[ 52.205523] audit: type=1800 audit(1545321745.254:25): pid=6409 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 53.745351] kauditd_printk_skb: 3 callbacks suppressed [ 53.745378] audit: type=1800 audit(1545321746.794:29): pid=6409 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 53.770132] audit: type=1800 audit(1545321746.794:30): pid=6409 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.73' (ECDSA) to the list of known hosts. 2018/12/20 16:02:39 fuzzer started 2018/12/20 16:02:44 dialing manager at 10.128.0.26:46613 2018/12/20 16:02:44 syscalls: 1 2018/12/20 16:02:44 code coverage: enabled 2018/12/20 16:02:44 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/12/20 16:02:44 setuid sandbox: enabled 2018/12/20 16:02:44 namespace sandbox: enabled 2018/12/20 16:02:44 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/20 16:02:44 fault injection: enabled 2018/12/20 16:02:44 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/20 16:02:44 net packet injection: enabled 2018/12/20 16:02:44 net device setup: enabled 16:03:44 executing program 0: io_setup(0x3, &(0x7f0000000280)=0x0) r1 = openat$md(0xffffffffffffff9c, &(0x7f0000000040)='/dev/md0\x00', 0x0, 0x0) close(r1) socket$rds(0x15, 0x5, 0x0) io_submit(r0, 0x1, &(0x7f0000000b00)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) syzkaller login: [ 132.375743] IPVS: ftp: loaded support on port[0] = 21 [ 133.826949] bridge0: port 1(bridge_slave_0) entered blocking state [ 133.833659] bridge0: port 1(bridge_slave_0) entered disabled state [ 133.842163] device bridge_slave_0 entered promiscuous mode [ 133.930909] bridge0: port 2(bridge_slave_1) entered blocking state [ 133.937747] bridge0: port 2(bridge_slave_1) entered disabled state [ 133.946345] device bridge_slave_1 entered promiscuous mode [ 134.031326] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 134.115592] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 134.376792] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 134.467946] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 134.554696] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 134.561847] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 134.648012] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 134.655114] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 134.914995] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 134.923745] team0: Port device team_slave_0 added [ 135.007702] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 135.016490] team0: Port device team_slave_1 added [ 135.104292] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 135.196051] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 135.283139] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 135.290794] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 135.300165] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 135.388747] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 135.396525] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 135.405845] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 16:03:48 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r0, 0x80045301, 0xffffffffffffffff) [ 136.118759] IPVS: ftp: loaded support on port[0] = 21 [ 136.739221] bridge0: port 2(bridge_slave_1) entered blocking state [ 136.745857] bridge0: port 2(bridge_slave_1) entered forwarding state [ 136.753086] bridge0: port 1(bridge_slave_0) entered blocking state [ 136.759644] bridge0: port 1(bridge_slave_0) entered forwarding state [ 136.768973] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 136.776579] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 138.331104] bridge0: port 1(bridge_slave_0) entered blocking state [ 138.337766] bridge0: port 1(bridge_slave_0) entered disabled state [ 138.346071] device bridge_slave_0 entered promiscuous mode [ 138.490430] bridge0: port 2(bridge_slave_1) entered blocking state [ 138.497069] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.505551] device bridge_slave_1 entered promiscuous mode [ 138.589547] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 138.715211] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 139.083024] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 139.199446] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 139.952793] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 139.961386] team0: Port device team_slave_0 added [ 140.046400] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 140.055283] team0: Port device team_slave_1 added [ 140.211989] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 140.219095] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 140.228093] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 16:03:53 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="f36e0f20e06635002000000f22e00f30f20f1024660fdb03b894008ed00f20d86635200000000f22d80f35650f01c90f30", 0x31}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000380)=ANY=[@ANYBLOB="020000000000000003002e0a7b21376e917b33f169de19be7b0000ff0f00000101"]) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 140.339422] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 140.347013] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 140.356247] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 140.525436] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 140.533301] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 140.542410] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 140.720771] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 140.728547] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 140.737865] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 140.868786] IPVS: ftp: loaded support on port[0] = 21 [ 142.659813] bridge0: port 2(bridge_slave_1) entered blocking state [ 142.666468] bridge0: port 2(bridge_slave_1) entered forwarding state [ 142.673708] bridge0: port 1(bridge_slave_0) entered blocking state [ 142.680268] bridge0: port 1(bridge_slave_0) entered forwarding state [ 142.689480] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 142.696360] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 143.133027] 8021q: adding VLAN 0 to HW filter on device bond0 [ 143.657559] bridge0: port 1(bridge_slave_0) entered blocking state [ 143.664243] bridge0: port 1(bridge_slave_0) entered disabled state [ 143.672591] device bridge_slave_0 entered promiscuous mode [ 143.823048] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 143.836909] bridge0: port 2(bridge_slave_1) entered blocking state [ 143.843565] bridge0: port 2(bridge_slave_1) entered disabled state [ 143.852026] device bridge_slave_1 entered promiscuous mode [ 144.002175] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 144.160313] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 144.489734] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 144.496211] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 144.504431] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 144.702607] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 144.869299] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 145.080430] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 145.087522] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 145.161907] 8021q: adding VLAN 0 to HW filter on device team0 [ 145.261951] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 145.268946] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 145.794850] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 145.803477] team0: Port device team_slave_0 added [ 145.966220] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 145.975072] team0: Port device team_slave_1 added [ 146.155124] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 146.162272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 146.171194] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 146.350025] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 146.357232] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 146.366311] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 146.506941] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 146.514756] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 146.524191] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 146.660311] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 146.668671] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 146.677715] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 16:04:01 executing program 3: openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x0, 0x0) r0 = syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x0, 0x0) clone(0x2000802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_NR_MMU_PAGES(r0, 0xc0109207, 0x20000000) [ 148.620168] bridge0: port 2(bridge_slave_1) entered blocking state [ 148.626850] bridge0: port 2(bridge_slave_1) entered forwarding state [ 148.634091] bridge0: port 1(bridge_slave_0) entered blocking state [ 148.640652] bridge0: port 1(bridge_slave_0) entered forwarding state [ 148.649945] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 148.656601] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 149.125882] IPVS: ftp: loaded support on port[0] = 21 16:04:02 executing program 0: io_setup(0x3, &(0x7f0000000280)=0x0) r1 = openat$md(0xffffffffffffff9c, &(0x7f0000000040)='/dev/md0\x00', 0x0, 0x0) close(r1) socket$rds(0x15, 0x5, 0x0) io_submit(r0, 0x1, &(0x7f0000000b00)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) 16:04:02 executing program 0: io_setup(0x3, &(0x7f0000000280)=0x0) r1 = openat$md(0xffffffffffffff9c, &(0x7f0000000040)='/dev/md0\x00', 0x0, 0x0) close(r1) socket$rds(0x15, 0x5, 0x0) io_submit(r0, 0x1, &(0x7f0000000b00)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) 16:04:02 executing program 0: io_setup(0x3, &(0x7f0000000280)=0x0) r1 = openat$md(0xffffffffffffff9c, &(0x7f0000000040)='/dev/md0\x00', 0x0, 0x0) close(r1) socket$rds(0x15, 0x5, 0x0) io_submit(r0, 0x1, &(0x7f0000000b00)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) 16:04:03 executing program 0: r0 = syz_open_dev$video(&(0x7f00000000c0)='/dev/video#\x00', 0x39, 0x0) ioctl$VIDIOC_S_PARM(r0, 0xc0cc5616, &(0x7f0000000100)={0x1, @raw_data="e9a0bb03361fcf053fc28d72e32a60f66617d009cbc6332f2da641d41354ba0acc442cfbeafaa03e4a941dbab285fe0cfe25f42d04af67802979cf6b6166b2151aa7c40ea2aaccf0192f3c18c929f86bacd97637b55fe08f00a479ac17db76ed08fcadf9608f0abb08a07142ef2924eca9581c7cee90f41c58a8bfae300a86b8831a5e73a93cb4b4865be2e847cb270b57cf2e8d367ce40674173711a5d41e076050d6a49bc49eee67a54d1e6d742efd581c2d9937db797303887abaafcd0ba3f82e40dc32e5826d"}) 16:04:03 executing program 0: r0 = syz_open_dev$video(&(0x7f00000000c0)='/dev/video#\x00', 0x39, 0x0) ioctl$VIDIOC_S_PARM(r0, 0xc0cc5616, &(0x7f0000000100)={0x1, @raw_data="e9a0bb03361fcf053fc28d72e32a60f66617d009cbc6332f2da641d41354ba0acc442cfbeafaa03e4a941dbab285fe0cfe25f42d04af67802979cf6b6166b2151aa7c40ea2aaccf0192f3c18c929f86bacd97637b55fe08f00a479ac17db76ed08fcadf9608f0abb08a07142ef2924eca9581c7cee90f41c58a8bfae300a86b8831a5e73a93cb4b4865be2e847cb270b57cf2e8d367ce40674173711a5d41e076050d6a49bc49eee67a54d1e6d742efd581c2d9937db797303887abaafcd0ba3f82e40dc32e5826d"}) 16:04:03 executing program 0: r0 = syz_open_dev$video(&(0x7f00000000c0)='/dev/video#\x00', 0x39, 0x0) ioctl$VIDIOC_S_PARM(r0, 0xc0cc5616, &(0x7f0000000100)={0x1, @raw_data="e9a0bb03361fcf053fc28d72e32a60f66617d009cbc6332f2da641d41354ba0acc442cfbeafaa03e4a941dbab285fe0cfe25f42d04af67802979cf6b6166b2151aa7c40ea2aaccf0192f3c18c929f86bacd97637b55fe08f00a479ac17db76ed08fcadf9608f0abb08a07142ef2924eca9581c7cee90f41c58a8bfae300a86b8831a5e73a93cb4b4865be2e847cb270b57cf2e8d367ce40674173711a5d41e076050d6a49bc49eee67a54d1e6d742efd581c2d9937db797303887abaafcd0ba3f82e40dc32e5826d"}) [ 150.577137] 8021q: adding VLAN 0 to HW filter on device bond0 16:04:03 executing program 0: r0 = syz_open_dev$video(&(0x7f00000000c0)='/dev/video#\x00', 0x39, 0x0) ioctl$VIDIOC_S_PARM(r0, 0xc0cc5616, &(0x7f0000000100)={0x1, @raw_data="e9a0bb03361fcf053fc28d72e32a60f66617d009cbc6332f2da641d41354ba0acc442cfbeafaa03e4a941dbab285fe0cfe25f42d04af67802979cf6b6166b2151aa7c40ea2aaccf0192f3c18c929f86bacd97637b55fe08f00a479ac17db76ed08fcadf9608f0abb08a07142ef2924eca9581c7cee90f41c58a8bfae300a86b8831a5e73a93cb4b4865be2e847cb270b57cf2e8d367ce40674173711a5d41e076050d6a49bc49eee67a54d1e6d742efd581c2d9937db797303887abaafcd0ba3f82e40dc32e5826d"}) 16:04:03 executing program 0: unshare(0x20400) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) close(r0) fsync(r0) 16:04:04 executing program 0: unshare(0x20400) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) close(r0) fsync(r0) [ 151.380569] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 151.994824] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 152.001139] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 152.009436] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 152.400489] bridge0: port 1(bridge_slave_0) entered blocking state [ 152.407085] bridge0: port 1(bridge_slave_0) entered disabled state [ 152.415456] device bridge_slave_0 entered promiscuous mode [ 152.574481] bridge0: port 2(bridge_slave_1) entered blocking state [ 152.581013] bridge0: port 2(bridge_slave_1) entered disabled state [ 152.589238] device bridge_slave_1 entered promiscuous mode [ 152.649363] 8021q: adding VLAN 0 to HW filter on device team0 [ 152.705157] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 152.805394] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 153.365612] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 153.575065] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 153.770952] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 153.778082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 154.000555] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 154.007811] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 154.551367] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 154.560092] team0: Port device team_slave_0 added [ 154.730306] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 154.738951] team0: Port device team_slave_1 added [ 154.879159] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 154.886268] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 154.895203] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 155.071679] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 155.078662] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 155.087564] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 155.227658] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 155.235346] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 155.244268] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 155.409942] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 155.417619] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 155.427077] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 156.092925] 8021q: adding VLAN 0 to HW filter on device bond0 16:04:09 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r0, 0x80045301, 0xffffffffffffffff) [ 156.722670] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 157.160731] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.167381] bridge0: port 2(bridge_slave_1) entered forwarding state [ 157.174536] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.181083] bridge0: port 1(bridge_slave_0) entered forwarding state [ 157.190412] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 157.196974] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 157.332035] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 157.338332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 157.346208] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 157.929677] 8021q: adding VLAN 0 to HW filter on device team0 [ 161.084150] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 16:04:14 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="f36e0f20e06635002000000f22e00f30f20f1024660fdb03b894008ed00f20d86635200000000f22d80f35650f01c90f30", 0x31}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000380)=ANY=[@ANYBLOB="020000000000000003002e0a7b21376e917b33f169de19be7b0000ff0f00000101"]) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 162.048236] 8021q: adding VLAN 0 to HW filter on device bond0 [ 162.220355] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 162.388589] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 162.394868] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 162.402504] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 162.574458] 8021q: adding VLAN 0 to HW filter on device team0 16:04:16 executing program 4: unshare(0x20400) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) close(r0) fsync(r0) 16:04:16 executing program 5: ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000000)=0x0) ptrace$getenv(0x4201, r0, 0x4, &(0x7f0000000040)) r1 = open(&(0x7f0000000080)='./file0\x00', 0x22001, 0x165) ioctl$VIDIOC_S_SELECTION(r1, 0xc040565f, &(0x7f00000000c0)={0x7, 0x102, 0x7, {0x0, 0x4, 0xda8000000000, 0x3}}) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000100)={0xffffffffffffffff}, 0x111, 0xb}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r1, &(0x7f0000000180)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e21, 0x2, @loopback}, r2}}, 0x30) write$RDMA_USER_CM_CMD_BIND_IP(r1, &(0x7f00000001c0)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e20, 0x3ff}, r2}}, 0x30) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r1, 0x84, 0x1a, &(0x7f0000000200)={0x0, 0xff, "068f0ff2973058484100097ef5916edbcb65c58249cc067bd7afac7831b4228874687097f5de4804b9e353ada2fd2b688a9e16585f06f327a013fa90dc47b681459326ea60fb042e675cb9fa16cb62d11046ce9899e42ccf120d3f310378ec64ae068113557fd5f541092674e62eda5d6c1efcb478bafa8e6021c2e954a67bd7b54e76e928a711eb9ad0c94b6424bffc4023fb0109f640abb9ecfddefaf17baf40840ac90f3a8b07a3e33829bbe6a039f45f9f9ff32a9513cf18c834ead115b0124c378837c7049032731a55cb57f44d7aacd7e4d448d779680b66442e5b30bffaf7365584b3b033ce3a371b208446cb7ab75444f1daf14b8b80485b985ba0"}, &(0x7f0000000340)=0x107) getsockopt$inet_sctp_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000380)={r3, 0x4}, &(0x7f00000003c0)=0x8) setrlimit(0x9, &(0x7f0000000400)={0x4, 0x10000}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000440)={[{0x1948, 0x8, 0x4, 0x5, 0x52, 0x1, 0x1, 0x1, 0x9930000, 0x67685bcd, 0x0, 0x80, 0x1}, {0x400, 0x5, 0xfffffffffffffff7, 0x3, 0x4, 0x1, 0x137, 0x6e3d2528, 0x8aa, 0x1f, 0xa41a, 0x1000, 0x1}, {0xfff, 0x7, 0x1ff, 0x30a, 0x32, 0xfffffffffffffff7, 0xffffffffffffffff, 0xb929, 0x1000, 0x5, 0x8001, 0x3f, 0x3}], 0x8ec6}) ioctl$LOOP_GET_STATUS64(r1, 0x4c05, &(0x7f00000004c0)) ioctl$VIDIOC_S_MODULATOR(r1, 0x40445637, &(0x7f00000005c0)={0xaa, "a40ec9dffda1ef945893400b075775c973eeda12ad7f284d855774073d8c464d", 0x100, 0x3, 0x100000001, 0x4, 0x5}) ioctl$BLKPBSZGET(r1, 0x127b, &(0x7f0000000640)) r4 = accept(r1, &(0x7f0000000680)=@l2, &(0x7f0000000700)=0x80) r5 = syz_open_dev$amidi(&(0x7f0000000780)='/dev/amidi#\x00', 0x4, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000007c0)={0xf001, &(0x7f0000000740), 0x2, r5, 0x5}) ioctl$sock_SIOCGIFBR(r5, 0x8940, &(0x7f0000000800)=@generic={0x0, 0x80, 0x400}) getsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f0000000840)={{{@in=@dev, @in6}}, {{@in6}, 0x0, @in6=@mcast1}}, &(0x7f0000000940)=0xe8) fcntl$F_GET_RW_HINT(r5, 0x40b, &(0x7f0000000980)) recvfrom(r5, &(0x7f00000009c0)=""/13, 0xd, 0x41, &(0x7f0000000a00)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x11}}, 0x1, 0x0, 0x1}}, 0x80) setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0x7, &(0x7f0000000a80)={0x1, 0x5, 0x1}, 0x10) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000001bc0)={0x3, 0x0, &(0x7f0000000ac0)=""/4096, &(0x7f0000001ac0)=""/35, &(0x7f0000001b00)=""/145}) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000001c00)=0x441, 0x4) ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f0000001c40)={r1, 0x0, 0xfffffffffffffff8, r1}) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000001c80)=[@in={0x2, 0x4e21, @multicast1}, @in6={0xa, 0x4e20, 0x5, @mcast2, 0xdd}, @in={0x2, 0x4e21, @rand_addr=0x8000}, @in6={0xa, 0x4e24, 0x24, @ipv4={[], [], @empty}, 0x1}, @in6={0xa, 0x4e24, 0xfff, @mcast1, 0x401}], 0x74) openat$kvm(0xffffffffffffff9c, &(0x7f0000001d00)='/dev/kvm\x00', 0x401, 0x0) ioctl$VHOST_GET_FEATURES(r5, 0x8008af00, &(0x7f0000001d40)) write$P9_RREADLINK(r1, &(0x7f0000001d80)={0x10, 0x17, 0x1, {0x7, './file0'}}, 0x10) setsockopt$EBT_SO_SET_ENTRIES(r5, 0x0, 0x80, &(0x7f0000002700)=@broute={'broute\x00', 0x20, 0x5, 0x8e0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20001e00], 0x0, &(0x7f0000001dc0), &(0x7f0000001e00)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x3, 0x4, 0x6007, 'erspan0\x00', 'ip6gre0\x00', 'team0\x00', 'veth1_to_team\x00', @dev={[], 0x19}, [0xff, 0xff, 0xff, 0xff, 0x0, 0xff], @broadcast, [0xff, 0xff, 0x0, 0xff], 0x70, 0x1d8, 0x208}, [@common=@mark={'mark\x00', 0x10, {{0xfffffff0, 0xfffffffffffffffc}}}, @common=@SECMARK={'SECMARK\x00', 0x108, {{0x1, 0x4, 'system_u:object_r:pinentry_exec_t:s0\x00'}}}]}, @common=@STANDARD={'\x00', 0x8, {0xffffffffffffffff}}}]}, {0x0, '\x00', 0x1, 0xfffffffffffffffe, 0x1, [{{{0x5, 0x3b, 0x0, 'bridge_slave_1\x00', 'vlan0\x00', '\x00', 'eql\x00', @remote, [0x0, 0xff, 0xff, 0xff, 0xff], @local, [0x0, 0xff, 0xff, 0xff, 0xff, 0xff], 0xe8, 0xe8, 0x118, [@cluster={'cluster\x00', 0x10, {{0x6, 0x1, 0xfffffffffffffffc, 0x1}}}, @quota={'quota\x00', 0x18, {{0x1, 0x0, 0x7f, 0xabd8}}}]}}, @common=@NFQUEUE0={'NFQUEUE\x00', 0x8, {{0x14000000}}}}]}, {0x0, '\x00', 0x2, 0xfffffffffffffffc, 0x1, [{{{0x13, 0x4, 0x880d, 'veth1\x00', 'tunl0\x00', 'bond_slave_1\x00', 'erspan0\x00', @link_local, [0x0, 0xff, 0xff, 0xff], @dev={[], 0xc}, [0x0, 0xff, 0x0, 0xff, 0xff], 0xe0, 0x110, 0x240, [@connbytes={'connbytes\x00', 0x18, {{0x8, 0x4}}}, @vlan={'vlan\x00', 0x8, {{0x2, 0x4, 0x6007, 0x4, 0x4}}}]}, [@common=@CONNSECMARK={'CONNSECMARK\x00', 0x8, {{0x1}}}]}, @common=@SECMARK={'SECMARK\x00', 0x108, {{0x1, 0x8, 'system_u:object_r:ksm_device_t:s0\x00'}}}}]}, {0x0, '\x00', 0x3, 0xffffffffffffffff, 0x2, [{{{0x0, 0x0, 0x9100, 'bond_slave_1\x00', 'veth1_to_bond\x00', 'bridge_slave_0\x00', 'team_slave_1\x00', @random="bd14adb9d269", [0x0, 0x0, 0xff, 0xff, 0xff, 0xff], @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, [0xff, 0xff, 0xff], 0xc0, 0x148, 0x198, [@nfacct={'nfacct\x00', 0x28, {{'syz0\x00', 0x1}}}]}, [@common=@dnat={'dnat\x00', 0x10, {{@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, 0xffffffffffffffff}}}, @common=@log={'log\x00', 0x28, {{0xfffffffffffff000, "9fa26cc6c18e39c5538394025722e0c53620a6ac9652f9d24b7788172493", 0xb}}}]}, @common=@IDLETIMER={'IDLETIMER\x00', 0x28, {{0x7, 'syz0\x00', 0x100}}}}, {{{0x15, 0x24, 0xdbda, 'ip6_vti0\x00', 'bridge0\x00', 'veth0\x00', 'syzkaller1\x00', @empty, [0xff, 0x0, 0x0, 0xff, 0xff, 0xff], @dev={[], 0x11}, [0x0, 0xff], 0xb0, 0xe0, 0x128, [@connbytes={'connbytes\x00', 0x18, {{0x7fffffff, 0x8, 0x3, 0x3}}}]}, [@common=@STANDARD={'\x00', 0x8, {0xfffffffffffffffd}}]}, @common=@ERROR={'ERROR\x00', 0x20, {"9ac34d6b04118aaeadad83c8b1ba70932fc1601e57f53d575bac979b10c1"}}}]}]}, 0x958) 16:04:16 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r0, 0x80045301, 0xffffffffffffffff) 16:04:16 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="f36e0f20e06635002000000f22e00f30f20f1024660fdb03b894008ed00f20d86635200000000f22d80f35650f01c90f30", 0x31}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000380)=ANY=[@ANYBLOB="020000000000000003002e0a7b21376e917b33f169de19be7b0000ff0f00000101"]) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:04:16 executing program 0: unshare(0x20400) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) close(r0) fsync(r0) 16:04:16 executing program 3: openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x0, 0x0) r0 = syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x0, 0x0) clone(0x2000802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_NR_MMU_PAGES(r0, 0xc0109207, 0x20000000) 16:04:16 executing program 3: openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x0, 0x0) r0 = syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x0, 0x0) clone(0x2000802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_NR_MMU_PAGES(r0, 0xc0109207, 0x20000000) 16:04:17 executing program 1: r0 = syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r0, 0x80045301, 0xffffffffffffffff) 16:04:17 executing program 0: unshare(0x20400) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) close(r0) fsync(r0) 16:04:17 executing program 3: openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x0, 0x0) r0 = syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x0, 0x0) clone(0x2000802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_NR_MMU_PAGES(r0, 0xc0109207, 0x20000000) 16:04:17 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="f36e0f20e06635002000000f22e00f30f20f1024660fdb03b894008ed00f20d86635200000000f22d80f35650f01c90f30", 0x31}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000380)=ANY=[@ANYBLOB="020000000000000003002e0a7b21376e917b33f169de19be7b0000ff0f00000101"]) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:04:17 executing program 1: r0 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x0) ioctl$VIDIOC_LOG_STATUS(r0, 0x5646, 0x0) [ 164.345924] Sensor A: ================= START STATUS ================= [ 164.353001] Sensor A: Test Pattern: 75% Colorbar [ 164.357811] Sensor A: Vertical Flip: false [ 164.362213] Sensor A: Horizontal Flip: false [ 164.366674] Sensor A: Brightness: 128 [ 164.370524] Sensor A: Contrast: 128 [ 164.374354] Sensor A: Hue: 0 [ 164.377428] Sensor A: Saturation: 128 [ 164.381272] Sensor A: ================== END STATUS ================== [ 164.637851] IPVS: ftp: loaded support on port[0] = 21 [ 164.715556] IPVS: ftp: loaded support on port[0] = 21 [ 166.062513] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.069216] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.077648] device bridge_slave_0 entered promiscuous mode [ 166.129774] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.136391] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.144694] device bridge_slave_0 entered promiscuous mode [ 166.162282] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.168827] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.177295] device bridge_slave_1 entered promiscuous mode [ 166.229625] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.236302] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.244623] device bridge_slave_1 entered promiscuous mode [ 166.259343] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 166.324811] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 166.340698] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 166.404514] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 166.595281] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 166.657859] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 166.683708] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 166.749466] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 166.765785] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 166.772936] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 166.832962] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 166.839986] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 166.857762] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 166.864892] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 166.923011] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 166.930058] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 167.117564] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 167.126302] team0: Port device team_slave_0 added [ 167.182320] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 167.190993] team0: Port device team_slave_0 added [ 167.208400] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 167.217195] team0: Port device team_slave_1 added [ 167.272013] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 167.280665] team0: Port device team_slave_1 added [ 167.300027] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 167.362185] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 167.392920] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 167.447282] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 167.480116] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 167.488861] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 167.498177] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 167.535725] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 167.543486] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 167.553491] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 167.593151] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 167.600941] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 167.611194] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 167.648913] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 167.656796] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 167.665977] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 168.525733] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.532351] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.539465] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.546111] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.554840] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 168.568176] bridge0: port 2(bridge_slave_1) entered blocking state [ 168.574816] bridge0: port 2(bridge_slave_1) entered forwarding state [ 168.582103] bridge0: port 1(bridge_slave_0) entered blocking state [ 168.588677] bridge0: port 1(bridge_slave_0) entered forwarding state [ 168.597939] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 168.691807] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 168.699829] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 171.949440] 8021q: adding VLAN 0 to HW filter on device bond0 [ 171.966423] 8021q: adding VLAN 0 to HW filter on device bond0 [ 172.251216] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 172.266457] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 172.549842] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 172.556221] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 172.564325] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 172.580355] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 172.587869] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 172.595871] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 172.863553] 8021q: adding VLAN 0 to HW filter on device team0 [ 172.901032] 8021q: adding VLAN 0 to HW filter on device team0 16:04:28 executing program 4: unshare(0x20400) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) close(r0) fsync(r0) 16:04:28 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f00004f9fe4)={0xc, 0x0, 0x4, 0x100000001, 0x14}, 0x1c) 16:04:28 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = userfaultfd(0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_REGISTER(r1, 0xc028aa03, &(0x7f00000a0fe0)={{&(0x7f00005e3000/0x800000)=nil, 0x730000}, 0x200000}) tkill(r0, 0x16) 16:04:28 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000016c0)={0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, 0x0, r1) 16:04:28 executing program 1: r0 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x0) ioctl$VIDIOC_LOG_STATUS(r0, 0x5646, 0x0) 16:04:28 executing program 5: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000004fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$inet6_int(r1, 0x29, 0x17, &(0x7f0000000080), &(0x7f0000013000)=0x4) close(r0) [ 174.993504] Sensor A: ================= START STATUS ================= [ 175.000607] Sensor A: Test Pattern: 75% Colorbar [ 175.005664] Sensor A: Vertical Flip: false [ 175.009947] Sensor A: Horizontal Flip: false [ 175.014566] Sensor A: Brightness: 128 [ 175.018422] Sensor A: Contrast: 128 [ 175.022212] Sensor A: Hue: 0 [ 175.025289] Sensor A: Saturation: 128 [ 175.029132] Sensor A: ================== END STATUS ================== 16:04:28 executing program 1: r0 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x0) ioctl$VIDIOC_LOG_STATUS(r0, 0x5646, 0x0) 16:04:28 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000016c0)={0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, 0x0, r1) 16:04:28 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f00004f9fe4)={0xc, 0x0, 0x4, 0x100000001, 0x14}, 0x1c) 16:04:28 executing program 4: unshare(0x20400) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) close(r0) fsync(r0) 16:04:28 executing program 5: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000004fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$inet6_int(r1, 0x29, 0x17, &(0x7f0000000080), &(0x7f0000013000)=0x4) close(r0) [ 175.313401] Sensor A: ================= START STATUS ================= [ 175.320387] Sensor A: Test Pattern: 75% Colorbar [ 175.325324] Sensor A: Vertical Flip: false [ 175.329607] Sensor A: Horizontal Flip: false [ 175.334426] Sensor A: Brightness: 128 [ 175.338282] Sensor A: Contrast: 128 [ 175.342051] Sensor A: Hue: 0 [ 175.345163] Sensor A: Saturation: 128 [ 175.349037] Sensor A: ================== END STATUS ================== 16:04:28 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f00004f9fe4)={0xc, 0x0, 0x4, 0x100000001, 0x14}, 0x1c) 16:04:28 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000016c0)={0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, 0x0, r1) 16:04:28 executing program 3: bpf$MAP_CREATE(0x0, &(0x7f00004f9fe4)={0xc, 0x0, 0x4, 0x100000001, 0x14}, 0x1c) 16:04:28 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = userfaultfd(0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_REGISTER(r1, 0xc028aa03, &(0x7f00000a0fe0)={{&(0x7f00005e3000/0x800000)=nil, 0x730000}, 0x200000}) tkill(r0, 0x16) 16:04:28 executing program 1: r0 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x0) ioctl$VIDIOC_LOG_STATUS(r0, 0x5646, 0x0) 16:04:28 executing program 5: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000004fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$inet6_int(r1, 0x29, 0x17, &(0x7f0000000080), &(0x7f0000013000)=0x4) close(r0) 16:04:28 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000016c0)={0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, 0x0, r1) 16:04:28 executing program 3: perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) 16:04:28 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000016c0)={0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, 0x0, r1) [ 175.952766] Sensor A: ================= START STATUS ================= [ 175.959755] Sensor A: Test Pattern: 75% Colorbar [ 175.964708] Sensor A: Vertical Flip: false [ 175.968992] Sensor A: Horizontal Flip: false [ 175.973536] Sensor A: Brightness: 128 [ 175.977399] Sensor A: Contrast: 128 [ 175.981079] Sensor A: Hue: 0 [ 175.984254] Sensor A: Saturation: 128 [ 175.988166] Sensor A: ================== END STATUS ================== 16:04:29 executing program 5: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000004fe0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$inet6_int(r1, 0x29, 0x17, &(0x7f0000000080), &(0x7f0000013000)=0x4) close(r0) 16:04:29 executing program 3: perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) 16:04:29 executing program 2: perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) 16:04:29 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000016c0)={0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, 0x0, r1) 16:04:29 executing program 1: io_setup(0x3, &(0x7f0000000240)=0x0) r1 = openat$md(0xffffffffffffff9c, &(0x7f0000000040)='/dev/md0\x00', 0x0, 0x0) close(r1) io_submit(r0, 0x1, &(0x7f0000000b00)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x3, 0x0, r1, 0x0}]) 16:04:29 executing program 5: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) listen(r0, 0x7) r1 = socket$netlink(0x10, 0x3, 0x400000000000004) writev(r1, &(0x7f000051c000)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c560a84ed7a80ffe00600000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1) 16:04:29 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = userfaultfd(0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_REGISTER(r1, 0xc028aa03, &(0x7f00000a0fe0)={{&(0x7f00005e3000/0x800000)=nil, 0x730000}, 0x200000}) tkill(r0, 0x16) 16:04:29 executing program 3: perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) 16:04:29 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000016c0)={0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, 0x0, r1) 16:04:29 executing program 2: perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) 16:04:29 executing program 1: io_setup(0x3, &(0x7f0000000240)=0x0) r1 = openat$md(0xffffffffffffff9c, &(0x7f0000000040)='/dev/md0\x00', 0x0, 0x0) close(r1) io_submit(r0, 0x1, &(0x7f0000000b00)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x3, 0x0, r1, 0x0}]) 16:04:29 executing program 2: perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) 16:04:29 executing program 4: mkdir(&(0x7f000091a000)='./file0\x00', 0x0) mount(0x0, &(0x7f00004f5ff8)='./file0\x00', &(0x7f00000e1000)='ramfs\x00', 0x8409, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000012ff8)='./file0\x00', 0x0, 0x0) fremovexattr(r0, 0x0) 16:04:29 executing program 3: perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) 16:04:29 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xfb15}) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$RTC_ALM_SET(0xffffffffffffffff, 0x40247007, &(0x7f0000000000)={0x29, 0x0, 0x3, 0x1f, 0x0, 0x0, 0x0, 0xa3}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000004f000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000100)="26410f300f01c90f06643e400f01c9420f758e000000002ef3400fb8e566baf80cb8ac8abd80ef66bafc0cedd2fe0f01ca66ba4000ec", 0x36}], 0xaaaaaaaaaaaab04, 0x0, &(0x7f0000000080), 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text16={0x10, &(0x7f0000000040)="660f382b1a0f01dfdde80f32d9e90f086665676426f7c5000000000f2245deef0f23f5", 0x23}], 0x1, 0x0, &(0x7f0000000140), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000002000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, &(0x7f00000001c0)="0f0f280dbaf80c66b8561eac8666efbafc0cecd8d80f01720cbad10466ed26900f019d848066b92902000066b80800000066ba000000000f300f01d10f013b", 0x3f}], 0x1, 0x0, &(0x7f0000000300), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 16:04:30 executing program 2: r0 = socket$inet(0x2, 0xa, 0x0) bind$inet(r0, &(0x7f0000134000)={0x2, 0x0, @broadcast}, 0x10) 16:04:30 executing program 3: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x901, 0x0) ioctl$TCSETSF(r0, 0x5404, &(0x7f00000000c0)) write$sndseq(r0, &(0x7f0000000140)=[{0x81, 0x8, 0x0, 0x0, @time={0x77359400}, {}, {}, @raw8={"959546592b83c98a10d789af"}}], 0x30) [ 177.043702] syz-executor2 uses obsolete (PF_INET,SOCK_PACKET) 16:04:30 executing program 4: mkdir(&(0x7f000091a000)='./file0\x00', 0x0) mount(0x0, &(0x7f00004f5ff8)='./file0\x00', &(0x7f00000e1000)='ramfs\x00', 0x8409, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000012ff8)='./file0\x00', 0x0, 0x0) fremovexattr(r0, 0x0) 16:04:30 executing program 0: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = userfaultfd(0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_REGISTER(r1, 0xc028aa03, &(0x7f00000a0fe0)={{&(0x7f00005e3000/0x800000)=nil, 0x730000}, 0x200000}) tkill(r0, 0x16) 16:04:30 executing program 1: io_setup(0x3, &(0x7f0000000240)=0x0) r1 = openat$md(0xffffffffffffff9c, &(0x7f0000000040)='/dev/md0\x00', 0x0, 0x0) close(r1) io_submit(r0, 0x1, &(0x7f0000000b00)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x3, 0x0, r1, 0x0}]) 16:04:30 executing program 2: r0 = add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000480)={0x0, r0}, &(0x7f00000004c0)=""/22, 0x16, 0x0) 16:04:30 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xfb15}) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$RTC_ALM_SET(0xffffffffffffffff, 0x40247007, &(0x7f0000000000)={0x29, 0x0, 0x3, 0x1f, 0x0, 0x0, 0x0, 0xa3}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000004f000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000100)="26410f300f01c90f06643e400f01c9420f758e000000002ef3400fb8e566baf80cb8ac8abd80ef66bafc0cedd2fe0f01ca66ba4000ec", 0x36}], 0xaaaaaaaaaaaab04, 0x0, &(0x7f0000000080), 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text16={0x10, &(0x7f0000000040)="660f382b1a0f01dfdde80f32d9e90f086665676426f7c5000000000f2245deef0f23f5", 0x23}], 0x1, 0x0, &(0x7f0000000140), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000002000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, &(0x7f00000001c0)="0f0f280dbaf80c66b8561eac8666efbafc0cecd8d80f01720cbad10466ed26900f019d848066b92902000066b80800000066ba000000000f300f01d10f013b", 0x3f}], 0x1, 0x0, &(0x7f0000000300), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 16:04:30 executing program 3: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x901, 0x0) ioctl$TCSETSF(r0, 0x5404, &(0x7f00000000c0)) write$sndseq(r0, &(0x7f0000000140)=[{0x81, 0x8, 0x0, 0x0, @time={0x77359400}, {}, {}, @raw8={"959546592b83c98a10d789af"}}], 0x30) 16:04:30 executing program 4: mkdir(&(0x7f000091a000)='./file0\x00', 0x0) mount(0x0, &(0x7f00004f5ff8)='./file0\x00', &(0x7f00000e1000)='ramfs\x00', 0x8409, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000012ff8)='./file0\x00', 0x0, 0x0) fremovexattr(r0, 0x0) 16:04:30 executing program 2: r0 = add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000480)={0x0, r0}, &(0x7f00000004c0)=""/22, 0x16, 0x0) 16:04:30 executing program 1: io_setup(0x3, &(0x7f0000000240)=0x0) r1 = openat$md(0xffffffffffffff9c, &(0x7f0000000040)='/dev/md0\x00', 0x0, 0x0) close(r1) io_submit(r0, 0x1, &(0x7f0000000b00)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x3, 0x0, r1, 0x0}]) 16:04:30 executing program 3: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x901, 0x0) ioctl$TCSETSF(r0, 0x5404, &(0x7f00000000c0)) write$sndseq(r0, &(0x7f0000000140)=[{0x81, 0x8, 0x0, 0x0, @time={0x77359400}, {}, {}, @raw8={"959546592b83c98a10d789af"}}], 0x30) 16:04:30 executing program 2: r0 = add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000480)={0x0, r0}, &(0x7f00000004c0)=""/22, 0x16, 0x0) 16:04:30 executing program 4: mkdir(&(0x7f000091a000)='./file0\x00', 0x0) mount(0x0, &(0x7f00004f5ff8)='./file0\x00', &(0x7f00000e1000)='ramfs\x00', 0x8409, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000012ff8)='./file0\x00', 0x0, 0x0) fremovexattr(r0, 0x0) 16:04:30 executing program 0: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x901, 0x0) ioctl$TCSETSF(r0, 0x5404, &(0x7f00000000c0)) write$sndseq(r0, &(0x7f0000000140)=[{0x81, 0x8, 0x0, 0x0, @time={0x77359400}, {}, {}, @raw8={"959546592b83c98a10d789af"}}], 0x30) 16:04:31 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:04:31 executing program 3: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x901, 0x0) ioctl$TCSETSF(r0, 0x5404, &(0x7f00000000c0)) write$sndseq(r0, &(0x7f0000000140)=[{0x81, 0x8, 0x0, 0x0, @time={0x77359400}, {}, {}, @raw8={"959546592b83c98a10d789af"}}], 0x30) 16:04:31 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xfb15}) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$RTC_ALM_SET(0xffffffffffffffff, 0x40247007, &(0x7f0000000000)={0x29, 0x0, 0x3, 0x1f, 0x0, 0x0, 0x0, 0xa3}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000004f000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000100)="26410f300f01c90f06643e400f01c9420f758e000000002ef3400fb8e566baf80cb8ac8abd80ef66bafc0cedd2fe0f01ca66ba4000ec", 0x36}], 0xaaaaaaaaaaaab04, 0x0, &(0x7f0000000080), 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text16={0x10, &(0x7f0000000040)="660f382b1a0f01dfdde80f32d9e90f086665676426f7c5000000000f2245deef0f23f5", 0x23}], 0x1, 0x0, &(0x7f0000000140), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000002000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, &(0x7f00000001c0)="0f0f280dbaf80c66b8561eac8666efbafc0cecd8d80f01720cbad10466ed26900f019d848066b92902000066b80800000066ba000000000f300f01d10f013b", 0x3f}], 0x1, 0x0, &(0x7f0000000300), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 16:04:31 executing program 2: r0 = add_key$user(&(0x7f0000000080)='user\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000480)={0x0, r0}, &(0x7f00000004c0)=""/22, 0x16, 0x0) [ 178.155337] *** Guest State *** [ 178.158718] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 178.167723] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 178.176678] CR3 = 0x0000000000000000 [ 178.180446] RSP = 0x0000000000000f80 RIP = 0x000000000000003f [ 178.187051] RFLAGS=0x00010002 DR7 = 0x0000000000000400 [ 178.193148] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 178.199857] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 178.207969] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 178.216037] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 178.224123] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 178.232199] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 178.240233] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 178.248292] GDTR: limit=0x00000000, base=0x0000000000000000 [ 178.256378] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 178.264460] IDTR: limit=0x00000000, base=0x0000000000000000 [ 178.272534] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 178.280601] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 178.287106] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 178.294670] Interruptibility = 00000000 ActivityState = 00000000 [ 178.300940] *** Host State *** [ 178.304218] RIP = 0xffffffff812b177c RSP = 0xffff88814921f380 [ 178.310245] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 178.316773] FSBase=00007fe4d88f8700 GSBase=ffff88821fc00000 TRBase=fffffe0000003000 [ 178.324691] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 178.330627] CR0=0000000080050033 CR3=0000000149369000 CR4=00000000001426f0 [ 178.337743] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff8ac015f0 [ 178.344554] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 178.350664] *** Control State *** [ 178.354200] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 178.360909] EntryControls=0000d1ff ExitControls=002fefff [ 178.366443] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 178.373469] VMEntry: intr_info=8000030c errcode=00000000 ilen=00000000 [ 178.380167] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 [ 178.386843] reason=80000021 qualification=0000000000000000 [ 178.393259] IDTVectoring: info=00000000 errcode=00000000 [ 178.398736] TSC Offset = 0xffffff9c3e81d10f 16:04:31 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000000780)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_GET_KEEP_ORPHAN(r0, 0x2288, &(0x7f0000000000)) 16:04:31 executing program 2: r0 = socket(0x400000000010, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000021002551071c0165ff0ffc020200000000100f000ee1000c08000a0000001800", 0x24) 16:04:31 executing program 0: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x901, 0x0) ioctl$TCSETSF(r0, 0x5404, &(0x7f00000000c0)) write$sndseq(r0, &(0x7f0000000140)=[{0x81, 0x8, 0x0, 0x0, @time={0x77359400}, {}, {}, @raw8={"959546592b83c98a10d789af"}}], 0x30) 16:04:31 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'vcan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000001c0)={&(0x7f0000000200), 0xc, &(0x7f0000000080)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x101, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r1}, [@IFA_LOCAL={0x14}]}, 0x2c}}, 0x0) [ 178.403184] EPT pointer = 0x0000000149cbd01e 16:04:31 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20040000008912, &(0x7f00000001c0)="0a452d0240316285717070") pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) close(r1) syz_open_dev$audion(&(0x7f0000000080)='/dev/audio#\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_ASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x8040ae69, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xfb15}) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$RTC_ALM_SET(0xffffffffffffffff, 0x40247007, &(0x7f0000000000)={0x29, 0x0, 0x3, 0x1f, 0x0, 0x0, 0x0, 0xa3}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000004f000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000100)="26410f300f01c90f06643e400f01c9420f758e000000002ef3400fb8e566baf80cb8ac8abd80ef66bafc0cedd2fe0f01ca66ba4000ec", 0x36}], 0xaaaaaaaaaaaab04, 0x0, &(0x7f0000000080), 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text16={0x10, &(0x7f0000000040)="660f382b1a0f01dfdde80f32d9e90f086665676426f7c5000000000f2245deef0f23f5", 0x23}], 0x1, 0x0, &(0x7f0000000140), 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000002000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, &(0x7f00000001c0)="0f0f280dbaf80c66b8561eac8666efbafc0cecd8d80f01720cbad10466ed26900f019d848066b92902000066b80800000066ba000000000f300f01d10f013b", 0x3f}], 0x1, 0x0, &(0x7f0000000300), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) [ 178.557808] *** Guest State *** [ 178.561390] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 178.570597] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 178.579824] CR3 = 0x0000000000000000 [ 178.583758] RSP = 0x0000000000000f80 RIP = 0x0000000000000000 [ 178.589907] RFLAGS=0x00000002 DR7 = 0x0000000000000400 [ 178.596129] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 178.603052] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 178.611245] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 178.619503] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 178.627757] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 178.636004] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 178.644241] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 16:04:31 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000000780)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_GET_KEEP_ORPHAN(r0, 0x2288, &(0x7f0000000000)) 16:04:31 executing program 2: r0 = socket(0x400000000010, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000021002551071c0165ff0ffc020200000000100f000ee1000c08000a0000001800", 0x24) [ 178.652456] GDTR: limit=0x000007ff, base=0x0000000000001000 [ 178.660661] LDTR: sel=0x0008, attr=0x04082, limit=0x000007ff, base=0x0000000000001800 [ 178.668941] IDTR: limit=0x00000000, base=0x0000000000000000 [ 178.677162] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 178.685364] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 178.692019] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 178.699648] Interruptibility = 00000000 ActivityState = 00000000 [ 178.706069] *** Host State *** [ 178.709338] RIP = 0xffffffff812b177c RSP = 0xffff88814992f380 [ 178.715446] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 178.721962] FSBase=00007fe4d88d7700 GSBase=ffff88821fd00000 TRBase=fffffe000003d000 [ 178.729803] GDTBase=fffffe000003b000 IDTBase=fffffe0000000000 [ 178.735791] CR0=0000000080050033 CR3=0000000149369000 CR4=00000000001426e0 [ 178.742924] Sysenter RSP=fffffe000003c200 CS:RIP=0010:ffffffff8ac015f0 [ 178.749627] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 178.755792] *** Control State *** [ 178.759298] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 178.766053] EntryControls=0000d1ff ExitControls=002fefff [ 178.771552] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 178.778644] VMEntry: intr_info=8000030c errcode=00000000 ilen=00000000 [ 178.785400] VMExit: intr_info=00000000 errcode=00000000 ilen=00000000 [ 178.792074] reason=80000021 qualification=0000000000000000 [ 178.798429] IDTVectoring: info=00000000 errcode=00000000 [ 178.803976] TSC Offset = 0xffffff9c3e81d10f [ 178.808329] EPT pointer = 0x0000000149cbd01e 16:04:31 executing program 0: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x901, 0x0) ioctl$TCSETSF(r0, 0x5404, &(0x7f00000000c0)) write$sndseq(r0, &(0x7f0000000140)=[{0x81, 0x8, 0x0, 0x0, @time={0x77359400}, {}, {}, @raw8={"959546592b83c98a10d789af"}}], 0x30) 16:04:32 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'vcan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000001c0)={&(0x7f0000000200), 0xc, &(0x7f0000000080)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x101, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r1}, [@IFA_LOCAL={0x14}]}, 0x2c}}, 0x0) 16:04:32 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000000780)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_GET_KEEP_ORPHAN(r0, 0x2288, &(0x7f0000000000)) 16:04:32 executing program 2: r0 = socket(0x400000000010, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000021002551071c0165ff0ffc020200000000100f000ee1000c08000a0000001800", 0x24) 16:04:32 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:04:32 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:04:32 executing program 5: r0 = socket$inet6(0xa, 0x803, 0x2000000005) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_LINK_STATS(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x30, r2, 0x211, 0x0, 0x0, {{}, 0x0, 0xb, 0x0, {0x14, 0x14, 'broadcast-link\x00'}}}, 0x30}}, 0x0) 16:04:32 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'vcan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000001c0)={&(0x7f0000000200), 0xc, &(0x7f0000000080)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x101, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r1}, [@IFA_LOCAL={0x14}]}, 0x2c}}, 0x0) 16:04:32 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000000780)='/dev/sg#\x00', 0x0, 0x0) ioctl$SG_GET_KEEP_ORPHAN(r0, 0x2288, &(0x7f0000000000)) 16:04:32 executing program 2: r0 = socket(0x400000000010, 0x3, 0x0) write(r0, &(0x7f0000000000)="2400000021002551071c0165ff0ffc020200000000100f000ee1000c08000a0000001800", 0x24) 16:04:32 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:04:32 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:04:32 executing program 5: r0 = socket$inet6(0xa, 0x803, 0x2000000005) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_LINK_STATS(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x30, r2, 0x211, 0x0, 0x0, {{}, 0x0, 0xb, 0x0, {0x14, 0x14, 'broadcast-link\x00'}}}, 0x30}}, 0x0) 16:04:32 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'vcan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000001c0)={&(0x7f0000000200), 0xc, &(0x7f0000000080)={&(0x7f0000000100)=@ipv6_deladdr={0x2c, 0x15, 0x101, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r1}, [@IFA_LOCAL={0x14}]}, 0x2c}}, 0x0) [ 179.691913] *** Guest State *** [ 179.695371] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 179.695817] *** Guest State *** [ 179.704403] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 179.704428] CR3 = 0x0000000000000000 [ 179.707733] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 179.716651] RSP = 0x0000000000000f80 RIP = 0x000000000000003f [ 179.720419] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 179.729294] RFLAGS=0x00010002 DR7 = 0x0000000000000400 [ 179.729325] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 179.735395] CR3 = 0x0000000000000000 [ 179.744299] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 179.744333] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 179.750307] RSP = 0x0000000000000f80 RIP = 0x000000000000003f [ 179.757173] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 179.760761] RFLAGS=0x00010002 DR7 = 0x0000000000000400 [ 179.768804] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 179.776828] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 179.782856] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 179.782891] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 179.790864] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 179.796899] GDTR: limit=0x00000000, base=0x0000000000000000 [ 179.804980] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 179.811698] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 179.811734] IDTR: limit=0x00000000, base=0x0000000000000000 [ 179.819711] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 179.827788] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 179.835811] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 179.843902] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 179.851953] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 179.860353] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 179.868461] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 179.876433] Interruptibility = 00000000 ActivityState = 00000000 [ 179.876456] *** Host State *** [ 179.884511] GDTR: limit=0x00000000, base=0x0000000000000000 [ 179.892539] RIP = 0xffffffff812b177c RSP = 0xffff88814794f380 [ 179.898950] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 179.906984] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 179.914479] IDTR: limit=0x00000000, base=0x0000000000000000 [ 179.922532] FSBase=00007fe4d88f8700 GSBase=ffff88821fc00000 TRBase=fffffe0000003000 [ 179.922573] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 179.928819] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 179.932074] CR0=0000000080050033 CR3=000000014892b000 CR4=00000000001426f0 [ 179.940102] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 179.946118] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff8ac015f0 [ 179.946147] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 179.954168] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 179.954187] Interruptibility = 00000000 ActivityState = 00000000 [ 179.954195] *** Host State *** [ 179.954217] RIP = 0xffffffff812b177c RSP = 0xffff8881493af380 [ 179.954254] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 179.954281] FSBase=00007f5c4ce9a700 GSBase=ffff88821fd00000 TRBase=fffffe000003d000 [ 179.954303] GDTBase=fffffe000003b000 IDTBase=fffffe0000000000 [ 179.954335] CR0=0000000080050033 CR3=000000014b9f0000 CR4=00000000001426e0 [ 179.960737] *** Control State *** [ 179.968783] Sysenter RSP=fffffe000003c200 CS:RIP=0010:ffffffff8ac015f0 [ 179.976661] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 179.982628] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 179.982651] *** Control State *** [ 179.990631] EntryControls=0000d1ff ExitControls=002fefff [ 179.997919] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 180.004183] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 180.010832] EntryControls=0000d1ff ExitControls=002fefff [ 180.010864] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 180.016964] VMEntry: intr_info=8000030c errcode=00000000 ilen=00000000 [ 180.016984] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 [ 180.017014] reason=80000021 qualification=0000000000000000 [ 180.024531] VMEntry: intr_info=8000030c errcode=00000000 ilen=00000000 [ 180.024549] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 [ 180.024576] reason=80000021 qualification=0000000000000000 [ 180.024606] IDTVectoring: info=00000000 errcode=00000000 [ 180.024619] TSC Offset = 0xffffff9b64070479 [ 180.024636] EPT pointer = 0x000000014965101e [ 180.179966] IDTVectoring: info=00000000 errcode=00000000 [ 180.185491] TSC Offset = 0xffffff9b609b512b [ 180.189846] EPT pointer = 0x000000014894001e 16:04:33 executing program 5: r0 = socket$inet6(0xa, 0x803, 0x2000000005) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_LINK_STATS(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x30, r2, 0x211, 0x0, 0x0, {{}, 0x0, 0xb, 0x0, {0x14, 0x14, 'broadcast-link\x00'}}}, 0x30}}, 0x0) 16:04:33 executing program 2: r0 = memfd_create(&(0x7f0000000880)='#em1#+\x00', 0x0) ftruncate(r0, 0x7ffe) write(r0, &(0x7f0000000040)="06", 0x1) sendfile(r0, r0, &(0x7f0000001000), 0xffff) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r0, 0x0) fremovexattr(r0, &(0x7f0000000100)=@random={'security.', '\x00'}) 16:04:33 executing program 3: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000500)='/dev/rtc\x00', 0x0, 0x0) ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000000)={0x0, 0x0, {0x100000, 0x0, 0x0, 0x1f, 0x0, 0x60}}) 16:04:33 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet(0x10, 0x3, 0xc) sendmsg(r1, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="24000000010907031dfffd946fa2830009200a000900ffff031d85680c1baba20400ff7e28000000110aff1ebb010000000009b356da5a80d18be34c8546c9243929db24f9b10cd37ed01cc0", 0x4c}], 0x1}, 0x0) 16:04:33 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:04:33 executing program 5: r0 = socket$inet6(0xa, 0x803, 0x2000000005) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_LINK_STATS(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x30, r2, 0x211, 0x0, 0x0, {{}, 0x0, 0xb, 0x0, {0x14, 0x14, 'broadcast-link\x00'}}}, 0x30}}, 0x0) [ 180.374130] netlink: 20 bytes leftover after parsing attributes in process `syz-executor4'. 16:04:33 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000000e000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000040)="6bae12ae00b880008ec8f30f2353660f6fea670f0fcfb6ba4200ec64f40f06ba420066b8df1301dc66efbad10466b8ca00000066ef", 0x35}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000002c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:04:33 executing program 3: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000500)='/dev/rtc\x00', 0x0, 0x0) ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000000)={0x0, 0x0, {0x100000, 0x0, 0x0, 0x1f, 0x0, 0x60}}) 16:04:33 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet(0x10, 0x3, 0xc) sendmsg(r1, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="24000000010907031dfffd946fa2830009200a000900ffff031d85680c1baba20400ff7e28000000110aff1ebb010000000009b356da5a80d18be34c8546c9243929db24f9b10cd37ed01cc0", 0x4c}], 0x1}, 0x0) 16:04:33 executing program 5: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000002000)=@ethernet, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000006000)={'vcan0\x00', 0x0}) sendmsg$can_bcm(r0, &(0x7f0000000200)={&(0x7f0000004000)={0x1d, r1}, 0x10, &(0x7f0000002ff0)={&(0x7f0000000180)={0x1, 0xffffffffffffffff, 0x0, {}, {0x0, 0x2710}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "a702ca9c1a8d1dc1e4e29ed4d2927b5e8155ac02a25334d332f97653d9d90256b4da4ec6f2b44831a3b878ada2f3e5883f2f7c806fb61c1993cc4f19a22c61e4"}}, 0x80}}, 0x0) [ 180.693483] netlink: 20 bytes leftover after parsing attributes in process `syz-executor4'. [ 180.754051] *** Guest State *** [ 180.757452] CR0: actual=0x0000000000000020, shadow=0x0000000000000000, gh_mask=fffffffffffffff7 [ 180.766418] CR4: actual=0x0000000000002040, shadow=0x0000000000000000, gh_mask=ffffffffffffe871 [ 180.775339] CR3 = 0x0000000000000000 [ 180.779083] RSP = 0x0000000000000f80 RIP = 0x000000000000003f [ 180.785141] RFLAGS=0x00010002 DR7 = 0x0000000000000400 [ 180.791167] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000 [ 180.797928] CS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 180.806027] DS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 180.814135] SS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 180.822281] ES: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 180.830300] FS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 180.838402] GS: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 180.846522] GDTR: limit=0x00000000, base=0x0000000000000000 [ 180.854667] LDTR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 180.863218] IDTR: limit=0x00000000, base=0x0000000000000000 [ 180.871231] TR: sel=0x0000, attr=0x10000, limit=0x00000000, base=0x0000000000000000 [ 180.879284] EFER = 0x0000000000000000 PAT = 0x0007040600070406 [ 180.885789] DebugCtl = 0x0000000000000000 DebugExceptions = 0x0000000000000000 [ 180.893346] Interruptibility = 00000000 ActivityState = 00000000 [ 180.899618] *** Host State *** [ 180.903732] RIP = 0xffffffff812b177c RSP = 0xffff8881497ef380 [ 180.909776] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040 [ 180.916282] FSBase=00007fe4d88f8700 GSBase=ffff88821fc00000 TRBase=fffffe0000003000 [ 180.924210] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000 [ 180.930133] CR0=0000000080050033 CR3=000000014a6f3000 CR4=00000000001426f0 [ 180.937237] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff8ac015f0 [ 180.943998] EFER = 0x0000000000000d01 PAT = 0x0407050600070106 [ 180.950091] *** Control State *** [ 180.953634] PinBased=0000003f CPUBased=b5986dfa SecondaryExec=000000ca [ 180.960353] EntryControls=0000d1ff ExitControls=002fefff [ 180.965914] ExceptionBitmap=00060042 PFECmask=00000000 PFECmatch=00000000 [ 180.972940] VMEntry: intr_info=8000030c errcode=00000000 ilen=00000000 [ 180.979659] VMExit: intr_info=00000000 errcode=00000000 ilen=00000003 [ 180.986340] reason=80000021 qualification=0000000000000000 [ 180.992895] IDTVectoring: info=00000000 errcode=00000000 [ 180.998375] TSC Offset = 0xffffff9acd7d09bf 16:04:33 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet(0x10, 0x3, 0xc) sendmsg(r1, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="24000000010907031dfffd946fa2830009200a000900ffff031d85680c1baba20400ff7e28000000110aff1ebb010000000009b356da5a80d18be34c8546c9243929db24f9b10cd37ed01cc0", 0x4c}], 0x1}, 0x0) 16:04:34 executing program 3: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000500)='/dev/rtc\x00', 0x0, 0x0) ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000000)={0x0, 0x0, {0x100000, 0x0, 0x0, 0x1f, 0x0, 0x60}}) 16:04:34 executing program 5: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000002000)=@ethernet, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000006000)={'vcan0\x00', 0x0}) sendmsg$can_bcm(r0, &(0x7f0000000200)={&(0x7f0000004000)={0x1d, r1}, 0x10, &(0x7f0000002ff0)={&(0x7f0000000180)={0x1, 0xffffffffffffffff, 0x0, {}, {0x0, 0x2710}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "a702ca9c1a8d1dc1e4e29ed4d2927b5e8155ac02a25334d332f97653d9d90256b4da4ec6f2b44831a3b878ada2f3e5883f2f7c806fb61c1993cc4f19a22c61e4"}}, 0x80}}, 0x0) [ 181.002804] EPT pointer = 0x000000014af7a01e [ 181.082339] netlink: 20 bytes leftover after parsing attributes in process `syz-executor4'. 16:04:34 executing program 2: r0 = memfd_create(&(0x7f0000000880)='#em1#+\x00', 0x0) ftruncate(r0, 0x7ffe) write(r0, &(0x7f0000000040)="06", 0x1) sendfile(r0, r0, &(0x7f0000001000), 0xffff) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r0, 0x0) fremovexattr(r0, &(0x7f0000000100)=@random={'security.', '\x00'}) 16:04:34 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet(0x10, 0x3, 0xc) sendmsg(r1, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="24000000010907031dfffd946fa2830009200a000900ffff031d85680c1baba20400ff7e28000000110aff1ebb010000000009b356da5a80d18be34c8546c9243929db24f9b10cd37ed01cc0", 0x4c}], 0x1}, 0x0) 16:04:34 executing program 5: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000002000)=@ethernet, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000006000)={'vcan0\x00', 0x0}) sendmsg$can_bcm(r0, &(0x7f0000000200)={&(0x7f0000004000)={0x1d, r1}, 0x10, &(0x7f0000002ff0)={&(0x7f0000000180)={0x1, 0xffffffffffffffff, 0x0, {}, {0x0, 0x2710}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "a702ca9c1a8d1dc1e4e29ed4d2927b5e8155ac02a25334d332f97653d9d90256b4da4ec6f2b44831a3b878ada2f3e5883f2f7c806fb61c1993cc4f19a22c61e4"}}, 0x80}}, 0x0) 16:04:34 executing program 3: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000500)='/dev/rtc\x00', 0x0, 0x0) ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000000)={0x0, 0x0, {0x100000, 0x0, 0x0, 0x1f, 0x0, 0x60}}) [ 181.328383] netlink: 20 bytes leftover after parsing attributes in process `syz-executor4'. 16:04:34 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x5, 0x9}, 0x143) bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xd, 0x1fb, 0x4, 0x100000001, 0x0, r0}, 0x49) 16:04:34 executing program 5: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000002000)=@ethernet, 0x10) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000006000)={'vcan0\x00', 0x0}) sendmsg$can_bcm(r0, &(0x7f0000000200)={&(0x7f0000004000)={0x1d, r1}, 0x10, &(0x7f0000002ff0)={&(0x7f0000000180)={0x1, 0xffffffffffffffff, 0x0, {}, {0x0, 0x2710}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "a702ca9c1a8d1dc1e4e29ed4d2927b5e8155ac02a25334d332f97653d9d90256b4da4ec6f2b44831a3b878ada2f3e5883f2f7c806fb61c1993cc4f19a22c61e4"}}, 0x80}}, 0x0) 16:04:34 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000000)=0x5, 0x4) listen(r0, 0x0) getsockname(r0, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}}}, &(0x7f00000000c0)=0x80) dup2(r1, r0) 16:04:34 executing program 3: prlimit64(0x0, 0x0, 0x0, &(0x7f0000000140)) 16:04:34 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000000)="b98c0200000f32b8010000000f01d9450f20c4c4c31d6d90e64dd2c983660f38823966baf80cb8dc0d358eef66bafc0ced66baa00066b826b166ef660f388132646726650f001402b9800000c00f3235001000000f30", 0x56}], 0x1, 0x0, 0x0, 0xffffffffffffff6f) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:04:34 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x5, 0x9}, 0x143) bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xd, 0x1fb, 0x4, 0x100000001, 0x0, r0}, 0x49) 16:04:34 executing program 3: r0 = socket$inet6_dccp(0xa, 0x6, 0x0) getsockopt(r0, 0x800000000000010d, 0x10, &(0x7f000031df55)=""/4, &(0x7f0000b91000)=0x4) 16:04:34 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000000)=0x5, 0x4) listen(r0, 0x0) getsockname(r0, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}}}, &(0x7f00000000c0)=0x80) dup2(r1, r0) 16:04:35 executing program 2: r0 = memfd_create(&(0x7f0000000880)='#em1#+\x00', 0x0) ftruncate(r0, 0x7ffe) write(r0, &(0x7f0000000040)="06", 0x1) sendfile(r0, r0, &(0x7f0000001000), 0xffff) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r0, 0x0) fremovexattr(r0, &(0x7f0000000100)=@random={'security.', '\x00'}) 16:04:35 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000000)=0x5, 0x4) listen(r0, 0x0) getsockname(r0, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}}}, &(0x7f00000000c0)=0x80) dup2(r1, r0) 16:04:35 executing program 3: r0 = socket$inet6_dccp(0xa, 0x6, 0x0) getsockopt(r0, 0x800000000000010d, 0x10, &(0x7f000031df55)=""/4, &(0x7f0000b91000)=0x4) 16:04:35 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000000)="b98c0200000f32b8010000000f01d9450f20c4c4c31d6d90e64dd2c983660f38823966baf80cb8dc0d358eef66bafc0ced66baa00066b826b166ef660f388132646726650f001402b9800000c00f3235001000000f30", 0x56}], 0x1, 0x0, 0x0, 0xffffffffffffff6f) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:04:35 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000000)=0x5, 0x4) listen(r0, 0x0) getsockname(r0, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}}}, &(0x7f00000000c0)=0x80) dup2(r1, r0) 16:04:35 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x5, 0x9}, 0x143) bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xd, 0x1fb, 0x4, 0x100000001, 0x0, r0}, 0x49) 16:04:35 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000000)=0x5, 0x4) listen(r0, 0x0) getsockname(r0, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}}}, &(0x7f00000000c0)=0x80) dup2(r1, r0) 16:04:35 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000000)=0x5, 0x4) listen(r0, 0x0) getsockname(r0, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}}}, &(0x7f00000000c0)=0x80) dup2(r1, r0) 16:04:35 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000733000)={0x5, 0x5, 0x5, 0x9}, 0x143) bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xd, 0x1fb, 0x4, 0x100000001, 0x0, r0}, 0x49) 16:04:35 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000000)=0x5, 0x4) listen(r0, 0x0) getsockname(r0, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}}}, &(0x7f00000000c0)=0x80) dup2(r1, r0) 16:04:35 executing program 3: r0 = socket$inet6_dccp(0xa, 0x6, 0x0) getsockopt(r0, 0x800000000000010d, 0x10, &(0x7f000031df55)=""/4, &(0x7f0000b91000)=0x4) 16:04:35 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000000)="b98c0200000f32b8010000000f01d9450f20c4c4c31d6d90e64dd2c983660f38823966baf80cb8dc0d358eef66bafc0ced66baa00066b826b166ef660f388132646726650f001402b9800000c00f3235001000000f30", 0x56}], 0x1, 0x0, 0x0, 0xffffffffffffff6f) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:04:36 executing program 1: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x441, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 16:04:36 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000004000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000000)="b98c0200000f32b8010000000f01d9450f20c4c4c31d6d90e64dd2c983660f38823966baf80cb8dc0d358eef66bafc0ced66baa00066b826b166ef660f388132646726650f001402b9800000c00f3235001000000f30", 0x56}], 0x1, 0x0, 0x0, 0xffffffffffffff6f) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:04:36 executing program 3: r0 = socket$inet6_dccp(0xa, 0x6, 0x0) getsockopt(r0, 0x800000000000010d, 0x10, &(0x7f000031df55)=""/4, &(0x7f0000b91000)=0x4) 16:04:36 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0xc008ae88, &(0x7f0000000180)={0x7b, 0x0, [0xc0000103]}) 16:04:36 executing program 2: r0 = memfd_create(&(0x7f0000000880)='#em1#+\x00', 0x0) ftruncate(r0, 0x7ffe) write(r0, &(0x7f0000000040)="06", 0x1) sendfile(r0, r0, &(0x7f0000001000), 0xffff) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r0, 0x0) fremovexattr(r0, &(0x7f0000000100)=@random={'security.', '\x00'}) 16:04:36 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vhci\x00', 0x2, 0x0) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000180)=ANY=[@ANYRES32=r0], 0x4) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 16:04:36 executing program 1: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x441, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 16:04:36 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vhci\x00', 0x2, 0x0) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000180)=ANY=[@ANYRES32=r0], 0x4) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 16:04:36 executing program 3: r0 = userfaultfd(0x0) unshare(0x2000400) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, 0x0) 16:04:36 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000200)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc08c5332, &(0x7f00000002c0)) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000140)={0x0, 0x0, 0x0, {0x77359400}}) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 16:04:36 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0xc008ae88, &(0x7f0000000180)={0x7b, 0x0, [0xc0000103]}) 16:04:36 executing program 1: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x441, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 16:04:36 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vhci\x00', 0x2, 0x0) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000180)=ANY=[@ANYRES32=r0], 0x4) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 16:04:37 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0xc008ae88, &(0x7f0000000180)={0x7b, 0x0, [0xc0000103]}) 16:04:37 executing program 3: r0 = userfaultfd(0x0) unshare(0x2000400) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, 0x0) 16:04:37 executing program 1: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x441, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 16:04:37 executing program 5: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vhci\x00', 0x2, 0x0) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000180)=ANY=[@ANYRES32=r0], 0x4) sendfile(r0, r1, &(0x7f0000d83ff8), 0x2) 16:04:37 executing program 2: r0 = socket(0x11, 0x4000000000080002, 0x0) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000180)=0x6, 0x4) sendmmsg(r0, &(0x7f0000000080)=[{{&(0x7f0000000040)=@nfc={0x27, 0x9}, 0x80, &(0x7f0000000180), 0x0, &(0x7f00000012c0)}}], 0x1, 0x0) 16:04:37 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r3, 0xc008ae88, &(0x7f0000000180)={0x7b, 0x0, [0xc0000103]}) 16:04:37 executing program 3: r0 = userfaultfd(0x0) unshare(0x2000400) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, 0x0) 16:04:37 executing program 5: unshare(0x4000000) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00') setns(r0, 0x0) 16:04:37 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000200)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc08c5332, &(0x7f00000002c0)) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000140)={0x0, 0x0, 0x0, {0x77359400}}) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 16:04:37 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) seccomp(0x1, 0x0, &(0x7f0000000080)={0x2, &(0x7f0000000240)=[{0x6c}, {0x6, 0x0, 0x0, 0xffffff7f7ffffffe}]}) 16:04:37 executing program 2: r0 = socket(0x11, 0x4000000000080002, 0x0) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000180)=0x6, 0x4) sendmmsg(r0, &(0x7f0000000080)=[{{&(0x7f0000000040)=@nfc={0x27, 0x9}, 0x80, &(0x7f0000000180), 0x0, &(0x7f00000012c0)}}], 0x1, 0x0) 16:04:37 executing program 3: r0 = userfaultfd(0x0) unshare(0x2000400) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, 0x0) 16:04:37 executing program 5: unshare(0x4000000) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00') setns(r0, 0x0) 16:04:37 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000200)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc08c5332, &(0x7f00000002c0)) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000140)={0x0, 0x0, 0x0, {0x77359400}}) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 16:04:37 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000140)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x100}], 0x30}], 0x1, 0x0) write$binfmt_script(r1, &(0x7f0000000300)=ANY=[], 0xffffffaa) readv(r1, &(0x7f0000000680)=[{&(0x7f0000000180)=""/248, 0xf8}, {&(0x7f0000000280)=""/194, 0xc2}], 0x2) 16:04:37 executing program 2: r0 = socket(0x11, 0x4000000000080002, 0x0) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000180)=0x6, 0x4) sendmmsg(r0, &(0x7f0000000080)=[{{&(0x7f0000000040)=@nfc={0x27, 0x9}, 0x80, &(0x7f0000000180), 0x0, &(0x7f00000012c0)}}], 0x1, 0x0) 16:04:37 executing program 5: unshare(0x4000000) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00') setns(r0, 0x0) 16:04:38 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) seccomp(0x1, 0x0, &(0x7f0000000080)={0x2, &(0x7f0000000240)=[{0x6c}, {0x6, 0x0, 0x0, 0xffffff7f7ffffffe}]}) 16:04:38 executing program 2: r0 = socket(0x11, 0x4000000000080002, 0x0) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000180)=0x6, 0x4) sendmmsg(r0, &(0x7f0000000080)=[{{&(0x7f0000000040)=@nfc={0x27, 0x9}, 0x80, &(0x7f0000000180), 0x0, &(0x7f00000012c0)}}], 0x1, 0x0) 16:04:38 executing program 5: unshare(0x4000000) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00') setns(r0, 0x0) 16:04:38 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000200)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc08c5332, &(0x7f00000002c0)) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000140)={0x0, 0x0, 0x0, {0x77359400}}) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 16:04:38 executing program 5: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23}, 0x1c) listen(r0, 0x2c4) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_INITMSG(r1, 0x84, 0x2, &(0x7f00000000c0)={0x1785}, 0x8) sendto$inet6(r1, &(0x7f0000000080)='X', 0x1, 0x0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f00000002c0)={0x0, 0x0, 0x0, 'queue0\x00'}) 16:04:38 executing program 2: mkdir(&(0x7f00000013c0)='./file0\x00', 0x0) mount(&(0x7f0000000700)=ANY=[], &(0x7f0000026ff8)='./file0\x00', &(0x7f000000c000)='ramfs\x00', 0x0, &(0x7f000000a000)) chdir(&(0x7f0000000180)='./file0\x00') symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000540)='./file0\x00') mount(&(0x7f0000000140)=@sg0='/dev/sg0\x00', &(0x7f00000001c0)='./file0/../file0/file0\x00', &(0x7f0000000200)='ufs\x00', 0x40000, &(0x7f0000000240)='/dev/null\x00') 16:04:38 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) seccomp(0x1, 0x0, &(0x7f0000000080)={0x2, &(0x7f0000000240)=[{0x6c}, {0x6, 0x0, 0x0, 0xffffff7f7ffffffe}]}) 16:04:38 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) seccomp(0x1, 0x0, &(0x7f0000000080)={0x2, &(0x7f0000000240)=[{0x6c}, {0x6, 0x0, 0x0, 0xffffff7f7ffffffe}]}) 16:04:38 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000200)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc08c5332, &(0x7f00000002c0)) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000140)={0x0, 0x0, 0x0, {0x77359400}}) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 16:04:38 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000140)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x100}], 0x30}], 0x1, 0x0) write$binfmt_script(r1, &(0x7f0000000300)=ANY=[], 0xffffffaa) readv(r1, &(0x7f0000000680)=[{&(0x7f0000000180)=""/248, 0xf8}, {&(0x7f0000000280)=""/194, 0xc2}], 0x2) 16:04:38 executing program 2: mkdir(&(0x7f00000013c0)='./file0\x00', 0x0) mount(&(0x7f0000000700)=ANY=[], &(0x7f0000026ff8)='./file0\x00', &(0x7f000000c000)='ramfs\x00', 0x0, &(0x7f000000a000)) chdir(&(0x7f0000000180)='./file0\x00') symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000540)='./file0\x00') mount(&(0x7f0000000140)=@sg0='/dev/sg0\x00', &(0x7f00000001c0)='./file0/../file0/file0\x00', &(0x7f0000000200)='ufs\x00', 0x40000, &(0x7f0000000240)='/dev/null\x00') 16:04:38 executing program 5: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23}, 0x1c) listen(r0, 0x2c4) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_INITMSG(r1, 0x84, 0x2, &(0x7f00000000c0)={0x1785}, 0x8) sendto$inet6(r1, &(0x7f0000000080)='X', 0x1, 0x0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f00000002c0)={0x0, 0x0, 0x0, 'queue0\x00'}) 16:04:39 executing program 1: r0 = socket(0x10, 0x802, 0x0) write(r0, &(0x7f0000000380)="fc00000049000700ab092500090007000aab0700000000001d00369311000100ff0100000005d0000000000000039815fa2c1ec28656aaa79bb94b46fe000000bc80020000000000000000272f2e117c22ebc205214000000000008934d07302ade01720d7bbbbc91a3e3280772c05defd5a32e280fc83ab82f605f70c9ddef2fe082038f4f8b29d3ef3d92c83170e5bba4a463ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dd16b17e583df150c3b880f411f46a6b567b4d5715587e658a1ad0a4f01731d05b0350b0041f0d48a99c03f080548deac270e33429fd3000175e63fb8d38a873cf1587c3b41", 0xfc) 16:04:39 executing program 2: mkdir(&(0x7f00000013c0)='./file0\x00', 0x0) mount(&(0x7f0000000700)=ANY=[], &(0x7f0000026ff8)='./file0\x00', &(0x7f000000c000)='ramfs\x00', 0x0, &(0x7f000000a000)) chdir(&(0x7f0000000180)='./file0\x00') symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000540)='./file0\x00') mount(&(0x7f0000000140)=@sg0='/dev/sg0\x00', &(0x7f00000001c0)='./file0/../file0/file0\x00', &(0x7f0000000200)='ufs\x00', 0x40000, &(0x7f0000000240)='/dev/null\x00') 16:04:39 executing program 1: r0 = socket(0x10, 0x802, 0x0) write(r0, &(0x7f0000000380)="fc00000049000700ab092500090007000aab0700000000001d00369311000100ff0100000005d0000000000000039815fa2c1ec28656aaa79bb94b46fe000000bc80020000000000000000272f2e117c22ebc205214000000000008934d07302ade01720d7bbbbc91a3e3280772c05defd5a32e280fc83ab82f605f70c9ddef2fe082038f4f8b29d3ef3d92c83170e5bba4a463ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dd16b17e583df150c3b880f411f46a6b567b4d5715587e658a1ad0a4f01731d05b0350b0041f0d48a99c03f080548deac270e33429fd3000175e63fb8d38a873cf1587c3b41", 0xfc) 16:04:39 executing program 5: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23}, 0x1c) listen(r0, 0x2c4) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_INITMSG(r1, 0x84, 0x2, &(0x7f00000000c0)={0x1785}, 0x8) sendto$inet6(r1, &(0x7f0000000080)='X', 0x1, 0x0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f00000002c0)={0x0, 0x0, 0x0, 'queue0\x00'}) 16:04:39 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000200)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc08c5332, &(0x7f00000002c0)) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000140)={0x0, 0x0, 0x0, {0x77359400}}) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 16:04:39 executing program 1: r0 = socket(0x10, 0x802, 0x0) write(r0, &(0x7f0000000380)="fc00000049000700ab092500090007000aab0700000000001d00369311000100ff0100000005d0000000000000039815fa2c1ec28656aaa79bb94b46fe000000bc80020000000000000000272f2e117c22ebc205214000000000008934d07302ade01720d7bbbbc91a3e3280772c05defd5a32e280fc83ab82f605f70c9ddef2fe082038f4f8b29d3ef3d92c83170e5bba4a463ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dd16b17e583df150c3b880f411f46a6b567b4d5715587e658a1ad0a4f01731d05b0350b0041f0d48a99c03f080548deac270e33429fd3000175e63fb8d38a873cf1587c3b41", 0xfc) 16:04:39 executing program 2: mkdir(&(0x7f00000013c0)='./file0\x00', 0x0) mount(&(0x7f0000000700)=ANY=[], &(0x7f0000026ff8)='./file0\x00', &(0x7f000000c000)='ramfs\x00', 0x0, &(0x7f000000a000)) chdir(&(0x7f0000000180)='./file0\x00') symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000540)='./file0\x00') mount(&(0x7f0000000140)=@sg0='/dev/sg0\x00', &(0x7f00000001c0)='./file0/../file0/file0\x00', &(0x7f0000000200)='ufs\x00', 0x40000, &(0x7f0000000240)='/dev/null\x00') 16:04:39 executing program 5: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x4e23}, 0x1c) listen(r0, 0x2c4) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_INITMSG(r1, 0x84, 0x2, &(0x7f00000000c0)={0x1785}, 0x8) sendto$inet6(r1, &(0x7f0000000080)='X', 0x1, 0x0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5335, &(0x7f00000002c0)={0x0, 0x0, 0x0, 'queue0\x00'}) 16:04:39 executing program 0: r0 = syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) read(r0, &(0x7f0000000200)=""/28, 0x1c) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0xbf, @time={0x0, 0x1c9c380}}) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc08c5332, &(0x7f00000002c0)) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(r0, 0x402c5342, &(0x7f0000000140)={0x0, 0x0, 0x0, {0x77359400}}) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, 0x0) tkill(r1, 0x1000000000013) 16:04:39 executing program 1: r0 = socket(0x10, 0x802, 0x0) write(r0, &(0x7f0000000380)="fc00000049000700ab092500090007000aab0700000000001d00369311000100ff0100000005d0000000000000039815fa2c1ec28656aaa79bb94b46fe000000bc80020000000000000000272f2e117c22ebc205214000000000008934d07302ade01720d7bbbbc91a3e3280772c05defd5a32e280fc83ab82f605f70c9ddef2fe082038f4f8b29d3ef3d92c83170e5bba4a463ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dd16b17e583df150c3b880f411f46a6b567b4d5715587e658a1ad0a4f01731d05b0350b0041f0d48a99c03f080548deac270e33429fd3000175e63fb8d38a873cf1587c3b41", 0xfc) 16:04:39 executing program 2: r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, 0x0, 0x0) 16:04:39 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000140)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x100}], 0x30}], 0x1, 0x0) write$binfmt_script(r1, &(0x7f0000000300)=ANY=[], 0xffffffaa) readv(r1, &(0x7f0000000680)=[{&(0x7f0000000180)=""/248, 0xf8}, {&(0x7f0000000280)=""/194, 0xc2}], 0x2) 16:04:40 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000000c0)="0a5c2d0240316285717070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000000)='cpuset.mems\x00', 0x2, 0x0) sendfile(r2, r2, &(0x7f00000000c0), 0xf9f4) 16:04:40 executing program 2: r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, 0x0, 0x0) 16:04:40 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x4000000000000005) r2 = dup3(r1, r0, 0x0) writev(r2, &(0x7f00000024c0)=[{&(0x7f00000002c0)="0f", 0x1}], 0x1) 16:04:40 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000000c0)="0a5c2d0240316285717070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000000)='cpuset.mems\x00', 0x2, 0x0) sendfile(r2, r2, &(0x7f00000000c0), 0xf9f4) 16:04:40 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000000c0)="0a5c2d0240316285717070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000000)='cpuset.mems\x00', 0x2, 0x0) sendfile(r2, r2, &(0x7f00000000c0), 0xf9f4) 16:04:40 executing program 2: r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, 0x0, 0x0) 16:04:40 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x4000000000000005) r2 = dup3(r1, r0, 0x0) writev(r2, &(0x7f00000024c0)=[{&(0x7f00000002c0)="0f", 0x1}], 0x1) 16:04:40 executing program 4: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f0000000200)) 16:04:40 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000140)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x100}], 0x30}], 0x1, 0x0) write$binfmt_script(r1, &(0x7f0000000300)=ANY=[], 0xffffffaa) readv(r1, &(0x7f0000000680)=[{&(0x7f0000000180)=""/248, 0xf8}, {&(0x7f0000000280)=""/194, 0xc2}], 0x2) 16:04:40 executing program 2: r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, 0x0, 0x0) 16:04:40 executing program 5: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000000c0)="0a5c2d0240316285717070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000000)='cpuset.mems\x00', 0x2, 0x0) sendfile(r2, r2, &(0x7f00000000c0), 0xf9f4) 16:04:40 executing program 4: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f0000000200)) 16:04:40 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x4000000000000005) r2 = dup3(r1, r0, 0x0) writev(r2, &(0x7f00000024c0)=[{&(0x7f00000002c0)="0f", 0x1}], 0x1) 16:04:40 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, 0x0, &(0x7f0000000000)=0x10229) 16:04:41 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x46, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f000002bff8)='./file0\x00', 0x0) setxattr$security_smack_transmute(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.SMACK64TRANSMUTE\x00', 0x0, 0x0, 0x3) 16:04:41 executing program 4: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f0000000200)) 16:04:41 executing program 5: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x59, 0xffffffd5}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x2b7, &(0x7f000000cf3d)=""/195}, 0x48) 16:04:41 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, 0x0, &(0x7f0000000000)=0x10229) 16:04:41 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x4000000000000005) r2 = dup3(r1, r0, 0x0) writev(r2, &(0x7f00000024c0)=[{&(0x7f00000002c0)="0f", 0x1}], 0x1) 16:04:41 executing program 4: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f0000000200)) 16:04:41 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, 0x0, &(0x7f0000000000)=0x10229) 16:04:41 executing program 5: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x59, 0xffffffd5}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x2b7, &(0x7f000000cf3d)=""/195}, 0x48) 16:04:41 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x46, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f000002bff8)='./file0\x00', 0x0) setxattr$security_smack_transmute(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.SMACK64TRANSMUTE\x00', 0x0, 0x0, 0x3) 16:04:41 executing program 1: setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000001000)={{{@in6=@mcast2}}, {{@in=@multicast1}, 0x0, @in6}}, 0xe8) r0 = socket$nl_generic(0xa, 0x3, 0x10) setsockopt$netlink_NETLINK_RX_RING(r0, 0x29, 0x6, &(0x7f0000000ff0)={0x1c2, 0x0, 0x29, 0x2}, 0x1c2) 16:04:41 executing program 4: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getsockopt$sock_buf(r0, 0x1, 0x3b, 0xfffffffffffffffe, &(0x7f0000000040)=0x777) 16:04:41 executing program 3: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000001c0)="0a5c2d0240316285717070") r1 = socket$packet(0x11, 0x3, 0x300) poll(&(0x7f0000000140)=[{r1, 0x1}, {r1, 0x20}], 0x2, 0xb7) close(r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r2, 0x894b, &(0x7f0000000000)) bind$inet6(r2, &(0x7f0000000080)={0xa, 0x4e22}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x200408d4, &(0x7f0000000380)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) 16:04:41 executing program 1: setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000001000)={{{@in6=@mcast2}}, {{@in=@multicast1}, 0x0, @in6}}, 0xe8) r0 = socket$nl_generic(0xa, 0x3, 0x10) setsockopt$netlink_NETLINK_RX_RING(r0, 0x29, 0x6, &(0x7f0000000ff0)={0x1c2, 0x0, 0x29, 0x2}, 0x1c2) 16:04:41 executing program 4: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getsockopt$sock_buf(r0, 0x1, 0x3b, 0xfffffffffffffffe, &(0x7f0000000040)=0x777) 16:04:41 executing program 5: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x59, 0xffffffd5}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x2b7, &(0x7f000000cf3d)=""/195}, 0x48) 16:04:42 executing program 0: r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, 0x0, &(0x7f0000000000)=0x10229) [ 188.967106] ================================================================== [ 188.974611] BUG: KMSAN: uninit-value in __siphash_aligned+0x512/0xae0 [ 188.981216] CPU: 1 PID: 8872 Comm: syz-executor3 Not tainted 4.20.0-rc7+ #8 [ 188.988325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 188.998169] Call Trace: [ 189.000791] dump_stack+0x173/0x1d0 [ 189.004463] kmsan_report+0x120/0x290 [ 189.008312] kmsan_internal_check_memory+0x9a7/0xa20 [ 189.013450] ? __local_bh_enable_ip+0xb3/0x1a0 [ 189.018105] __msan_instrument_asm_load+0x8a/0x90 [ 189.022980] __siphash_aligned+0x512/0xae0 [ 189.027274] secure_tcpv6_seq+0x143/0x2b0 [ 189.031450] ? inet6_hash_connect+0x176/0x1a0 [ 189.035994] tcp_v6_connect+0x242b/0x2890 [ 189.040196] ? __msan_poison_alloca+0x1e0/0x270 [ 189.044917] ? tcp_v6_pre_connect+0x130/0x130 [ 189.049447] __inet_stream_connect+0x2f9/0x1340 [ 189.054159] ? kmem_cache_alloc_trace+0x55a/0xb90 [ 189.059036] ? tcp_sendmsg_locked+0x6394/0x6be0 [ 189.063778] tcp_sendmsg_locked+0x65d5/0x6be0 [ 189.068313] ? aa_label_sk_perm+0xda/0x940 [ 189.072597] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 189.077990] ? aa_label_sk_perm+0x6d6/0x940 [ 189.082341] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 189.087731] ? futex_wait+0x912/0xc40 [ 189.091617] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 189.097040] tcp_sendmsg+0xb2/0x100 [ 189.100706] ? tcp_sendmsg_locked+0x6be0/0x6be0 [ 189.105403] inet_sendmsg+0x54a/0x720 [ 189.109243] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 189.114641] ? security_socket_sendmsg+0x1bd/0x200 [ 189.119610] ? inet_getname+0x490/0x490 [ 189.123643] __sys_sendto+0x8c4/0xac0 [ 189.127538] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 189.133016] ? prepare_exit_to_usermode+0x114/0x420 [ 189.138053] ? syscall_return_slowpath+0x50/0x650 [ 189.142947] __se_sys_sendto+0x107/0x130 [ 189.147067] __x64_sys_sendto+0x6e/0x90 [ 189.151091] do_syscall_64+0xbc/0xf0 [ 189.154837] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 189.160046] RIP: 0033:0x457669 [ 189.163267] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 189.182190] RSP: 002b:00007eff196c3c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 189.189923] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457669 [ 189.197222] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 189.204508] RBP: 000000000072bfa0 R08: 0000000020000380 R09: 000000000000001c 16:04:42 executing program 5: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x59, 0xffffffd5}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x2b7, &(0x7f000000cf3d)=""/195}, 0x48) [ 189.211799] R10: 00000000200408d4 R11: 0000000000000246 R12: 00007eff196c46d4 [ 189.219105] R13: 00000000004c4539 R14: 00000000004d75a8 R15: 00000000ffffffff [ 189.226419] [ 189.228064] Local variable description: ----combined@secure_tcpv6_seq [ 189.234655] Variable was created at: [ 189.238386] secure_tcpv6_seq+0x7d/0x2b0 [ 189.242466] tcp_v6_connect+0x242b/0x2890 [ 189.246638] [ 189.248278] Bytes 4-7 of 8 are uninitialized [ 189.252694] Memory access of size 8 starts at ffff8881a652f658 [ 189.258670] ================================================================== 16:04:42 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x46, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f000002bff8)='./file0\x00', 0x0) setxattr$security_smack_transmute(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='security.SMACK64TRANSMUTE\x00', 0x0, 0x0, 0x3) [ 189.266034] Disabling lock debugging due to kernel taint [ 189.271505] Kernel panic - not syncing: panic_on_warn set ... [ 189.277405] CPU: 1 PID: 8872 Comm: syz-executor3 Tainted: G B 4.20.0-rc7+ #8 [ 189.285918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 189.295297] Call Trace: [ 189.297920] dump_stack+0x173/0x1d0 [ 189.301597] panic+0x3ce/0x961 [ 189.304864] kmsan_report+0x285/0x290 [ 189.308709] kmsan_internal_check_memory+0x9a7/0xa20 [ 189.313847] ? __local_bh_enable_ip+0xb3/0x1a0 [ 189.318498] __msan_instrument_asm_load+0x8a/0x90 [ 189.323377] __siphash_aligned+0x512/0xae0 [ 189.327676] secure_tcpv6_seq+0x143/0x2b0 [ 189.331848] ? inet6_hash_connect+0x176/0x1a0 [ 189.336380] tcp_v6_connect+0x242b/0x2890 [ 189.340597] ? __msan_poison_alloca+0x1e0/0x270 [ 189.345324] ? tcp_v6_pre_connect+0x130/0x130 [ 189.349847] __inet_stream_connect+0x2f9/0x1340 [ 189.354552] ? kmem_cache_alloc_trace+0x55a/0xb90 [ 189.359436] ? tcp_sendmsg_locked+0x6394/0x6be0 [ 189.364155] tcp_sendmsg_locked+0x65d5/0x6be0 [ 189.368682] ? aa_label_sk_perm+0xda/0x940 [ 189.372956] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 189.378351] ? aa_label_sk_perm+0x6d6/0x940 [ 189.382706] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 189.388116] ? futex_wait+0x912/0xc40 [ 189.391993] ? __msan_metadata_ptr_for_load_1+0x10/0x20 [ 189.397415] tcp_sendmsg+0xb2/0x100 [ 189.401084] ? tcp_sendmsg_locked+0x6be0/0x6be0 [ 189.405782] inet_sendmsg+0x54a/0x720 [ 189.409620] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 189.415009] ? security_socket_sendmsg+0x1bd/0x200 [ 189.419976] ? inet_getname+0x490/0x490 [ 189.423980] __sys_sendto+0x8c4/0xac0 [ 189.427851] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 189.433328] ? prepare_exit_to_usermode+0x114/0x420 [ 189.438367] ? syscall_return_slowpath+0x50/0x650 [ 189.443246] __se_sys_sendto+0x107/0x130 [ 189.447350] __x64_sys_sendto+0x6e/0x90 [ 189.451354] do_syscall_64+0xbc/0xf0 [ 189.455109] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 189.460326] RIP: 0033:0x457669 16:04:42 executing program 4: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getsockopt$sock_buf(r0, 0x1, 0x3b, 0xfffffffffffffffe, &(0x7f0000000040)=0x777) [ 189.463551] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 189.482485] RSP: 002b:00007eff196c3c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 189.490251] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000457669 [ 189.497533] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 189.504824] RBP: 000000000072bfa0 R08: 0000000020000380 R09: 000000000000001c [ 189.512124] R10: 00000000200408d4 R11: 0000000000000246 R12: 00007eff196c46d4 16:04:42 executing program 1: setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000001000)={{{@in6=@mcast2}}, {{@in=@multicast1}, 0x0, @in6}}, 0xe8) r0 = socket$nl_generic(0xa, 0x3, 0x10) setsockopt$netlink_NETLINK_RX_RING(r0, 0x29, 0x6, &(0x7f0000000ff0)={0x1c2, 0x0, 0x29, 0x2}, 0x1c2) [ 189.519422] R13: 00000000004c4539 R14: 00000000004d75a8 R15: 00000000ffffffff [ 189.527717] Kernel Offset: disabled [ 189.531347] Rebooting in 86400 seconds..