[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 68.959517][ T27] audit: type=1800 audit(1575232160.503:25): pid=8952 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 68.982115][ T27] audit: type=1800 audit(1575232160.503:26): pid=8952 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 69.038302][ T27] audit: type=1800 audit(1575232160.503:27): pid=8952 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.184' (ECDSA) to the list of known hosts. 2019/12/01 20:29:30 fuzzer started 2019/12/01 20:29:32 dialing manager at 10.128.0.26:34449 2019/12/01 20:29:32 syscalls: 2597 2019/12/01 20:29:32 code coverage: enabled 2019/12/01 20:29:32 comparison tracing: enabled 2019/12/01 20:29:32 extra coverage: enabled 2019/12/01 20:29:32 setuid sandbox: enabled 2019/12/01 20:29:32 namespace sandbox: enabled 2019/12/01 20:29:32 Android sandbox: /sys/fs/selinux/policy does not exist 2019/12/01 20:29:32 fault injection: enabled 2019/12/01 20:29:32 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/12/01 20:29:32 net packet injection: enabled 2019/12/01 20:29:32 net device setup: enabled 2019/12/01 20:29:32 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/12/01 20:29:32 devlink PCI setup: PCI device 0000:00:10.0 is not available 20:31:55 executing program 0: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = socket$inet6(0xa, 0x3, 0x3b) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 20:31:55 executing program 1: r0 = socket$inet6(0xa, 0x80003, 0xff) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0800b5055e0bcfe87b2071") r1 = socket$inet(0x2, 0x2000000000003, 0x2) setsockopt$inet_int(r1, 0x1f00000000000000, 0xcc, &(0x7f0000000000), 0x3c) syzkaller login: [ 224.307099][ T9118] IPVS: ftp: loaded support on port[0] = 21 [ 224.411594][ T9120] IPVS: ftp: loaded support on port[0] = 21 20:31:56 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000080)={'lo\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000140)={'lo\x00\x00\xe7\xff\x03\x00\x00\x00\x00\x06\x00', 0xfd}) getuid() [ 224.597533][ T9118] chnl_net:caif_netlink_parms(): no params data found [ 224.731419][ T9124] IPVS: ftp: loaded support on port[0] = 21 [ 224.742680][ T9120] chnl_net:caif_netlink_parms(): no params data found [ 224.776945][ T9118] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.786603][ T9118] bridge0: port 1(bridge_slave_0) entered disabled state [ 224.795532][ T9118] device bridge_slave_0 entered promiscuous mode [ 224.807158][ T9118] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.815234][ T9118] bridge0: port 2(bridge_slave_1) entered disabled state [ 224.823894][ T9118] device bridge_slave_1 entered promiscuous mode 20:31:56 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000014000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fe530cb7d7f933eda02ba18ad181867514fe60077d4dd90123d3ee7cf43548ee858e07dfbdfd4e7540ebec677d6ac14c2c794f72cbf5fe31789e70233bfd8115efd90b0c48258f8dbe82e16cf8db95f5b068a9e0000000000000000000000000000000000000000000000000000000000000018287ba7d8807cf077cc420efca6785deb269d0a91985602763e0d70d404da006a3d6eef8fb7fcdd82eb1e4841"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x3600000000000000, 0x44, 0x0, &(0x7f0000000080)="4d50b441e692763113ef874588a8a30538bd7ee5e39d9d59026786dd223ec75b4e1a9ae934c8f49b21f35c012238103650e1c4f9ed85e2cc4f890f3ee6312a7400021522", 0x0, 0x400, 0x0, 0x0, 0xffffffffffffff17, &(0x7f0000000380)="346610fafa5d6984a36d2d41226581a813fcb43ce01c32109ee0b12a547ae2f70719c216f1629c5c8667f3e2064b2b35fd422921ceac82f11f7b1b2614c73e1bf77e7bc4170ed6f2b5c8068f4a3742e1e828fdd6e181063e9e6ae0b7eeace4a4ae6c300a77bb81294e1c2326ba329d822b70e4503626bc3f4c4788da6efcfa94fe0e4528088f8cefd5d38363876cb91c8b54835e9de837840aaca10ae977446cda32755aa2adc2118553bf84b2a786084857b05ceada8aaaff7074de246013d489f49f2244ae9ad85a87e7d7c60eed752dbedab3ddf0a29dcb7686103d8b4a75a6acb33b1c1dcea2ceb9914d9c652af8afa3837b2152340e28", &(0x7f0000000280)}, 0x28) recvmsg$kcm(0xffffffffffffffff, 0x0, 0x2080) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) [ 224.893234][ T9118] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 224.926305][ T9118] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 224.966852][ T9120] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.989684][ T9120] bridge0: port 1(bridge_slave_0) entered disabled state [ 225.024551][ T9120] device bridge_slave_0 entered promiscuous mode [ 225.057863][ T9120] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.081660][ T9120] bridge0: port 2(bridge_slave_1) entered disabled state [ 225.089950][ T9120] device bridge_slave_1 entered promiscuous mode [ 225.112974][ T9118] team0: Port device team_slave_0 added [ 225.148729][ T9118] team0: Port device team_slave_1 added [ 225.167390][ T9120] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 225.188315][ T9120] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 225.210104][ T9126] IPVS: ftp: loaded support on port[0] = 21 20:31:56 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x36}) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x2d1}, {&(0x7f00000001c0)=""/57, 0x303}], 0x2cb, 0x0, 0xfffffea4, 0x0) tkill(r0, 0x3c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 225.262835][ T9118] device hsr_slave_0 entered promiscuous mode [ 225.310204][ T9118] device hsr_slave_1 entered promiscuous mode [ 225.435400][ T9120] team0: Port device team_slave_0 added 20:31:57 executing program 5: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x44}, [@ldst={0x6, 0x0, 0x6}]}, &(0x7f0000003ff6)='G\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) [ 225.506157][ T9120] team0: Port device team_slave_1 added [ 225.566669][ T9124] chnl_net:caif_netlink_parms(): no params data found [ 225.647860][ T9118] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 225.711941][ T9118] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 225.792167][ T9118] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 225.903016][ T9120] device hsr_slave_0 entered promiscuous mode [ 225.940193][ T9120] device hsr_slave_1 entered promiscuous mode [ 225.989943][ T9120] debugfs: Directory 'hsr0' with parent '/' already present! [ 226.008564][ T9131] IPVS: ftp: loaded support on port[0] = 21 [ 226.020539][ T9130] IPVS: ftp: loaded support on port[0] = 21 [ 226.026359][ T9118] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 226.085022][ T9124] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.092702][ T9124] bridge0: port 1(bridge_slave_0) entered disabled state [ 226.100889][ T9124] device bridge_slave_0 entered promiscuous mode [ 226.110684][ T9124] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.117746][ T9124] bridge0: port 2(bridge_slave_1) entered disabled state [ 226.125444][ T9124] device bridge_slave_1 entered promiscuous mode [ 226.133014][ T9126] chnl_net:caif_netlink_parms(): no params data found [ 226.215511][ T9124] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 226.244825][ T9126] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.252160][ T9126] bridge0: port 1(bridge_slave_0) entered disabled state [ 226.260382][ T9126] device bridge_slave_0 entered promiscuous mode [ 226.267572][ T9120] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 226.323895][ T9120] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 226.383177][ T9124] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 226.405821][ T9126] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.414215][ T9126] bridge0: port 2(bridge_slave_1) entered disabled state [ 226.422237][ T9126] device bridge_slave_1 entered promiscuous mode [ 226.438498][ T9120] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 226.488149][ T9124] team0: Port device team_slave_0 added [ 226.498106][ T9124] team0: Port device team_slave_1 added [ 226.521661][ T9120] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 226.591254][ T9126] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 226.643527][ T9126] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 226.731834][ T9124] device hsr_slave_0 entered promiscuous mode [ 226.780371][ T9124] device hsr_slave_1 entered promiscuous mode [ 226.839946][ T9124] debugfs: Directory 'hsr0' with parent '/' already present! [ 226.895372][ T9126] team0: Port device team_slave_0 added [ 226.913821][ T9131] chnl_net:caif_netlink_parms(): no params data found [ 226.927459][ T9126] team0: Port device team_slave_1 added [ 227.043200][ T9126] device hsr_slave_0 entered promiscuous mode [ 227.080257][ T9126] device hsr_slave_1 entered promiscuous mode [ 227.120045][ T9126] debugfs: Directory 'hsr0' with parent '/' already present! [ 227.138569][ T9124] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 227.199564][ T9124] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 227.253239][ T9130] chnl_net:caif_netlink_parms(): no params data found [ 227.299386][ T9124] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 227.344443][ T9124] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 227.393607][ T9130] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.401775][ T9130] bridge0: port 1(bridge_slave_0) entered disabled state [ 227.410321][ T9130] device bridge_slave_0 entered promiscuous mode [ 227.429288][ T9131] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.437234][ T9131] bridge0: port 1(bridge_slave_0) entered disabled state [ 227.445214][ T9131] device bridge_slave_0 entered promiscuous mode [ 227.454407][ T9131] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.461515][ T9131] bridge0: port 2(bridge_slave_1) entered disabled state [ 227.469376][ T9131] device bridge_slave_1 entered promiscuous mode [ 227.485265][ T9130] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.493169][ T9130] bridge0: port 2(bridge_slave_1) entered disabled state [ 227.501366][ T9130] device bridge_slave_1 entered promiscuous mode [ 227.531909][ T9130] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 227.546214][ T9130] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 227.570293][ T9130] team0: Port device team_slave_0 added [ 227.591074][ T9130] team0: Port device team_slave_1 added [ 227.615884][ T9131] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 227.638594][ T9118] 8021q: adding VLAN 0 to HW filter on device bond0 [ 227.673240][ T9126] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 227.703824][ T9131] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 227.772311][ T9130] device hsr_slave_0 entered promiscuous mode [ 227.810447][ T9130] device hsr_slave_1 entered promiscuous mode [ 227.870377][ T9130] debugfs: Directory 'hsr0' with parent '/' already present! [ 227.879486][ T9126] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 227.937687][ T9126] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 227.983320][ T3195] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 227.992934][ T3195] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 228.012558][ T9120] 8021q: adding VLAN 0 to HW filter on device bond0 [ 228.023011][ T9118] 8021q: adding VLAN 0 to HW filter on device team0 [ 228.048293][ T9126] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 228.119176][ T9131] team0: Port device team_slave_0 added [ 228.127825][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 228.141101][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 228.149858][ T3707] bridge0: port 1(bridge_slave_0) entered blocking state [ 228.157165][ T3707] bridge0: port 1(bridge_slave_0) entered forwarding state [ 228.166096][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 228.174259][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 228.194838][ T9130] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 228.253075][ T9131] team0: Port device team_slave_1 added [ 228.258897][ T9130] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 228.321185][ T9133] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 228.329144][ T9133] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 228.338014][ T9133] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 228.346546][ T9133] bridge0: port 2(bridge_slave_1) entered blocking state [ 228.353715][ T9133] bridge0: port 2(bridge_slave_1) entered forwarding state [ 228.363578][ T9133] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 228.376194][ T9120] 8021q: adding VLAN 0 to HW filter on device team0 [ 228.392148][ T9130] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 228.441952][ T9130] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 228.500336][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 228.509041][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 228.518903][ T26] bridge0: port 1(bridge_slave_0) entered blocking state [ 228.526080][ T26] bridge0: port 1(bridge_slave_0) entered forwarding state [ 228.535984][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 228.545179][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 228.554036][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 228.597232][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 228.607092][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 228.615544][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 228.624943][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 228.633779][ T3707] bridge0: port 2(bridge_slave_1) entered blocking state [ 228.640936][ T3707] bridge0: port 2(bridge_slave_1) entered forwarding state [ 228.657105][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 228.665808][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 228.674594][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 228.683996][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 228.743866][ T9131] device hsr_slave_0 entered promiscuous mode [ 228.790155][ T9131] device hsr_slave_1 entered promiscuous mode [ 228.850193][ T9131] debugfs: Directory 'hsr0' with parent '/' already present! [ 228.884979][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 228.895080][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 228.904407][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 228.913415][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 228.922221][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 228.930803][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 228.939213][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 228.948040][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 228.956445][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 228.968913][ T9124] 8021q: adding VLAN 0 to HW filter on device bond0 [ 229.004132][ T9118] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 229.018138][ T9133] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 229.027694][ T9133] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 229.036577][ T9133] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 229.046347][ T9133] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 229.055924][ T9133] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 229.064655][ T9133] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 229.088459][ T9120] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 229.113124][ T9124] 8021q: adding VLAN 0 to HW filter on device team0 [ 229.159918][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 229.168517][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 229.177787][ T3707] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.184904][ T3707] bridge0: port 1(bridge_slave_0) entered forwarding state [ 229.193564][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 229.202394][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 229.210949][ T3707] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.218019][ T3707] bridge0: port 2(bridge_slave_1) entered forwarding state [ 229.226633][ T9133] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 229.239462][ T9131] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 229.282675][ T9131] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 229.342492][ T9126] 8021q: adding VLAN 0 to HW filter on device bond0 [ 229.364248][ T9120] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 229.372556][ T9131] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 229.413242][ T9131] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 229.484609][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 229.492304][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 229.499987][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 229.551641][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 229.559146][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 229.568000][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 229.579859][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 229.588701][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 229.597888][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 229.607113][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 229.617291][ T3707] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 229.636386][ T9130] 8021q: adding VLAN 0 to HW filter on device bond0 [ 229.653532][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 229.664614][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 229.681057][ T9118] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 229.720937][ T9124] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 229.733568][ T9124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 229.743916][ T9133] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 229.764762][ T9133] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 229.817945][ T9133] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 229.826621][ T9133] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 229.839011][ T9133] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 229.847976][ T9133] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 229.862107][ T9126] 8021q: adding VLAN 0 to HW filter on device team0 [ 229.880428][ T9130] 8021q: adding VLAN 0 to HW filter on device team0 20:32:01 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) [ 229.921683][ T3195] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 229.941947][ T3195] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready 20:32:01 executing program 1: r0 = socket$inet6(0xa, 0x80003, 0x6b) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="0805b5055e0bcfe8475071") r1 = socket$inet(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_group_source_req(r1, 0x0, 0x2e, &(0x7f0000001780)={0x8, {{0x2, 0x0, @multicast1}}, {{0x2, 0x0, @remote}}}, 0x108) [ 229.980290][ T3195] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.987402][ T3195] bridge0: port 1(bridge_slave_0) entered forwarding state [ 230.018416][ T3195] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 230.050603][ T9137] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 230.073768][ T9137] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 230.114361][ T9137] bridge0: port 1(bridge_slave_0) entered blocking state [ 230.121665][ T9137] bridge0: port 1(bridge_slave_0) entered forwarding state [ 230.129534][ T9137] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 230.139241][ T9137] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 230.147970][ T9137] bridge0: port 2(bridge_slave_1) entered blocking state [ 230.155090][ T9137] bridge0: port 2(bridge_slave_1) entered forwarding state [ 230.163282][ T9137] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 230.172588][ T9137] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 230.181343][ T9137] bridge0: port 2(bridge_slave_1) entered blocking state [ 230.188442][ T9137] bridge0: port 2(bridge_slave_1) entered forwarding state [ 230.196293][ T9137] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 230.205106][ T9137] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 230.217811][ T9137] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 230.226334][ T9137] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 230.234129][ T9137] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 230.259875][ T9133] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 230.268584][ T9133] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 230.278773][ T9133] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 230.289098][ T9133] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 230.330546][ T9133] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 230.343056][ T9133] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 230.352959][ T9133] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 230.361787][ T9133] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 230.371554][ T9133] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 230.380674][ T9133] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 230.389259][ T9133] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 230.398854][ T9133] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 230.407693][ T9133] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 230.416545][ T9133] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 230.425130][ T9133] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 230.434715][ T9133] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 230.453540][ T9126] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 230.470109][ T3195] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 230.478916][ T3195] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 230.492369][ T9124] 8021q: adding VLAN 0 to HW filter on device batadv0 20:32:02 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000300)="1400000013000507ed008064d200100013000080", 0x14}], 0x1}, 0x0) [ 230.528383][ T9136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 230.537462][ T9136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 230.561899][ T9130] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 230.590256][ T3195] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 230.598185][ T3195] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 20:32:02 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, &(0x7f0000000580)="387f17f83c07c817c165501af3ddd214e06c912b2350f175e00ddf5df6bdb4630a57021149393e1a4399022142f2b186eba7a4160342016b23b1a719516553664e033793a8e07895fd26ad95faa248e83eff4d210abf862776632ad6e3222fedcd2acc65a119645c37c36cd4438fe8fee18b8088770d10b1e5b7c411f5da83e791ca4799b676fa175b23eee9032a7c3bde976dba7e7e0d97f2d746f1d30f006cbea9ff00eae08c57e7645f4f555af675a64609c88c21b7df2de386eadf079ac1a8c69aab7610d9fed2a7e55a3a3239c429", 0xd1, 0xc0d0, 0x0, 0x0) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) [ 230.644214][ T9131] 8021q: adding VLAN 0 to HW filter on device bond0 [ 230.654652][ T9126] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 230.698422][ T9130] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 230.749965][ T9136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 230.757522][ T9136] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 20:32:02 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x4000000000001a8, 0x0) [ 230.844529][ T9131] 8021q: adding VLAN 0 to HW filter on device team0 [ 230.991624][ T9133] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 231.008684][ T9133] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 20:32:02 executing program 2: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) close(r1) socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x11, 0x800000003, 0x0) bind(r2, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r3 = socket$unix(0x1, 0x1, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) r5 = dup2(r4, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) getsockname$packet(r2, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="2000000014000100000000000000000002000000", @ANYRES32=r6, @ANYBLOB="080002000001"], 0x3}}, 0x0) splice(r0, 0x0, r1, 0x0, 0x100000000, 0x0) 20:32:02 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000240)={[{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 231.145317][ C0] hrtimer: interrupt took 27823 ns [ 231.209861][ T9131] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network 20:32:02 executing program 3: [ 231.265891][ T9131] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network 20:32:02 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xa, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x7, 0x3, 0x5}]}, &(0x7f00000000c0)='GPL\x00', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) [ 231.394341][ T9189] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 231.396639][ T9131] 8021q: adding VLAN 0 to HW filter on device batadv0 20:32:03 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6(0xa, 0x80003, 0xff) ioctl(r1, 0x1000008912, &(0x7f0000000080)="0800b5055e0bcfe87b2071") bind$inet6(r0, &(0x7f0000000380)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) [ 231.578745][ T3195] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 231.652053][ T3195] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 231.696058][ T3195] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.703261][ T3195] bridge0: port 1(bridge_slave_0) entered forwarding state [ 231.734190][ T3195] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 231.767240][ T3195] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 231.778076][ T3195] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.785240][ T3195] bridge0: port 2(bridge_slave_1) entered forwarding state [ 231.795098][ T3195] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 231.804756][ T3195] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 231.814017][ T3195] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 231.822977][ T3195] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 231.832189][ T3195] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 231.841504][ T3195] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 231.850608][ T3195] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 231.859225][ T3195] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 231.867911][ T3195] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 231.876648][ T3195] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 231.885614][ T3195] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 231.893225][ T3195] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 231.907295][ T3195] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 231.915446][ T3195] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 231.923558][ T3195] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 20:32:06 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x1c}, [@ldst={0x6, 0x0, 0x6}]}, &(0x7f0000003ff6)='G\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) 20:32:06 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x36}) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x2d1}, {&(0x7f00000001c0)=""/57, 0x303}], 0x2cb, 0x0, 0xfffffea4, 0x0) tkill(r0, 0x3c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 20:32:06 executing program 1: r0 = socket$inet(0x2b, 0x1, 0x0) getsockopt$inet_tcp_int(r0, 0x6, 0x19, 0x0, &(0x7f0000000b80)) 20:32:06 executing program 5: 20:32:06 executing program 3: getrlimit(0x0, 0x0) utimes(0x0, 0x0) timer_create(0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_TIMERSLACK(0xf, 0x0) 20:32:06 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6(0xa, 0x80003, 0xff) ioctl(r1, 0x1000008912, &(0x7f0000000080)="0800b5055e0bcfe87b2071") bind$inet6(r0, &(0x7f0000000380)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) 20:32:06 executing program 5: 20:32:06 executing program 3: 20:32:06 executing program 1: 20:32:06 executing program 0: 20:32:06 executing program 5: 20:32:06 executing program 3: 20:32:06 executing program 1: 20:32:09 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x36}) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x2d1}, {&(0x7f00000001c0)=""/57, 0x303}], 0x2cb, 0x0, 0xfffffea4, 0x0) tkill(r0, 0x3c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 20:32:09 executing program 0: 20:32:09 executing program 5: 20:32:09 executing program 1: 20:32:09 executing program 3: 20:32:09 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6(0xa, 0x80003, 0xff) ioctl(r1, 0x1000008912, &(0x7f0000000080)="0800b5055e0bcfe87b2071") bind$inet6(r0, &(0x7f0000000380)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) 20:32:09 executing program 3: 20:32:09 executing program 5: 20:32:09 executing program 1: 20:32:09 executing program 0: 20:32:09 executing program 3: 20:32:09 executing program 5: 20:32:12 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x36}) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x2d1}, {&(0x7f00000001c0)=""/57, 0x303}], 0x2cb, 0x0, 0xfffffea4, 0x0) tkill(r0, 0x3c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 20:32:12 executing program 1: 20:32:12 executing program 0: 20:32:12 executing program 5: 20:32:12 executing program 3: 20:32:12 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6(0xa, 0x80003, 0xff) ioctl(r1, 0x1000008912, &(0x7f0000000080)="0800b5055e0bcfe87b2071") bind$inet6(r0, &(0x7f0000000380)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) 20:32:12 executing program 5: 20:32:12 executing program 3: 20:32:12 executing program 0: 20:32:12 executing program 1: 20:32:12 executing program 5: 20:32:12 executing program 3: 20:32:15 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x36}) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x2d1}, {&(0x7f00000001c0)=""/57, 0x303}], 0x2cb, 0x0, 0xfffffea4, 0x0) tkill(r0, 0x3c) ptrace$cont(0x9, r0, 0x0, 0x0) 20:32:15 executing program 0: 20:32:15 executing program 5: 20:32:15 executing program 3: 20:32:15 executing program 1: 20:32:15 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6(0xa, 0x80003, 0xff) ioctl(r1, 0x1000008912, &(0x7f0000000080)="0800b5055e0bcfe87b2071") connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) 20:32:15 executing program 0: 20:32:15 executing program 3: 20:32:15 executing program 5: 20:32:15 executing program 1: 20:32:15 executing program 5: 20:32:15 executing program 3: 20:32:18 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x36}) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x2d1}, {&(0x7f00000001c0)=""/57, 0x303}], 0x2cb, 0x0, 0xfffffea4, 0x0) tkill(r0, 0x3c) ptrace$cont(0x9, r0, 0x0, 0x0) 20:32:18 executing program 1: 20:32:18 executing program 0: 20:32:18 executing program 3: 20:32:18 executing program 5: 20:32:18 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6(0xa, 0x80003, 0xff) ioctl(r1, 0x1000008912, &(0x7f0000000080)="0800b5055e0bcfe87b2071") connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) 20:32:18 executing program 1: 20:32:18 executing program 5: 20:32:18 executing program 3: 20:32:18 executing program 0: 20:32:18 executing program 5: 20:32:18 executing program 3: 20:32:21 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x36}) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x2d1}, {&(0x7f00000001c0)=""/57, 0x303}], 0x2cb, 0x0, 0xfffffea4, 0x0) tkill(r0, 0x3c) ptrace$cont(0x9, r0, 0x0, 0x0) 20:32:21 executing program 1: r0 = socket$inet6(0xa, 0x80003, 0x6b) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="0805b5055e0bcfe8475071") socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg(r1, &(0x7f0000002d00)={&(0x7f0000001780)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, 0x80, 0x0}, 0x0) sendmsg$TIPC_CMD_GET_MEDIA_NAMES(0xffffffffffffffff, 0x0, 0x0) 20:32:21 executing program 0: r0 = memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x1) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00'}) write$sndseq(r2, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}], 0xfcc8) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r1, 0xc02c5341, &(0x7f0000000340)) 20:32:21 executing program 5: 20:32:21 executing program 3: 20:32:21 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6(0xa, 0x80003, 0xff) ioctl(r1, 0x1000008912, &(0x7f0000000080)="0800b5055e0bcfe87b2071") connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) 20:32:21 executing program 3: 20:32:21 executing program 5: 20:32:21 executing program 1: 20:32:21 executing program 3: 20:32:21 executing program 5: 20:32:21 executing program 1: 20:32:24 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x36}) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x2d1}, {&(0x7f00000001c0)=""/57, 0x303}], 0x2cb, 0x0, 0xfffffea4, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 20:32:24 executing program 0: 20:32:24 executing program 3: 20:32:24 executing program 1: 20:32:24 executing program 5: 20:32:24 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6(0xa, 0x80003, 0xff) bind$inet6(r0, &(0x7f0000000380)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) 20:32:24 executing program 5: 20:32:24 executing program 0: 20:32:24 executing program 1: 20:32:24 executing program 3: 20:32:24 executing program 0: 20:32:24 executing program 1: 20:32:27 executing program 3: 20:32:27 executing program 5: 20:32:27 executing program 1: 20:32:27 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x36}) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x2d1}, {&(0x7f00000001c0)=""/57, 0x303}], 0x2cb, 0x0, 0xfffffea4, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 20:32:27 executing program 0: 20:32:27 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6(0xa, 0x80003, 0xff) bind$inet6(r0, &(0x7f0000000380)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) 20:32:27 executing program 3: 20:32:27 executing program 0: 20:32:27 executing program 1: 20:32:27 executing program 5: 20:32:28 executing program 5: 20:32:28 executing program 3: 20:32:28 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) io_submit(0x0, 0x1, &(0x7f0000000540)=[0x0]) 20:32:28 executing program 1: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) gettid() write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) close(0xffffffffffffffff) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132}) bpf$PROG_LOAD(0x5, 0x0, 0x0) getpid() r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) 20:32:28 executing program 3: 20:32:30 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x36}) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0, 0x2d1}, {&(0x7f00000001c0)=""/57, 0x303}], 0x2cb, 0x0, 0xfffffea4, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 20:32:30 executing program 5: 20:32:30 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x89f0, &(0x7f0000000040)={'bridge0\x00\x00z\x00\x00\x00\xff\xff\xfd', &(0x7f0000000000)=@ethtool_ringparam={0xf}}) 20:32:30 executing program 0: r0 = socket(0x10, 0x400000000080803, 0x0) sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYRES16, @ANYBLOB="000000000000fc370000140000000c00060008000100000000001800022308000100000000000800010000000000040004006c00040054000600080004000000000008000100000000000800020000000000080001000000a500080003000000000008000200060000000800020000000000080004000000e100080003000000000008000200000000001400010062726f6164636173742d6c696e6b0000580005005400388a8e44a25ee15c08000800010000000000080002000000000008000400000000000800030000000000080003000000000008010100000400000800023f000000000000000000000000080002000000001e1400060008000100000000000800010000000000d00001000800030000000080100001007564700002077a3000000000380004001400010002000000ffffffff0000000000000000201102000a00000000000000209ff2c6d22851b4b84ea2e743c1ef6600000000080003000000000008000300001e00141f042d297700010002000000ac14140000000000000000001400020002000000ac14140006000009e7f4f6776297ee00080002000000000008000300000000002c0004001400010002000000ac14140000000000000000001400020002000000ac144d3d8dac06e58c9c00004400010038000400200001000a000000ff0100000000000000000000000000000000004e230000001400020002"], 0x2}}, 0x0) write(r0, &(0x7f0000000240)="241400001a0025f00485bc04fef7001d020b49ff70880000800328000802010001010000bc71176a36ede498534108e58342fa94a235a2a441f9", 0xfcae) 20:32:30 executing program 1: socket$inet6(0xa, 0x0, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='new default user:syz 040'], 0x1, 0x0) r0 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe) add_key$user(&(0x7f0000000040)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000440)='X', 0x1, 0xfffffffffffffffe) keyctl$read(0xb, r0, &(0x7f0000000240)=""/112, 0x349b7f55) 20:32:30 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6(0xa, 0x80003, 0xff) bind$inet6(r0, &(0x7f0000000380)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) 20:32:30 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x53adc69e) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000200)="66ba410066edf30f205866b8bf000f00d0c4e37549ee00c4c3d96b56234e2e3e640f5de6b991030000b805000000ba000000000f300f20e00f199d050000000f22e066baf80cb8d4efd287ef66bafc0cb83a950000efc4c3f9149cb9d400000073", 0x61}], 0x1, 0x8, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 259.338043][ T9474] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 20:32:30 executing program 5: r0 = syz_open_dev$rtc(&(0x7f0000000040)='/dev/rtc#\x00', 0x0, 0x0) ioctl$RTC_EPOCH_SET(r0, 0x4008700e, 0x0) [ 259.382146][ T9474] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 259.414728][ T9474] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 259.429977][ T9474] netlink: 4556 bytes leftover after parsing attributes in process `syz-executor.0'. [ 259.466783][ T9483] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 20:32:31 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) remap_file_pages(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0) [ 259.499096][ T9476] encrypted_key: keyword 'new' not allowed when called from .update method [ 259.520785][ T9483] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 259.529985][ T9483] netlink: 'syz-executor.0': attribute type 2 has an invalid length. [ 259.538217][ T9483] netlink: 4556 bytes leftover after parsing attributes in process `syz-executor.0'. 20:32:31 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/net/tun\x00', 0x2, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="2800000010005fba0000000000000000000000d7", @ANYRES32=0x0, @ANYBLOB="030000000000000008001b0000000000"], 0x28}}, 0x0) write$tun(r0, &(0x7f0000000a40)={@val, @val={0x0, 0x0, 0x7f}, @ipv6={0x0, 0x6, "d93126", 0x57, 0x0, 0x0, @dev, @remote, {[], @gre={{}, {}, {}, {}, {}, {0x8, 0x6558, 0x0, "6f1383a6663460d1a6f1389fbae60a86efe50b"}}}}}, 0x8d) 20:32:31 executing program 0: syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000040)='./control\x00', 0x0, 0x0, 0x0, 0x8003, 0x0) 20:32:31 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x802, 0x0) write(r0, &(0x7f0000000240)="fc0000003a000703ab092500090007000a060000000000000000369321000100ff0100000005d00000000000000398996c92773411419da79bb94b46fe000000bc00020000036c6c256f1a272f2e117c22ebc205214000000000008934d07302ad031720d7d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70c9ddef2fe082038f4f8b29d3ef3d92c83170e5bba4a463ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dd16b17e583df150c3b880f411f46a6b567b4d5715587e658a1ad0a4f01731d05b0350b0041f0d48f6f0000080548deac270e33429fd3000175e63fb8d38a873cf1587c3b41", 0xfc) [ 259.676140][ T9496] mmap: syz-executor.1 (9496) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 259.756229][ T9499] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 259.768231][ T9499] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 259.820681][ T9499] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 260.108385][ T9499] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 260.159900][ T9499] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. 20:32:33 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x36}) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 20:32:33 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x10}, [@ldst={0x6, 0x0, 0x6}]}, &(0x7f0000003ff6)='G\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) 20:32:33 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000240)=ANY=[@ANYBLOB="61121400000000006113a00000000000bf200000000000000700000008ffffffbd0301000000000095000000000000006916000000000000bf67000000000000170600000fff07006706000002000000070600000ee60000bf050000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070400000400f9ffad43010000000000950000000000000005000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00'}, 0x48) 20:32:33 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x3c}, [@ldst={0x6, 0x0, 0x6}]}, &(0x7f0000003ff6)='G\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) 20:32:33 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000080)="0800b5055e0bcfe87b2071") bind$inet6(r0, &(0x7f0000000380)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) 20:32:33 executing program 5: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000002c0)='devtmpfs\x00', 0x0, 0x0) chdir(&(0x7f0000000180)='./file0\x00') r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='mem\x00\x00\x00\x00\xa9\xc8\a\x13\xbe-\xe5\x86\xd5^\x83\x888aqz\xab\xb7D\x81\xedF\xf4\x00\x00\x00\x00\xb4\xff\xe3\xd7\xfa\xc0A\xb9b\x96i\xea\xd7\xe2,\xfd\x80[\xd7\xf6\xd9\xd2\x85\x8b\x95{\xb8\xaa\x8e\xd5\b\xa6.\xb9\xca\b\'~\xcck y\xef\b\x95\\\xf9\xe6F\xc31\xe4)\xe0\xb1\r\xc7\xa8w\x8aH\xc3\xd7n\xb7\xf8^\x11\a\a,\xcb^e\xcbe\x8a\xa1\x0e\xe6\x81\a\xc0D\xcc0xffffffffffffffff}) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap(&(0x7f0000bfd000/0x400000)=nil, 0x400000, 0x0, 0x12, r0, 0xff0f0000) clone(0x0, 0x0, 0x0, 0x0, 0x0) 20:32:34 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x5, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0xfffffffe}]}) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x5, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0xfffffffc}]}) 20:32:34 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x3c}, [@ldst={0x6, 0x0, 0x6}]}, &(0x7f0000003ff6)='G\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) 20:32:34 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe2(0x0, 0x0) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) getpeername(0xffffffffffffffff, &(0x7f00000001c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff}}, &(0x7f00000002c0)=0x80) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000000)) read(0xffffffffffffffff, 0x0, 0x0) r2 = syz_open_pts(0xffffffffffffffff, 0x0) r3 = dup3(r2, 0xffffffffffffffff, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r4 = syz_open_pts(0xffffffffffffffff, 0x0) r5 = dup3(r4, 0xffffffffffffffff, 0x0) ioctl$TCSETA(r5, 0x5406, 0x0) sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f00000004c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0xa1f34b6cca987bff}, 0xc, &(0x7f0000000480)={&(0x7f00000020c0)=ANY=[@ANYBLOB="760000000000000abbdd848200000000caa8229235219e9b9ab4fd5dd061433fd2f24ffde810c0af2b77c0e5d64751561714707f0efc4e26a693775ca6b699bcbda06d72122fe42ae0a743c8f351283e55add9dd38", @ANYPTR64, @ANYPTR64=&(0x7f0000000600)=ANY=[@ANYBLOB="e98bf9d13f937a29b45c5207b7f7385c6b8412094296720c83b49b9b92ecd7586cebc88fc3728a5356c99bdc73611f63d444bc3d52d64bc2154d7c1316e4f149b4024b70f4325cc964ee476ac33dc83dedd43e1b3c52627f431ecc627d08f7a251ce18917284ea4605e3afdae8273880c8c84d6087256a047c2decc598e91b90d3c5a55fac67046dada1adb2e2c76d68e9028c9a5dfadb4efe6788a14239992dccfdde09302dec"]], 0x3}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f00000005c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40000c20}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x50010}, 0x10ef4cf6c9465699) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_NMI(r6, 0xae9a) mount$fuseblk(&(0x7f0000000080)='/dev/loop0\x00', 0x0, 0x0, 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r7, 0x4040ae77, &(0x7f0000000000)) open(&(0x7f0000000140)='./file0\x00', 0x322082, 0x4) ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_SET_PIT2(r7, 0x4070aea0, &(0x7f0000000240)={[{0x0, 0x0, 0x0, 0x4d, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) [ 262.605913][ T27] kauditd_printk_skb: 3 callbacks suppressed [ 262.605928][ T27] audit: type=1326 audit(1575232354.153:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=9538 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45d4ba code=0xffff0000 20:32:34 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe2(0x0, 0x0) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) getpeername(0xffffffffffffffff, &(0x7f00000001c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff}}, &(0x7f00000002c0)=0x80) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000000)) read(0xffffffffffffffff, &(0x7f0000000040)=""/11, 0xb) r2 = syz_open_pts(0xffffffffffffffff, 0x0) r3 = dup3(r2, 0xffffffffffffffff, 0x0) ioctl$TCSETA(r3, 0x5406, &(0x7f00000000c0)={0x8000, 0x0, 0x81, 0x4000, 0x60}) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, 0x0) r4 = syz_open_pts(0xffffffffffffffff, 0x0) r5 = dup3(r4, 0xffffffffffffffff, 0x0) ioctl$TCSETA(r5, 0x5406, 0x0) sendmsg$IPVS_CMD_DEL_DEST(r3, &(0x7f00000004c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0xa1f34b6cca987bff}, 0xc, &(0x7f0000000480)={&(0x7f00000020c0)=ANY=[@ANYBLOB="760000000000000abbdd848200000000caa8229235219e9b9ab4fd5dd061433fd2f24ffde810c0af2b77c0e5d64751561714707f0efc4e26a693775ca6b699bcbda06d72122fe42ae0a743c8f351283e55add9dd38", @ANYPTR64, @ANYPTR64=&(0x7f0000000600)=ANY=[@ANYBLOB="e98bf9d13f937a29b45c5207b7f7385c6b8412094296720c83b49b9b92ecd7586cebc88fc3728a5356c99bdc73611f63d444bc3d52d64bc2154d7c1316e4f149b4024b70f4325cc964ee476ac33dc83dedd43e1b3c52627f431ecc627d08f7a251ce18917284ea4605e3afdae8273880c8c84d6087256a047c2decc598e91b90d3c5a55fac67046dada1adb2e2c76d68e9028c9a5dfadb4efe6788a14239992dccfdde09302dec"]], 0x3}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f00000005c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x40000c20}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x50010}, 0x10ef4cf6c9465699) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000000340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_NMI(r6, 0xae9a) mount$fuseblk(0x0, 0x0, 0x0, 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text32={0x20, &(0x7f00000000c0)="b805000000b9510000000f01c10f46a78900000066ba2100b067ee66ba4100edb9800000c00f3266ba400066ed0f30c4c271de9d0000000066b808008ed0660f38806f000f011c2666b8bf008ee0", 0x4e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r7, 0x4040ae77, &(0x7f0000000000)) open(&(0x7f0000000140)='./file0\x00', 0x322082, 0x4) ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_SET_PIT2(r7, 0x4070aea0, &(0x7f0000000240)={[{0x0, 0x0, 0x0, 0x4d, 0x0, 0x0, 0x2}]}) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_RUN(r8, 0xae80, 0x0) [ 262.663412][ T27] audit: type=1326 audit(1575232354.193:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=9538 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45d4ba code=0xffff0000 20:32:34 executing program 5: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffc00}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$PR_MPX_ENABLE_MANAGEMENT(0x2b) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000640)='/dev/kvm\x00', 0x101880, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_dev$vcsa(&(0x7f00000001c0)='/dev/vcsa#\x00', 0x9, 0x109002) creat(0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000140)="266426650f38f1b9fb4a36660feeb600580fc7590f0f009f04002e670f01c90f070f01cbddc7ba4300ed66b9c30d000066b80000c0fe66ba000000000f30", 0x3e}], 0x27e, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d0, 0x0, 0x0, 0x0, 0xfffffffffffffffe]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000180)='/dev/null\x00', 0x80001, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) creat(0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x0, 0x6, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x8004000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 20:32:34 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffc00}, 0x10080}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_DIRTY_TLB(0xffffffffffffffff, 0x400caeaa, &(0x7f0000000100)={0x0, 0x8}) prctl$PR_MPX_ENABLE_MANAGEMENT(0x2b) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000640)='/dev/kvm\x00', 0x101880, 0x0) syz_open_procfs(0x0, &(0x7f0000000200)='fd/4\x00\xa7$\xbf\x05l\xb8\t\xd0\x06\xae\b\x86$dV\x92M%\xfd)0m6Z\x05\xae\xa7\rM\bp\xa6Q\x871B\x973\xfe\x05\x12\xf3\xd496\xf9\x1aM6\xb2|\xc5\x05\xbc\xe71g\xe4<&\xd2\xd8g\xb6\xa2U\xae\x9a\x17F\xa5xi\xe8_\xa8R\x96d\x99\xf6_E\xd0\x8f<\xa840\xd6\x84\xd0\x17\xafP\'\xdc{\b\x94\x00Y+\x18N\\\xc9\x1f\a\xf9X\x125\xb9\xd6\xbf\x1a4V\x10\xa6Uq\xceN\xeb\xa8M\xb2?\xda\xfb\xb1\x9d\x94\x13O\xab\xde\xc0t\x8c\")\x05~\x0f\xb8\xf3\xf6d\xbe\xad\xee\"\xaa\x91\x05\xcb9A\x1a\x8d&\x9e\x81\xcf\x9eWvT\x8a\xbfl\x8a\x83%\xec\x94\xfd\x90\xeb\xb3\xa3\xa8\x90\x90\xdb\xc2X\xf48\xd1\x83Eu\xe5c\xd7\xb7qe\xab\xae\xef*\x9e\x95\xde\xa0\x894r[\\\xc4?\xb7\xcfo\xdb\xbeR\xc5\xbc\xb34\xbe}\xf7n/4}\xbc.t\x94\x1c%\xcb\x93\xea\"Aa(\xd6FX\xd8\b\xd1\x10N{\xe8\xbc)\xc8\x1e6\xff\x95\xa3\xf3\x84\xf4\xa5\xe8f\xc2@\x1f7h\xb3\xd6\xab\x9a\x03\x95>V\\\xc4%T\x94M\xc7`\x83\xa1\xa0\xc8gn\xe3\xfe\xef[\xb3\xbd\x18R\x1b=\xab\x97$\x03\xaa\x84C\x0eWD\xeea\xf5\xb9\x82\xea\xbd5:\"\xf6f/\xa1\x8f%8\xa8\x1e\xcf\xb6\xa7\xe1\x1b1\x94\xc1G\xf9\xfc\xc77\x1c\x00'/370) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_open_dev$vcsa(&(0x7f00000001c0)='/dev/vcsa#\x00', 0x9, 0x109002) getsockopt$netlink(r2, 0x10e, 0x0, 0x0, 0x0) creat(&(0x7f0000000840)='./bus\x00', 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000140)="266426650f38f1b9fb4a36660feeb600580fc7590f0f009f04002e670f01c90f070f01cbddc7ba4300ed66b9c30d000066b80000c0fe66ba000000000f30", 0x3e}], 0x27e, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x10000000008000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d0, 0x0, 0x0, 0x0, 0xfffffffffffffffe]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000180)='/dev/null\x00', 0x80001, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) open(&(0x7f0000000040)='.\x00', 0x0, 0x0) creat(0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x0, 0x6, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2000006100) 20:32:37 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x36}) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 20:32:37 executing program 1: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffc00}, 0x10080}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_DIRTY_TLB(0xffffffffffffffff, 0x400caeaa, &(0x7f0000000100)={0x0, 0x8}) prctl$PR_MPX_ENABLE_MANAGEMENT(0x2b) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000640)='/dev/kvm\x00', 0x101880, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_open_dev$vcsa(&(0x7f00000001c0)='/dev/vcsa#\x00', 0x9, 0x109002) getsockopt$netlink(r2, 0x10e, 0x0, 0x0, 0x0) creat(&(0x7f0000000840)='./bus\x00', 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000140)="266426650f38f1b9fb4a36660feeb600580fc7590f0f009f04002e670f01c90f070f01cbddc7ba4300ed66b9c30d000066b80000c0fe66ba000000000f30", 0x3e}], 0x27e, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x10000000008000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d0, 0x0, 0x0, 0x0, 0xfffffffffffffffe]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000180)='/dev/null\x00', 0x80001, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) open(&(0x7f0000000040)='.\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x0, 0x6, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x8004000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2000006100) 20:32:37 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0xfea7) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0) fcntl$lock(r2, 0x6, &(0x7f0000000140)) fcntl$lock(r2, 0x24, &(0x7f0000000100)) 20:32:37 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = getpid() ioctl$sock_SIOCSPGRP(r0, 0x8902, &(0x7f0000000200)=r1) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @remote}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x1000000020000000, &(0x7f0000000080)={0x2, 0x4e20, @remote}, 0x10) sendto$inet(r0, &(0x7f0000000240), 0x1192aca8268c9077, 0x3, 0x0, 0xffffffffffffff06) 20:32:37 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000080)="0800b5055e0bcfe87b2071") bind$inet6(r0, &(0x7f0000000380)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) 20:32:37 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) sendmsg$inet(r0, &(0x7f0000000300)={&(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10, 0x0, 0x0, &(0x7f00000002c0)=[@ip_ttl={{0x14, 0x0, 0x2, 0x7}}], 0x18}, 0x0) [ 265.519380][ T9584] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 20:32:37 executing program 0: pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$nl_route(0x10, 0x3, 0x0) splice(r0, 0x0, r2, 0x0, 0x1420000a77, 0x0) write(0xffffffffffffffff, &(0x7f0000000000)="220000002100070700be0000090007010a00001e00000000", 0x18) write$binfmt_elf64(r1, &(0x7f0000000000)=ANY=[], 0xfffffd88) [ 265.557181][ T9591] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 20:32:37 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000240)=ANY=[@ANYBLOB="611214000000000061138c0000000000bf200000000000002700000008ffffffbd0301000000000095000000000000006916000000000000bf67000000000000170600000fff07006706000002000000070600000ee60000bf050000000000001f650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070400000400f9ffad43010000000000950000000000000005000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00'}, 0x48) [ 265.722615][ T9599] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.0'. 20:32:37 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_udp_int(r0, 0x11, 0x68, &(0x7f0000000000)=0x84a, 0xfd38) 20:32:37 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_group_source_req(r0, 0x0, 0x2e, &(0x7f0000001780)={0x0, {{0x2, 0x0, @multicast1}}, {{0x2, 0x0, @remote}}}, 0x108) 20:32:37 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=@newlink={0x38, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_LINKINFO={0x18, 0x12, @vti={{0x8, 0x1, 'vti\x00'}, {0xc, 0x2, [@vti_common_policy=[@IFLA_VTI_LINK={0x8, 0x1, r5}]]}}}]}, 0x38}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@newlink={0x30, 0x10, 0x40d, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_LINKINFO={0x10, 0x12, @vti={{0x8, 0x1, 'vti\x00'}, {0x4}}}]}, 0x30}}, 0x0) 20:32:37 executing program 3: r0 = perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x800005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x800000, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000000)=0x6) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x3, 0x100000001) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r3, &(0x7f0000000480), 0x2e9, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) [ 266.509359][ T9627] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.0'. 20:32:40 executing program 4: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x36}) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 20:32:40 executing program 1: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x100000002) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0) 20:32:40 executing program 3: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x400000, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x1ee6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = gettid() clone(0x3000000a0160101, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x11) wait4(0x0, 0x0, 0x0, 0x0) 20:32:40 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_LAPIC(r3, 0x4040aea0, &(0x7f00000000c0)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b22645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"}) 20:32:40 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000080)="0800b5055e0bcfe87b2071") bind$inet6(r0, &(0x7f0000000380)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x3}, 0x1c) 20:32:40 executing program 0: r0 = socket$inet6(0xa, 0x80003, 0xff) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0800b5055e0bcfe87b2071") r1 = socket(0x10, 0x802, 0x0) write(r1, &(0x7f0000000240)="fc00000048000703ab092500090007000a060000000000000000369321000100ff0100000005d00000000000000398996c92773411419da79bb94b46fe000000bc00020000036c6c256f1a272f2e117c22ebc205214000000000008934d07302ad031720d7d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70c9ddef2fe082038f4f8b29d3ef3d92c83170e5bba4a463ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dd16b17e583df150c3b880f411f46a6b567b4d5715587e658a1ad0a4f01731d05b0350b0041f0d48f6f0000080548deac270e33429fd3000175e63fb8d38a873cf1587c3b41", 0xfc) 20:32:40 executing program 0: r0 = socket$inet6(0xa, 0x80003, 0xff) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0800b5055e0bcfe87b2071") r1 = socket(0x10, 0x802, 0x0) write(r1, &(0x7f0000000240)="fc00000048000703ab092500090007000a060000000000000000369321000100ff0100000005d00000000000000398996c92773411419da79bb94b46fe000000bc00020000036c6c256f1a272f2e117c22ebc205214000000000008934d07302ad031720d7d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70c9ddef2fe082038f4f8b29d3ef3d92c83170e5bba4a463ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dd16b17e583df150c3b880f411f46a6b567b4d5715587e658a1ad0a4f01731d05b0350b0041f0d48f6f0000080548deac270e33429fd3000175e63fb8d38a873cf1587c3b41", 0xfc) 20:32:40 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x98}, [@ldst={0x6, 0x0, 0x6}]}, &(0x7f0000003ff6)='G\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) 20:32:40 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$unix(0x1, 0x10004000000002, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f0000000140)='xfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x2, &(0x7f0000000600)=[{0x0, 0x0, 0x10001}, {&(0x7f00000001c0)="58465342d81c4a65f0441f743486de036edf1937b66ac4de6a1935fd765a45ce406ca916ab45aaccb6803bed3f5157ef00deef09003f000000001e1aa85ca187641218c2a06ffcd45bf7d790592d42e7d64b06bf54a040287f8494be731ab69cba03a1f0539364", 0x67}], 0x0, 0x0) 20:32:40 executing program 1: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) semctl$IPC_STAT(0x0, 0x0, 0x2, 0x0) 20:32:40 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) read(0xffffffffffffffff, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_LAPIC(r3, 0x4040aea0, &(0x7f00000000c0)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b22645cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"}) 20:32:40 executing program 0: r0 = socket$inet6(0xa, 0x80003, 0xff) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0800b5055e0bcfe87b2071") bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x2, [@int]}}, &(0x7f00000002c0)=""/250, 0x2a, 0xfa, 0x8}, 0x20) [ 269.078337][ T9672] BUG: unable to handle page fault for address: fffff52002c80000 [ 269.086226][ T9672] #PF: supervisor read access in kernel mode [ 269.092304][ T9672] #PF: error_code(0x0000) - not-present page [ 269.098260][ T9672] PGD 21ffee067 P4D 21ffee067 PUD aa11c067 PMD 5e3a4067 PTE 0 [ 269.105720][ T9672] Oops: 0000 [#1] PREEMPT SMP KASAN [ 269.110927][ T9672] CPU: 1 PID: 9672 Comm: syz-executor.3 Not tainted 5.4.0-next-20191129-syzkaller #0 [ 269.120378][ T9672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 269.123154][ T4093] kobject: 'loop5' (000000008d6a69bd): kobject_uevent_env [ 269.130536][ T9672] RIP: 0010:xfs_sb_read_verify+0xf0/0x540 [ 269.130555][ T9672] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 18 04 00 00 4d 8b ac 24 30 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e a7 03 00 00 41 8b 75 00 bf 58 [ 269.148216][ T4093] kobject: 'loop5' (000000008d6a69bd): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 269.163042][ T9672] RSP: 0018:ffffc900052c7918 EFLAGS: 00010a06 [ 269.163054][ T9672] RAX: dffffc0000000000 RBX: 1ffff92000a58f26 RCX: ffffc9000fb76000 [ 269.163060][ T9672] RDX: 1ffff92002c80000 RSI: ffffffff82a97e3b RDI: ffff888095a97a60 [ 269.163067][ T9672] RBP: ffffc900052c7af8 R08: ffff88805a0f8540 R09: ffffed1015ce7045 [ 269.163073][ T9672] R10: ffffed1015ce7044 R11: ffff8880ae738223 R12: ffff888095a97940 [ 269.163080][ T9672] R13: ffffc90016400000 R14: ffffc900052c7ad0 R15: ffff88805a180000 [ 269.163091][ T9672] FS: 00007fbd6fa78700(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000 [ 269.163098][ T9672] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 269.163105][ T9672] CR2: fffff52002c80000 CR3: 0000000090d33000 CR4: 00000000001406e0 [ 269.163114][ T9672] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 269.163120][ T9672] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 269.163125][ T9672] Call Trace: [ 269.163255][ T9672] ? blk_insert_cloned_request+0x530/0x530 [ 269.163281][ T9672] ? xfs_sb_write_verify+0x470/0x470 [ 269.186551][ T4093] kobject: 'loop1' (00000000208200d8): kobject_uevent_env [ 269.187556][ T9672] ? __bio_add_page+0x550/0x550 [ 269.187666][ T9672] ? __kasan_check_read+0x11/0x20 [ 269.187687][ T9672] ? blk_finish_plug+0x8f/0xa2 [ 269.205892][ T4093] kobject: 'loop1' (00000000208200d8): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 269.211654][ T9672] ? _xfs_buf_ioapply+0xa35/0x10f0 [ 269.211737][ T9672] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 269.319732][ T9672] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 269.325770][ T9672] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 269.332192][ T9672] xfs_buf_ioend+0x3f9/0xde0 [ 269.337777][ T9672] __xfs_buf_submit+0x391/0xe70 [ 269.343434][ T9672] ? _raw_spin_unlock_irqrestore+0x9f/0xe0 [ 269.349250][ T9672] xfs_buf_read_uncached+0x164/0x550 [ 269.354573][ T9672] xfs_readsb+0x2c6/0x530 [ 269.358917][ T9672] ? xfs_initialize_perag+0x560/0x560 [ 269.364397][ T9672] ? _raw_spin_unlock_irqrestore+0x9f/0xe0 [ 269.370200][ T9672] xfs_fc_fill_super+0x3e7/0x11c0 [ 269.375356][ T9672] get_tree_bdev+0x414/0x650 [ 269.379951][ T9672] ? xfs_mount_free+0x80/0x80 [ 269.384751][ T9672] xfs_fc_get_tree+0x1d/0x30 [ 269.389326][ T9672] vfs_get_tree+0x8e/0x300 [ 269.393811][ T9672] do_mount+0x135a/0x1b50 [ 269.398127][ T9672] ? copy_mount_string+0x40/0x40 [ 269.403132][ T9672] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 269.409369][ T9672] ? copy_mount_options+0x2e8/0x3f0 [ 269.414594][ T9672] ksys_mount+0xdb/0x150 [ 269.418906][ T9672] __x64_sys_mount+0xbe/0x150 [ 269.423809][ T9672] do_syscall_64+0xfa/0x790 [ 269.428844][ T9672] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 269.434811][ T9672] RIP: 0033:0x45d0ca [ 269.438725][ T9672] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 269.462955][ T9672] RSP: 002b:00007fbd6fa77a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 269.471464][ T9672] RAX: ffffffffffffffda RBX: 00007fbd6fa77b40 RCX: 000000000045d0ca [ 269.479676][ T9672] RDX: 00007fbd6fa77ae0 RSI: 0000000020000180 RDI: 00007fbd6fa77b00 [ 269.487938][ T9672] RBP: 0000000000000002 R08: 00007fbd6fa77b40 R09: 00007fbd6fa77ae0 [ 269.495963][ T9672] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000005 [ 269.504205][ T9672] R13: 00000000004ca26c R14: 00000000004e28a8 R15: 00000000ffffffff [ 269.512575][ T9672] Modules linked in: [ 269.516598][ T9672] CR2: fffff52002c80000 [ 269.521020][ T9672] ---[ end trace 14ad0c9c94df6cda ]--- [ 269.526845][ T9672] RIP: 0010:xfs_sb_read_verify+0xf0/0x540 [ 269.532556][ T9672] Code: fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 18 04 00 00 4d 8b ac 24 30 01 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 ea 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e a7 03 00 00 41 8b 75 00 bf 58 [ 269.552306][ T9672] RSP: 0018:ffffc900052c7918 EFLAGS: 00010a06 [ 269.558366][ T9672] RAX: dffffc0000000000 RBX: 1ffff92000a58f26 RCX: ffffc9000fb76000 [ 269.566328][ T9672] RDX: 1ffff92002c80000 RSI: ffffffff82a97e3b RDI: ffff888095a97a60 [ 269.574291][ T9672] RBP: ffffc900052c7af8 R08: ffff88805a0f8540 R09: ffffed1015ce7045 [ 269.582254][ T9672] R10: ffffed1015ce7044 R11: ffff8880ae738223 R12: ffff888095a97940 [ 269.590232][ T9672] R13: ffffc90016400000 R14: ffffc900052c7ad0 R15: ffff88805a180000 [ 269.598334][ T9672] FS: 00007fbd6fa78700(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000 [ 269.607269][ T9672] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 269.613846][ T9672] CR2: fffff52002c80000 CR3: 0000000090d33000 CR4: 00000000001406e0 [ 269.621917][ T9672] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 269.629971][ T9672] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 269.637935][ T9672] Kernel panic - not syncing: Fatal exception [ 269.645289][ T9672] Kernel Offset: disabled [ 269.649631][ T9672] Rebooting in 86400 seconds..