[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 80.963820][ T30] audit: type=1800 audit(1574007979.011:25): pid=11322 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 80.986803][ T30] audit: type=1800 audit(1574007979.031:26): pid=11322 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 81.024084][ T30] audit: type=1800 audit(1574007979.061:27): pid=11322 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.2' (ECDSA) to the list of known hosts. 2019/11/17 16:26:31 fuzzer started 2019/11/17 16:26:36 dialing manager at 10.128.0.26:39269 2019/11/17 16:26:36 syscalls: 2397 2019/11/17 16:26:36 code coverage: enabled 2019/11/17 16:26:36 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2019/11/17 16:26:36 extra coverage: enabled 2019/11/17 16:26:36 setuid sandbox: enabled 2019/11/17 16:26:36 namespace sandbox: enabled 2019/11/17 16:26:36 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/17 16:26:36 fault injection: enabled 2019/11/17 16:26:36 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/17 16:26:36 net packet injection: enabled 2019/11/17 16:26:36 net device setup: enabled 2019/11/17 16:26:36 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/11/17 16:26:36 devlink PCI setup: PCI device 0000:00:10.0 is not available 16:30:18 executing program 0: r0 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x0, 0x0) ioctl$EVIOCGABS20(r0, 0x80184560, &(0x7f0000000040)=""/32) r1 = dup(0xffffffffffffffff) ioctl$TUNSETNOCSUM(r1, 0x400454c8, 0x0) r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x8000, 0x0) setsockopt$RDS_CANCEL_SENT_TO(r2, 0x114, 0x1, &(0x7f00000000c0)={0x2, 0x4e20, @multicast1}, 0x10) write$P9_RREADLINK(r2, &(0x7f0000000100)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0x10) setsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f0000000140)={0x9}, 0x4) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x100, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000200)={0xffffffffffffffff}, 0x106, 0x1}}, 0x20) write$RDMA_USER_CM_CMD_DESTROY_ID(r3, &(0x7f0000000280)={0x1, 0x10, 0xfa00, {&(0x7f00000001c0), r4}}, 0x18) r5 = openat$audio(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio\x00', 0x101002, 0x0) fcntl$notify(r5, 0x402, 0x80000027) setsockopt$ALG_SET_AEAD_AUTHSIZE(r2, 0x117, 0x5, 0x0, 0x4) r6 = syz_open_dev$radio(&(0x7f0000000300)='/dev/radio#\x00', 0x1, 0x2) ioctl$PPPIOCGFLAGS1(r6, 0x8004745a, &(0x7f0000000340)) r7 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$sock_SIOCOUTQ(r7, 0x5411, &(0x7f0000000380)) r8 = syz_open_dev$swradio(&(0x7f00000003c0)='/dev/swradio#\x00', 0x1, 0x2) setsockopt$inet_sctp6_SCTP_INITMSG(r8, 0x84, 0x2, &(0x7f0000000400)={0x3, 0xfff, 0x800, 0x99e}, 0x8) r9 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000440)='net/ip_vs_stats_percpu\x00') setsockopt$inet_sctp6_SCTP_INITMSG(r9, 0x84, 0x2, &(0x7f0000000480)={0x0, 0x6a1b, 0x1, 0x40}, 0x8) pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SCSI_IOCTL_DOORUNLOCK(r10, 0x5381) epoll_ctl$EPOLL_CTL_MOD(r6, 0x3, 0xffffffffffffffff, &(0x7f0000000500)) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r9, 0x4058534c, &(0x7f0000000540)={0x3f, 0x5, 0x101, 0xff, 0x2, 0x401}) r11 = openat$cachefiles(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/cachefiles\x00', 0x200, 0x0) ioctl$GIO_UNIMAP(r11, 0x4b66, &(0x7f0000000640)={0x6, &(0x7f0000000600)=[{}, {}, {}, {}, {}, {}]}) r12 = msgget$private(0x0, 0x223) msgctl$IPC_RMID(r12, 0x0) syzkaller login: [ 321.025810][T11487] IPVS: ftp: loaded support on port[0] = 21 [ 321.177785][T11487] chnl_net:caif_netlink_parms(): no params data found [ 321.235541][T11487] bridge0: port 1(bridge_slave_0) entered blocking state [ 321.242869][T11487] bridge0: port 1(bridge_slave_0) entered disabled state [ 321.251659][T11487] device bridge_slave_0 entered promiscuous mode [ 321.262658][T11487] bridge0: port 2(bridge_slave_1) entered blocking state [ 321.269844][T11487] bridge0: port 2(bridge_slave_1) entered disabled state [ 321.278764][T11487] device bridge_slave_1 entered promiscuous mode [ 321.311694][T11487] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 321.324908][T11487] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 321.361688][T11487] team0: Port device team_slave_0 added [ 321.371388][T11487] team0: Port device team_slave_1 added [ 321.477062][T11487] device hsr_slave_0 entered promiscuous mode [ 321.633055][T11487] device hsr_slave_1 entered promiscuous mode [ 321.926323][T11487] bridge0: port 2(bridge_slave_1) entered blocking state [ 321.933646][T11487] bridge0: port 2(bridge_slave_1) entered forwarding state [ 321.941374][T11487] bridge0: port 1(bridge_slave_0) entered blocking state [ 321.948687][T11487] bridge0: port 1(bridge_slave_0) entered forwarding state [ 322.164855][T11487] 8021q: adding VLAN 0 to HW filter on device bond0 [ 322.192937][ T825] bridge0: port 1(bridge_slave_0) entered disabled state [ 322.223129][ T825] bridge0: port 2(bridge_slave_1) entered disabled state [ 322.258989][ T825] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 322.307915][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 322.316612][ T31] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 322.350514][T11487] 8021q: adding VLAN 0 to HW filter on device team0 [ 322.398110][T11513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 322.408005][T11513] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 322.417324][T11513] bridge0: port 1(bridge_slave_0) entered blocking state [ 322.424565][T11513] bridge0: port 1(bridge_slave_0) entered forwarding state [ 322.514699][T11487] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 322.525638][T11487] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 322.544182][T11513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 322.554098][T11513] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 322.563020][T11513] bridge0: port 2(bridge_slave_1) entered blocking state [ 322.570152][T11513] bridge0: port 2(bridge_slave_1) entered forwarding state [ 322.578638][T11513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 322.588640][T11513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 322.598647][T11513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 322.608475][T11513] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 322.618058][T11513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 322.628677][T11513] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 322.638301][T11513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 322.647706][T11513] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 322.657332][T11513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 322.666747][T11513] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 322.779472][T11487] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 322.886474][T11513] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 322.896353][T11513] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 322.905069][T11513] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 322.912744][T11513] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 16:30:21 executing program 0: r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$UHID_CREATE2(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000073797a310f270000000000000000000000000000000000000900000000000000000000000000000000000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000200000000080000000000000000000000000000000000000000000000000000000000100738d7a310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f1e5ad2b78428ba9876973797a310000000000000000000000000000000000000000cf0a000000000000000000000000000000000000000000000000000000000000000000000000000016000000d80000000000000000000000000000003b38e967ac8206eaae86b97eecbec8271ae23364b10d6aad5102000000e2a1db3c6a31e30dee4afc66d2442805201c39389a804c41c2993fc67e8a146045e14e8a0800550e6a25c0ef65f6ec71f0085a54d140187fafa4a1ee6ece53c67385b8838aa36ad24a7dce0973c362bd726a8ab11b0a0b00e77e6c16189cfa16cbe01a4ce411378eaab7372dab5eef84c31b3cad868a8ac6f5e69746a7a0beda0686d2aa4d394286e5c81eae45e3a25b942b8da11edb57bf3f003acab1d57f25833d4d4c13eef0e0e62be2015eedef3c32984c6c02000000d8a624cea95c3b3c6dd8735690f4786fc5166b03000000000000000000000000000000bf4b7c015643427347788095769c5b80683d0476087ba77e2d39ac9932ce6291b20d4dc4ce3aa25d04ff6bbbad00"], 0x12e) write$UHID_DESTROY(r0, &(0x7f0000000280), 0xfed0) [ 323.268708][T11513] hid-generic 0000:00D8:0000.0001: hidraw0: HID v0.00 Device [syz1'] on 1 16:30:21 executing program 0: socket$key(0xf, 0x3, 0x2) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) ioctl(r1, 0x800000000000937e, &(0x7f0000000080)="01000000000000001801000004000000fc232ff41cd849832f") r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) ioctl(r2, 0x800000000000937e, &(0x7f0000000080)="01000000000000001801000004000000fc232ff41cd849832f") r3 = dup(r2) ioctl$VHOST_VSOCK_SET_RUNNING(r3, 0x4004af61, &(0x7f00000000c0)=0x2) getsockname$packet(r1, &(0x7f0000000480)={0x11, 0x0, 0x0}, &(0x7f00000004c0)=0x14) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@mcast1, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6=@local}}, 0x0) getsockopt$inet_mreqn(r1, 0x0, 0x20, &(0x7f0000005c40)={@remote, @local, 0x0}, &(0x7f0000005c80)=0xc) setsockopt$inet6_IPV6_IPSEC_POLICY(r5, 0x29, 0x22, &(0x7f0000000440)={{{@in6=@loopback, @in6=@mcast2, 0x4e23, 0x0, 0x4e23, 0x0, 0xa, 0x0, 0x0, 0xc, r7, r6}, {0x80000000, 0x51, 0x9, 0x5, 0x8, 0x7ff, 0x0, 0x8}, {0xffffffffffffff81, 0x7, 0xfffffffffffffff8, 0xfffffffffffffffb}, 0x3f, 0xffffffff, 0x4, 0x0, 0x0, 0x1}, {{@in=@empty, 0x4d2, 0x51}, 0x2, @in6=@empty, 0x34ff, 0x2, 0x1, 0x0, 0x1, 0x7fff, 0xb1}}, 0xe8) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=@newsa={0x19c, 0x10, 0x963ddcda599079f3, 0x0, 0x0, {{@in, @in6=@dev={0xfe, 0x80, [], 0x1e}}, {@in6=@loopback, 0x0, 0x33}, @in6=@initdev={0xfe, 0x88, [], 0x1, 0x0}, {}, {0x2}, {}, 0x0, 0x0, 0x2}, [@policy={0xac, 0x7, {{@in=@empty, @in6=@empty, 0x4e20, 0xd790, 0x4e22, 0x8, 0x2, 0x80, 0x120, 0x87, r4, r6}, {0x533, 0x800, 0x6, 0x1ff, 0x80000001, 0x4, 0x2d5, 0xfff4}, {0x1, 0x51d, 0x3ff, 0x7}, 0xc9, 0x6e6bb1, 0x1, 0x1, 0x4}}]}, 0x19c}}, 0x0) 16:30:21 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) r2 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x0, 0x105800) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) ioctl(r3, 0x800000000000937e, &(0x7f0000000080)="01000000000000001801000004000000fc232ff41cd849832f") setsockopt(r3, 0x10001, 0x0, &(0x7f0000000200)="4d09ebb0bdba4634ccaf2bc9a46a8257e5a9e106754991705c0a6832f3a503b101c3b30fc45c4fb0e186c48d80af40a2ebfbd47be1425a96a533e56725ef316ae120b8cc7378f343e76cab3d915b9c802d70f3812df9fff4303499c1f4ff631237d5e1de39caece2cb212c82a650b45894b30c6a59c1a557dcc96239b209163c5d73ac70d95c2635c82ac11f19333589ab1c56291b47b39dcbf63da6ca7be3d9086e8fd8240ca2068fac42839a5866270a5a98e0a29b192fc19ef36e84a8bdde1abb44cc8472fc48c931327abd3f13f3a1ad28848780aa1789da616de5680d41a9d0c2fb053eb70884ee232d107a4b43aeeee7990a5dccaaec4b7858dcbabf44388cd4b8f446a6bc8c8d4240f25f6a0e620aa0a66cba814652280433417ade665c706f55f9374dd7cb65c43cd210d372369b2423677b2297e46672347426a006976a9adffdd589c6acdf9bec019676ea575b232ea693ca74e1e3ad391d528938f2a3308096bbd04fee0ddf7105ba01d672487bbc91855999b8aa07a07e9fe10802826fd90256cd8ee3ebfb9e6ec5842a01e07cc130943c8f003350e361e94fd0e91bafa77437071c8d7891a5c7d2a4d4eae7d3539f9e99f14d5ac8b3b268c9846be1bf8d79245becc0f0ac8f402361b3d12fe94ec1c1820ad33e42d89faf0a627eb0bec9bd09f70a6488c040656192322e1cf6badfe3bf0ec5be730f3298c080decfecc6350d8959044dce345c03b27af7636e9cf4dd76cee2ee02c5ed3a894659093f9669623bdb46f1b9fa02e31d1c8269d89e93ff9255162f05438626e8a43005194d4d016ebc5681f31b88e84cbc2fd68dd90e1ad62a2c5dfd18a05956c4f4430be1e8ecc796240cac52a49faa6fe2d4a9a6c9282c2c595640d316096c029a26583f18e0363b207d388850bf42cc03d7fd511b5ced73c1c952218ea030654bbaadf03923d724fcac71e13ffe6a7d41dd9ddca0732c3751273985a52ae5dba9ccc50c1d8b80641379dd6e0367c15e37774b194e1f7c37b6232a5e985660be267ea0c3aae8f74a35955e5b0bd438b67fd4dad91071a7c201a22e8abc483a9ba0bdf41bc681e94eba07410d6798c0cbdb76b08f624f3d4af8f7bb53dd1ae1cc363b2ff20ff02540ff1569c004012d2bf4818ec6171479c4b6a75e9e620f25c6ed4464dedc4a0716443a5c16bdd16a9692189f23aa19ab5b08cfdacfd6482d8449038e8220b5d763b86f9def770a67b9cf95e9789c6a331abe2940edcc820606df5229a3dd1700f7921e9212e3ea7ba29ebf49bfba3b781ba192b2acaef0c5da369db7fa27a42399525db654b7058a87c06ee853840498b907a9e58e33c8375d20715e349871c21a4531983e3fa6015724248856917625390f1b1a5c0de46fc4e0a7514e6f1cad6023b1c199241d80619fa340d057e778f77e8578c0455aa522d22f7b4f11178e353b9247f65d601d2482731093ba607337a982baf476311c2cad9a032ab3bd3cfd3ba486fb763eceb3fb1f8af1b491fbf87e41ed086f0f64abdcb24b4cd00f1fde4c77e8c4fff54153e2e4fe44c19b59cdd5b8498fae7e5248667fdfd5313373afa8d60437d288c224e8b8a0835f9783b951bb348b290151c1c30e2b53dad7457a0b772342d1e99f8970b8f0bca26f6d172797611939cb8eaca7b80c97c129f8cf9c95ae3b95faadf4b0c377c515fecf4ff6507556ad0ec97fcacc4fd1404b9bbcc6b3fb8a2ede371a31c918275cc49e1c718504af48aba99c7d7c64a137c8b145b647a36a1b50b0729bdef96caa5d8f6e2976d34f395482cb1c4c9379f42f0c74a3f066b7beafd8e6006f0c1cc23d4fe05c7417ed21423cc7f047802e1f3ac486b086f1bd5b378f54a4f8b4524930f5f22065031f52d7fcf5319be235daacdc308ddd9df8dda8c6e37fb68c5bbe77d220807b01a40c3991e211d6ffc5c5abea13d417c5b1276f4a2ebe170e41246f7e6ba66429e151b454f86018abaf7384d782cebb7b398c572c454251d44367549cfc216a168552f6b08cced496cd07aa86b15184ad1feaa36221c547dbb7b16c84009e77648483c27ff7f73e46977aec6187bf943fec6115c89914b445eb3b736659e506a1c80d34e4176d5a6cf53e5cbc303a0397e799c34d485bc73c1eddafe353d769f4515be02ae61053d92011cdf6e2cbdfcb8a54c4db433a049f177e8ce8131e897e9a7ff60cf8585ea4a48d85579411f5b25794229a61ec799d12a44473d4a1cae2fea1cbfb6ffcf546246ef79018a3e2fe273cd2399b98726c391c52a45ab5069de35382cb9812fb059d734cac0db2c8715f052a5e13562169ba2539e293968e0b3ce2449bf7c9c142c2fe606cb9102d60a01f1f685018ea0960416f7d56c4bcc3eb49f00208f88e9da4528733e973092e157b94499270cc18586960775b699b135c9d3debc9a1a41c0deb241b2cd6a2ae370c45e667af98c1a52efea6b242f41f69eeb3d68ba7400720c381ee71d1094972b2acbd54cf5d170f65ac74e3c79c1dd0b32870f500685ffe48d57e80e886a48a4b08d5daaa8718ef1ee01ded32403679991e43a6108ad6e0631949aec71a14ad78b7103ec2708501682ba2c91a15a5fb033dbf18de501bd5da56892a1b4535fd4f513e974ef562f181fe66ba8f7732377bbf9e55e82ceb606829c7484a1cbd5b922b69cb081e17c8dbc32d0981cab692a241f14f5ad75088f4eac09319874c6773719840f07d148bf2f4528d1e134db2781c149aecfa1fe40c1d9f0b3362b4a0930fd382bf85e95b1c24a7b46475ae3b4f0c765a697092de0353744c722f4d3acbe86ba9e0afe5407d6990c291008400ec603e477f5a48352a0580756dbd2dabc01af919dc7c836f755f7e0fdce88f9b6862388b29662b1fb9ec5dc66774bb0874164a363ddc1f116accd51df74d0a274ccaffcd19f11e93dc7f67dc81722d978e61b7585a56761254c9732fb568e221e15ccf7d992f66c45d245bddcdb1fd3fbf51861be01b6ff985beaa6193109690de79384eea271573bf77e132995a0287fc5703d95a88446aed513ce5d1c9b63d529f24c229acc2a54e33573eff34224ab53da3ddc9f8e9f4cd68bf625dfc86ee326fe1943537a18283820cf6701d3a8985b1b8ad0c58343c36b0785411d04508235ea8e57dc5235da8c9315a7dd5d4b365ae20cd7cd22ab818e6e60ada7e6b2f7e67df346b2271e4a1e922a0f0f1a1a32054b1573189ba89a4a85b453131a8779bc323f1a77921d5f6a848f1190afd0a2fb2f4a85842be947f3147c7617ad159455fdfebda5aea0b3586f9acc0a685166d3332af65db974d928332a9d0a0dc1b4b65ed5f9862763993423b4538fedb94ce9fb19edbb03ecc70d1072379ea82b1672f4786843f19b7ce043e93e7379ae199b354e3d503163453dc641373d0d49ba63ffe14633068a88337ff0400e6762ef562dde633afad2bd0f0fc7154a42f25887555812de5cec34b5693dba792f9d54070062f8997282281e93c9c6da355b6492406a0d9f8b99d65fef8c370cf2cd7338c29b004958efe20d5d2b225336877f557fe7aa4cc5b1ea3d879009227e5dfa116a7cfb27fae63d8f37741b33da319c034ee9d51516dc6a744b38ea7e6d13c876f45e37791d53df99e5dac66c8464d17a60d5d18eb21c2e7f47dbaf7afb49c41b109c09bc09b6774c6498aad44a77177ac7ab109ad10c15212f8a067fe4c9d36447fc9dc1bd1ec991152172dc79943f7062bdb0406d0f8b8ce976f9834f2f6c7b2658462a4508483a42136e1f15fe7ac99806ed4f497f2b4bbb9e686a06862fd5e97596ada42bc71f767b46ce207588bc4df761599740b4f2ccdc92351e3ee770e90359c9dde5382f6b727eb3d23d74f78bef0569f0ae799621bd6f76f2a510d4dfd60291d62a7efa2e4ca8c270c7e76584e535dc63adc317814d2e6477d1eb49835c8738dc12887623ad6fc1815184e82abdd06530232e6e5eae85feec729ca78e2fbf6868ea4771f98c45feceff59a2f55c3a99aef7d062bf8da823b7bacfb37738a3043a439a8cefe583862de330421e674e30ca43c5197663a7b4ee8c7c62803ac3ac436b56aae582ad21076e8605a352743fdf1c895e2036b222bd2c9f6ebaf841dc39a50290095f9e9698e3856a79d40de4caf860b7c51e1dd6608cc1bde48e5496b412975e7648a8762bcb3c8eabd30bbe114d6fead3ca0b34777d5f83d62bb275466e4dd574f46b3a6034b1ebe941575b654ad57c0899f5f861fbc8ba35c94f46dd35ec4fe768ea6cb0bd0910c61619191c5e6dfeea6e4b0035601e0543e81020bf10bcc2eea6876166c0593091963ad41510d7f1a3de169f6ee558854b135742f75831b2281578bb4a5114dd119bbf3af24f3a270e309948bc42381c4e0595837991053d9dd1e0debb27004fab218568c61471121ce917f1d417f4aabf198f492707d2fc9d81a771f67a8fcb5c654fda88bdef91d3dff11a44cfd57a53eadb9193beb66f28e69336878ea6f0349c8703f858244a7ba8ca99e05d0e95f68390079b4234c5406fe2684d77f78969051925a2d943c6e88cc89d3fff3f747b3994c8dcdade750c46a674d8b6edc231867c1f74c1fb375c6e77ba69dcbfd8342f7b9c53ad85278f76a90be6dcc550b1230888b6087197ee5fc2f0e2e082e2965cc3bd34e37dd46a313c7b85ce1c6c0ca541b7617413799f70eba5a04e413243fb6008b95d3033741291f8cce3ece474508d47f170fe637f978c7b506b35e4a3243d956571396873b6f31a0093b7bd0183d209314ca8867abc4658b09670939c225a518b5e9aa4cf8cbaa95359002f588f7ebf6c4566219b138093f483221deb0bcdb8b4c02fd92e29cec0099e72dad68e747a89742165fcc11a5af157421e28d7a0b14782d5043fff3ef87d109f1cfd44b45a5b505bab38e824c0e4b9da87b42cb16c90f974294995addffbc5f4e2d6ff7973d55628feabce6953a16825a8ca8362a5c47761f496fb0500adef3739bc42143684c4554a35ad4d0988b89aa9df15b9bc9b4d66f7e086c5fecc1f6f3ec5920ad4fa94ce41ae6565b3f8e541e297bf1a8815bf59987e0abb4bda622a2a839b46d5439ec948cd6a1af3e4959e22adb3976a7dddc0e5cc59f43d28698bfc0acc3d49f3c36023d6ceb7387a2ea8fb9511a49129ee0f973cf22dbd2909d71239c6f67f7253404e82d62c199ebbee4b42afd27617ae079e3713cecae5196033b99a46c007fef73e19c7627b1231bac0d07c11fe0b8ea1bf47ddafd5720196ed4fae4076d5c8a4f1fd47f1031071bb5e267c8deb622e5ce93ce06a2b4b647526fd04073a1a809b48094aafe29fd13058cda2810d228bc541e54f04f0e258585a4551875b0df8c1ddad5184e56dac753dbd4c59bf88c999a5ba28058a818041f3bef83b5c95df144f74b923f5fe0b83ea785a6ae7bfd919da9854ea3e7ad6b7837903de9f4a10e6a606e5b525289a4a6e59ff27aa82c8b658cf7665f1d0a9e64f45b64c5d62ff75af359f5ae71dab5c1248ce79622d71a7ca55033a4d06968aa5a0e6d916054d67af1818a7ddfb6a4c1b0da9cfbfccb296b46114cef8fd7ba062abcff7c3e716017725c38f2f361afe1357e73fac3131676ae50cd1731ec9eebc44b275433ab4052c6b8e36506bf295230faa0fcbc5607d647ea7e1546c109113eda53bfa20c84ff7fcbd746ebe6d826032baccbbfa3a69c971c80ab98112bc16e7421d0a7143e1b2130f99f64834668131f602deddd2fcf1dcdc5a02060cb9727271a", 0x1000) setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000100)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4e24, 0x0, 0x4e20, 0x94, 0x2, 0xa0, 0x20, 0x89, 0x0, 0xee00}, {0x8, 0x80000001, 0x40, 0xb4000000000, 0xffffffff, 0x2, 0x1, 0x1}, {0x1, 0x200, 0x6, 0xff}, 0x9, 0x6e6bba, 0x1, 0x1, 0x6}, {{@in=@rand_addr=0x800, 0x4d4, 0x32}, 0x2, @in=@rand_addr=0x6, 0x3505, 0x4, 0x524b488945775519, 0x6, 0x6, 0xfff, 0x200}}, 0xe8) r4 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r5, &(0x7f0000000080)={0x0, 0xfffffec1, &(0x7f0000000040)=[{&(0x7f00000000c0)="2e0000002c008151e00f80ecdb4cb904014865160b0001410180ffff000000110e0006001500cd5edc2976d153b4", 0x2e}], 0x1}, 0x0) 16:30:21 executing program 0: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0xa0002, 0x0) ioctl$TCSETSF(r0, 0x5404, 0x0) write$sndseq(r0, &(0x7f0000000080)=[{0x10081, 0x6, 0x0, 0x0, @time={0x0, 0x1c9c380}}], 0x2c) ioctl$RTC_PIE_OFF(r0, 0x7006) [ 323.687399][T11540] Started in network mode [ 323.691831][T11540] Own node identity e000600, cluster identity 4711 [ 323.699479][T11540] 32-bit node address hash set to e000600 16:30:21 executing program 0: r0 = add_key$user(&(0x7f0000000280)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f00000000c0)="b8", 0x1, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f00000005c0)={'syz'}, &(0x7f0000000340), 0x584, 0xfffffffffffffffd) rt_sigpending(&(0x7f0000000140), 0x8) keyctl$dh_compute(0x17, &(0x7f0000000080)={r0, r1, r1}, 0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={'crct10dif\x00'}}) keyctl$KEYCTL_PKEY_ENCRYPT(0x19, &(0x7f00000002c0)={r1, 0xb4, 0x4b}, &(0x7f00000000c0)={'enc=', 'raw', ' hash=', {'md4-generic\x00'}}, &(0x7f0000000300)="080a5fb7c7eeb90464cee025d1c3781557d0a2203c44c1160ccbdc14bde3be60f3b1ae2037e85800020000217a332ee70a56fe47e7a20730478ce36b0c1472d710e2cb736899239bfc3f5f38f3856a14ef2bd7322af4eec4ddce29a86c30fce21039b06123d73ef7b5b90dba6c25c1a57d1532354f8b80e3e2ed02ca1636314980e2000000000000000164736a6ff793a566484d169784d2c2c37364201ce5f3e318c17cbebf80afde6d27ba20ac12b86f992596", &(0x7f00000001c0)=""/75) r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000240)='/dev/video37\x00', 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000900)=ANY=[@ANYBLOB="14000000230001144000003b58509756010400006535c001f530ee2ef111a147e5615449555cd26d78f041631cdd758b5b09e913c014968495f6429251765535b5e3fa3107afdc20442aca9ad9f1518d2fb0493d6e861b1fa825c468cb1010171ae2cb15e6d14eba184b2c654d5c06118cdbf69ee4150c10230570cb0e29529a81f9eb6e6b5446a32acd1d1b055ba26cf69c4e378f43dbccf527d0c6e1e809fe72de94891cc289d9e35301700d50c9bd032f37e6023b87e49b528858331e8ca516902096295d2c10783ba08db766e6b096bc32875450f81518b52e5f089658ae357ec72e1cece2270df9f58be63e72c6506582fd09cbd0a7bb9fff8247116696ab7bf92dbf5c760eaf75d59d9d839295eb5911d765cd56859d08fd2db71c344b4be89048c9664243f6d452558ff8803538d09ca6957de1b1151beb5e00000000000000bebc14e3b904b1e69025e5281d7ed14e8a280bd49f1bcbeeac6d3c880327887387b81b2a1260c9e836a19e7bbbd6feba0c8a24d4e8909af6e2d4d1eb2fb439bd719a6b0664a3b9512b5b6ee2509bf07c175acbfc5ef9bab7b6d2d239c0bf9ebc25aa5173549ae238ec6c7cef00000000000000000000000000000000000000d91f6024ace0c4bdd918beac9d4b569c8c70940000000014634dfbd7b2322bd8c9f357e44f108b17b63a93eea8796624d75639511646da2a9c74e117473dafa5f818cebc30874956b890e50d0f1f56800bfbb66e6f207f9700cc995998e1573795ac40799047552a70934179f8981fb333ceb94795b8a5f7b704f8116301cbf2f5eab1b6be26dc16babbc0d254b3202427ad90ea893de8128f10"], 0x14}}, 0x0) r4 = add_key$keyring(&(0x7f0000000140)='keyring\x00', &(0x7f0000000080)={'syz'}, 0x0, 0x0, 0xfffffffffffffffd) add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, r4) keyctl$negate(0xd, r1, 0x9, r4) dup2(r2, r3) [ 323.949523][T11548] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 323.985725][T11547] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium 16:30:22 executing program 0: r0 = socket$inet6(0xa, 0x802, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) ioctl(r1, 0x800000000000937e, &(0x7f0000000080)="01000000000000001801000004000000fc232ff41cd849832f") bind$inet6(r1, &(0x7f000000d000)={0xa, 0x4e21, 0x80000, @rand_addr, 0xf800000}, 0xe) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev, 0x40002}, 0x1c) syz_emit_ethernet(0x3e, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086f5dd6050a09c00081100fe8000000000000000000000000000bbfe8000000000000000000000000000aa00004e2000089078"], 0x0) 16:30:22 executing program 0: unshare(0x6c060000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x7a167728, 0x101000) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) ioctl(r2, 0x800000000000937e, &(0x7f0000000080)="01000000000000001801000004000000fc232ff41cd849832f") r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) ioctl(r3, 0x800000000000937e, &(0x7f0000000080)="01000000000000001801000004000000fc232ff41cd849832f") ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f0000000300)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ID_VALID(r1, 0x80082102, &(0x7f0000000140)=r4) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) ioctl(r5, 0x800000000000937e, &(0x7f0000000080)="01000000000000001801000004000000fc232ff41cd849832f") setsockopt$inet_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000000)='reno\x00', 0x5) r6 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) ioctl(r6, 0x800000000000937e, &(0x7f0000000080)="01000000000000001801000004000000fc232ff41cd849832f") ioctl$KVM_PPC_ALLOCATE_HTAB(r6, 0xc004aea7, &(0x7f00000000c0)=0x1f) bind$inet(r0, &(0x7f00000002c0)={0x2, 0x0, @local}, 0x10) [ 324.275000][T11557] IPVS: ftp: loaded support on port[0] = 21 16:30:22 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setstatus(r0, 0x4, 0x2000) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="28000e0000000000001c1f61299c0bfd6bca8d1ac6e4e964f039a10dc2f4d62d4124ce8a4907971d66fa31", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b0000000000cab4ed025c06a415f9b4626d7579d5d24eda384e9269352a4ea4c7768206a50b62286c3931cddbf88ee3930fdc42286c1ddb1c6202d6e8"], 0x28}}, 0x0) 16:30:22 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x133, 0x0, 0x0, 0xff7d) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = dup2(r3, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000040)="0f01d582ab06000466b97a03000066b9540b00000f320f20c06635100000000f22c02e0f01c20f01e52e2e660f6b39363e0f01c80f2349", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0xfffffffffffffd55, 0x40, 0x0, 0x147) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r5 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x0, 0x2) r6 = dup(r2) r7 = creat(&(0x7f0000000080)='./file0\x00', 0x10) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f00000000c0)={r6, 0x7f, 0x7f, r7}) [ 324.615548][ C0] hrtimer: interrupt took 63958 ns [ 324.712619][T11567] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. 16:30:22 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0xff, &(0x7f0000000040)=0xfffffffffffffffe, 0xfffffda8) ioctl$sock_ifreq(r0, 0x891f, &(0x7f0000000000)={'bpq0\x00', @ifru_mtu=0x9}) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f0000000300)={{0xa, 0x0, 0x0, @local}, {0xa, 0x0, 0x0, @mcast1}}, 0xcb6f40f04e97caa7) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x4e20, 0x5, @loopback, 0xcf}, {0xa, 0x4e21, 0x7, @mcast2, 0x6ff2}, 0x3600, [0x0, 0x4a4333b4, 0x3, 0x2, 0x80000000, 0x100, 0xa793, 0x6]}, 0x5c) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @dev={0xfe, 0x80, [], 0x1c}, 0x1}, 0x1c) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000380)) fcntl$lock(r0, 0x7, &(0x7f0000000000)={0x0, 0x4, 0x67, 0x2, r1}) syz_open_procfs$namespace(r1, &(0x7f00000000c0)='ns/mnt\x00') ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000000)={0x0, {0x2, 0x4, @multicast1}, {0x2, 0x0, @remote}, {0x2, 0x0, @broadcast}, 0x2}) seccomp$SECCOMP_GET_NOTIF_SIZES(0x3, 0x0, &(0x7f0000000140)) ioctl$sock_inet_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={0x0, {0x2, 0x4e24, @loopback}, {0x2, 0x0, @loopback}, {0x2, 0x0, @dev}, 0x281}) ioctl$IMCTRLREQ(0xffffffffffffffff, 0x80044945, &(0x7f0000000080)={0x4007, 0x3, 0x3ff, 0x9}) 16:30:23 executing program 0: prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) syz_open_dev$dspn(&(0x7f0000000240)='/dev/dsp#\x00', 0x3, 0x20100) ioctl(r1, 0x800000000000937e, &(0x7f0000000080)="01000000000000001801000004000000fc232ff41cd849832f") r2 = socket(0x100000000011, 0x2, 0x0) bind(r2, &(0x7f0000000140)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$KVM_GET_MSR_INDEX_LIST(0xffffffffffffffff, 0xc004ae02, &(0x7f0000000200)={0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}) getsockname$packet(r2, &(0x7f0000000000)={0x11, 0x0, 0x0}, &(0x7f00000001c0)=0x14) setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f0000000100)={r3, 0x1, 0x6, @local}, 0x10) r4 = socket(0x100000000011, 0x2, 0x0) bind(r4, &(0x7f0000000140)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r4, &(0x7f0000000000)={0x11, 0x0, 0x0}, &(0x7f00000001c0)=0x14) setsockopt$packet_add_memb(r4, 0x107, 0x1, &(0x7f0000000100)={r5, 0x1, 0x6, @local}, 0x10) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x937341a4d7aff281}, 0xc, &(0x7f00000000c0)={&(0x7f0000000300)={0x118, 0x0, 0x400, 0x70bd2c, 0x25dfdbfe, {}, [{{0x8, 0x1, r3}, {0x3c, 0x2, [{0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0x1}}}]}}, {{0x8}, {0xb8, 0x2, [{0x3c, 0x1, @user_linkup={{{0x24, 0x1, 'user_linkup\x00'}, {0x8}, {0x4}}, {0x8, 0x6, r5}}}, {0x40, 0x1, @lb_hash_stats={{{0x24, 0x1, 'lb_hash_stats\x00'}, {0x8}, {0x8, 0x4, 0x8}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24, 0x1, 'notify_peers_count\x00'}, {0x8}, {0x8, 0x4, 0x5d91}}}]}}]}, 0x118}, 0x1, 0x0, 0x0, 0x1000}, 0x800) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x20886100, 0x0, 0x0, 0x0, &(0x7f00000002c0)="d353ff072d68b2e4dc05000000b3d94c22") [ 325.070798][T11574] device lo entered promiscuous mode 16:30:23 executing program 1: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x10000, 0x0) ioctl$RTC_PLL_SET(r0, 0x40207012, &(0x7f0000000040)={0x800, 0x7f, 0x3, 0x4, 0x0, 0x2, 0x3}) r1 = syz_open_dev$admmidi(&(0x7f0000000080)='/dev/admmidi#\x00', 0x5971, 0x4000) ioctl$RTC_AIE_OFF(r1, 0x7002) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00') sendmsg$IPVS_CMD_SET_CONFIG(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x48, r2, 0xe7e0a586a2c06455, 0x10001, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1f}, @IPVS_CMD_ATTR_SERVICE={0x2c, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x92c21313f0ef058a}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wlc\x00'}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x800) r3 = syz_open_dev$dspn(&(0x7f0000000240)='/dev/dsp#\x00', 0x0, 0x0) ioctl$RTC_SET_TIME(r3, 0x4024700a, &(0x7f0000000280)={0x9, 0xd, 0x12, 0x1b, 0x9, 0xb1, 0x0, 0x3d, 0x1}) r4 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv4/vs/lblcr_expiration\x00', 0x2, 0x0) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000340)='TIPCv2\x00') sendmsg$TIPC_NL_MON_GET(r4, &(0x7f0000000480)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000440)={&(0x7f0000000380)={0xb8, r5, 0x100, 0x70bd29, 0x25dfdbfb, {}, [@TIPC_NLA_NODE={0x34, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_MON={0x1c, 0x9, [@TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xb0}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}]}, @TIPC_NLA_NET={0x30, 0x7, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x4}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x3}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x9}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xbf}]}, @TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x25}]}, @TIPC_NLA_NODE={0xc, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x6}]}, @TIPC_NLA_NODE={0xc, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0xb8}}, 0x67c9591643528f64) syz_genetlink_get_family_id$ipvs(&(0x7f00000004c0)='IPVS\x00') r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0xa, 0x3, &(0x7f0000000500)=@raw=[@ldst={0x0, 0x0, 0x3, 0x8, 0x4, 0x2}, @initr0={0x18, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x800000}], &(0x7f0000000540)='GPL\x00', 0xab, 0x7, &(0x7f0000000580)=""/7, 0x40f00, 0x3, [], 0x0, 0xb, 0xffffffffffffffff, 0x8, &(0x7f00000005c0)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000600)={0x4, 0x3, 0x4, 0x9}, 0x10}, 0x70) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000006c0)={0x0, r6, 0x6}, 0x10) r7 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000700)='/dev/mixer\x00', 0x40341, 0x0) pwrite64(r7, &(0x7f0000000740)="b164e6845a226f21e63a33381c4b927c72476786b0c6e748f6065339fbfe06deff5fe67da8c2e659ce818b940429cabbb60e68dea830dbc0e6597de6d8b492f7be8c9c4cb556a10a63ed9bbdb6f784da29d52512e1c21b4bc0492db15dd17d3c6c46f6fcf9aad3ddb0504bdc76aae7d31ffafc12ad349c15983faa3d961886fcdb7f9554c9d4fad5ef452ae9ce19dc458fe82d1421b7d0d8535cd620e83470ab", 0xa0, 0x4) ioctl$IMCLEAR_L2(0xffffffffffffffff, 0x80044946, &(0x7f0000000800)=0x7) r8 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r8, 0x660c) r9 = syz_open_dev$admmidi(&(0x7f0000000840)='/dev/admmidi#\x00', 0xffffffffffffffd0, 0xc0) write$FUSE_NOTIFY_POLL(r9, &(0x7f0000000880)={0x18}, 0x18) syz_open_dev$sndpcmc(&(0x7f00000008c0)='/dev/snd/pcmC#D#c\x00', 0x0, 0x4c0880) readahead(0xffffffffffffffff, 0x5, 0x8000) r10 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$KVM_SET_PIT2(r10, 0x4070aea0, &(0x7f0000000900)={[{0x6, 0x2, 0x3, 0x0, 0x4f, 0x9, 0x5, 0x20, 0x9, 0x9, 0x9, 0x4, 0x1}, {0x1, 0xfff, 0x2, 0xbe, 0x8, 0xff, 0x9, 0x43, 0x81, 0x3f, 0x40, 0x4, 0x6749}, {0x7, 0x1ff, 0x5, 0x9, 0x8, 0x3, 0x2, 0x6, 0xf7, 0x1f, 0x7, 0xfd, 0x1a}], 0x1}) r11 = syz_open_dev$vbi(&(0x7f0000000980)='/dev/vbi#\x00', 0x0, 0x2) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f00000009c0)={0x0, 0x84, "1b7eb8f7a3cdea413a54baa814df65f9bc4767c4b423ad013ec59b24009939eab385c50e8939a64c6699e011e9d60ef87dc62e5c495bb3b9f580fd12e2e487769d0067306b51ed857585693b94b880ae928efeab4fc0e193ba6653966134db747dd2f13b6cc77a2f9b0ae86de79e598fc7b67cc5c5e1445b5221dd865a1fbca4dfa4c166"}, &(0x7f0000000a80)=0x8c) getsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r11, 0x84, 0x76, &(0x7f0000000ac0)={r12, 0x8}, &(0x7f0000000b00)=0x8) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000b80)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000b40)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_ACCEPT(r0, &(0x7f0000000bc0)={0x8, 0x120, 0xfa00, {0x2, {0x951, 0x3, "b09273067b40c8b8f53801b44f08efbab544d65df4136ef9219f7030096b10cd614875b1af50c9a865cbbf429e23368d7d689b5d7a748e10a05fb30ad17a118fceb3e38affdc668c0d55e5b1eb732678e0ebbe07fad7fbc0f505f2e142ca2caa0e6f449c26b099f069c0c6371f88036dba260810e1cfe442d0a8255bc870359da2f4ad52d6217737e15b5efda02a8f230e7a96afb906bad92320ec70fee801e42972c50181e2e513a40d3562baa82f3ece0738f76a484854e207c1ad8c2cb5cf14b69c987124c9972a7ee8008df5661f8274da7e9e6ccb3e9e140b052c35acd898d3ffdaaab68921b2e36d7b7881eaa157c754ac6db9d2be2626ed7a547051c1", 0x4, 0x4, 0x2, 0x20, 0x3, 0x5}, r13}}, 0x128) [ 325.933627][T11573] device lo left promiscuous mode [ 325.976745][T11578] device lo entered promiscuous mode [ 326.032376][T11573] device lo left promiscuous mode [ 326.126754][T11580] IPVS: ftp: loaded support on port[0] = 21 16:30:24 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) mlock(&(0x7f0000ffc000/0x4000)=nil, 0x4000) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20}, 0x10) listen(r0, 0x0) syz_emit_ethernet(0x74, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd60d8659bb8e71914ab6613a51caac32b00140600fe80000d00000000aafe8000"/58, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) ioctl(r1, 0x800000000000937e, &(0x7f0000000080)="01000000000000001801000004000000fc232ff41cd849832f") write$capi20(r1, &(0x7f0000000080)={0x10, 0x1, 0x0, 0x82, 0x80, 0x81}, 0x10) fsopen(&(0x7f0000000040)='jffs2\x00', 0x1) 16:30:24 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x2, &(0x7f0000000140)=[{0x44}, {0x6, 0x0, 0x0, 0xffffffff7fffffff}]}) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) ioctl(r1, 0x800000000000937e, &(0x7f0000000080)="01000000000000001801000004000000fc232ff41cd849832f") r2 = accept4(r1, &(0x7f0000000000)=@pppol2tpv3in6, &(0x7f0000000080)=0x80, 0x800) setsockopt$RDS_FREE_MR(r2, 0x114, 0x3, &(0x7f0000000100)={{0x1, 0x1000}, 0x56}, 0x10) [ 326.357229][T11580] chnl_net:caif_netlink_parms(): no params data found [ 326.446522][T11580] bridge0: port 1(bridge_slave_0) entered blocking state [ 326.453887][T11580] bridge0: port 1(bridge_slave_0) entered disabled state [ 326.462694][T11580] device bridge_slave_0 entered promiscuous mode [ 326.474134][T11580] bridge0: port 2(bridge_slave_1) entered blocking state [ 326.481386][T11580] bridge0: port 2(bridge_slave_1) entered disabled state 16:30:24 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4000000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="000000ebffffffff0f0012000c0001004472696467650000040002000a001000aaaaaaaaaa000000ef231086f4e7d5812d57efcbbcb47fa64139a0d59572ecdd00ace4b0fad0c9853492ca64012fbf3a7e9eccb4e36c6e7090abf83788a9cf321e4a579809e912f55fd6e081a3d0e6d0653e900f22d1c4f77917dafc8046c90523cc68d4d9ddabecebb3d720af19b02f050d74810a9987c3d734e671f0d8ec3cc402ace1518fb8cb000000"], 0x40}}, 0x0) [ 326.490865][T11580] device bridge_slave_1 entered promiscuous mode [ 326.528118][T11580] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 326.544186][T11580] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 326.590748][T11580] team0: Port device team_slave_0 added [ 326.601313][T11580] team0: Port device team_slave_1 added [ 326.631495][T11594] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 326.639866][T11594] netlink: 11 bytes leftover after parsing attributes in process `syz-executor.0'. [ 326.686828][T11580] device hsr_slave_0 entered promiscuous mode [ 326.722846][T11580] device hsr_slave_1 entered promiscuous mode [ 326.911986][T11580] debugfs: Directory 'hsr0' with parent '/' already present! [ 326.920075][T11595] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 326.928662][T11595] netlink: 11 bytes leftover after parsing attributes in process `syz-executor.0'. 16:30:25 executing program 0: r0 = socket$inet(0x2, 0x4000000805, 0x0) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000040)=0xa4e, 0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) ioctl(r3, 0x800000000000937e, &(0x7f0000000080)="01000000000000001801000004000000fc232ff41cd849832f") getsockopt$inet_int(r3, 0x0, 0xb, &(0x7f0000000100), &(0x7f0000000140)=0x4) open$dir(&(0x7f0000000180)='./file0\x00', 0x200, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmmsg$inet_sctp(r0, &(0x7f0000001280)=[{&(0x7f0000000080)=@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000000)="3cf936f15294b3dd", 0x1}], 0x10000000000002a3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000840000000500000030000000feffffffc4847b6129a135c7573377df04a4aa8be31f5913cddaec9f1137c6e7a5ca8c0b129793489b6e9af250270ac01d33fec4b76a9277b5fd8a886cae406874920926d2c1dcd02e521133b3e01b613ecfe615027352e5c66abb2845c17eb4b8da5ad32c50fb68aed053b05ed9c732fe953eea887548961f7b0e99eb4b47de5451bb754052487196bc328cc972629b6342275754474d57e4f61fddb2befff17e8d95dffcca5c2e3fce0697dbdac1bd4c266dd277bb3f35bd55dfbbdb386d37b9ff2e9796f5ecb6aea3ce9bb64060d5804e9fcb681a33e9caf31519d44425dfb49ca308bbfb87202ccf24f075bb00ec1c7fd6f4dbf3d4607d2c98615fa803555723ad14f6b3b75f4fd0ec3b14d3b1e07b7fcbd373dbf48f7c5b3c24e7cc0630f73c3bd661531f"], 0x9d}], 0x0, 0x0) [ 327.214568][T11580] bridge0: port 2(bridge_slave_1) entered blocking state [ 327.221796][T11580] bridge0: port 2(bridge_slave_1) entered forwarding state [ 327.229681][T11580] bridge0: port 1(bridge_slave_0) entered blocking state [ 327.236957][T11580] bridge0: port 1(bridge_slave_0) entered forwarding state [ 327.293707][ T31] bridge0: port 1(bridge_slave_0) entered disabled state [ 327.324095][ T31] bridge0: port 2(bridge_slave_1) entered disabled state 16:30:25 executing program 0: unshare(0x20400) syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x5f6, 0x41) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) ioctl(r0, 0x800000000000937e, &(0x7f0000000080)="01000000000000001801000004000000fc232ff41cd849832f") openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0xb1075b6ec37a89ad, 0x0) r1 = socket$inet_dccp(0x2, 0x6, 0x0) fstat(r1, &(0x7f0000000200)) 16:30:25 executing program 0: unshare(0x20020000) mount$fuse(0x0, &(0x7f0000000040)='.\x00', 0x0, 0x0, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='ramfs\x00', 0x0, 0x0) mount(&(0x7f0000000040), &(0x7f0000000140)='./file0\x00', 0x0, 0x201000, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) rmdir(&(0x7f00000000c0)='./file0\x00') [ 327.654065][T11580] 8021q: adding VLAN 0 to HW filter on device bond0 [ 327.696286][T11513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 327.704985][T11513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 327.729918][T11580] 8021q: adding VLAN 0 to HW filter on device team0 [ 327.778718][T11513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 327.788902][T11513] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 327.798011][T11513] bridge0: port 1(bridge_slave_0) entered blocking state [ 327.805258][T11513] bridge0: port 1(bridge_slave_0) entered forwarding state 16:30:25 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000e86000)="0022040000ffffebfffffffeffffffff144e0000ff000207835eebf116b208feefaf234b4ff8b4cc4c39bdc8451792b903f4b7d8c8cf2153622652328c19ef68234f905557c4070000008735e9ab2f77c62e0a5cdd2cf9984c070400000000000003ff23353d8b2fc6a3ae1ebfcb49004a3ccd3560ae01010000079c60ed7449b842f3e253be8a62b37f820fe75a9ea937ea4e2540019ccbd9f6672837496d00ad7765abaac2ec0f91c88a1ea1ff6ee308c72febedcf00798d41991ac25bb6fce2220c25ea380c7e112ab358c3a6bd8a59c100000001b4e82cb03419544a3988bc226a85abe6eb60cd7cf8d103d38c31c7c86d16c4d86cbe4ab390c092d077ce70590fbbd4f8bf4d6ab1cea6dbe9d4a54c17aac0db6e3845", 0x118) setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f0000000080)=ANY=[@ANYBLOB="3b08006d00000003175da26c8e63f40000000000000000000000bb1e8184d24ccad08fa12f19b8986066ff9b993d2824020000000000000000000000000001"], 0x48) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000000)={0xa, 0x4e23, 0x8, @initdev={0xfe, 0x88, [], 0x4}}, 0x1c) [ 327.901964][T11580] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 327.912861][T11580] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 327.972945][T11513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 327.983144][T11513] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 327.992232][T11513] bridge0: port 2(bridge_slave_1) entered blocking state [ 327.999421][T11513] bridge0: port 2(bridge_slave_1) entered forwarding state [ 328.008038][T11513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 328.018106][T11513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 328.028130][T11513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 328.038989][T11513] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 328.048582][T11513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 328.058429][T11513] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 328.067984][T11513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 328.077246][T11513] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 328.086888][T11513] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 328.096162][T11513] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 16:30:26 executing program 0: ioctl$sock_SIOCBRDELBR(0xffffffffffffffff, 0x89a1, &(0x7f0000000b00)='bcsf0\x00\x00\x00\x00\x00\x00h\x11\x00') r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f00000000c0)='cgroup.subtree_control\x00', 0x2, 0x0) close(r1) io_uring_register$IORING_UNREGISTER_EVENTFD(0xffffffffffffffff, 0x5, 0x0, 0x0) r2 = openat$cgroup_int(r0, &(0x7f0000000080)='cgroup.max.depth\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f00000001c0), 0x12) readv(r1, &(0x7f00000002c0), 0x1a5) [ 328.248256][T11580] 8021q: adding VLAN 0 to HW filter on device batadv0 16:30:26 executing program 0: mmap(&(0x7f0000600000/0x4000)=nil, 0x4000, 0x0, 0x44031, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer2\x00', 0x8000, 0x0) ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f0000000180)={0x9, 0x41d5}) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) ioctl(r2, 0x800000000000937e, &(0x7f0000000080)="01000000000000001801000004000000fc232ff41cd849832f") getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000000)={0x0, 0xffffffff, 0x8, 0xfffffff9}, &(0x7f0000000040)=0x10) syz_open_dev$vivid(&(0x7f0000000100)='/dev/video#\x00', 0x3, 0x2) getsockopt$inet_sctp_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f0000000080)=@assoc_id=r3, &(0x7f00000000c0)=0x4) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r0, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x6010, 0xffffffffffffffff, 0x0) [ 328.552841][T11513] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 328.562026][T11513] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 328.570565][T11513] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 328.579036][T11513] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 16:30:26 executing program 1: r0 = syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x20, 0x200000000101001) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_int(r2, 0x29, 0xff, &(0x7f0000000040)=0xfffffffffffffffe, 0xfffffda8) ioctl$sock_ifreq(r2, 0x891f, &(0x7f0000000000)={'bpq0\x00', @ifru_mtu=0x9}) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r2, 0x29, 0xd2, &(0x7f0000000300)={{0xa, 0x0, 0x0, @local}, {0xa, 0x0, 0x0, @mcast1}}, 0xcb6f40f04e97caa7) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r2, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x4e20, 0x5, @loopback, 0xcf}, {0xa, 0x4e21, 0x7, @mcast2, 0x6ff2}, 0x3600, [0x0, 0x4a4333b4, 0x3, 0x2, 0x80000000, 0x100, 0xa793, 0x6]}, 0x5c) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @dev={0xfe, 0x80, [], 0x1c}, 0x1}, 0x1c) r3 = getpid() sched_setscheduler(r3, 0x5, &(0x7f0000000380)) r4 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_int(r4, 0x29, 0xff, &(0x7f0000000040)=0xfffffffffffffffe, 0xfffffda8) ioctl$sock_ifreq(r4, 0x891f, &(0x7f0000000000)={'bpq0\x00', @ifru_mtu=0x9}) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r4, 0x29, 0xd2, &(0x7f0000000300)={{0xa, 0x0, 0x0, @local}, {0xa, 0x0, 0x0, @mcast1}}, 0xcb6f40f04e97caa7) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r4, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x4e20, 0x5, @loopback, 0xcf}, {0xa, 0x4e21, 0x7, @mcast2, 0x6ff2}, 0x3600, [0x0, 0x4a4333b4, 0x3, 0x2, 0x80000000, 0x100, 0xa793, 0x6]}, 0x5c) bind$inet6(r4, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @dev={0xfe, 0x80, [], 0x1c}, 0x1}, 0x1c) r5 = getpid() sched_setscheduler(r5, 0x5, &(0x7f0000000380)) fcntl$lock(r4, 0x7, &(0x7f0000000000)={0x0, 0x4, 0x67, 0x2, r5}) r6 = getpgrp(r5) fcntl$lock(r2, 0x2, &(0x7f0000000000)={0x3, 0x4, 0x200000000000067, 0x200, r6}) prctl$PR_SET_PTRACER(0x59616d61, r3) write$evdev(r0, &(0x7f00000000c0)=[{{0x0, 0x7530}, 0x11, 0x3}], 0x191) 16:30:26 executing program 0: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x280020, 0x0) ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r0, 0x3) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r1, 0x29, 0x0, &(0x7f0000000140)={@initdev={0xfe, 0x88, [], 0x0, 0x0}}, 0x14) setsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000000180)={@empty}, 0x14) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'syz_tun\x00', 0x0}) setsockopt$inet6_mreq(r1, 0x29, 0x4000000001c, &(0x7f00000001c0)={@remote, r2}, 0x14) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x2000, 0x0) ioctl(r3, 0x800000000000937e, &(0x7f0000000080)="01000000000000001801000004000000fc232ff41cd849832f") ioctl$sock_SIOCSIFBR(r3, 0x8941, &(0x7f0000000000)=@generic={0x0, 0x0, 0x1}) 16:30:27 executing program 0: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) r2 = syz_open_dev$sg(&(0x7f00000001c0)='/dev/sg#\x00', 0x7, 0x4000) ioctl$SG_SCSI_RESET(r2, 0x2284, 0x0) ioctl(r1, 0x800000000000937e, &(0x7f0000000080)="01000000000000001801000004000000fc232ff41cd849832f") ioctl$SCSI_IOCTL_SYNC(r1, 0x4) r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) ioctl(r3, 0x800000000000937e, &(0x7f0000000080)="01000000000000001801000004000000fc232ff41cd849832f") getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000040)={0x0, 0x16, "df51cbcee8b5816d6436396ad5ddb111c3ca72e0b666"}, &(0x7f0000000140)=0x1e) setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(0xffffffffffffffff, 0x84, 0x19, &(0x7f0000000180)={r4, 0x4}, 0x8) fstat(r3, &(0x7f00000000c0)) ioctl$KVM_CREATE_DEVICE(r0, 0xc00caee0, &(0x7f0000000000)={0x1, 0xffffffffffffffff, 0x1}) 16:30:27 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP(r1, 0x4068aea3, &(0x7f0000000240)={0x79}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0xfffffffffffffc1b, 0x0, 0x0, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000000)=0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f00000002c0)="64673ef3430fa7c8430f1dff660f3a0c35fcffffff0026360fc748f5c7442400874603d6c744240200000000c7442406000000000f011c2466baf80cb8c561ce83ef66bafc0cb053ee2667430f01c5f0814d0805000000450fc76f0ac481f9e6e0", 0x61}], 0x1, 0x0, 0x0, 0xfffffffffffffe4f) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) ioctl(r5, 0x800000000000937e, &(0x7f0000000080)="01000000000000001801000004000000fc232ff41cd849832f") r6 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) ioctl(r6, 0x800000000000937e, &(0x7f0000000080)="01000000000000001801000004000000fc232ff41cd849832f") finit_module(r6, &(0x7f00000000c0)='/dev/autofs\x00', 0x0) ioctl$VIDIOC_G_OUTPUT(r5, 0x8004562e, &(0x7f0000000040)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:30:27 executing program 0: r0 = add_key$user(&(0x7f0000000080)='user\x00', &(0x7f0000000400)={'syz', 0x1}, &(0x7f00000001c0)="00ec2400"/13, 0xd, 0xfffffffffffffffd) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffff9c, 0x84, 0x77, &(0x7f0000000180)=ANY=[@ANYBLOB="00b1"], 0x0) r1 = add_key$user(&(0x7f00000003c0)='user\x00', &(0x7f0000000440)={'syz'}, &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="c0dca5055e0bcfec7be070") r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) ioctl(r3, 0x800000000000937e, &(0x7f0000000080)="01000000000000001801000004000000fc232ff41cd849832f") ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r3, 0xc0505405, &(0x7f0000000200)={{0x1, 0x2, 0x6000, 0x3, 0x5}, 0x7, 0x1, 0x380000000}) keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xffffffffffffffa9, 0x0) 16:30:27 executing program 0: r0 = epoll_create1(0x0) r1 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) r2 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x1, 0x268040) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x6e097655c6fbcab5}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000125bd7000fedbdf25010000000000000001410000001800fb000000ffffffff000000003a73797a3200000000"], 0x34}, 0x1, 0x0, 0x0, 0x8002}, 0x4000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, 0x0) socket$inet6(0xa, 0x3, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) ioctl$VIDIOC_S_FBUF(r2, 0x4030560b, &(0x7f0000000280)={0x80, 0x8, &(0x7f0000000240)="ffdb4005fd326af52640bfdaddedd07c437240ee222a1b652efbdf7544600d9461a730b411dd45547152a3", {0x6, 0x4, 0x172a5bfa, 0x1, 0x1, 0xa75, 0x7, 0x1f}}) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) r4 = syz_open_dev$vcsn(&(0x7f0000000200)='/dev/vcs#\x00', 0x4505, 0x4c040) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) epoll_pwait(r0, &(0x7f0000000000)=[{}], 0x1, 0x100, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000580)={0xa000201b}) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) ioctl(r5, 0x800000000000937e, &(0x7f0000000080)="01000000000000001801000004000000fc232ff41cd849832f") ioctl$SG_GET_TIMEOUT(r5, 0x2202, 0x0) 16:30:27 executing program 1: stat(&(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_AGP_RELEASE(0xffffffffffffffff, 0x6431) socketpair$unix(0x1, 0x5, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) add_key$user(0x0, &(0x7f0000000500)={'syz', 0x1}, &(0x7f0000000540), 0x0, 0xfffffffffffffffd) r1 = add_key$keyring(&(0x7f0000000200)='keyring\x00', &(0x7f0000000280)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) r2 = add_key$keyring(&(0x7f0000000300)='keyring\x00', &(0x7f00000002c0)={'syz', 0x1}, 0x0, 0x0, r1) add_key(&(0x7f0000000100)='dns_resolver\x00', &(0x7f0000000080)={'syz', 0x1}, &(0x7f0000000140)="dee7030022cf9e5e1dbac27b0426fc0299c41fb9b9761a1b44dac894f365ae68edf335abf35ec53d6751467ebd", 0x2d, r2) add_key$user(&(0x7f0000000580)='user\x00', &(0x7f00000005c0)={'syz', 0x0}, &(0x7f0000000600), 0x0, r2) r3 = add_key$keyring(&(0x7f0000000200)='keyring\x00', &(0x7f0000000280)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) add_key$keyring(&(0x7f0000000300)='keyring\x00', &(0x7f00000002c0)={'syz', 0x1}, 0x0, 0x0, r3) r4 = socket$inet6(0xa, 0x8000008000080001, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'bridge_slave_0\x00'}) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, 0x0, &(0x7f0000000780)) r5 = syz_open_dev$dspn(0x0, 0x0, 0x80) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r5, 0x84, 0x70, &(0x7f00000007c0)={0x0, @in6={{0xa, 0x4e22, 0x9, @loopback, 0x5}}, [0x3ff, 0x1000, 0x4, 0x0, 0x7, 0x8, 0x3ff, 0x0, 0xffff, 0x6, 0x1, 0x764d, 0x1, 0x4]}, &(0x7f0000000900)=0x100) r6 = add_key(&(0x7f00000006c0)='ceph\x00', &(0x7f0000000700)={'syz', 0x1}, &(0x7f0000000740), 0x0, r3) keyctl$chown(0x4, r6, r0, 0x0) getgroups(0x3, &(0x7f0000000140)=[0x0, 0x0, 0x0]) r7 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000400)='/dev/cachefiles\x00', 0x48000, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r7, 0x0, 0x42, &(0x7f0000000440)={'icmp\x00'}, &(0x7f0000000480)=0x1e) getgid() r8 = syz_open_dev$mice(&(0x7f0000000180)='/dev/input/mice\x00', 0x0, 0x0) ioctl$RTC_IRQP_SET(r8, 0x4008700c, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r5, 0xc0305602, &(0x7f0000000100)={0x0, 0x556, 0x3013}) perf_event_open(&(0x7f000001d000)={0x0, 0x2c8, 0x0, 0x0, 0x3, 0x0, 0x0, 0x41c0, 0x89ad6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x8}, 0x1a408, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r9 = request_key(&(0x7f00000002c0)='cifs.idmap\x00', &(0x7f0000000300)={'syz', 0x3}, &(0x7f0000000340)='/dev/input/mice\x00', 0xfffffffffffffff9) r10 = add_key$keyring(&(0x7f0000000380)='keyring\x00', &(0x7f00000003c0)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) keyctl$negate(0xd, r9, 0x49b, r10) unshare(0x60020000) [ 329.467804][T11675] binder: 11674:11675 ioctl 4018620d 0 returned -22 [ 329.561280][T11679] IPVS: ftp: loaded support on port[0] = 21 [ 329.665779][T11675] binder: 11674:11675 ioctl 4018620d 0 returned -22 [ 329.866953][T11685] IPVS: ftp: loaded support on port[0] = 21 16:30:28 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x82, 0x0, 0x0, 0x1, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) ioctl(r1, 0x800000000000937e, &(0x7f0000000080)="01000000000000001801000004000000fc232ff41cd849832f") r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x200, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) sendto$inet(r3, 0x0, 0x0, 0x2400c010, &(0x7f0000000080)={0x2, 0x4e21, @empty}, 0x10) connect(r4, &(0x7f0000000180)=@nl=@unspec, 0x80) r5 = syz_open_procfs(0x0, &(0x7f0000000100)='net/udp\x00') r6 = dup(r4) sendfile(r6, r5, 0x0, 0x523) r7 = socket$inet_udp(0x2, 0x2, 0x0) sendto$inet(r7, 0x0, 0x0, 0x400c000, &(0x7f0000000080)={0x2, 0x4e21, @remote}, 0x10) connect(r7, &(0x7f0000000180)=@nl=@unspec, 0x80) r8 = syz_open_procfs(0x0, &(0x7f00000011c0)='stack\x00') r9 = dup(r7) sendfile(r9, r8, 0x0, 0x523) r10 = fcntl$dupfd(r5, 0x5f70364422de88c3, r9) r11 = socket$nl_generic(0x10, 0x3, 0x10) r12 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r11, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x14, r12, 0xdd42ddecb798d42f}, 0x14}}, 0x0) r13 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cachefiles\x00', 0x400000, 0x0) r14 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r14, 0x29, 0x20, &(0x7f0000000080)={@loopback, 0x800, 0x0, 0x100000003, 0x1, 0x0, 0x0, 0x400000000}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r14, 0x29, 0x20, &(0x7f0000000300)={@mcast2, 0x10000, 0x0, 0x102, 0x8000003}, 0x20) r15 = syz_open_procfs(0x0, &(0x7f0000000600)='net/ip6_flowlabel\x00n\xc01\x14\x894X\xed\xc1\xc9\xd8\xdcK\r\x8d\xae\x98&@\xd0\xe6\xbbQ\xd7\xffYn\x1c\x92\xde\x0e\xaa1\x91\x98\xe9\x1f\nMCi|+\xcdw\xf0\x176Z\xf1`\xac\xf3;\xd6d2\xeb\xe5\f\x0e\x8b\xda\xf7\xfc9\xfe\xff4\xef\'\xa19q\x93\"\x7fG3\xc1E\xe6e6\xc6\xc2u\x11% \xe7+0\x97\x84;\\\xda\xc4\x80\xc3\xb18N\xbfY%\x05\xf8\x85\x89\xfc\xd2\xd7') sendfile(r14, r15, &(0x7f0000000240)=0x202, 0x4000000000dc) r16 = syz_genetlink_get_family_id$nbd(&(0x7f0000000140)='nbd\x00') sendmsg$NBD_CMD_RECONFIGURE(r15, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r16, @ANYBLOB="050c27bd7000ffdbdf2503000000e7401191a10800378753f18bb8db"], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x8040) sendmsg$NBD_CMD_RECONFIGURE(r13, &(0x7f00000001c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=r16, @ANYBLOB="000829bd7000fddbdf25030000000c00050020000000000000000c00030007000000000000000c00040008000000000000000c00080001000000000000000c0008006c000000000000000c000200f52c2f74000000000c00060000a666414e000000000000050100000000000000"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x20004811) r17 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000300)='/proc/capi/capi20ncci\x00', 0x481a00, 0x0) sendmsg$NBD_CMD_DISCONNECT(r11, &(0x7f0000000400)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x402000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="60000000bf2e342acc3277a3e43e97da", @ANYRES16=r16, @ANYBLOB="000128bd7000fedbdf25020000000c00040000100000000000000c00050008000000000000000c000400ffffff7f0000000008000100000000000c0008000c0a0000000000000c00441407e37f66338c2079a39998060001000000000000000c0003000300000000000000080001000000000008000100000000000c000700080001007a4a39e6507d0b41a0145dc6604745cbc30be7a45c3cca6ffbd6ddb94905ce6005", @ANYRES32=r17], 0x80}, 0x1, 0x0, 0x0, 0x45486d686cf8811c}, 0x44002) sendmsg$NBD_CMD_CONNECT(r10, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40040}, 0xc, &(0x7f0000000080)={&(0x7f0000000540)=ANY=[@ANYBLOB="2800007509b0f2dc2db216f4360100000000cb4e376f6ef800c206780000000000", @ANYRES16=r16, @ANYBLOB="00082dbd7000ffdbdf25010000000c00060000000000000000000800010000000000"], 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x7577a56c2c18edf) sendmsg$NBD_CMD_CONNECT(r3, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x120}, 0xc, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r16, @ANYBLOB="000482bd7000fcdb25cffdca6e063c74030007000000000000000c002bb702000000000000000800010000000000a45f79a243c1cc18e1818ebd4df5447c5446b2ea81a29cbfb885891be5b66deb08a0ad5fe18178e05b8e5d0f6a1e27fb916e2ca38dde80941100"], 0x34}, 0x1, 0x0, 0x0, 0x2}, 0x51) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000001180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10280}, 0xc, &(0x7f0000001140)={&(0x7f00000010c0)={0x14, r16, 0x1, 0x70bd29, 0x25dfdbfc}, 0x14}}, 0x40) r18 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x20000, 0x0) r19 = dup(r0) r20 = syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x3, 0xc0002) sendmsg$NBD_CMD_RECONFIGURE(r1, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2800108}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)={0x48, r16, 0x20, 0x70bd2d, 0x25dfdbfd, {}, [@NBD_ATTR_SOCKETS={0x1c, 0x7, [{0x8, 0x1, r18}, {0x8, 0x1, r19}, {0x8, 0x1, r20}]}, @NBD_ATTR_BLOCK_SIZE_BYTES={0xc, 0x3, 0x5}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x80000001}]}, 0x48}, 0x1, 0x0, 0x0, 0x20050015}, 0x4000) r21 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r21, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e1f, @rand_addr=0xdd}}, 0x24) sendmmsg(r21, &(0x7f0000005c00)=[{{0x0, 0xfffffffffffffd95, 0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000100100000100000005e8000000000000e458c598ba4904c77813ab29bb450a2e834efe3f87695931515781ae36a4d148f269399022f544be4fac9508cce4df4d7015eb593d67d7bceaec72aad3447cf9c40bbfb45e2584f446722053f1502598808b355f7b815bdb2281145dd688759944bd09b0f55e7ca54b07bd9189de8daeb173aca360f4bca4f5019235efcea227e56f94ddc8d5e02f38fdcdad2e5cc22b1f090ecf60605f3d912967"], 0x18}}], 0x1, 0x0) recvmmsg(r21, &(0x7f0000000800)=[{{0x0, 0x0, 0x0}}], 0x4000000000005cd, 0x42, 0x0) 16:30:28 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff}) io_setup(0x4, &(0x7f0000000500)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_CREATE(0x2, &(0x7f0000000040)={0x0, 0x0, 0x77fffb, 0x0, 0x0, 0x0}, 0x3c) statfs(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)=""/32) dup2(r3, r0) io_submit(r1, 0xf6ab2a9, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0x12f}]) ioctl$EXT4_IOC_GROUP_EXTEND(r0, 0x40086607, &(0x7f0000000140)=0xe0c) 16:30:28 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000001300)='map_files\x00') r1 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_int(r1, 0x29, 0xff, &(0x7f0000000040)=0xfffffffffffffffe, 0xfffffda8) ioctl$sock_ifreq(r1, 0x891f, &(0x7f0000000000)={'bpq0\x00', @ifru_mtu=0x9}) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r1, 0x29, 0xd2, &(0x7f0000000300)={{0xa, 0x0, 0x0, @local}, {0xa, 0x0, 0x0, @mcast1}}, 0xcb6f40f04e97caa7) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r1, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x4e20, 0x5, @loopback, 0xcf}, {0xa, 0x4e21, 0x7, @mcast2, 0x6ff2}, 0x3600, [0x0, 0x4a4333b4, 0x3, 0x2, 0x80000000, 0x100, 0xa793, 0x6]}, 0x5c) bind$inet6(r1, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @dev={0xfe, 0x80, [], 0x1c}, 0x1}, 0x1c) r2 = getpid() sched_setscheduler(r2, 0x5, &(0x7f0000000380)) fcntl$lock(r1, 0x7, &(0x7f0000000000)={0x0, 0x4, 0x67, 0x2, r2}) r3 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_int(r3, 0x29, 0xff, &(0x7f0000000040)=0xfffffffffffffffe, 0xfffffda8) ioctl$sock_ifreq(r3, 0x891f, &(0x7f0000000000)={'bpq0\x00', @ifru_mtu=0x9}) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r3, 0x29, 0xd2, &(0x7f0000000300)={{0xa, 0x0, 0x0, @local}, {0xa, 0x0, 0x0, @mcast1}}, 0xcb6f40f04e97caa7) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r3, 0x29, 0xd2, &(0x7f00000000c0)={{0xa, 0x4e20, 0x5, @loopback, 0xcf}, {0xa, 0x4e21, 0x7, @mcast2, 0x6ff2}, 0x3600, [0x0, 0x4a4333b4, 0x3, 0x2, 0x80000000, 0x100, 0xa793, 0x6]}, 0x5c) bind$inet6(r3, &(0x7f0000000080)={0xa, 0x4e24, 0x0, @dev={0xfe, 0x80, [], 0x1c}, 0x1}, 0x1c) r4 = getpid() sched_setscheduler(r4, 0x5, &(0x7f0000000380)) fcntl$lock(r3, 0x7, &(0x7f0000000000)={0x0, 0x4, 0x67, 0x2, r4}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000003c0), &(0x7f0000000400)=0xc) getresgid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)) openat(0xffffffffffffff9c, &(0x7f0000000500)='./file1\x00', 0x400400, 0x1a) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x10001, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000700)={&(0x7f00000007c0)=ANY=[@ANYBLOB="9feb0100180000000000000024000000240000000b0000200200000000000008030000000e00000000000002010000000f00000000000007000000000030615f612e5f2e2e00005ba8caaceb7c851b9031cb249c7d960a7fe0fc0259322822e3f69e634288c61d85758fc76723f11e4b6c5d2558617f9e845287064232000c51439b30b97de5b716458d12569b8c1a2a27d129f453cdfc2892dcd6546b69db7f7a96e423e00602195d22d684d18e1ef5b138c94367696b2794604cd4abec6d4ea2d2bad9fc7d314dfb7a7a2ed156527e07395cf6600e76417f3412f5b823b1fafa9ed64504ab197b2bc7dc703db1c68f92d52f11e34ced67406bd1c863582a679d445d2bc4ffe1207998c268af909874636d6a583dce28b8e44a292da711dca76e45765c447a3364ca7e9325a83d580b2b4a9e81a5d1969de77d7bd9ce0fb46d8018e8c94903c2de65cfcb05e53e160dead9c99964b3e43976509106915d3f3b1fc0e7870945e750427a13039749d4d1d3496d398f0931045552c3958c95e9f53150526cf144178d0af5b48f24ea7f7b87ba16bb1f897df0bcb895b73a33d3e3ae2b944235a6f9693bc237a4755fc8fc681f16e5ed488c6044a95f0e76a2474b6050202e2c2da1caebd6552c6853b5bb7114f11ff8c1b585a5375803b6c349bbf96405699bdbdcde9da2569d6ced03e8cb2cf957bad2bc50b809"], &(0x7f0000000600)=""/239, 0x47, 0xef, 0x1}, 0x20) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) ioctl(r5, 0x800000000000937e, &(0x7f0000000080)="01000000000000001801000004000000fc232ff41cd849832f") epoll_create1(0x100000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000780)={&(0x7f0000000740)='posix_acl_accesseth0$^\x00', r0}, 0x10) eventfd2(0x0, 0x2) openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) 16:30:28 executing program 0: r0 = socket$inet6(0xa, 0x5, 0x0) shutdown(r0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x46, &(0x7f00000005c0)=0x20, 0x263) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) ioctl(r2, 0x800000000000937e, &(0x7f0000000080)="01000000000000001801000004000000fc232ff41cd849832f") r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) ioctl(r3, 0x800000000000937e, &(0x7f0000000080)="01000000000000001801000004000000fc232ff41cd849832f") r4 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) connect$inet6(r4, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) r6 = syz_open_dev$midi(&(0x7f0000000300)='/dev/midi#\x00', 0xa9, 0x2000) fcntl$F_GET_RW_HINT(r6, 0x40b, &(0x7f0000000340)) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000240)={r7, @in6={{0xa, 0x4e21, 0x0, @loopback}}}, 0x98) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f0000000140)={r7, 0x1}, &(0x7f0000000180)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f00000001c0)={0xfffb, 0x4, 0x1, 0x8, r8}, &(0x7f0000000200)=0x10) ioctl(r1, 0x800000000000937e, &(0x7f0000000080)="01000000000000001801000004000000fc232ff41cd849832f") getsockopt$inet_mreq(r1, 0x0, 0x24, &(0x7f00000000c0)={@loopback, @multicast1}, &(0x7f0000000100)=0x8) r9 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) ioctl(r9, 0x800000000000937e, &(0x7f0000000080)="01000000000000001801000004000000fc232ff41cd849832f") connect$inet6(r9, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback, 0x3ff}, 0x1c) 16:30:28 executing program 1: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) ioctl(r0, 0x800000000000937e, &(0x7f0000000080)="01000000000000001801000004000000fc232ff41cd849832f") getsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000000), &(0x7f0000000040)=0x4) syz_emit_ethernet(0x34, &(0x7f00000000c0)={@link_local, @link_local, [], {@ipv4={0x800, {{0x5, 0x4, 0x3, 0x0, 0x26, 0x0, 0x0, 0x0, 0x2f, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, @udp={0x0, 0x6558, 0x12, 0x0, [], "b450b0000000000086dd"}}}}}, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) 16:30:28 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='veth1\x00\x10\x00', 0xd3) connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) r1 = syz_open_dev$vbi(&(0x7f0000000040)='/dev/vbi#\x00', 0x2, 0x2) sysfs$1(0x1, &(0x7f0000000140)='vmnet1[,\x00') setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f00000000c0)='veno\x00', 0x5) close(r0) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) ioctl(r2, 0x800000000000937e, &(0x7f0000000180)="01000000000000001801000004000000fc232ff41cd849832f") accept4$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @local}, &(0x7f0000000100)=0x1c, 0x17ee7be080668020) 16:30:28 executing program 1: r0 = socket$inet6(0xa, 0x803, 0x2) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000005c0)={@in6={{0xa, 0x4e20, 0x4, @empty, 0x9}}, 0x0, 0x4, 0x0, "c2240aed865077c16662e5ca1fb18430ff2787036a231b2bb2f35970a8624d45d214a21c5c4a929b9a86d05d6c0eb07615d499762584a38d1515e2c0aac097460ea7902ac986fc26a9fd3e3e4f0f1a78"}, 0xd8) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@loopback, @in=@loopback, 0x1000, 0x0, 0x0, 0x0, 0xa, 0x0, 0x4d00f02ed77ba61b}, {0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x9}, {0x0, 0x0, 0x0, 0x100000000}, 0x0, 0x800, 0x80000000000001}, {{@in6=@empty, 0x0, 0x3c}, 0x0, @in=@empty, 0x3505}}, 0xe8) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x8) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080)='devlink\x00') sendmsg$DEVLINK_CMD_GET(r1, &(0x7f0000000200)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x1000}, 0x4, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="c7d000008e5fe69867d111c692f19605aa116346e6df08672aefb31647b0b1e7f0efb3369e549c20", @ANYRES16=r2, @ANYBLOB="18002dbd7000fddbdf2501000000"], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x7986f2eb201663a1) sendmmsg(r0, &(0x7f0000008440)=[{{0x0, 0x1aa, 0x0}}], 0x400000000000107, 0x0) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000280)='IPVS\x00') setsockopt$RXRPC_SECURITY_KEY(r1, 0x110, 0x1, &(0x7f0000000040)='team0\x00', 0x6) sendmsg$IPVS_CMD_GET_DEST(r1, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000002c0)={&(0x7f00000006c0)={0x110, r3, 0x200, 0x70bd29, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DEST={0x28, 0x2, [@IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}}, @IPVS_DEST_ATTR_TUN_PORT={0x8, 0xe, 0x4e20}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xa}]}, @IPVS_CMD_ATTR_DAEMON={0x18, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @initdev={0xfe, 0x88, [], 0x0, 0x0}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xe29}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x3}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0x2}]}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, [@IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0xb}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x200}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1722d349}, @IPVS_CMD_ATTR_SERVICE={0x20, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x21}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x10, 0x35}}]}, @IPVS_CMD_ATTR_DAEMON={0x5c, 0x3, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @broadcast}, @IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'team0\x00'}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x20}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x4e}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x8, 0x4, 0x3}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth1_to_team\x00'}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0x3}]}]}, 0x110}, 0x1, 0x0, 0x0, 0x40000}, 0x4080) r4 = syz_open_dev$midi(&(0x7f0000000180)='/dev/midi#\x00', 0x2aa8, 0x200000) r5 = socket$inet6(0xa, 0x5, 0x0) bind$inet6(r5, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) connect$inet6(r5, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000240)={r7, @in6={{0xa, 0x4e21, 0x0, @loopback}}}, 0x98) setsockopt$inet_sctp_SCTP_MAXSEG(r4, 0x84, 0xd, &(0x7f00000004c0)=@assoc_value={r7}, 0x8) [ 330.770119][T11709] ===================================================== [ 330.777137][T11709] BUG: KMSAN: use-after-free in kmem_cache_alloc_node+0x5a9/0xe60 [ 330.784942][T11709] CPU: 1 PID: 11709 Comm: syz-executor.1 Not tainted 5.4.0-rc5+ #0 [ 330.792905][T11709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 330.803065][T11709] Call Trace: [ 330.806359][T11709] dump_stack+0x191/0x1f0 [ 330.810685][T11709] kmsan_report+0x128/0x220 [ 330.815182][T11709] __msan_warning+0x73/0xe0 [ 330.819678][T11709] kmem_cache_alloc_node+0x5a9/0xe60 [ 330.824951][T11709] ? kmsan_internal_set_origin+0x6a/0xb0 [ 330.830570][T11709] ? __alloc_skb+0x215/0xa10 [ 330.835158][T11709] __alloc_skb+0x215/0xa10 [ 330.839574][T11709] __ip6_append_data+0x469e/0x6020 [ 330.844723][T11709] ip6_append_data+0x3c2/0x650 [ 330.849475][T11709] ? do_rawv6_getsockopt+0x4a0/0x4a0 [ 330.854748][T11709] ? do_rawv6_getsockopt+0x4a0/0x4a0 [ 330.860036][T11709] rawv6_sendmsg+0x3145/0x5a20 [ 330.864878][T11709] ? aa_label_sk_perm+0x6d6/0x940 [ 330.869929][T11709] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 330.875834][T11709] ? udp_cmsg_send+0x5d0/0x5d0 [ 330.880674][T11709] ? compat_rawv6_ioctl+0x100/0x100 [ 330.885863][T11709] inet_sendmsg+0x2d8/0x2e0 [ 330.890362][T11709] ? inet_send_prepare+0x600/0x600 [ 330.895480][T11709] ___sys_sendmsg+0x12c4/0x1590 [ 330.900353][T11709] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 330.906252][T11709] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 330.912318][T11709] ? balance_callback+0x48/0x260 [ 330.917252][T11709] ? kmsan_get_metadata+0x39/0x350 [ 330.922374][T11709] ? kmsan_internal_check_memory+0x99/0x4a0 [ 330.928266][T11709] ? __msan_get_context_state+0x9/0x20 [ 330.933732][T11709] ? rcu_all_qs+0x23/0x240 [ 330.938236][T11709] __sys_sendmmsg+0x53a/0xae0 [ 330.942926][T11709] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 330.948823][T11709] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 330.954891][T11709] ? prepare_exit_to_usermode+0x19a/0x4d0 [ 330.961558][T11709] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 330.967454][T11709] __se_sys_sendmmsg+0xbd/0xe0 [ 330.972222][T11709] __x64_sys_sendmmsg+0x56/0x70 [ 330.977068][T11709] do_syscall_64+0xb6/0x160 [ 330.981574][T11709] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 330.987458][T11709] RIP: 0033:0x45a639 [ 330.991344][T11709] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 331.010942][T11709] RSP: 002b:00007f43aa3eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 331.019356][T11709] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a639 [ 331.027319][T11709] RDX: 0400000000000107 RSI: 0000000020008440 RDI: 0000000000000003 [ 331.035279][T11709] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 331.043246][T11709] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f43aa3ef6d4 [ 331.053211][T11709] R13: 00000000004c83c8 R14: 00000000004de808 R15: 00000000ffffffff [ 331.061181][T11709] [ 331.063492][T11709] Uninit was stored to memory at: [ 331.068514][T11709] kmsan_internal_chain_origin+0xbd/0x180 [ 331.074223][T11709] __msan_chain_origin+0x6b/0xd0 [ 331.079145][T11709] ___slab_alloc+0x1dbc/0x1fb0 [ 331.083895][T11709] kmem_cache_alloc+0xadf/0xd20 [ 331.088732][T11709] skb_clone+0x326/0x5d0 [ 331.092975][T11709] raw6_local_deliver+0xaf2/0x1040 [ 331.098077][T11709] ip6_protocol_deliver_rcu+0x607/0x22a0 [ 331.103695][T11709] ip6_input+0x2af/0x340 [ 331.107930][T11709] ipv6_rcv+0x683/0x710 [ 331.112073][T11709] process_backlog+0x721/0x1410 [ 331.116911][T11709] net_rx_action+0x7a6/0x1aa0 [ 331.121587][T11709] __do_softirq+0x4a1/0x83a [ 331.126078][T11709] do_softirq_own_stack+0x49/0x80 [ 331.131094][T11709] __local_bh_enable_ip+0x184/0x1d0 [ 331.136282][T11709] local_bh_enable+0x36/0x40 [ 331.140862][T11709] ip6_finish_output2+0x213f/0x2670 [ 331.146048][T11709] __ip6_finish_output+0x83d/0x8f0 [ 331.151152][T11709] ip6_finish_output+0x2db/0x420 [ 331.156081][T11709] ip6_output+0x5d3/0x720 [ 331.160402][T11709] ip6_local_out+0x164/0x1d0 [ 331.164980][T11709] ip6_push_pending_frames+0x215/0x4f0 [ 331.170600][T11709] rawv6_sendmsg+0x4125/0x5a20 [ 331.175360][T11709] inet_sendmsg+0x2d8/0x2e0 [ 331.179850][T11709] ___sys_sendmsg+0x12c4/0x1590 [ 331.184685][T11709] __sys_sendmmsg+0x53a/0xae0 [ 331.189351][T11709] __se_sys_sendmmsg+0xbd/0xe0 [ 331.196891][T11709] __x64_sys_sendmmsg+0x56/0x70 [ 331.201761][T11709] do_syscall_64+0xb6/0x160 [ 331.206345][T11709] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 331.212226][T11709] [ 331.214540][T11709] Uninit was created at: [ 331.218776][T11709] kmsan_internal_poison_shadow+0x60/0x120 [ 331.224580][T11709] kmsan_slab_free+0x8d/0xf0 [ 331.229164][T11709] kmem_cache_free_bulk+0x3ad9/0x3f10 [ 331.234521][T11709] __kfree_skb_flush+0xb0/0x100 [ 331.239359][T11709] net_rx_action+0x1a5e/0x1aa0 [ 331.244119][T11709] __do_softirq+0x4a1/0x83a [ 331.248609][T11709] irq_exit+0x230/0x280 [ 331.252749][T11709] do_IRQ+0x123/0x360 [ 331.256717][T11709] ret_from_intr+0x0/0x33 [ 331.261032][T11709] skb_try_coalesce+0x150/0x1c30 [ 331.265955][T11709] tcp_try_coalesce+0x1f1/0x9c0 [ 331.270791][T11709] tcp_rcv_established+0x2665/0x31f0 [ 331.276063][T11709] tcp_v4_do_rcv+0x684/0xd70 [ 331.280641][T11709] __release_sock+0x448/0x640 [ 331.285303][T11709] release_sock+0x99/0x2a0 [ 331.289704][T11709] tcp_recvmsg+0x335f/0x4ff0 [ 331.294292][T11709] inet_recvmsg+0x237/0x7d0 [ 331.298778][T11709] sock_read_iter+0x5be/0x660 [ 331.303440][T11709] __vfs_read+0xa67/0xc90 [ 331.307756][T11709] vfs_read+0x359/0x6f0 [ 331.311904][T11709] ksys_read+0x265/0x430 [ 331.316136][T11709] __se_sys_read+0x92/0xb0 [ 331.320546][T11709] __x64_sys_read+0x4a/0x70 [ 331.325039][T11709] do_syscall_64+0xb6/0x160 [ 331.329529][T11709] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 331.335400][T11709] ===================================================== [ 331.342324][T11709] Disabling lock debugging due to kernel taint [ 331.348486][T11709] Kernel panic - not syncing: panic_on_warn set ... [ 331.355097][T11709] CPU: 1 PID: 11709 Comm: syz-executor.1 Tainted: G B 5.4.0-rc5+ #0 [ 331.364375][T11709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 331.374419][T11709] Call Trace: [ 331.377718][T11709] dump_stack+0x191/0x1f0 [ 331.382044][T11709] panic+0x3c9/0xc1e [ 331.385950][T11709] kmsan_report+0x215/0x220 [ 331.390449][T11709] __msan_warning+0x73/0xe0 [ 331.394955][T11709] kmem_cache_alloc_node+0x5a9/0xe60 [ 331.400232][T11709] ? kmsan_internal_set_origin+0x6a/0xb0 [ 331.405849][T11709] ? __alloc_skb+0x215/0xa10 [ 331.410435][T11709] __alloc_skb+0x215/0xa10 [ 331.414850][T11709] __ip6_append_data+0x469e/0x6020 [ 331.420004][T11709] ip6_append_data+0x3c2/0x650 [ 331.424756][T11709] ? do_rawv6_getsockopt+0x4a0/0x4a0 [ 331.430035][T11709] ? do_rawv6_getsockopt+0x4a0/0x4a0 [ 331.435321][T11709] rawv6_sendmsg+0x3145/0x5a20 [ 331.440074][T11709] ? aa_label_sk_perm+0x6d6/0x940 [ 331.445122][T11709] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 331.451016][T11709] ? udp_cmsg_send+0x5d0/0x5d0 [ 331.455771][T11709] ? compat_rawv6_ioctl+0x100/0x100 [ 331.460958][T11709] inet_sendmsg+0x2d8/0x2e0 [ 331.465466][T11709] ? inet_send_prepare+0x600/0x600 [ 331.470568][T11709] ___sys_sendmsg+0x12c4/0x1590 [ 331.475433][T11709] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 331.481320][T11709] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 331.487551][T11709] ? balance_callback+0x48/0x260 [ 331.492475][T11709] ? kmsan_get_metadata+0x39/0x350 [ 331.497577][T11709] ? kmsan_internal_check_memory+0x99/0x4a0 [ 331.503465][T11709] ? __msan_get_context_state+0x9/0x20 [ 331.508912][T11709] ? rcu_all_qs+0x23/0x240 [ 331.513327][T11709] __sys_sendmmsg+0x53a/0xae0 [ 331.518015][T11709] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 331.523903][T11709] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 331.529968][T11709] ? prepare_exit_to_usermode+0x19a/0x4d0 [ 331.535680][T11709] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 331.541567][T11709] __se_sys_sendmmsg+0xbd/0xe0 [ 331.546329][T11709] __x64_sys_sendmmsg+0x56/0x70 [ 331.551166][T11709] do_syscall_64+0xb6/0x160 [ 331.555660][T11709] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 331.561647][T11709] RIP: 0033:0x45a639 [ 331.565532][T11709] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 331.585125][T11709] RSP: 002b:00007f43aa3eec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 331.593533][T11709] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000045a639 [ 331.601491][T11709] RDX: 0400000000000107 RSI: 0000000020008440 RDI: 0000000000000003 [ 331.609454][T11709] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 331.617425][T11709] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f43aa3ef6d4 [ 331.625386][T11709] R13: 00000000004c83c8 R14: 00000000004de808 R15: 00000000ffffffff [ 331.634795][T11709] Kernel Offset: disabled [ 331.639164][T11709] Rebooting in 86400 seconds..