1d2/0x250 [ 3629.019744][T24479] sysfs_create_group+0x20/0x30 [ 3629.024619][T24479] dpm_sysfs_add+0x8b/0x270 [ 3629.029141][T24479] device_add+0xa20/0x18a0 [ 3629.033581][T24479] ? get_device_parent.isra.0+0x570/0x570 [ 3629.039320][T24479] ? start_creating+0x163/0x1e0 [ 3629.044193][T24479] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3629.050458][T24479] hci_register_dev+0x2e8/0x860 [ 3629.055326][T24479] __vhci_create_device+0x2d0/0x5a0 [ 3629.060538][T24479] vhci_write+0x2d0/0x470 [ 3629.060562][T24479] new_sync_write+0x4c7/0x760 [ 3629.060583][T24479] ? default_llseek+0x2e0/0x2e0 [ 3629.074456][T24479] ? common_file_perm+0x238/0x720 [ 3629.079500][T24479] ? __fget+0x381/0x550 [ 3629.079525][T24479] ? apparmor_file_permission+0x25/0x30 [ 3629.079542][T24479] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3629.079567][T24479] ? security_file_permission+0x94/0x380 [ 3629.089273][T24479] __vfs_write+0xe4/0x110 [ 3629.089295][T24479] vfs_write+0x20c/0x580 [ 3629.089318][T24479] ksys_write+0xea/0x1f0 [ 3629.089338][T24479] ? __ia32_sys_read+0xb0/0xb0 [ 3629.089358][T24479] ? do_syscall_64+0x26/0x610 [ 3629.089375][T24479] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3629.089388][T24479] ? do_syscall_64+0x26/0x610 [ 3629.089408][T24479] __x64_sys_write+0x73/0xb0 [ 3629.089425][T24479] do_syscall_64+0x103/0x610 [ 3629.089442][T24479] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3629.089455][T24479] RIP: 0033:0x457f29 [ 3629.089478][T24479] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3629.101339][T24479] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3629.101354][T24479] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3629.101362][T24479] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3629.101371][T24479] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3629.101380][T24479] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3629.101390][T24479] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3629.180608][T24479] Bluetooth: Can't register HCI device [ 3629.326427][T24495] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:21:35 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:21:35 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000000280)={0xffffffffffffffff}, 0x84000) setsockopt$SO_VM_SOCKETS_BUFFER_MAX_SIZE(r0, 0x28, 0x2, &(0x7f00000002c0)=0x3, 0x8) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) socket$inet_smc(0x2b, 0x1, 0x0) write$P9_RLERRORu(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl\x00', 0x800, 0x0) ioctl$UI_SET_PHYS(r3, 0x4008556c, &(0x7f0000000140)='syz0\x00') readv(r2, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:21:35 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x6100}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:21:35 executing program 2 (fault-call:2 fault-nth:50): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:21:35 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:21:35 executing program 5: futex(&(0x7f0000000040), 0x80000000000b, 0x0, 0x0, &(0x7f0000000080), 0x0) futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x0) [ 3631.010654][T24514] FAULT_INJECTION: forcing a failure. [ 3631.010654][T24514] name failslab, interval 1, probability 0, space 0, times 0 [ 3631.042769][T24512] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3631.043702][T24514] CPU: 1 PID: 24514 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3631.059643][T24514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3631.069721][T24514] Call Trace: [ 3631.073022][T24514] dump_stack+0x172/0x1f0 [ 3631.077360][T24514] should_fail.cold+0xa/0x15 [ 3631.081955][T24514] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3631.087767][T24514] ? ___might_sleep+0x163/0x280 [ 3631.092631][T24514] __should_failslab+0x121/0x190 [ 3631.097580][T24514] should_failslab+0x9/0x14 [ 3631.102104][T24514] kmem_cache_alloc+0x2b2/0x6f0 [ 3631.107052][T24514] ? lock_downgrade+0x880/0x880 [ 3631.111915][T24514] ? kasan_check_read+0x11/0x20 [ 3631.116779][T24514] __kernfs_new_node+0xef/0x690 [ 3631.121644][T24514] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 3631.127114][T24514] ? wait_for_completion+0x440/0x440 [ 3631.132422][T24514] ? mutex_unlock+0xd/0x10 [ 3631.136847][T24514] ? kernfs_activate+0x192/0x1f0 [ 3631.141794][T24514] kernfs_new_node+0x99/0x130 [ 3631.146501][T24514] __kernfs_create_file+0x51/0x340 [ 3631.151614][T24514] sysfs_add_file_mode_ns+0x222/0x560 [ 3631.157027][T24514] sysfs_merge_group+0x1a0/0x340 [ 3631.161972][T24514] ? sysfs_init_fs_context+0x340/0x340 [ 3631.167432][T24514] ? kernfs_put+0x3e3/0x600 [ 3631.171980][T24514] dpm_sysfs_add+0x21d/0x270 [ 3631.176575][T24514] device_add+0xa20/0x18a0 [ 3631.181005][T24514] ? get_device_parent.isra.0+0x570/0x570 [ 3631.186727][T24514] ? start_creating+0x163/0x1e0 [ 3631.191579][T24514] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3631.197831][T24514] hci_register_dev+0x2e8/0x860 [ 3631.202695][T24514] __vhci_create_device+0x2d0/0x5a0 [ 3631.207913][T24514] vhci_write+0x2d0/0x470 [ 3631.212277][T24514] new_sync_write+0x4c7/0x760 [ 3631.216959][T24514] ? default_llseek+0x2e0/0x2e0 [ 3631.221836][T24514] ? common_file_perm+0x238/0x720 [ 3631.226861][T24514] ? __fget+0x381/0x550 [ 3631.231045][T24514] ? apparmor_file_permission+0x25/0x30 [ 3631.236594][T24514] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3631.242849][T24514] ? security_file_permission+0x94/0x380 [ 3631.248490][T24514] __vfs_write+0xe4/0x110 [ 3631.252833][T24514] vfs_write+0x20c/0x580 [ 3631.257086][T24514] ksys_write+0xea/0x1f0 [ 3631.261421][T24514] ? __ia32_sys_read+0xb0/0xb0 [ 3631.266218][T24514] ? do_syscall_64+0x26/0x610 [ 3631.270906][T24514] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3631.277063][T24514] ? do_syscall_64+0x26/0x610 [ 3631.281745][T24514] __x64_sys_write+0x73/0xb0 [ 3631.286346][T24514] do_syscall_64+0x103/0x610 [ 3631.290946][T24514] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3631.296838][T24514] RIP: 0033:0x457f29 [ 3631.300730][T24514] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3631.320703][T24514] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3631.329307][T24514] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3631.337287][T24514] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3631.345287][T24514] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3631.353274][T24514] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 02:21:35 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) [ 3631.361276][T24514] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 02:21:35 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = inotify_init1(0x800) fsetxattr$security_capability(r0, &(0x7f0000000880)='security.capability\x00', &(0x7f00000008c0)=@v2={0x2000000, [{0x8, 0x40}, {0x6, 0x1}]}, 0x14, 0x3) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) remap_file_pages(&(0x7f0000ff5000/0x8000)=nil, 0x8000, 0x2000000, 0x5, 0x40) r2 = syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x0, 0x100) sendto$llc(r2, &(0x7f0000000380)="ad56408be434ae364938ff72d86f31de068dfdcd8249905c1f3b5693375a05ca7530b6746f4ef11ff4c35b5277db9c72c63a4b1a3af1e0f7d3bffa2c7c99b23ac796fe717987e0033f633d12cf8b29691d802f3736ab860837628a1d4c66", 0x5e, 0x0, &(0x7f0000000400)={0x1a, 0x30f, 0xb6, 0x101, 0x7ff, 0x1, @broadcast}, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000280)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r2, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x402000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x28, r3, 0x300, 0x70bd2c, 0x25dfdbff, {}, [@TIPC_NLA_NET={0xc, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x81}]}, @TIPC_NLA_SOCK={0x8, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4040}, 0x40) r4 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r4, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3631.539928][T24514] Bluetooth: Can't register HCI device 02:21:36 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) [ 3631.611440][T24517] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:21:36 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:21:36 executing program 2 (fault-call:2 fault-nth:51): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3631.878479][T24543] IPVS: ftp: loaded support on port[0] = 21 02:21:36 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$VT_DISALLOCATE(r0, 0x5608) ioctl$UI_GET_VERSION(r1, 0x8004552d, &(0x7f0000000040)) ioctl$VT_DISALLOCATE(r1, 0x5608) futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x0) 02:21:36 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x6401}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3631.966779][ C0] net_ratelimit: 9 callbacks suppressed [ 3631.966787][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3631.972482][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3631.972610][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3631.989877][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3631.995778][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3632.001620][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3632.007521][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3632.013322][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3632.132003][T24557] FAULT_INJECTION: forcing a failure. [ 3632.132003][T24557] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3632.145276][T24557] CPU: 0 PID: 24557 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3632.145294][T24557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3632.145301][T24557] Call Trace: [ 3632.145331][T24557] dump_stack+0x172/0x1f0 [ 3632.145359][T24557] should_fail.cold+0xa/0x15 [ 3632.145381][T24557] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3632.145404][T24557] ? __lock_acquire+0x548/0x3fb0 [ 3632.145432][T24557] should_fail_alloc_page+0x50/0x60 [ 3632.145451][T24557] __alloc_pages_nodemask+0x1a1/0x7e0 [ 3632.145481][T24557] ? __alloc_pages_slowpath+0x2900/0x2900 [ 3632.145497][T24557] ? find_held_lock+0x35/0x130 [ 3632.145528][T24557] ? kasan_check_write+0x14/0x20 [ 3632.145555][T24557] cache_grow_begin+0x9c/0x860 [ 3632.145573][T24557] ? kasan_check_read+0x11/0x20 [ 3632.145589][T24557] ? do_raw_spin_unlock+0x57/0x270 [ 3632.145615][T24557] ____cache_alloc_node+0x17c/0x1e0 [ 3632.187307][T24557] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3632.187332][T24557] kmem_cache_alloc+0x1e8/0x6f0 [ 3632.187349][T24557] ? mark_held_locks+0xa4/0xf0 [ 3632.187368][T24557] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3632.187393][T24557] __kernfs_new_node+0xef/0x690 [ 3632.187415][T24557] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 3632.187437][T24557] ? retint_kernel+0x2d/0x2d [ 3632.187467][T24557] kernfs_new_node+0x99/0x130 [ 3632.187488][T24557] kernfs_create_dir_ns+0x52/0x160 [ 3632.187506][T24557] internal_create_group+0x7f8/0xc40 [ 3632.187521][T24557] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3632.187533][T24557] ? retint_kernel+0x2d/0x2d [ 3632.187555][T24557] ? remove_files.isra.0+0x190/0x190 [ 3632.198149][T24557] ? retint_kernel+0x2d/0x2d [ 3632.198176][T24557] sysfs_create_group+0x20/0x30 [ 3632.198196][T24557] dpm_sysfs_add+0x8b/0x270 [ 3632.198218][T24557] device_add+0xa20/0x18a0 [ 3632.198243][T24557] ? get_device_parent.isra.0+0x570/0x570 [ 3632.198278][T24557] hci_register_dev+0x2e8/0x860 [ 3632.198307][T24557] __vhci_create_device+0x2d0/0x5a0 [ 3632.198330][T24557] vhci_write+0x2d0/0x470 [ 3632.208905][T24557] new_sync_write+0x4c7/0x760 [ 3632.208930][T24557] ? default_llseek+0x2e0/0x2e0 [ 3632.208949][T24557] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3632.208987][T24557] ? common_file_perm+0x238/0x720 [ 3632.209024][T24557] ? apparmor_file_permission+0x25/0x30 [ 3632.209041][T24557] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3632.209059][T24557] ? security_file_permission+0x94/0x380 [ 3632.209084][T24557] __vfs_write+0xe4/0x110 [ 3632.209103][T24557] vfs_write+0x20c/0x580 [ 3632.209124][T24557] ksys_write+0xea/0x1f0 [ 3632.209145][T24557] ? __ia32_sys_read+0xb0/0xb0 [ 3632.209169][T24557] ? do_syscall_64+0x26/0x610 [ 3632.209191][T24557] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3632.223733][T24557] ? do_syscall_64+0x26/0x610 [ 3632.223760][T24557] __x64_sys_write+0x73/0xb0 [ 3632.223779][T24557] do_syscall_64+0x103/0x610 [ 3632.223805][T24557] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3632.223822][T24557] RIP: 0033:0x457f29 [ 3632.223840][T24557] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3632.223849][T24557] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3632.223864][T24557] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3632.223882][T24557] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3632.234211][T24557] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3632.234221][T24557] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3632.234230][T24557] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3632.509472][T24558] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:21:37 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="99fe3b240e150dbdd983000000001513d39d22a37198e7865dc5c45f7099af707af8b3"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x2000037e}], 0x1) [ 3632.623763][T24562] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:21:37 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:21:37 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x6558}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:21:37 executing program 2 (fault-call:2 fault-nth:52): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:21:37 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0xee9, 0x10000) write$UHID_GET_REPORT_REPLY(r0, &(0x7f0000000080)={0xa, 0x4, 0x6, 0x9}, 0xa) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000100)=0xfffffffffffffffd) [ 3632.972568][T24581] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3633.006735][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3633.044101][T24584] FAULT_INJECTION: forcing a failure. [ 3633.044101][T24584] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3633.057368][T24584] CPU: 0 PID: 24584 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3633.066140][T24584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3633.076203][T24584] Call Trace: [ 3633.079525][T24584] dump_stack+0x172/0x1f0 [ 3633.083881][T24584] should_fail.cold+0xa/0x15 [ 3633.088492][T24584] ? save_stack+0xa9/0xd0 [ 3633.092835][T24584] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3633.098650][T24584] ? __lock_acquire+0x548/0x3fb0 [ 3633.098676][T24584] should_fail_alloc_page+0x50/0x60 [ 3633.098692][T24584] __alloc_pages_nodemask+0x1a1/0x7e0 [ 3633.098713][T24584] ? __alloc_pages_slowpath+0x2900/0x2900 [ 3633.098727][T24584] ? find_held_lock+0x35/0x130 [ 3633.098750][T24584] ? kasan_check_write+0x14/0x20 [ 3633.098773][T24584] cache_grow_begin+0x9c/0x860 [ 3633.098794][T24584] ? kasan_check_read+0x11/0x20 [ 3633.129704][T24584] ? do_raw_spin_unlock+0x57/0x270 [ 3633.129728][T24584] ____cache_alloc_node+0x17c/0x1e0 [ 3633.129743][T24584] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3633.129763][T24584] kmem_cache_alloc+0x1e8/0x6f0 [ 3633.129789][T24584] __kernfs_new_node+0xef/0x690 [ 3633.129808][T24584] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 3633.129829][T24584] ? mark_held_locks+0xa4/0xf0 [ 3633.129851][T24584] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3633.160839][T24584] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3633.160859][T24584] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3633.160875][T24584] ? retint_kernel+0x2d/0x2d [ 3633.160897][T24584] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3633.176323][T24584] kernfs_new_node+0x99/0x130 [ 3633.176352][T24584] __kernfs_create_file+0x51/0x340 [ 3633.197127][T24584] sysfs_add_file_mode_ns+0x222/0x560 [ 3633.217912][T24584] sysfs_merge_group+0x1a0/0x340 [ 3633.222859][T24584] ? sysfs_init_fs_context+0x340/0x340 [ 3633.222876][T24584] ? kernfs_put+0x3e3/0x600 [ 3633.222911][T24584] dpm_sysfs_add+0x21d/0x270 [ 3633.237812][T24584] device_add+0xa20/0x18a0 [ 3633.242259][T24584] ? get_device_parent.isra.0+0x570/0x570 [ 3633.247995][T24584] ? start_creating+0x163/0x1e0 [ 3633.252852][T24584] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3633.259098][T24584] hci_register_dev+0x2e8/0x860 [ 3633.259125][T24584] __vhci_create_device+0x2d0/0x5a0 [ 3633.259143][T24584] vhci_write+0x2d0/0x470 [ 3633.259173][T24584] new_sync_write+0x4c7/0x760 [ 3633.278921][T24584] ? default_llseek+0x2e0/0x2e0 [ 3633.278958][T24584] ? security_file_permission+0xc0/0x380 [ 3633.289440][T24584] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3633.295693][T24584] ? security_file_permission+0x94/0x380 [ 3633.301346][T24584] ? rw_verify_area+0xb2/0x360 [ 3633.301368][T24584] __vfs_write+0xe4/0x110 [ 3633.301389][T24584] vfs_write+0x20c/0x580 [ 3633.301410][T24584] ksys_write+0xea/0x1f0 [ 3633.319052][T24584] ? __ia32_sys_read+0xb0/0xb0 [ 3633.319073][T24584] ? do_syscall_64+0x26/0x610 [ 3633.319095][T24584] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3633.334593][T24584] ? do_syscall_64+0x26/0x610 [ 3633.339323][T24584] __x64_sys_write+0x73/0xb0 [ 3633.343977][T24584] do_syscall_64+0x103/0x610 [ 3633.344003][T24584] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3633.344028][T24584] RIP: 0033:0x457f29 [ 3633.358393][T24584] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3633.378001][T24584] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3633.378017][T24584] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3633.378026][T24584] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3633.378035][T24584] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3633.378044][T24584] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3633.378052][T24584] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 02:21:37 executing program 1: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r2, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:21:38 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 3634.046533][ C0] protocol 88fb is buggy, dev hsr_slave_0 02:21:39 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:21:39 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x6800}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:21:39 executing program 2 (fault-call:2 fault-nth:53): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:21:39 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) r2 = syz_open_dev$amidi(&(0x7f0000000040)='/dev/amidi#\x00', 0x4, 0x400) ioctl$KVM_INTERRUPT(r2, 0x4004ae86, &(0x7f0000000140)=0x100) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffff9c, 0x84, 0x22, &(0x7f00000002c0)={0x3c, 0x200, 0x4, 0x3ff, 0x0}, &(0x7f0000000300)=0x10) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r2, 0x84, 0x6c, &(0x7f0000000340)=ANY=[@ANYRES32=r3, @ANYBLOB="2200af9c93a011fab00edd372fec09ad93aca7fc4e5c168d1eeb000000000000000000000000"], &(0x7f0000000380)=0x2a) 02:21:39 executing program 5: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x400002, 0x0) ioctl$VIDIOC_S_AUDOUT(r0, 0x40345632, &(0x7f0000000040)={0xffff, "49b6500bdd7142e6dcc36fddd230a1589428a0fa56942aedcb9c69272f8ca87f", 0x3, 0x1}) futex(&(0x7f0000000080)=0x2, 0x80000000000b, 0xfffffffffffffffc, 0x0, &(0x7f0000048000)=0xfffffffffffffffc, 0x0) futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x0) 02:21:39 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 3634.918882][T24621] FAULT_INJECTION: forcing a failure. [ 3634.918882][T24621] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3634.931546][T24620] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3634.932126][T24621] CPU: 1 PID: 24621 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3634.932140][T24621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3634.932146][T24621] Call Trace: [ 3634.932180][T24621] dump_stack+0x172/0x1f0 [ 3634.932210][T24621] should_fail.cold+0xa/0x15 [ 3634.971226][T24621] ? save_stack+0xa9/0xd0 [ 3634.975567][T24621] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3634.981384][T24621] ? __lock_acquire+0x548/0x3fb0 [ 3634.986335][T24621] should_fail_alloc_page+0x50/0x60 [ 3634.991541][T24621] __alloc_pages_nodemask+0x1a1/0x7e0 [ 3634.996942][T24621] ? __alloc_pages_slowpath+0x2900/0x2900 [ 3635.002664][T24621] ? find_held_lock+0x35/0x130 [ 3635.007437][T24621] ? kasan_check_write+0x14/0x20 [ 3635.012393][T24621] cache_grow_begin+0x9c/0x860 [ 3635.017163][T24621] ? kasan_check_read+0x11/0x20 [ 3635.022016][T24621] ? do_raw_spin_unlock+0x57/0x270 [ 3635.027136][T24621] ____cache_alloc_node+0x17c/0x1e0 [ 3635.032354][T24621] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3635.038608][T24621] kmem_cache_alloc+0x1e8/0x6f0 [ 3635.043477][T24621] __kernfs_new_node+0xef/0x690 [ 3635.048335][T24621] ? kernfs_find_and_get_ns+0x26/0x70 [ 3635.053717][T24621] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 3635.059188][T24621] ? lock_downgrade+0x880/0x880 [ 3635.064047][T24621] ? mutex_trylock+0x1e0/0x1e0 [ 3635.068817][T24621] ? kernfs_activate+0x192/0x1f0 [ 3635.073760][T24621] kernfs_new_node+0x99/0x130 [ 3635.078448][T24621] __kernfs_create_file+0x51/0x340 [ 3635.083582][T24621] sysfs_add_file_mode_ns+0x222/0x560 [ 3635.088968][T24621] sysfs_merge_group+0x1a0/0x340 [ 3635.093914][T24621] ? sysfs_init_fs_context+0x340/0x340 [ 3635.099379][T24621] ? kernfs_put+0x3e3/0x600 [ 3635.103927][T24621] dpm_sysfs_add+0x21d/0x270 [ 3635.108531][T24621] device_add+0xa20/0x18a0 [ 3635.112964][T24621] ? get_device_parent.isra.0+0x570/0x570 [ 3635.118705][T24621] hci_register_dev+0x2e8/0x860 [ 3635.123581][T24621] __vhci_create_device+0x2d0/0x5a0 [ 3635.128795][T24621] vhci_write+0x2d0/0x470 [ 3635.133135][T24621] new_sync_write+0x4c7/0x760 [ 3635.137910][T24621] ? default_llseek+0x2e0/0x2e0 [ 3635.142773][T24621] ? common_file_perm+0x238/0x720 [ 3635.147808][T24621] ? __fget+0x381/0x550 [ 3635.151973][T24621] ? apparmor_file_permission+0x25/0x30 [ 3635.157522][T24621] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3635.163773][T24621] ? security_file_permission+0x94/0x380 [ 3635.169424][T24621] __vfs_write+0xe4/0x110 [ 3635.173760][T24621] vfs_write+0x20c/0x580 [ 3635.178012][T24621] ksys_write+0xea/0x1f0 [ 3635.182264][T24621] ? __ia32_sys_read+0xb0/0xb0 [ 3635.187057][T24621] ? do_syscall_64+0x26/0x610 [ 3635.191755][T24621] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3635.197834][T24621] ? do_syscall_64+0x26/0x610 [ 3635.202532][T24621] __x64_sys_write+0x73/0xb0 [ 3635.207138][T24621] do_syscall_64+0x103/0x610 [ 3635.211741][T24621] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3635.217633][T24621] RIP: 0033:0x457f29 [ 3635.221530][T24621] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3635.241146][T24621] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3635.249566][T24621] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3635.257537][T24621] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 02:21:39 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x80000000001, 0x2, 0x0, 0x0, 0x0) [ 3635.265510][T24621] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3635.273481][T24621] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3635.281472][T24621] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 02:21:39 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) write$binfmt_aout(r0, &(0x7f0000000280)={{0x108, 0x7, 0x8, 0xd3, 0xac, 0x4d, 0x1cb, 0x8}, "9030677b5fadba68818363541b05286ac746c33cbe1deff0fc5f2c62b6105cb34785e5e0e3e85adf433d301847458339319fc9b6896532de955100406d3b765d88561747ba3d9c56f366a579010b5a362257eb9525d089450a0c2c59ec88e72f9671d3e771f4bc9d55de3ce660c182901a49e2ba84", [[], [], [], [], []]}, 0x595) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x200000, 0x0) ioctl$EVIOCGKEYCODE(r2, 0x80084504, &(0x7f0000000140)=""/28) [ 3635.463187][T24630] IPVS: ftp: loaded support on port[0] = 21 02:21:40 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x6c00}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:21:40 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:21:40 executing program 2 (fault-call:2 fault-nth:54): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3635.751282][T24644] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:21:40 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x4000, 0x0) ioctl$SNDRV_CTL_IOCTL_TLV_WRITE(r0, 0xc008551b, &(0x7f0000000140)={0x8, 0x10, [0xffffffffffffff81, 0x1ff, 0x1, 0x80]}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r2, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3635.945079][T24656] FAULT_INJECTION: forcing a failure. [ 3635.945079][T24656] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3635.958342][T24656] CPU: 0 PID: 24656 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3635.967028][T24656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3635.977091][T24656] Call Trace: [ 3635.980419][T24656] dump_stack+0x172/0x1f0 [ 3635.984780][T24656] should_fail.cold+0xa/0x15 [ 3635.984809][T24656] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3635.984833][T24656] ? mark_held_locks+0xa4/0xf0 [ 3635.984865][T24656] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3636.005501][T24656] should_fail_alloc_page+0x50/0x60 [ 3636.005521][T24656] __alloc_pages_nodemask+0x1a1/0x7e0 [ 3636.005545][T24656] ? __alloc_pages_slowpath+0x2900/0x2900 [ 3636.005585][T24656] cache_grow_begin+0x9c/0x860 [ 3636.021852][T24656] ? __d_alloc+0x2e/0x8c0 [ 3636.021872][T24656] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3636.021895][T24656] kmem_cache_alloc+0x62d/0x6f0 [ 3636.021914][T24656] ? unwind_get_return_address+0x61/0xa0 [ 3636.021935][T24656] __d_alloc+0x2e/0x8c0 [ 3636.051930][T24656] d_alloc+0x4d/0x2b0 [ 3636.055921][T24656] ? debug_smp_processor_id+0x3c/0x280 [ 3636.061398][T24656] d_alloc_parallel+0xf4/0x1bc0 [ 3636.066254][T24656] ? mark_held_locks+0xa4/0xf0 [ 3636.071020][T24656] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3636.076486][T24656] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3636.081950][T24656] ? lockdep_hardirqs_on+0x418/0x5d0 [ 3636.087228][T24656] ? retint_kernel+0x2d/0x2d [ 3636.091834][T24656] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3636.097484][T24656] ? __d_lookup_rcu+0x6c0/0x6c0 [ 3636.102338][T24656] ? retint_kernel+0x2d/0x2d [ 3636.106943][T24656] __lookup_slow+0x1ab/0x500 [ 3636.111547][T24656] ? vfs_unlink+0x560/0x560 [ 3636.116074][T24656] ? retint_kernel+0x2d/0x2d [ 3636.120674][T24656] ? d_lookup+0x19e/0x260 [ 3636.125002][T24656] ? lookup_dcache+0x26/0x140 [ 3636.129684][T24656] lookup_one_len+0x16d/0x1a0 [ 3636.134465][T24656] ? lookup_one_len_unlocked+0x100/0x100 [ 3636.134496][T24656] start_creating+0xbf/0x1e0 [ 3636.134515][T24656] debugfs_create_dir+0x26/0x3d0 [ 3636.134537][T24656] hci_register_dev+0x299/0x860 [ 3636.144756][T24656] __vhci_create_device+0x2d0/0x5a0 [ 3636.144775][T24656] vhci_write+0x2d0/0x470 [ 3636.144803][T24656] new_sync_write+0x4c7/0x760 [ 3636.164095][T24656] ? default_llseek+0x2e0/0x2e0 [ 3636.164123][T24656] ? common_file_perm+0x238/0x720 [ 3636.164139][T24656] ? __fget+0x381/0x550 [ 3636.164160][T24656] ? apparmor_file_permission+0x25/0x30 [ 3636.178730][T24656] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3636.178767][T24656] ? security_file_permission+0x94/0x380 [ 3636.178799][T24656] __vfs_write+0xe4/0x110 [ 3636.178819][T24656] vfs_write+0x20c/0x580 [ 3636.178840][T24656] ksys_write+0xea/0x1f0 [ 3636.178857][T24656] ? __ia32_sys_read+0xb0/0xb0 [ 3636.178874][T24656] ? do_syscall_64+0x26/0x610 [ 3636.178889][T24656] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3636.178909][T24656] ? do_syscall_64+0x26/0x610 [ 3636.178935][T24656] __x64_sys_write+0x73/0xb0 [ 3636.194885][T24656] do_syscall_64+0x103/0x610 [ 3636.194910][T24656] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3636.194923][T24656] RIP: 0033:0x457f29 [ 3636.194939][T24656] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3636.194947][T24656] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3636.194960][T24656] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3636.194968][T24656] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3636.194976][T24656] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3636.194992][T24656] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3636.228879][T24656] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3636.430236][T24644] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3637.166819][ C0] net_ratelimit: 16 callbacks suppressed [ 3637.166829][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:21:42 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, 0x0, 0x0) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:21:42 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x1000, 0x80) setsockopt$IP_VS_SO_SET_EDIT(r0, 0x0, 0x483, &(0x7f0000000080)={0x6d, @remote, 0x4e24, 0x2, 'nq\x00', 0x4, 0xbea2, 0x42}, 0x2c) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x10a00, 0x0) 02:21:42 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x2000, 0x0) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r2, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:21:42 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x7001}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:21:42 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, 0x0, 0x0) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:21:42 executing program 2 (fault-call:2 fault-nth:55): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3638.030140][T24672] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3638.048979][T24676] FAULT_INJECTION: forcing a failure. [ 3638.048979][T24676] name failslab, interval 1, probability 0, space 0, times 0 [ 3638.080443][T24676] CPU: 0 PID: 24676 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3638.089148][T24676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3638.099214][T24676] Call Trace: [ 3638.102524][T24676] dump_stack+0x172/0x1f0 [ 3638.106876][T24676] should_fail.cold+0xa/0x15 [ 3638.111484][T24676] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3638.117319][T24676] ? ___might_sleep+0x163/0x280 [ 3638.122180][T24676] __should_failslab+0x121/0x190 [ 3638.127121][T24676] should_failslab+0x9/0x14 [ 3638.127139][T24676] kmem_cache_alloc+0x2b2/0x6f0 [ 3638.127165][T24676] __kernfs_new_node+0xef/0x690 [ 3638.127185][T24676] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 3638.127211][T24676] ? lock_downgrade+0x880/0x880 [ 3638.127226][T24676] ? retint_kernel+0x2d/0x2d [ 3638.127246][T24676] kernfs_new_node+0x99/0x130 [ 3638.127266][T24676] __kernfs_create_file+0x51/0x340 [ 3638.127291][T24676] sysfs_add_file_mode_ns+0x222/0x560 [ 3638.127316][T24676] sysfs_merge_group+0x1a0/0x340 [ 3638.156408][T24676] ? sysfs_init_fs_context+0x340/0x340 [ 3638.156426][T24676] ? kernfs_put+0x3e3/0x600 [ 3638.156460][T24676] dpm_sysfs_add+0x21d/0x270 [ 3638.156481][T24676] device_add+0xa20/0x18a0 [ 3638.156506][T24676] ? get_device_parent.isra.0+0x570/0x570 [ 3638.156534][T24676] hci_register_dev+0x2e8/0x860 [ 3638.156558][T24676] __vhci_create_device+0x2d0/0x5a0 [ 3638.156578][T24676] vhci_write+0x2d0/0x470 [ 3638.166363][T24676] new_sync_write+0x4c7/0x760 [ 3638.166385][T24676] ? default_llseek+0x2e0/0x2e0 [ 3638.166411][T24676] ? common_file_perm+0x238/0x720 [ 3638.166427][T24676] ? __fget+0x381/0x550 [ 3638.166448][T24676] ? apparmor_file_permission+0x25/0x30 [ 3638.166464][T24676] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3638.166482][T24676] ? security_file_permission+0x94/0x380 [ 3638.166502][T24676] __vfs_write+0xe4/0x110 [ 3638.176807][T24676] vfs_write+0x20c/0x580 [ 3638.176832][T24676] ksys_write+0xea/0x1f0 [ 3638.176852][T24676] ? __ia32_sys_read+0xb0/0xb0 [ 3638.176872][T24676] ? do_syscall_64+0x26/0x610 [ 3638.176889][T24676] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3638.176903][T24676] ? do_syscall_64+0x26/0x610 [ 3638.176924][T24676] __x64_sys_write+0x73/0xb0 [ 3638.176941][T24676] do_syscall_64+0x103/0x610 [ 3638.176960][T24676] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3638.176978][T24676] RIP: 0033:0x457f29 [ 3638.186933][T24676] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3638.186942][T24676] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3638.186958][T24676] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3638.186968][T24676] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3638.186977][T24676] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3638.186987][T24676] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3638.186996][T24676] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3638.217276][T24689] IPVS: ftp: loaded support on port[0] = 21 [ 3638.286684][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3638.303242][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3638.303372][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3638.327030][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3638.327137][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3638.327182][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3638.343824][ C0] protocol 88fb is buggy, dev hsr_slave_0 02:21:42 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) prctl$PR_GET_DUMPABLE(0x3) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3638.359777][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3638.378218][T24676] Bluetooth: Can't register HCI device 02:21:43 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x7400}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3638.708488][T24699] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:21:43 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x7a00}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:21:43 executing program 2 (fault-call:2 fault-nth:56): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:21:43 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, 0x0, 0x0) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:21:43 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x2) [ 3638.959150][T24707] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3639.002467][T24710] FAULT_INJECTION: forcing a failure. [ 3639.002467][T24710] name failslab, interval 1, probability 0, space 0, times 0 [ 3639.027713][T24710] CPU: 0 PID: 24710 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3639.036405][T24710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3639.036413][T24710] Call Trace: [ 3639.036445][T24710] dump_stack+0x172/0x1f0 [ 3639.036476][T24710] should_fail.cold+0xa/0x15 [ 3639.036505][T24710] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3639.036531][T24710] ? ___might_sleep+0x163/0x280 [ 3639.036558][T24710] __should_failslab+0x121/0x190 [ 3639.036581][T24710] should_failslab+0x9/0x14 [ 3639.036599][T24710] __kmalloc+0x2dc/0x740 [ 3639.036622][T24710] ? apply_wqattrs_prepare+0xae/0x970 [ 3639.036643][T24710] apply_wqattrs_prepare+0xae/0x970 [ 3639.036675][T24710] apply_workqueue_attrs_locked+0xcb/0x140 [ 3639.050010][T24710] apply_workqueue_attrs+0x31/0x50 [ 3639.050030][T24710] alloc_workqueue+0x84c/0xe70 [ 3639.050055][T24710] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 3639.050079][T24710] ? __init_waitqueue_head+0x36/0x90 [ 3639.058998][T24710] hci_register_dev+0x1b8/0x860 [ 3639.059016][T24710] ? hci_init_sysfs+0x7c/0xa0 [ 3639.059040][T24710] __vhci_create_device+0x2d0/0x5a0 [ 3639.059060][T24710] vhci_write+0x2d0/0x470 [ 3639.059088][T24710] new_sync_write+0x4c7/0x760 [ 3639.069732][T24710] ? default_llseek+0x2e0/0x2e0 [ 3639.069758][T24710] ? common_file_perm+0x238/0x720 [ 3639.069775][T24710] ? __fget+0x381/0x550 [ 3639.069795][T24710] ? apparmor_file_permission+0x25/0x30 [ 3639.069821][T24710] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3639.079258][T24710] ? security_file_permission+0x94/0x380 [ 3639.079280][T24710] __vfs_write+0xe4/0x110 [ 3639.079308][T24710] vfs_write+0x20c/0x580 [ 3639.109760][T24710] ksys_write+0xea/0x1f0 [ 3639.109782][T24710] ? __ia32_sys_read+0xb0/0xb0 [ 3639.109800][T24710] ? do_syscall_64+0x26/0x610 [ 3639.109822][T24710] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3639.120831][T24710] ? do_syscall_64+0x26/0x610 [ 3639.120857][T24710] __x64_sys_write+0x73/0xb0 [ 3639.120876][T24710] do_syscall_64+0x103/0x610 [ 3639.120898][T24710] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3639.130401][T24710] RIP: 0033:0x457f29 [ 3639.130419][T24710] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3639.130428][T24710] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3639.130444][T24710] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3639.130453][T24710] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3639.130461][T24710] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3639.130470][T24710] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3639.130477][T24710] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3639.136246][T24710] Bluetooth: Can't register HCI device [ 3639.250477][ C0] protocol 88fb is buggy, dev hsr_slave_1 02:21:45 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(0x0, 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:21:45 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cachefiles\x00', 0x8000, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PVERSION(r2, 0x80045700, &(0x7f0000000140)) write$FUSE_NOTIFY_INVAL_ENTRY(r1, &(0x7f0000000280)={0x27, 0x3, 0x0, {0x1, 0x6, 0x0, 'lobdev'}}, 0x27) 02:21:45 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x8100}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:21:45 executing program 2 (fault-call:2 fault-nth:57): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:21:45 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, 0x0, 0x0) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:21:45 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r0 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x53, 0x440) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="9feb01001800000000000000b4000000cc0000000500000009fd88430c8b46dae575cc4b6d39efd66db1b4af0038111f4bd48822458579d2f98a9d7a6d253c7b74f9cfce81830a2b576b7c50d48d3d3842fd60a80fee952de1ef45c54ebdc41c67a1f68828f195418d476c1e2eef277b0a264be4a677ff67fc1dedc90ae9889db30ed154ae6680d1afc425984bab3779f284b5d229def42ddc7c9635c3a107d3f529196f8debe3ad78ccb4b828600f1c529273b6c3a9afdef987b31866eff432bb5065cbfae44b34d5c1560000de9f2f0da2043f9639a0c575cbd273eea095755e72e3cdbed1be0c30c8ea721f35095cd6463c177abcb6f762613a2e034edb026ce1d743efdc27619abecff76e9301231fc0dd1e554c9c2a5f990f5b2d6dcdb5072780f29cf316af0e722bb443d6aee0f1451f5d89a1c06bbb3fbcf346d7e9c1666c4d603d15c8c4e7cea12fdea402c14a8744041738d41508c9ad632d98fd1a0b739fb83c388e8f84761a3391ea27eb4cf44a7516945e2f746a38ccbbcae63e713d20c2c151dad800277c408948d5d70d4f0c0a1b1240bf431902434f1b499332984f714903b84bb1a2ed8c674d5670cee9ed38e105d38b9d88bea1648a3ee90d7703f5000000009dbd630023d363b1a1e966c5c44ad0dd1d8e8d253d982ac06ad7d08d548c9193405f5fde0549309a3af7683b49"], &(0x7f0000000280)=""/7, 0x1cc, 0x7, 0x1}, 0x20) setsockopt$RXRPC_SECURITY_KEYRING(r0, 0x110, 0x2, &(0x7f0000000040)='[em0\x00', 0x5) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000300)={0x401, 0xff, 0x5, 0x80000001, 0x6, [{0x1f, 0x0, 0x9, 0x0, 0x0, 0x2}, {0x60, 0x8000, 0x4}, {0xfffe000000000000, 0xffffffffffffff34, 0x735b, 0x0, 0x0, 0x1}, {0x8000, 0x2, 0xfffffffffffff01f, 0x0, 0x0, 0x1800}, {0x8, 0x0, 0xffffffff, 0x0, 0x0, 0x88}, {0x7f, 0x3ff, 0xc2d3, 0x0, 0x0, 0x205}]}) epoll_create(0x60d) [ 3641.215253][T24737] FAULT_INJECTION: forcing a failure. [ 3641.215253][T24737] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 3641.228541][T24737] CPU: 1 PID: 24737 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3641.228553][T24737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3641.228561][T24737] Call Trace: [ 3641.228591][T24737] dump_stack+0x172/0x1f0 [ 3641.228619][T24737] should_fail.cold+0xa/0x15 [ 3641.228639][T24737] ? kernfs_new_node+0x99/0x130 [ 3641.228664][T24737] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3641.228687][T24737] ? __lock_acquire+0x548/0x3fb0 [ 3641.228708][T24737] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3641.228727][T24737] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3641.228749][T24737] should_fail_alloc_page+0x50/0x60 [ 3641.228777][T24737] __alloc_pages_nodemask+0x1a1/0x7e0 [ 3641.250823][T24737] ? __alloc_pages_slowpath+0x2900/0x2900 [ 3641.250839][T24737] ? find_held_lock+0x35/0x130 [ 3641.250879][T24737] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3641.259882][T24737] cache_grow_begin+0x9c/0x860 [ 3641.259901][T24737] ? __kernfs_new_node+0xef/0x690 [ 3641.259919][T24737] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 3641.259941][T24737] kmem_cache_alloc+0x62d/0x6f0 [ 3641.259961][T24737] ? kasan_check_read+0x11/0x20 [ 3641.259984][T24737] __kernfs_new_node+0xef/0x690 [ 3641.260004][T24737] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 3641.260030][T24737] ? wait_for_completion+0x440/0x440 [ 3641.288200][T24737] ? mutex_unlock+0xd/0x10 [ 3641.288220][T24737] ? kernfs_activate+0x192/0x1f0 [ 3641.288241][T24737] kernfs_new_node+0x99/0x130 [ 3641.288260][T24737] __kernfs_create_file+0x51/0x340 [ 3641.288278][T24737] sysfs_add_file_mode_ns+0x222/0x560 [ 3641.288303][T24737] sysfs_merge_group+0x1a0/0x340 [ 3641.288320][T24737] ? sysfs_init_fs_context+0x340/0x340 [ 3641.288333][T24737] ? kernfs_put+0x3e3/0x600 [ 3641.288364][T24737] dpm_sysfs_add+0x21d/0x270 [ 3641.298718][T24738] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3641.298951][T24737] device_add+0xa20/0x18a0 [ 3641.298977][T24737] ? get_device_parent.isra.0+0x570/0x570 [ 3641.299008][T24737] hci_register_dev+0x2e8/0x860 [ 3641.331304][T24737] __vhci_create_device+0x2d0/0x5a0 [ 3641.331327][T24737] vhci_write+0x2d0/0x470 [ 3641.331350][T24737] new_sync_write+0x4c7/0x760 [ 3641.331371][T24737] ? default_llseek+0x2e0/0x2e0 [ 3641.331396][T24737] ? common_file_perm+0x238/0x720 [ 3641.331416][T24737] ? __fget+0x381/0x550 [ 3641.351434][T24737] ? apparmor_file_permission+0x25/0x30 [ 3641.351466][T24737] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3641.366116][T24737] ? security_file_permission+0x94/0x380 [ 3641.366141][T24737] __vfs_write+0xe4/0x110 [ 3641.366163][T24737] vfs_write+0x20c/0x580 [ 3641.366185][T24737] ksys_write+0xea/0x1f0 [ 3641.366206][T24737] ? __ia32_sys_read+0xb0/0xb0 [ 3641.400903][T24737] ? do_syscall_64+0x26/0x610 [ 3641.400922][T24737] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3641.400937][T24737] ? do_syscall_64+0x26/0x610 [ 3641.400962][T24737] __x64_sys_write+0x73/0xb0 [ 3641.400984][T24737] do_syscall_64+0x103/0x610 [ 3641.429326][T24737] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3641.429340][T24737] RIP: 0033:0x457f29 [ 3641.429357][T24737] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3641.429366][T24737] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3641.429380][T24737] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 02:21:46 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = syz_open_dev$vcsn(&(0x7f00000004c0)='/dev/vcs#\x00', 0x2, 0x0) setsockopt$inet6_MRT6_DEL_MFC(r1, 0x29, 0xcd, &(0x7f0000000500)={{0xa, 0x4e21, 0x6, @rand_addr="4c42b8cbe85099f30432de7f623e2da1", 0x1}, {0xa, 0x4e20, 0x1f, @remote, 0x2}, 0x80000000, [0x32bb, 0x9, 0x81, 0x6, 0x8, 0x9000000, 0x7, 0x7ff]}, 0x5c) ioctl$KVM_GET_DEBUGREGS(r1, 0x8080aea1, &(0x7f0000000280)) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r2, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3641.429389][T24737] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3641.429396][T24737] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3641.429405][T24737] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3641.429414][T24737] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3641.492307][T24745] IPVS: ftp: loaded support on port[0] = 21 02:21:46 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x8401}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:21:46 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x754}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3641.942475][T24758] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:21:46 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(0x0, 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:21:46 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:21:46 executing program 2 (fault-call:2 fault-nth:58): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:21:46 executing program 5: futex(&(0x7f0000000000), 0x3, 0x2, &(0x7f0000000040)={0x77359400}, &(0x7f0000000080), 0x2) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x0) 02:21:46 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000440)='/dev/btrfs-control\x00', 0x200002, 0x0) ioctl$CAPI_GET_FLAGS(r1, 0x80044323, &(0x7f0000000480)) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) r3 = accept$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @dev}, &(0x7f0000000140)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000280)={0x0, @in6={{0xa, 0x4e23, 0x6, @ipv4={[], [], @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x1}}, [0x4, 0x8, 0x7, 0x5, 0x4c, 0x0, 0x0, 0x8000, 0x4, 0x3, 0x7, 0x5, 0xcb, 0x0, 0x8]}, &(0x7f0000000380)=0x100) write$smack_current(r1, &(0x7f00000004c0)='#]posix_acl_access', 0x12) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r3, 0x84, 0x13, &(0x7f00000003c0)={r4, 0x5}, &(0x7f0000000400)=0x8) write$P9_RLERRORu(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r5 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r5, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3642.331500][T24776] FAULT_INJECTION: forcing a failure. [ 3642.331500][T24776] name failslab, interval 1, probability 0, space 0, times 0 02:21:46 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(0x0, 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) [ 3642.403139][T24776] CPU: 1 PID: 24776 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3642.411866][T24776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3642.422704][T24776] Call Trace: [ 3642.422738][T24776] dump_stack+0x172/0x1f0 [ 3642.422766][T24776] should_fail.cold+0xa/0x15 [ 3642.422795][T24776] ? retint_kernel+0x2d/0x2d [ 3642.422820][T24776] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3642.422847][T24776] ? __should_failslab+0xe7/0x190 [ 3642.450439][T24776] __should_failslab+0x121/0x190 [ 3642.452531][ C0] net_ratelimit: 9 callbacks suppressed [ 3642.452589][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3642.455392][T24776] should_failslab+0x9/0x14 [ 3642.455410][T24776] kmem_cache_alloc+0x2b2/0x6f0 [ 3642.455428][T24776] ? kasan_check_write+0x14/0x20 [ 3642.455451][T24776] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 3642.461450][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3642.466711][T24776] __kernfs_new_node+0xef/0x690 [ 3642.466734][T24776] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 3642.466754][T24776] ? mutex_unlock+0xd/0x10 [ 3642.466774][T24776] ? kernfs_activate+0x192/0x1f0 [ 3642.472109][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3642.476140][T24776] ? mark_held_locks+0xa4/0xf0 [ 3642.476159][T24776] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3642.476178][T24776] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3642.476199][T24776] kernfs_new_node+0x99/0x130 [ 3642.481551][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3642.486679][T24776] __kernfs_create_file+0x51/0x340 [ 3642.486699][T24776] sysfs_add_file_mode_ns+0x222/0x560 [ 3642.486723][T24776] sysfs_create_file_ns+0x13d/0x1d0 [ 3642.486742][T24776] ? sysfs_add_file_mode_ns+0x560/0x560 [ 3642.486778][T24776] device_create_file+0xfa/0x1e0 [ 3642.493231][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3642.497336][T24776] device_add+0x5cd/0x18a0 [ 3642.497361][T24776] ? get_device_parent.isra.0+0x570/0x570 [ 3642.497383][T24776] ? kobject_set_name_vargs+0x101/0x150 [ 3642.497405][T24776] hci_register_dev+0x2e8/0x860 [ 3642.497429][T24776] __vhci_create_device+0x2d0/0x5a0 [ 3642.503221][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3642.507306][T24776] vhci_write+0x2d0/0x470 [ 3642.507328][T24776] new_sync_write+0x4c7/0x760 [ 3642.507348][T24776] ? default_llseek+0x2e0/0x2e0 [ 3642.507374][T24776] ? common_file_perm+0x238/0x720 [ 3642.507390][T24776] ? __fget+0x381/0x550 [ 3642.507415][T24776] ? apparmor_file_permission+0x25/0x30 [ 3642.513352][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3642.518125][T24776] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 02:21:47 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x82102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="a8800000000000000000000000"], 0x2) fcntl$setlease(r0, 0x400, 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3642.518143][T24776] ? security_file_permission+0x94/0x380 [ 3642.518161][T24776] __vfs_write+0xe4/0x110 [ 3642.518179][T24776] vfs_write+0x20c/0x580 [ 3642.518201][T24776] ksys_write+0xea/0x1f0 [ 3642.518218][T24776] ? __ia32_sys_read+0xb0/0xb0 [ 3642.518239][T24776] ? do_syscall_64+0x26/0x610 [ 3642.518255][T24776] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3642.518271][T24776] ? do_syscall_64+0x26/0x610 [ 3642.518294][T24776] __x64_sys_write+0x73/0xb0 [ 3642.518313][T24776] do_syscall_64+0x103/0x610 [ 3642.518333][T24776] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3642.518347][T24776] RIP: 0033:0x457f29 [ 3642.518367][T24776] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3642.523592][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3642.529837][T24776] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3642.529853][T24776] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 02:21:47 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0x8403}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:21:47 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl\x00', 0x50000, 0x0) setsockopt$packet_buf(r2, 0x107, 0xa, &(0x7f0000000400)="47237fe7cad52c4d2ef103f0c73f519462c040b5ae390820b501b1e7a76d26052cbeda51ee3524d793c87e999eca337802e158df6a27dc926df3cb7951beb0d040488356ba56cbf9c345a4e2250719aef5b0bd", 0xfffffffb) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3642.529861][T24776] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3642.529869][T24776] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3642.529877][T24776] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3642.529887][T24776] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3642.678015][T24776] Bluetooth: Can't register HCI device 02:21:47 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:21:47 executing program 2 (fault-call:2 fault-nth:59): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3643.043802][T24795] IPVS: ftp: loaded support on port[0] = 21 02:21:47 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/mixer\x00', 0x181000, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000300)=ANY=[@ANYBLOB="4d00000004000000b0a9ffff2c163a11d83e8f34c0f7cd1ac10906f189c48b501c0df002dbc04ea340102d17f222b1c32823d1e76acbd8c84433f4f3cf3512056df9f3b73b1fb8baf575727db89d2069fb430a3651f8aa6d51af280806b76b628c739839dd7a4ad5b186f02b8ae223aae1f64dd25b1548d04d00"]) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x20000, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r2, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:21:47 executing program 5: futex(&(0x7f0000000240), 0x80000000000b, 0x0, 0x0, &(0x7f0000000200), 0x0) r0 = openat$mixer(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/mixer\x00', 0x80004, 0x0) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mixer\x00', 0x200000, 0x0) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000100)={0x0, 0x9}, &(0x7f0000000140)=0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000180)={r2, 0x6, 0x8}, 0x8) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='\'wlan0}/user\x00', r0}, 0x10) ioctl$KDSETKEYCODE(r0, 0x4b4d, &(0x7f0000000040)={0x70000, 0x200}) futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x0) 02:21:47 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x100401fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="ff87b2f0d3f661168093f24e6edf8fe556e02e87b3f7aad23b437ed77885483adb3bfda8f49ed1ef3244ac1a93d60a90cd06b03aabfa6da673762f4d52cba37e6631069c3dd9a2336c1e518b14e765842f925d3e9fade418e5833f"], 0x2) syz_extract_tcp_res$synack(&(0x7f0000000040), 0x1, 0x0) fsetxattr$trusted_overlay_nlink(r0, &(0x7f00000000c0)='trusted.overlay.nlink\x00', &(0x7f0000000140)={'U+', 0x5}, 0x28, 0x1) r2 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r2, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3643.203612][T24802] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3643.349127][T24815] FAULT_INJECTION: forcing a failure. [ 3643.349127][T24815] name failslab, interval 1, probability 0, space 0, times 0 [ 3643.407356][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 3643.433887][T24815] CPU: 0 PID: 24815 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3643.442612][T24815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3643.452851][T24815] Call Trace: [ 3643.452882][T24815] dump_stack+0x172/0x1f0 [ 3643.452914][T24815] should_fail.cold+0xa/0x15 [ 3643.452939][T24815] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3643.470936][T24815] ? ___might_sleep+0x163/0x280 [ 3643.475804][T24815] __should_failslab+0x121/0x190 [ 3643.475824][T24815] should_failslab+0x9/0x14 [ 3643.475846][T24815] kmem_cache_alloc+0x2b2/0x6f0 [ 3643.490170][T24815] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3643.495816][T24815] __kernfs_new_node+0xef/0x690 [ 3643.495839][T24815] ? kernfs_dop_revalidate+0x3c0/0x3c0 [ 3643.495860][T24815] ? refcount_dec_not_one+0x1f0/0x1f0 [ 3643.495882][T24815] ? refcount_dec_and_test_checked+0xe/0x20 [ 3643.517450][T24815] ? refcount_dec_and_test_checked+0x1b/0x20 [ 3643.517529][T24815] ? wake_up_q+0xa5/0xf0 [ 3643.517552][T24815] kernfs_new_node+0x99/0x130 [ 3643.533249][T24815] kernfs_create_dir_ns+0x52/0x160 [ 3643.538398][T24815] internal_create_group+0x7f8/0xc40 [ 3643.538419][T24815] ? retint_kernel+0x2d/0x2d [ 3643.548296][T24815] ? trace_hardirqs_on_caller+0x6a/0x220 [ 3643.553945][T24815] ? remove_files.isra.0+0x190/0x190 [ 3643.553965][T24815] ? retint_kernel+0x2d/0x2d [ 3643.553988][T24815] sysfs_create_group+0x20/0x30 [ 3643.568896][T24815] dpm_sysfs_add+0x8b/0x270 [ 3643.573419][T24815] device_add+0xa20/0x18a0 [ 3643.573446][T24815] ? get_device_parent.isra.0+0x570/0x570 [ 3643.573473][T24815] hci_register_dev+0x2e8/0x860 [ 3643.588456][T24815] __vhci_create_device+0x2d0/0x5a0 [ 3643.588477][T24815] vhci_write+0x2d0/0x470 [ 3643.588500][T24815] new_sync_write+0x4c7/0x760 [ 3643.602701][T24815] ? default_llseek+0x2e0/0x2e0 [ 3643.607571][T24815] ? common_file_perm+0x238/0x720 [ 3643.607589][T24815] ? __fget+0x381/0x550 [ 3643.607607][T24815] ? apparmor_file_permission+0x25/0x30 [ 3643.607623][T24815] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3643.607641][T24815] ? security_file_permission+0x94/0x380 [ 3643.607664][T24815] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 3643.622377][T24815] __vfs_write+0xe4/0x110 [ 3643.622400][T24815] vfs_write+0x20c/0x580 [ 3643.622422][T24815] ksys_write+0xea/0x1f0 [ 3643.644060][T24815] ? __ia32_sys_read+0xb0/0xb0 [ 3643.657317][T24815] __x64_sys_write+0x73/0xb0 [ 3643.661917][T24815] do_syscall_64+0x103/0x610 [ 3643.661939][T24815] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3643.661958][T24815] RIP: 0033:0x457f29 [ 3643.676318][T24815] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3643.695943][T24815] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3643.695959][T24815] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3643.695967][T24815] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3643.695974][T24815] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3643.695982][T24815] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3643.695990][T24815] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3643.781080][T24815] Bluetooth: Can't register HCI device [ 3643.904443][T24802] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:21:48 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev}, 0x10) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:21:48 executing program 2 (fault-call:2 fault-nth:60): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:21:48 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc)=0xffffffffffffbffd, 0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x204000, 0x0) r1 = gettid() mq_notify(r0, &(0x7f0000000040)={0x0, 0x13, 0x2, @tid=r1}) [ 3644.181015][T24837] FAULT_INJECTION: forcing a failure. [ 3644.181015][T24837] name failslab, interval 1, probability 0, space 0, times 0 [ 3644.300432][T24837] CPU: 1 PID: 24837 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3644.309157][T24837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3644.319231][T24837] Call Trace: [ 3644.322556][T24837] dump_stack+0x172/0x1f0 [ 3644.326911][T24837] should_fail.cold+0xa/0x15 [ 3644.331533][T24837] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3644.337368][T24837] ? ___might_sleep+0x163/0x280 [ 3644.342238][T24837] __should_failslab+0x121/0x190 [ 3644.347209][T24837] should_failslab+0x9/0x14 [ 3644.351744][T24837] kmem_cache_alloc_trace+0x2d1/0x760 [ 3644.357143][T24837] ? rcu_read_lock_sched_held+0x110/0x130 [ 3644.362876][T24837] ? __kmalloc+0x5d5/0x740 [ 3644.367318][T24837] alloc_workqueue_attrs+0x82/0x120 [ 3644.372535][T24837] apply_wqattrs_prepare+0xbb/0x970 [ 3644.377767][T24837] apply_workqueue_attrs_locked+0xcb/0x140 [ 3644.383595][T24837] apply_workqueue_attrs+0x31/0x50 [ 3644.388728][T24837] alloc_workqueue+0x84c/0xe70 [ 3644.393515][T24837] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 3644.399265][T24837] ? __init_waitqueue_head+0x36/0x90 [ 3644.404578][T24837] hci_register_dev+0x1b8/0x860 [ 3644.409471][T24837] ? hci_init_sysfs+0x7c/0xa0 [ 3644.414170][T24837] __vhci_create_device+0x2d0/0x5a0 [ 3644.419406][T24837] vhci_write+0x2d0/0x470 [ 3644.424719][T24837] new_sync_write+0x4c7/0x760 [ 3644.429422][T24837] ? default_llseek+0x2e0/0x2e0 [ 3644.434300][T24837] ? common_file_perm+0x238/0x720 [ 3644.439340][T24837] ? __fget+0x381/0x550 [ 3644.443522][T24837] ? apparmor_file_permission+0x25/0x30 [ 3644.449092][T24837] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3644.455352][T24837] ? security_file_permission+0x94/0x380 [ 3644.461004][T24837] __vfs_write+0xe4/0x110 [ 3644.465358][T24837] vfs_write+0x20c/0x580 [ 3644.469614][T24837] ksys_write+0xea/0x1f0 [ 3644.473869][T24837] ? __ia32_sys_read+0xb0/0xb0 [ 3644.478651][T24837] ? do_syscall_64+0x26/0x610 [ 3644.483340][T24837] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3644.489418][T24837] ? do_syscall_64+0x26/0x610 [ 3644.494146][T24837] __x64_sys_write+0x73/0xb0 [ 3644.498767][T24837] do_syscall_64+0x103/0x610 [ 3644.503395][T24837] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3644.509296][T24837] RIP: 0033:0x457f29 [ 3644.513214][T24837] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3644.526659][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 3644.532839][T24837] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3644.532855][T24837] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3644.532865][T24837] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3644.532874][T24837] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3644.532884][T24837] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3644.532892][T24837] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3644.577112][T24837] Bluetooth: Can't register HCI device 02:21:50 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:21:50 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB='\x00\x00'], 0x2) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x420200, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000140)=0x0) mq_notify(r1, &(0x7f0000000280)={0x0, 0x35, 0xf4a471a42c329d08, @tid=r2}) r3 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r3, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:21:50 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0xad00}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) 02:21:50 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:21:50 executing program 2 (fault-call:2 fault-nth:61): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:21:50 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r0 = dup2(0xffffffffffffffff, 0xffffffffffffff9c) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') sendmsg$IPVS_CMD_ZERO(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x88, r1, 0x30c, 0x70bd27, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x48880354}, @IPVS_CMD_ATTR_DAEMON={0x28, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @rand_addr=0x6}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'irlan0\x00'}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x1ff}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x7}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x22, 0x2a}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x57}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x100000000}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x9}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x5}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xff}]}, 0x88}, 0x1, 0x0, 0x0, 0x4000}, 0x15) futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x0) 02:21:50 executing program 1: getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$midi(&(0x7f0000000280)='/dev/midi#\x00', 0x3, 0x30000) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f00000002c0)={0x1, 0x4, 0x1, 0x0, 0x2be, 0x1000000000}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_origin(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='trusted.overlay.origin\x00', &(0x7f00000003c0)='y\x00', 0x2, 0x3) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) timer_create(0x0, &(0x7f0000000040)={0x0, 0x1f, 0x4, @tid=0xffffffffffffffff}, &(0x7f0000000140)=0x0) timer_delete(r2) write$P9_RLERRORu(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) ioctl$IOC_PR_RELEASE(r0, 0x401070ca, &(0x7f0000000300)={0x2f, 0x4, 0x1}) r3 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) openat$pfkey(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/igmp\x00') setsockopt$bt_l2cap_L2CAP_OPTIONS(r4, 0x6, 0x1, &(0x7f0000000040)={0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x6}, 0xc) sendmsg(0xffffffffffffffff, &(0x7f0000002fc8)={&(0x7f0000000080)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000000540), 0x0, &(0x7f0000000ac0)=ANY=[]}, 0x0) preadv(r4, &(0x7f00000017c0), 0x1fe, 0x400000000000) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000400)={0x0, 0x5, 0x5, [0x9, 0xffffffff, 0x3f, 0x38c65e41, 0x0]}, &(0x7f0000000440)=0x12) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r4, 0x84, 0x6c, &(0x7f0000000480)={r5, 0x1000, "81e2068e404cdf39f9d28b6f2f7a3208c3f7bea787cf0d32675845f6e7e0808edb0bc4d024147e0efc74e65904078ba8d4f3b8c1d2124fac1ec42579d6d979b2a661945e383a43c5456eee60adb1cf4f66e0f43cb7b050ea625ed74b24dda05107e2632c37e5274a74c72b0b0e94538acaea6c1fcf9a5bdeae6741b34b1edb53845cc018ab8fa60b76f9894bc4f4cb1a28da71bd7ee58a8d688f2ced25b5322a431d1a12a18eb02affa8744a00ce51c93600da6703fbeae50a934e7de36e7b8cf9cb97f04146b2ab82e0e3270c120ce70812512afa475ae54b0ebc246d822365d670fd0340f9fa3368c3ed259d4a506e0039bac3b1c4a9e20fb14688487405c50f28a17f5d2b88ad092da9b8f34be4fd1298639a818fbbbec9df286b9d5bab432ab111d8b5595e929e7dd29ddc1f79570f45e65c74197851dd6e67d3db7edb7bb9d29d7278e6be2480683af590273b61dce150628852e69ce903d41e75dcff0cb95b931c3e78481072166f8eae906b11859b861bc1e847a157f49ceb092b1b1a2c51aca630ed845e0d5a225823f6d3b3235744de4fffd239398803fa0ae542b9edb3cef8ea97607d9adbeac55a82c845585e4f9341f74b3c3652fd1328181b83983466787ed8730e2d14711aeb8762f30730c6fd8e460540d241313eb849c09c83140a4688fecec666573e24843cb0f8b09b111d79988128f15b43fff9c31c66fd988cbe71189c8bb14de2c47c2176258ac426695a9029205654fdbe1ce6b5255f0a4effdad303bfea2045fb555837ae9ab97cdb8595f57e015de916510c4710de66d8577a4240c41335247e9a01e01f0454ad89975368aae4d49ead0697d8bc44e37090af678cdf6e74720499a7e5c20378021bec4baaaf69b70d566f2f1e471c496cab303ff744163e4ea1f294d3f00de5127fb9809aa32232d3f9329da87a15b8b67d1892c517a728e9b1acd935a89ae1f085a83b82c2dc71260ea2fad4d027bc8b87786841bf04625d0ca77ca3e66d05543612d9b621756ec7bc39c6dbe64fc849728c34517c395c8cf5328464e877f4d2892c128b3755934463d9b766f415caaeb2ab29c281d165a644cd4a8c5366d7ff90b95bfda71effcac632f7ad70f122b467af0d3cab01397b0ad028cdbe38b034494735b84fcea644b37e79be0e1f97bdbdd580c95e42ee828761a27a484a992a891c242550755abe6df3a0c6ef48a5d30ab4200072d78d8d92f8eb94ea55a77df21f6a2655be97e0106045eb0f741551b8744ade492c3b54ea75e9872d8d03a5e0c4a991d4b37d11291fcd108dc3ab588b6677a51a0c5d2864206dfe855c651a3ecfff2faf1b7c465f8eabe5ef042efd2efdf04cf4d94b00d59e0e0c596baed74d70c00a98b4a14d6737c396cf3819ab85239738c47b98c7ebb30d7afe3d94a698725f6d8a053d5696db753e519c45edbc218c90261340589fe6a2fcbe53645defa9f766f9d3ce78ce5de9cd2588cd507d682d6a2bbb901ab64e95ebb5a1b82042aeb54d0eed3378345491c450d342f6bd4715fb1fa60ccac8ef2f716ea930b4365557a8bab985ee7c4a7e0878e0d7579ba2b8b0d69d581e3a8e6ac550b36e0f2e9bdd4056c7d54ca978ae10f3f4a3a757c5232a10750492366898f485c9f0f1d64e69c9dfa61651a6f6bdf96693665b2023056da509d7fcac2bffed14e17034f0decf2189eeaa0b2ffbf82a4368cdf6c9a65cde9e248d81e007736de9670749e97aa8a0b5abe6a26f05bd5529a2d859088d670420d602423ffb0bb3a4b54a996405be3a5af64f91f9895c878fb7f411bf2b377714b2eeef0270101dd9338cca96f8a34e6d973a4ffa9aba72247adfecd657ebb76b5c31db204a00d03b2adc0362571f4ee099824c537c297b3b7dea2aad76ff31866a7928abb9b8793c45a5cc22d0d34d51b2eb70a47f5524863958e2606018d87a1f5fcabcc7d7d16f4fe06811f7a05fced6681e51313bdab77267d6be3cd789429043df1dd1466c49a429edee8c7e73f9b7bab710af26a6131d86adc75717c80bce299db248710644ffbdef77454856e3ffc745ef4cf1ef35bab57be910df41f8177b3d031a90e37febe5bf1634cdb19d35059de126f283e1ffb8bfbd3458f1ccf000d018588ceae32c48b81eb11e3bb79de82c620d0c98774f0dd6ffdcabd847b81fb3b26687e1e4f5d232e1be5ae69291f94d7dae5500210730bac786449728b9980fed08a614ded3522c5d9661836b0caa9813e3e1d00855d56127fa8fe3ca79606eff60f627b9cf23839c0ce48a36c4c1100420f70a16813362edaf61f961920a8a56467c1377eb96478c58c612ab49982e27a595fc593ca05ed03e61cb1b5ef01e6ce61df17c6f92aa847389e67675087733ae9696408c9be63403889d1a058283a64020945044d2bd031e00d18191bda5e83051eae61b56599230f51ff33c1e02d3591242a2a4c9e316c6513608cd6424b5b22b84d723923d843a5ede27a1c83b05791a784cd2f08f0d27fe3898e341a6c7d552f27e498869dc241fc3458f9a955762fb217ae783fdb4cefd35c7f2c34eafab91cb4ab1eb9bd93d9df80b1f12da55f01b3f6728511a346f27f9430e5b0814aa5ed0b7b62c5ab9c49b825a6e4eea941f97858552ee3a67e635eada190a5af75be886dfade1e3aed383f93d25b3c480153dd13da24bc95a91fece919be1052511b9a18e56d76d9f770f316fdd24b9792775d026354002b5f08d42659eab439b9662586e6799402183a51051f09eb331ec28d2dce558beb70851da5005762602fc64a6cea826331d1cf67af1e15b796dbf02c03ac78368503290c4f55c5a6f340f34c9b40a7a881fee5093c64cad81f6fb1e7429011080ca03ad5895e259d9ea2c202e96d37fb8e724ef0a07c180f4ef39db97f13c39ffae247a03c30dd589e1495131db2f626d0d940ff64d422fc768408e10b6307101d0a6ef3a2e10bcf3004773fd3e20e80e4f8d61f3ea43df7361a19542fdff6f4b0cd8005320429ab1f8a1b80fd49228ed1613be7ca2f9cdbdc17f3dcc7bb1e0c2a109ba158a37723072d6155fd86e5d13509f2826882aaacf0ecc259874e083340301fb7b3e1976389c5af77d25fc9768fd45d357bbc60caba492bd1c2892ea354c050edbd41301a2d329f63e540f47466d1802b26d5b90cd6d7f0fdc9164efb38ce42ea2c38a10831e02bc5bfcda2654a7b2fdab23e57bc7565100b03847b4fefca9d5c708cfc3e12f8d925e00c4e8448453a0c75d186500190ac17072699083d6e7f6719cc46769254024c2b34895cb30a3436e3fe10fa8e3f48bf4d5a51379335eca18c4b167e57993c46633486df53c2f8517dbf64bc26c1bc0c0cf2fb0f5364ec6f9d72ceaa749b493138b85694c702c9b45e2bad7f213f3c232f6588fddbb1448866f66487d68524a877e674dba003f02c5359c11c7218e167d882989928377996c35e432bf7a6c9cdc4fa13b3cf99f8356e98d030b5734df7cd01437ff4e322fad71c62004078c189dc909759909cffe4b0088d782b811fa33e09fd8a2d86be7934d4e60b5de27209d3369d28e2b9b169d7fe84389aa94d2e2913ddddb4434f56249ce29165db9a96f17d287d681a1ba26b8a682f5cd575f6f4459839f4dd52ef1cdd43e68fc7db18f19999cae9fcc62e853f73dd42827005e8a37b1e6fdc06839ca9a5143b817be40fe4f2d336884f1906471325de19807ed6743c838f9e9871af935cf35ee8c4a56944ee797192659cdbb5720dae1254b854fc5851771ea2f5f53b744b93b64249d6259c59c72cb0a95c89e2eb0bdf76300b7ef691d60ef7930d6f28f120f948b549e7038d81fe46b83b0145893600faf99dcbfed4815f9f2a399843efbac0f44b40ef9014e120dafd2a73e83e1834459944eaacb17a2c4e5888273b84a58ce71d2a13db32842019270bdf81e6e8204c0957eb69ed68f271754b7f520e0e4a212f8df29a5da21188cb028567acea91bd5d2010207d4db8f7d8e39b948561ec395b47e8c9ff0b84f889b4c5da1ace70b5943f4094c2892ce6f2572647a5cd6e483fd38b08b5899fb6b8b1e4662a894b9c8f688b34d2add3d4bf95f285262eb74f708b250884c8b99b0e5325e35e83faffdbcbf24d2bd7f1097f59223c0451a05e8fecee590b5bbb5586f40626027aec658fa4375d3f9fb3ce4ce473084a844825d964925e5a54ce607552621b4fc2ecf555a844e656e27e5dd42af9abca147f4233a1f460b5d74b03fd55d717751ee6e413a0d9dd7bd625a931e39efbceb33ceccd7fb9b64cc56a5891b25943bd9d86f4bf9fc2acf369fdb6dc754f0b898db1ee10f36baf39875137d01e1ba017715c41fe20c1628f30d50c6fd76495a815ac2b89fdb779b10a4dadb7d16113b016818f77654572f775ca0e2d6eaac1380d407a98cacc69878c4a86cee0eb5ed25f1a9c7143a158cd08d8e5eb55a485dc0613e28e0c90f89cfcc976303a0e21d20b94ae33c6135efd522ba8b7db971c73165f13e17565cd3718ae1f8ebedd0f8e96d1b6372357fcb8e7524ee230992a6193e6c06574a70a93b7deccd4940798e66404c70c5da115dde8ed400008af556a2897826e9a86be67f9480b3999acf749dc7937973ffa45d7c47a410938da12bb2b5130ca394d23a49896df05bbd67a079e296cf83c765b8c5bbcfd5600db5a74b6e63c4e96a3403ef1a0b5e1ddcac8419a88ab8bdcf2302089267b6178620b5ad8659792ddc0e643a00bc236d3cf92adec6b4560749a78e3ed48a625ef1cf5b94cfd9ea98b407807178ef11a0ce081b9584949d28434b9c279fdcfc23e42e95d2c703a1a73edff0ade8193e870bd41606db371029e2d0e4655f49269dbde9393be44ffe62c80126a824aa55d7db5b1eae3dbf343220a3856540f9076a4f682dcfcef0189c23c1d8648ae1af0d696b3a3ad207638f0b979b8678c8e62d7293db79da38542215635ee9783fb9335fbfde96528735e60e7b29658f2c7546bc5b158fa3b0914858905a1932a01350f5edc9d9790e0e4f1968cc35866d3c378c420fe4fc402d18a9ac0a05abc324fc81c1b1d51ac4bd4838d0a32ad5f84d0eb7984ecc0dcbc5d703da8076b9d23c1488fd71a41bc89386cbb3cbc79493db5c5df8e55eac928c52a2ad73e5e35ea588f22ca833031ad3e7c3843d204ce6b6659087a1f7b465a4d3e236e4113b1cdddedde5a5aa97e6e6aebe66d3fdfdaf16b4d0655671c994d7eca07ee0883f3bc73caef8eaa153dbc653baf778834907804084eedbf3b6e74ce1f9b81b490dace815203d8d1e78960553b1af9165f2e8970a56c62b9c79fae72c9e9567671ddbcc870f8fb395c4be74b658053980a303bd73a526f04487919e8c42e1edb44787186216b44483aa0622c7c8241ed03d20c41ce29b060745806658c0c2a3492253b67cb11aa850316c05082a068b99daabc4aff1d8643b4e41ad66b41e4f38ab8891e7de2c36165f873fc57c6157c81ac965cab6b3b027b8276b285806fd543485ef98c3fd72c8f57c1653b75b732eb5b9beb23d9a771797c7043d1bc773582baa03921215a049826c2373f7e53f7679f13363ff93922c031014c2bc22a0d4ba201c53aefb431d26209b20932fbdb512a299b80c098db97a3e747a5a3a68f1725aa84f499f845f88530f8f2c95e0ba260acfcd43b51055221a3d4333a25c7a7e316fa2de6ccd07d38a23cafc83fac7b04379897049cb98e5c3213db77ead5e2af9da98cec4d52e03bcc4be2fc7472dae4ef268cb43831374c3a24588"}, &(0x7f00000014c0)=0x1008) readv(r3, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) [ 3646.222432][T24856] FAULT_INJECTION: forcing a failure. [ 3646.222432][T24856] name failslab, interval 1, probability 0, space 0, times 0 [ 3646.244249][T24872] netlink: 'syz-executor.4': attribute type 17 has an invalid length. [ 3646.256379][T24856] CPU: 0 PID: 24856 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3646.265075][T24856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3646.275315][T24856] Call Trace: [ 3646.278628][T24856] dump_stack+0x172/0x1f0 [ 3646.282989][T24856] should_fail.cold+0xa/0x15 [ 3646.287609][T24856] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 3646.293434][T24856] ? ___might_sleep+0x163/0x280 [ 3646.298305][T24856] __should_failslab+0x121/0x190 [ 3646.303267][T24856] should_failslab+0x9/0x14 [ 3646.307788][T24856] kmem_cache_alloc_trace+0x2d1/0x760 [ 3646.313171][T24856] ? kasan_check_write+0x14/0x20 [ 3646.318120][T24856] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 3646.323683][T24856] kobject_uevent_env+0x2fb/0x1030 [ 3646.328802][T24856] ? _raw_spin_unlock_irq+0x54/0x90 [ 3646.334061][T24856] kobject_uevent+0x20/0x26 [ 3646.338594][T24856] device_add+0xb28/0x18a0 [ 3646.343033][T24856] ? get_device_parent.isra.0+0x570/0x570 [ 3646.348762][T24856] ? kobject_set_name_vargs+0x101/0x150 [ 3646.354330][T24856] hci_register_dev+0x2e8/0x860 [ 3646.359206][T24856] __vhci_create_device+0x2d0/0x5a0 [ 3646.359228][T24856] vhci_write+0x2d0/0x470 [ 3646.359249][T24856] new_sync_write+0x4c7/0x760 [ 3646.359268][T24856] ? default_llseek+0x2e0/0x2e0 [ 3646.359301][T24856] ? common_file_perm+0x238/0x720 [ 3646.359321][T24856] ? __fget+0x381/0x550 [ 3646.368847][T24856] ? apparmor_file_permission+0x25/0x30 [ 3646.368866][T24856] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3646.368885][T24856] ? security_file_permission+0x94/0x380 [ 3646.368911][T24856] __vfs_write+0xe4/0x110 [ 3646.378426][T24856] vfs_write+0x20c/0x580 [ 3646.378450][T24856] ksys_write+0xea/0x1f0 [ 3646.378469][T24856] ? __ia32_sys_read+0xb0/0xb0 [ 3646.378489][T24856] ? do_syscall_64+0x26/0x610 [ 3646.378505][T24856] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3646.378525][T24856] ? do_syscall_64+0x26/0x610 [ 3646.387693][T24856] __x64_sys_write+0x73/0xb0 [ 3646.387714][T24856] do_syscall_64+0x103/0x610 [ 3646.387736][T24856] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3646.387749][T24856] RIP: 0033:0x457f29 [ 3646.387765][T24856] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3646.387773][T24856] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3646.387800][T24856] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3646.399568][T24856] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3646.399577][T24856] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3646.399585][T24856] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3646.399593][T24856] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3646.454944][T24876] IPVS: ftp: loaded support on port[0] = 21 [ 3646.814736][T24872] netlink: 'syz-executor.4': attribute type 17 has an invalid length. 02:21:51 executing program 2 (fault-call:2 fault-nth:62): perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x246) write$P9_RLERRORu(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="ff80"], 0x2) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) close(0xffffffffffffffff) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhci\x00', 0x0) readv(r1, &(0x7f0000000080)=[{&(0x7f0000000180)=""/217, 0x20000259}], 0x1) 02:21:51 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000000200)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, &(0x7f0000048000), 0x0) r1 = syz_open_dev$vcsa(0x0, 0x0, 0x0) mq_timedsend(r1, 0x0, 0x0, 0x4, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) r2 = memfd_create(&(0x7f0000000080)='\x00', 0x0) clone(0x12102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) shmget(0x1, 0xc000, 0x78000803, &(0x7f0000ff4000/0xc000)=nil) fcntl$setlease(r2, 0x400, 0x1) fcntl$setown(r2, 0x8, 0x0) execveat(r2, &(0x7f0000000500)='\x00', 0x0, 0x0, 0x1000) unshare(0x40000000) connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x2, @dev={[], 0x1a}, 'gretap0\x00'}}, 0x1e) tkill(r0, 0x16) 02:21:51 executing program 3: sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f5300fe01b2b4a280930a06000000a84306910000003900170035000c00060000001900150007000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) socket$inet(0x2, 0x3, 0x2) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) 02:21:51 executing program 5: futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0xd09, 0x400000) getsockopt$IP6T_SO_GET_REVISION_MATCH(r0, 0x29, 0x44, &(0x7f0000000040)={'HL\x00'}, &(0x7f0000000080)=0x1e) futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$KVM_X86_SETUP_MCE(r0, 0x4008ae9c, &(0x7f0000000100)={0x17, 0x7, 0x9}) nanosleep(&(0x7f00000000c0)={0x77359400}, 0x0) 02:21:51 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x705, 0x0, 0x0, {0xb403}, [@IFLA_OPERSTATE={0x8, 0x11}, @IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14}}}}]}, 0x50}}, 0x0) [ 3647.192151][T24894] WARNING: CPU: 1 PID: 24894 at kernel/locking/lockdep.c:1024 lockdep_register_key+0x10d/0x490 [ 3647.202546][T24894] Kernel panic - not syncing: panic_on_warn set ... [ 3647.209145][T24894] CPU: 1 PID: 24894 Comm: syz-executor.2 Not tainted 5.0.0-next-20190306 #4 [ 3647.217820][T24894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 3647.227908][T24894] Call Trace: [ 3647.231222][T24894] dump_stack+0x172/0x1f0 [ 3647.235576][T24894] ? lockdep_register_key+0xf0/0x490 [ 3647.240868][T24894] panic+0x2cb/0x65c [ 3647.244805][T24894] ? __warn_printk+0xf3/0xf3 [ 3647.249403][T24894] ? lockdep_register_key+0x10d/0x490 [ 3647.254771][T24894] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3647.261015][T24894] ? __warn.cold+0x5/0x45 [ 3647.265347][T24894] ? lockdep_register_key+0x10d/0x490 [ 3647.270743][T24894] __warn.cold+0x20/0x45 [ 3647.274989][T24894] ? lockdep_register_key+0x10d/0x490 [ 3647.280370][T24894] report_bug+0x263/0x2b0 [ 3647.284713][T24894] do_error_trap+0x11b/0x200 [ 3647.289310][T24894] do_invalid_op+0x37/0x50 [ 3647.293729][T24894] ? lockdep_register_key+0x10d/0x490 [ 3647.299110][T24894] invalid_op+0x14/0x20 [ 3647.303283][T24894] RIP: 0010:lockdep_register_key+0x10d/0x490 [ 3647.309279][T24894] Code: 75 23 e9 e5 01 00 00 48 89 da 48 c1 ea 03 42 80 3c 3a 00 0f 85 b1 02 00 00 48 8b 1b 48 85 db 0f 84 c7 01 00 00 4c 39 e3 75 dd <0f> 0b 48 c7 c0 b8 57 5e 89 48 ba 00 00 00 00 00 fc ff df 48 89 c1 [ 3647.328898][T24894] RSP: 0018:ffff88815f3bfa18 EFLAGS: 00010046 [ 3647.334983][T24894] RAX: dffffc0000000000 RBX: ffff8881d1408618 RCX: 1ffffffff12bcaf7 [ 3647.342972][T24894] RDX: 1ffffffff146754a RSI: 0000000000000000 RDI: ffff8881d1264bbc [ 3647.350968][T24894] RBP: ffff88815f3bfa48 R08: ffffffff8a33aa50 R09: ffffed102be77f38 [ 3647.359037][T24894] R10: ffffed102be77f37 R11: 0000000000000003 R12: ffff8881d1408618 [ 3647.367015][T24894] R13: 0000000000000076 R14: 0000000000000286 R15: dffffc0000000000 [ 3647.375016][T24894] ? lockdep_register_key+0x91/0x490 [ 3647.380326][T24894] alloc_workqueue+0x427/0xe70 [ 3647.385115][T24894] ? workqueue_sysfs_register+0x3f0/0x3f0 [ 3647.390856][T24894] ? __init_waitqueue_head+0x36/0x90 [ 3647.396176][T24894] hci_register_dev+0x1b8/0x860 [ 3647.401036][T24894] ? hci_init_sysfs+0x7c/0xa0 [ 3647.405728][T24894] __vhci_create_device+0x2d0/0x5a0 [ 3647.410935][T24894] vhci_write+0x2d0/0x470 [ 3647.415274][T24894] new_sync_write+0x4c7/0x760 [ 3647.419970][T24894] ? default_llseek+0x2e0/0x2e0 [ 3647.424830][T24894] ? common_file_perm+0x238/0x720 [ 3647.430043][T24894] ? __fget+0x381/0x550 [ 3647.434222][T24894] ? apparmor_file_permission+0x25/0x30 [ 3647.439778][T24894] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 3647.446038][T24894] ? security_file_permission+0x94/0x380 [ 3647.451681][T24894] __vfs_write+0xe4/0x110 [ 3647.456013][T24894] vfs_write+0x20c/0x580 [ 3647.460256][T24894] ksys_write+0xea/0x1f0 [ 3647.464503][T24894] ? __ia32_sys_read+0xb0/0xb0 [ 3647.469272][T24894] ? do_syscall_64+0x26/0x610 [ 3647.473956][T24894] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3647.480025][T24894] ? do_syscall_64+0x26/0x610 [ 3647.484711][T24894] __x64_sys_write+0x73/0xb0 [ 3647.489310][T24894] do_syscall_64+0x103/0x610 [ 3647.493913][T24894] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 3647.499810][T24894] RIP: 0033:0x457f29 [ 3647.503703][T24894] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 3647.523309][T24894] RSP: 002b:00007f223c767c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 3647.532979][T24894] RAX: ffffffffffffffda RBX: 00007f223c767c90 RCX: 0000000000457f29 [ 3647.541571][T24894] RDX: 0000000000000002 RSI: 00000000200000c0 RDI: 0000000000000004 [ 3647.549552][T24894] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 3647.557528][T24894] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f223c7686d4 [ 3647.565504][T24894] R13: 00000000004c6ff5 R14: 00000000004dc918 R15: 0000000000000005 [ 3648.718564][T24894] Shutting down cpus with NMI [ 3648.724032][T24894] Kernel Offset: disabled [ 3648.728361][T24894] Rebooting in 86400 seconds..