Warning: Permanently added '10.128.0.175' (ECDSA) to the list of known hosts. 2019/11/16 00:50:22 fuzzer started 2019/11/16 00:50:24 dialing manager at 10.128.0.26:37763 2019/11/16 00:50:24 syscalls: 2566 2019/11/16 00:50:24 code coverage: enabled 2019/11/16 00:50:24 comparison tracing: enabled 2019/11/16 00:50:24 extra coverage: extra coverage is not supported by the kernel 2019/11/16 00:50:24 setuid sandbox: enabled 2019/11/16 00:50:24 namespace sandbox: enabled 2019/11/16 00:50:24 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/16 00:50:24 fault injection: enabled 2019/11/16 00:50:24 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/16 00:50:24 net packet injection: enabled 2019/11/16 00:50:24 net device setup: enabled 2019/11/16 00:50:24 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/11/16 00:50:24 devlink PCI setup: PCI device 0000:00:10.0 is not available 00:52:04 executing program 0: ioctl$SG_GET_LOW_DMA(0xffffffffffffffff, 0x227a, &(0x7f0000000000)) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x40000, 0x0) getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f00000000c0)=0x4) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000100)={{0xcbe83f5373d63b5e, 0x2, 0x2, 0x0, 0xfd, 0x6, 0x2f, 0x7, 0x9, 0x9, 0x9, 0x6}, {0xd000, 0x2000, 0xf, 0x5, 0x39, 0x5, 0xac, 0x7, 0x6f, 0x1, 0xac, 0x1}, {0x4000, 0x4, 0xf, 0xd8, 0x40, 0x8c, 0x0, 0xff, 0x1, 0x6, 0x20, 0x3}, {0xb2b4907ff670c932, 0xd000, 0xd, 0x1, 0x7, 0x4, 0x2f, 0x7, 0x9, 0x6, 0x40, 0x1f}, {0x10000, 0x10000, 0x0, 0x89, 0x2, 0x0, 0x7, 0x81, 0x81, 0x1, 0xd6, 0x3f}, {0x0, 0x4, 0x19, 0x20, 0x40, 0x1, 0x6, 0x1f, 0x5a, 0xb, 0xc8, 0x5}, {0x2, 0x0, 0xd, 0x4e, 0xa8, 0x7f, 0xc4, 0x4, 0x6, 0xf8, 0x80, 0x20}, {0x4, 0x1000, 0xa, 0x20, 0x1, 0x50, 0x0, 0x9, 0x3, 0x1f, 0x1f, 0x2}, {0x5000, 0x1000}, {0x4, 0x3000}, 0x20070000, 0x0, 0x3000, 0x80000, 0x6, 0x4000, 0x10000, [0x175, 0x4, 0x4, 0x400]}) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_GET_SREGS(r1, 0x8138ae83, &(0x7f0000000240)) r2 = syz_open_dev$radio(&(0x7f0000000380)='/dev/radio#\x00', 0x1, 0x2) ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f00000003c0)={&(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x3000, 0x1}) fsopen(&(0x7f0000000400)='jffs2\x00', 0x1) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000440)='/dev/dsp\x00', 0xe8193fdf94b8c282, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, &(0x7f0000000480)={0x0, @adiantum}) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) recvfrom(r4, &(0x7f00000004c0)=""/163, 0xa3, 0x41, 0x0, 0x0) r5 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000580)='/dev/mixer\x00', 0x200000, 0x0) ioctl$EVIOCGABS2F(r5, 0x8018456f, &(0x7f00000005c0)=""/140) r6 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000680)='/dev/vcs\x00', 0x100, 0x0) getsockopt$EBT_SO_GET_INFO(r6, 0x0, 0x80, &(0x7f00000006c0)={'nat\x00'}, &(0x7f0000000740)=0x78) r7 = syz_open_dev$vcsn(&(0x7f0000001e80)='/dev/vcs#\x00', 0x2, 0x100001) recvfrom$llc(r7, &(0x7f0000001ec0)=""/116, 0x74, 0x2000, &(0x7f0000001f40)={0x1a, 0xb67eda9fc06471bf, 0x0, 0x40, 0x4, 0x4, @link_local}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001f80)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt(r8, 0x9830, 0x5, &(0x7f0000001fc0)=""/109, &(0x7f0000002040)=0x6d) keyctl$describe(0x6, 0x0, &(0x7f0000002080)=""/4096, 0x1000) r9 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000003080)='/dev/dlm_plock\x00', 0x321842, 0x0) ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0) ioctl$KVM_PPC_GET_PVINFO(r6, 0x4080aea1, &(0x7f00000030c0)=""/248) r10 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000031c0)={0xffffffffffffffff}, 0xc) ioctl$FS_IOC_FSSETXATTR(r10, 0x401c5820, &(0x7f0000003200)={0x40, 0x5a, 0x9, 0x6, 0x57}) sendto$x25(r2, &(0x7f0000003240)="bce637d009dfe7137651353e16bde52ecdd0ed7187e5ab6752efd12b6d070c323ee72663da0680cc397ac5dcf77aeea1badfec1ef6ae09da7fb0211bc3b8bec534501cb20fe9d6be891b1edbc3e9ba88ec5e6a554351d2b11548aa8668b71690b795e9918c6625b679ee03b605d75b89d7b507f50c752b6a4f3224f0ce9977ab205ab9e05e68bbadaf3de864a5dd5576a983956a91cc9a2e917f040e1c36e1830f665b6ae2aa4e4ba2", 0xa9, 0x10, &(0x7f0000003300)={0x9, @remote={[], 0x2}}, 0x12) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000003400)=0x0) perf_event_open(&(0x7f0000003380)={0x0, 0x70, 0x32, 0x4, 0x81, 0x2, 0x0, 0x17b, 0x10000, 0x4, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0xffff213d, 0x1, @perf_bp={&(0x7f0000003340), 0x9}, 0x30000, 0xfffffffffffffff7, 0x1b, 0x1, 0x100000000, 0x7, 0x4300}, r11, 0xb, r0, 0x8) 00:52:04 executing program 1: r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x121200, 0x0) setsockopt$inet_dccp_int(r0, 0x21, 0x11, &(0x7f0000000040)=0x6, 0x4) r1 = syz_open_dev$mouse(&(0x7f0000000080)='/dev/input/mouse#\x00', 0xb, 0x101000) bind$x25(r1, &(0x7f00000000c0)={0x9, @remote={[], 0x2}}, 0x12) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cachefiles\x00', 0x100, 0x0) recvfrom$inet(r2, &(0x7f0000000140)=""/208, 0xd0, 0x20011021, &(0x7f0000000240)={0x2, 0x4e20, @rand_addr=0x1}, 0x10) faccessat(r1, &(0x7f0000000280)='./file0\x00', 0x10, 0x800) getpeername(r2, &(0x7f00000002c0)=@ax25={{0x3, @null}, [@null, @default, @null, @remote, @netrom, @default, @remote, @netrom]}, &(0x7f0000000340)=0x80) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000380)='/dev/qat_adf_ctl\x00', 0x107042, 0x0) r3 = syz_open_dev$amidi(&(0x7f00000003c0)='/dev/amidi#\x00', 0x7, 0x40000) getsockopt$nfc_llcp(r3, 0x118, 0x0, &(0x7f0000000400)=""/191, 0xbf) lsetxattr$trusted_overlay_origin(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)='trusted.overlay.origin\x00', &(0x7f0000000540)='y\x00', 0x2, 0x4) r4 = syz_open_procfs$namespace(0x0, &(0x7f0000000580)='ns/pid\x00') ioctl$FS_IOC_SETVERSION(r4, 0x40087602, &(0x7f00000005c0)=0x10001) r5 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000600)='/proc/sys/net/ipv4/vs/lblc_expiration\x00', 0x2, 0x0) r6 = syz_genetlink_get_family_id$fou(&(0x7f0000000680)='fou\x00') sendmsg$FOU_CMD_DEL(r5, &(0x7f0000000740)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x802010}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x28, r6, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_PEER_PORT={0x8, 0xa, 0x4e22}, @FOU_ATTR_IPPROTO={0x8, 0x3, 0x3a}]}, 0x28}, 0x1, 0x0, 0x0, 0x9000}, 0x0) finit_module(r2, &(0x7f0000000780)=']#\x00', 0x3) accept$netrom(r2, 0x0, &(0x7f00000007c0)) setsockopt$inet_mtu(r3, 0x0, 0xa, &(0x7f0000000800)=0x4, 0x4) r7 = syz_open_dev$cec(&(0x7f0000000840)='/dev/cec#\x00', 0x2, 0x2) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000880)={0x0}) ioctl$DRM_IOCTL_GEM_CLOSE(r7, 0x40086409, &(0x7f00000008c0)={r8}) socketpair(0x9, 0x6, 0x0, &(0x7f0000000900)) syz_open_dev$usbmon(&(0x7f0000000940)='/dev/usbmon#\x00', 0x7, 0x0) r9 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000980)='/dev/dlm-monitor\x00', 0x538001, 0x0) setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r9, 0x84, 0x7, &(0x7f00000009c0)={0xffffffff}, 0x4) r10 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000a00)='/dev/mixer\x00', 0x800, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r10, 0x4010640d, &(0x7f0000000a40)={0x9, 0x2}) r11 = openat$null(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/null\x00', 0x400, 0x0) ioctl$CAPI_GET_FLAGS(r11, 0x80044323, &(0x7f0000000ac0)) syzkaller login: [ 153.416084][ T7907] IPVS: ftp: loaded support on port[0] = 21 [ 153.509887][ T7909] IPVS: ftp: loaded support on port[0] = 21 [ 153.600578][ T7907] chnl_net:caif_netlink_parms(): no params data found [ 153.639037][ T7907] bridge0: port 1(bridge_slave_0) entered blocking state 00:52:04 executing program 2: r0 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x5, 0x20000) connect$l2tp(r0, &(0x7f0000000080)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x4e23, @broadcast}, 0x0, 0x1, 0x4, 0x3}}, 0x26) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) rt_sigtimedwait(&(0x7f00000000c0)={0x6}, &(0x7f0000000100), &(0x7f00000001c0)={r2, r3+10000000}, 0x8) r4 = socket$rds(0x15, 0x5, 0x0) setsockopt$sock_timeval(r4, 0x1, 0x15, &(0x7f0000000200), 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(0xffffffffffffffff, 0x84, 0x1c, &(0x7f0000000240), &(0x7f0000000280)=0x4) ioctl$DRM_IOCTL_ADD_CTX(r0, 0xc0086420, &(0x7f00000002c0)={0x0}) ioctl$DRM_IOCTL_NEW_CTX(r1, 0x40086425, &(0x7f0000000300)={r5, 0x3}) fsconfig$FSCONFIG_SET_FD(r0, 0x5, &(0x7f0000000340)='^user%\'posix_acl_access-.posix_acl_accessselinux]$nodev\x00', 0x0, r0) r6 = open(&(0x7f00000019c0)='./file0\x00', 0x101000, 0x80) setsockopt$inet_mreqsrc(r6, 0x0, 0x27, &(0x7f0000001a00)={@empty, @loopback, @dev={0xac, 0x14, 0x14, 0xb}}, 0xc) r7 = openat$cgroup_ro(r0, &(0x7f0000001a40)='pids.events\x00', 0x0, 0x0) setsockopt$RXRPC_EXCLUSIVE_CONNECTION(r7, 0x110, 0x3) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x2) getsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0xf, &(0x7f0000001a80)=""/5, &(0x7f0000001ac0)=0x5) r8 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000001b00)='/dev/dlm-control\x00', 0x12bb5a44c10dc053, 0x0) ioctl$DRM_IOCTL_VERSION(r8, 0xc0406400, &(0x7f0000001c80)={0x9e3e, 0x101, 0x3, 0x86, &(0x7f0000001b40)=""/134, 0x35, &(0x7f0000001c00)=""/53, 0x0, &(0x7f0000001c40)}) openat$zero(0xffffffffffffff9c, &(0x7f0000001cc0)='/dev/zero\x00', 0x401, 0x0) memfd_create(&(0x7f0000001d00)='/dev/input/mouse#\x00', 0x2) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000001d40)={0x14}) ioctl$VIDIOC_G_EDID(0xffffffffffffffff, 0xc0285628, &(0x7f0000001dc0)={0x0, 0x1fdf8eab, 0x6f, [], &(0x7f0000001d80)=0x8}) ioctl$SIOCX25GDTEFACILITIES(r1, 0x89ea, &(0x7f0000001e00)) r9 = syz_open_dev$cec(&(0x7f0000001e40)='/dev/cec#\x00', 0x0, 0x2) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r9, 0xc0bc5351, &(0x7f0000001e80)={0x7, 0x2, 'client0\x00', 0x3, "9a0f36adddb203e1", "9d51fb23798a7a092d8bee441de67528ec350bb36c0c2b8fe2a9ef038229a7fb", 0x9, 0x8000}) r10 = openat$audio(0xffffffffffffff9c, &(0x7f0000001f40)='/dev/audio\x00', 0x444280, 0x0) ioctl$FS_IOC_RESVSP(r10, 0x40305828, &(0x7f0000001f80)={0x0, 0x2, 0xfff}) bind$vsock_dgram(r10, &(0x7f0000001fc0)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) r11 = syz_open_dev$vcsa(&(0x7f0000002000)='/dev/vcsa#\x00', 0x7fff, 0x2) ioctl$SIOCX25SDTEFACILITIES(r11, 0x89eb, &(0x7f0000002040)={0x9, 0x3, 0x0, 0x1, 0x5, 0x24, 0x10, "cd3a357e4d76689c4abe7bd3a9e83e6ebecb65e2", "757094c0f72e802a806ef55325f7333082db2bbd"}) [ 153.648785][ T7907] bridge0: port 1(bridge_slave_0) entered disabled state [ 153.657412][ T7907] device bridge_slave_0 entered promiscuous mode [ 153.665618][ T7907] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.673282][ T7907] bridge0: port 2(bridge_slave_1) entered disabled state [ 153.681773][ T7907] device bridge_slave_1 entered promiscuous mode [ 153.745941][ T7907] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 153.773989][ T7907] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 153.790950][ T7909] chnl_net:caif_netlink_parms(): no params data found [ 153.839492][ T7907] team0: Port device team_slave_0 added [ 153.850686][ T7907] team0: Port device team_slave_1 added [ 153.889706][ T7909] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.897483][ T7909] bridge0: port 1(bridge_slave_0) entered disabled state [ 153.916551][ T7909] device bridge_slave_0 entered promiscuous mode 00:52:05 executing program 3: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x0, 0x0) ioctl$TIOCMSET(r0, 0x5418, &(0x7f0000000040)=0x1f) ioctl$VIDIOC_TRY_ENCODER_CMD(r0, 0xc028564e, &(0x7f0000000080)={0x1, 0x3, [0x8a, 0x5, 0x1, 0x4, 0x1ff, 0xa4, 0x20, 0xcbe8]}) r1 = accept4$x25(0xffffffffffffffff, &(0x7f00000000c0), &(0x7f0000000100)=0x12, 0x100800) ioctl$SIOCX25GCAUSEDIAG(r1, 0x89e6, &(0x7f0000000140)={0x2, 0x2}) pipe2(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}, 0xc4800) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x70, 0x0, &(0x7f00000003c0)=[@decrefs, @clear_death={0x400c630f, 0x2}, @reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000300)={@ptr={0x70742a85, 0x0, &(0x7f00000001c0)=""/239, 0xef, 0x1, 0x1f}, @ptr={0x70742a85, 0x1, &(0x7f00000002c0)=""/4, 0x4, 0x2, 0x14}, @fda={0x66646185, 0xa, 0x1, 0x23}}, &(0x7f0000000380)={0x0, 0x28, 0x50}}, 0xf49932a3dcefb71f}, @dead_binder_done], 0x48, 0x0, &(0x7f0000000440)="67151b5a72b01203798d7fd9c31b1ad8582621f274e80468f8a6444d417d90278f2f312360d7b869d6c9d393f0e3d4251b760b16d693e7cd73bc910313e59819e0b5cf67e3bb76cb"}) r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000500)='/dev/sequencer2\x00', 0x200000, 0x0) ioctl$sock_inet6_SIOCDIFADDR(r3, 0x8936, &(0x7f0000000540)={@ipv4={[], [], @loopback}, 0x1e}) r4 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000580)='/dev/dlm_plock\x00', 0x100002, 0x0) ioctl$VT_SETMODE(r4, 0x5602, &(0x7f00000005c0)={0x6, 0x80, 0x80, 0x4, 0x3}) r5 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000640)='/dev/dlm-control\x00', 0x101101, 0x0) renameat2(r3, &(0x7f0000000600)='./file0\x00', r5, &(0x7f0000000680)='./file0\x00', 0x0) pipe2(&(0x7f00000006c0)={0xffffffffffffffff}, 0x800) setsockopt$l2tp_PPPOL2TP_SO_LNSMODE(r6, 0x111, 0x4, 0x0, 0x4) fcntl$F_SET_FILE_RW_HINT(r4, 0x40e, &(0x7f0000000700)) r7 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0)='/dev/vhost-vsock\x00', 0x2, 0x0) open_by_handle_at(r7, &(0x7f0000000800)={0x98, 0x14, "573957c3585a2df8b24f828c01576cd6055081b23ca8f122cc5f2a4a299eb49f37b1b535e30e1759b0b289325c22b844ee08deaeee43d2d1e7de484546b8c7109357ddc7475738c0aa1c9b4c29c25d0840041ea8918b9db642be6c01564981354cbb0f1a7e9ac9a30b0fa18c12c1f5df27dc1f5f50064b572058f2c7dd7f5f71f5969b256275bfcb87eeebaa33668349"}, 0x200) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000900)={'team0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r8, 0x8916, &(0x7f0000000940)={@dev={0xfe, 0x80, [], 0x28}, 0x5, r9}) r10 = openat$audio(0xffffffffffffff9c, &(0x7f0000000980)='/dev/audio\x00', 0x1, 0x0) ioctl$VIDIOC_G_JPEGCOMP(r10, 0x808c563d, &(0x7f00000009c0)) r11 = syz_open_dev$vcsn(&(0x7f0000000a80)='/dev/vcs#\x00', 0x0, 0x0) ioctl$TIOCSTI(r11, 0x5412, 0x6) r12 = syz_open_dev$sndmidi(&(0x7f0000000ac0)='/dev/snd/midiC#D#\x00', 0x7, 0x40) r13 = accept4$llc(0xffffffffffffffff, &(0x7f0000000b00)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000000b40)=0x10, 0x6ceda38fc0a84968) ioctl$FICLONERANGE(r12, 0x4020940d, &(0x7f0000000b80)={r13, 0x0, 0x1, 0x1, 0x3}) stat(&(0x7f0000001f40)='./file0\x00', &(0x7f0000001f80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getresgid(&(0x7f0000002000), &(0x7f0000002040), &(0x7f0000002080)=0x0) getresuid(&(0x7f00000020c0)=0x0, &(0x7f0000002100), &(0x7f0000002140)) syz_mount_image$hfsplus(&(0x7f0000000bc0)='hfsplus\x00', &(0x7f0000000c00)='./file0\x00', 0x2, 0x5, &(0x7f0000001ec0)=[{&(0x7f0000000c40)="f75dd3a7a9cb13805256f6d773dab2dfd41d39010ec6fb3ba8b0b1db36298dec2c0a62f39dda3f063367ae9f600e5a77e8f5d4868c4d0169d6278ca09c3fc811eb0a313f29bc24ae3d424c43cc944677344b6c659ea4c45c753b674ed280a29c20cc2a548b10d916126c4a6a5fc71db15463a9d35e3d3a46a0c38c6ed48400e3c7c9fc078b24c8db0d2eb7ef", 0x8c, 0xfffffffffffffff7}, {&(0x7f0000000d00)="cf307bbca9b9134c116d83fc2a", 0xd, 0x7}, {&(0x7f0000000d40)="ac2ac7616f7926ef2a625ae4f09ea2e09d000929e403e2705ecdf2f1f4d47d67dacbe3e8e33fddddc7f5c562d152c14542e3eda720f7db9d6084b95cf4045e5d941e091d1282f933e91ecb9ccf2d21da6a09be56cc3514e3c9449ba5aed1767ade0404f8a887c3ab89b9a6c69dd5c9e1e50e6a5b023288c232e915d3adfbbff5b134cb835e55b9e52584cdba4ecad3f156b6f3b0f7cde560c76aa8102e7d6fcec90072b53f51deffc3a13f154e4016d461c774a86584d9358012f95aa87076ab3abd81ad07999136f4fe9372acc3d08433adb9732cbdcf5db6730c3b5ffbf47c040dc4e3b855b94d9ed6e37ba254c8d3ebaebacab0ef72010de9805c131a889c149b80f0cc71de7893c67df868132ce15097d5fac7f2c29db22b0093ce779e73d39bf7a255b43612ee18304e50739667d340719a77296503a49bd0581a3c8011bb4c00903a05ee4e42ae83aba49c26023c90f812bcb44ed0bef7415373c2dbd612668b201810b178a929196ba1134ae75f9474a13760f733b1287e668fa779a252f8fba34d21f25ee695b56feb23664f68229f01d99e6c4988c7307449045a4bce4900b1dd5e81237b3446cdfce9710b28a80480faf8ded65d9748e8e161c1682b579ee8821763ad53b9140821a3ac1e5cec99b7d79485bd4056f2314decc904ebe14d1a828734b8538afa98886065caa491ae61228067a557d0160c38c603051538f1865ef767a64c794e1e00d876fed87bea53716e0eff45bd1a080941293e4e9b0235c1e5a317005bff5ed108be3f36600acc265697fedbeb20bb72194fa3958a2f6b2d51592f24b0a89f8996f829cace9811fdbe0118a6d8a1d60bffffd22d03f1678be3a3783319dc32f216a278d61c8f6f23fa800f459c1b0e401e7a25b3437c57e1153dbe28778a50b951edbb8540a01b9a28be52e39ff1a9734a80fb6d723fb284d3d25668546400a26bdfc4558ca0cde6f1414a6816daf49f736450102ca1ad07bda4688f045de6beaa43a67795b2a11b0bda9696688dc103e0995d53276ff70d907aab420d1140fb20dd1fbadf9145e768e7fc22fb9a2915f82f2ecb1647eeb201802b4696e5654d4e9b64cc8ae0560a382ce7b945d4f78e7783b1bc5928f1ed02a402fdd830c7ccd9c65cec070e2ef291435a8b0d965e5ac585c24dfb43c222dfa436d4be67c2103bec3b524f55e05a9f526719a40dbcb912320cc54bbf6483db3794de24d009ea37e04f6a02feb9594e8055a434acaaaa91897614cebee524590d6f2876ea6c82d6854e6525ddf3804618e25af8cfa58c3963a80786d0db2088770001664a96469a4dbd8b6684fb67d2a3914daaa8d8c27d41f12be0adb8dd976aeb7482827b08e95ac4e484ced90dfef156900e6bed8d374d959f723900c20e69c02b4cd878e46a2f017ff32949967ada037372825b44566cac69bb916fa3688c623168c89713870457d7d09641e790d8dec28f7fc6c60eb7c6bc6b73636e6de580a1cd4df59a3a95df9d5511ff8672c0e459ef097db395deb13e392291b6274996e486a61fbfc0902954fc5c66438985fb07ebcb9f881440027343d5b4d7c1469ee067c20d9430100b88af9e30d391da7c52f92dd94b14752fea6c37c09efd6681b1a3937db368d0c0d61e9ae43bbc58e85b48315d85d17a1bd994900b44da763c920397593c85622d77a097ce9922a11ed9a33d5595456d7ac17dcd10df0b4ad6aa29dc9aee64f6180eba50d0b35ea7b0878f90c299820e0d0760dcafee4abd19cd1a5e243f7af3d3d53f8ed32881604c601df54bc365669d73bea6ad1c68d04257d77325c6231bc1390a897761e5b3f4790b5d670a77d71583787d9eff8bf868e320753d7109b52e5c6f0c8e6e49047ce82e8e51d53398e8070d4c1f90001e03f26a2f059d91b59991d07e09f99d236c917fb0bc18eeef5b3f9bea0f68c4b5cb92ec5018ee24790d8c549ae0ec04a9ffe4b45f518418e1cc65b0a18b337893d85582c1f9b312706136f99b2a52e158f28e4802ee42382b1ebb1ae1bcc4e0f22da7c20a4298720dcc6a2e74ebaa96418fe09fc0516b6f92287936051ba9d1b67f42a9ad278d7695d77dbf36275e5f60ee0b56d4872c78db0ae6cc9f742ac0cdcf2672fb12981fd17433e4545cf6062d18119dc0ea5da223fb59a61aaf5c9f8262b2abb33ce61022f103f8ba0d80c0f91ded00af35a3071546a2e6c2660fcbd12776fb866551643bbb9952518a9df0e189764e0d0375be9f54a1956fcf9cd8092fc9c0a773bc053517dc3056e2996b03927675c5745b0a3e1f5522402272850055d55a16c3431c46c62bd6dcd1a040a2775b11b31727a5ea3578ffb8084ed2844acd32a9f98c1af77e2176b028fef45cecc75f00748f92c4af9b588b51519b773c783568c1aed2617f1b1880254649dbf91872629356d974800f40e24cadf13521f7a3ad54817b7a1ad81867d9ac844d09797083f93b02a58044b580d425c5e112929ed487effd38b12981b0db3182a9281757cf80e4123baa09c3f098366c42c01ca9f6fd70c0d09a9bf174b4d1fdbd5b05ef014981538be36fd0089918ca97a447ca9b9e9a991f2301f2b676c5b67b59b607bd20e86072431c75023fd55b09afa4d4734d7e6892759430689750fd246a4dbe0c6bd822a2a9d682de734b69ae5b69e99a8b9877cc7729de9aa108257a796032c1203b1b31c93ea975db5d99a88598d04f2521dcd447a4858e2651524e6d795c837e2d2403fe8c6e9541281df74f57f7649e06442c55801a6285ef750709bc29f180b09d2ea11a0528e8e9fb156ee6688b51b7cfe701d5a921cf5156f119d556f5326c6248dfcb7aa49b51405da38b3a6a370bac63dc7adfdfd2b67db7705b948c17c01a1bf4cb0b3e75bb23af50eb219a68f2f2dea6d97eaf9a2f78fb235fdcfa626c02e849d1a10c1e85887d0005b3178ebf172b08a2a5f867f979b9a2fa1c51c71775a406f0a067e0369285a2cbb1195640bad4a62870d2f84503741b4c64bfd0efa164eb1bafdfc537d260d71500fbf27bfa13a5a1918f5e3345879b5c191e3e93aebe6e5eeb45a96dd94cf075e798138577d7cb1c8f3413cc3f221ed4a5d4c5e4c03175dc14542bfe5b82172e21cf3f83633cdf2fe2512eac2caf6dc51c6bc0a844638178c03cd40bf0cadd63d3ec349cf6645a78f6d7c8288c7370809a80b3f6a2055f008db26fa1d5a0be4b7f50814d64e169567ba2a28fae2c24028caff9c9cf5bfe350531316d2eba30a5c3563aea229a360c4c3085bf971dc7c34eb4f0416772eee7bcca5c8c6499f3c70d317bdee61cc161397ab8a3d391f77088ac529065976fbd227a1d2cdb8b4c40cfa441c44f26ce87a17c9863dfbb9cf99b32fe697b64dd691809096488c390c443612f91bf3c00dc8f63b1c3f42d65c7164a7d4606de8376a92ba829cbe9cf65f7b8b8d7b2d1bf6114620a5fe93203f733088173f8baf3411ecf096fd6eec6f247f3522e7635c5a545aba42823c5cfd63b8ca861260c12610e569c985b88195660a8043874bb8d60126245f9856a2b1025f3284fcec0a203eed23462d1120b41d0bfa18fcae9aae58fb304c2ef431a1acffe7ea650636dd8ebbdcbc086fd831c672ab53ef525dc18978a21a775377659964307d818c4b43c34341a80d40604304f9f6cc028684798088b1bb27d7e6f49bd409edd26c5e73b05d4cbf800771d32dac0b7fff441114f9df4309be44be7e1cde6645ce044f2d9c61638bc1230a7be940325f148223e5c19b2398160ac236dbea5cd317a090ea1e8aee93941f53319dea40994710f80286e112421e36de4ebb7becf2e7cb9c260c9f5989de48bfeb51189483b479ee2641316140de3f13b2bb218e2f492615174850ae37788fadad0d12e07a375cbaea3f16d89e11ff6e433759e3bb2f6e21978a6bcd01e4676df12a938799f2699dc3237029f7485efe6b11595a461c040c5be39bab25f4407713bea0f81e1e2309350291a6af76ff4c3a08828d3f9a2779d9c556b961172529a4946cbdffd3c723cab13fd5da6f445869eb002960ec68869d54a772cf1533bcaef9a3f8d03bf901c62dda8647a252579a9e1d489865bf3761780cf625e5515f1aa3708d086f617503e094bd5d0d9daf4f67385458c633709fa26753e9d1b5374309f3983b44d3b6a481ca151bdca3865bbc531356e2ce0cda3a28c3d00ad2faeb38ff8831f544a4163dc61587859818599e710f3c4a02508fa6e1d7b9dd074b57e8de1a9a231923de1d836ced7a5eec1f11a4e740e81f84258ce999655caee5cdbeb2d75ee84b5442edbb11bb951496d131a2aab725a1adafb01417175624ce22ea468c31a9786e60b6adee2d62414deacc79371a7eef592a1a6c5b2c580894b23488c6147b52fd8b0fe9b651b7c9d63bf3d6f1baebedf752b7e485f2fb8ff87565e529261f8706ef8894e3a1c346d5699ed18e5de662c680820a868eb77a941e1d397127fac370c0da2a277d896cb6f87ed3fe0e84aaa53857324ccaad6dd0a4395df466ef4abcf11864227bb1c8b9d31713e17a97a3476701ce7995134e76a407c7c3029b03d2f6a98d327214c94107c99f354646347230779141e6ba9013f199d0c013be6df8121ada79fdb4af3e273235b1223ac4033268fc2700fccd8079f9624e3e51d0221b069f3bb79c3afda139abb5cf1a746150d24744f00454ffe7f9d6366f3113d7fee11164e55669e779446875d557ce9fb6b154d566bd0ffe4b0dacf36e6739d99830e30a7d2bc65bcc0c1833e572acfa87e6ccfb9ab915cb00cf7b70f42479b11ad2d1dbce51e9fb19deb02b453a1bd2fa8b23bae7e23a5a841a96ffac80ef97c91228aa0d8df3a49c90aa691b5f749d3617938b4e92b3015b553cd3d1d5b87566782d1cac0ef5c7cbb462cee0cf75e801a89b2347af7e67b3770fe41d63a969754198161bf76ae914c1405038b1c2655b03afb327d363d3e48846a7a4b7bb4862d534ee4f8459df7b29ee3996572efd9a896ec44ba2ebe2481ada70f605e17884fc7e17f3b473294cdd0cb930fc6eaa5c33da7f368a97262690c1edab03ce8a9f26f7deca881cbe8e68f902806191a37ed0b8cb31ec91b1c0476ef2a8ee8bacad4a2e325fb5a92f1ffff4fddb7dfb5f5671da58572c01941a8ee3671c30d6efe833087880bf4ff6fcb36a329695c229612ee9f921f3101cd5505af1d4bd987c99a869511d393025270d41a17e8bda19b2257d54f21612a5e92556cee47e4d0fad2fdde5330878ef052256e7bfbfcd1b2d4b0e20083c076b2da0dd88de67d65560969c3ce68e84e80685056dda702a29eb7fd816cd969b89065e32785afc22834f753b1d3c848a6c42c886553c4f5cf39fa511ff9bbd650e18d92e4518d1142015febbea86146ccf095c0c4518994d587a5376132b423b273104a01f4434df6553e9765c83ffdbaeefc5d60823ef85ff023078de896aac0e486f291cc0ee59b3be594aa68fd12ac8f405f8812d6ce1be15a9712f3f2d461328723e235fab900665f5bd81f48219a2cdb634a281809237b23f77f88ce5af37e0c2e9c973ba6db10a8283df4f8bea89613dc62049a35d5f3dee7dd01e2d278b22d3f0b018a865624a953fea80c861eeb1f1594c418168d4e66a1b689e58c379ae80a34b0c3960e7fe0f16dc71f2371139eddc12b2ea4ad0e09451742f20e918f29d74a1eeca17f34c1419d5a4c14b2819a0c74dc7df9968aad2f079afff95e5c18fac582ae4b4c37bbcb1cdfe817520c27b980f149eb925c", 0x1000, 0x19}, {&(0x7f0000001d40)="94019b8b202c29a0269920a962b4fe87164e8c1169a2a78f39c9e2ff7d3c037266d8acfef27e8d4372ec852e34a17383698bf63ffebf43d2d1d96597bc362e3de76fe971ed566ba83b174d3a24682f0352b7f2fbe55fc4a4064f41c8bb840439fa", 0x61, 0x3f}, {&(0x7f0000001dc0)="27099943d90d9d57a3b055dec91c35dc5bbe14daad0c0207f1ec5500a996c20dd85b74c377b17c1cc3e0407bbe424fd8706825c7c6d9558757d18715117fee2ac17ee4fc03d18b349d0ce52d216d7f838df821f1c7194dfb0d05b66d47959f57ead5f461016443ef33dc8d3ca28c9791bebc767245d707fabbc14df368878b8338228deab1818676c07f80fe20e89dcca0a05fca2d1aff46666eaf429cc54de08821eec72a53b771a99e2ebfe3272292738961f219e1af9bfd4e3a9e9afa410d922ba542688bd8b99ca2cd2b78de626ba75b7f152f0568bb190781ff1f2f917a3aac63ac", 0xe4, 0x2}], 0x20000, &(0x7f0000002180)={[{@barrier='barrier'}, {@gid={'gid', 0x3d, r14}}, {@type={'type', 0x3d, "7bf3c4f1"}}, {@barrier='barrier'}, {@gid={'gid', 0x3d, r15}}, {@force='force'}, {@umask={'umask', 0x3d, 0x4}}, {@nobarrier='nobarrier'}], [{@obj_user={'obj_user', 0x3d, 'em0\'md5sumwlan1lo'}}, {@smackfstransmute={'smackfstransmute', 0x3d, ']'}}, {@permit_directio='permit_directio'}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@euid_gt={'euid>', r16}}, {@audit='audit'}]}) [ 153.999174][ T7907] device hsr_slave_0 entered promiscuous mode [ 154.027284][ T7907] device hsr_slave_1 entered promiscuous mode 00:52:05 executing program 4: r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x9, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r0, 0xc08c5335, &(0x7f0000000040)={0x1, 0x7f, 0x80000001, 'queue1\x00', 0x2850000}) r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000100)='/dev/video36\x00', 0x2, 0x0) ioctl$VIDIOC_STREAMON(r1, 0x40045612, &(0x7f0000000140)=0x1) r2 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20\x00', 0x0, 0x0) ioctl$VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f00000001c0)={0x7, @sliced={0x6, [0xb1, 0x0, 0x6, 0x6, 0x1f, 0x800, 0x3, 0x1, 0xffff, 0x8, 0x5, 0x7fff, 0x3, 0x3, 0x9, 0x7f, 0x7, 0x3, 0x800, 0x5, 0x1, 0x9, 0xfffe, 0x3, 0x1, 0x7, 0x3475, 0x8e3, 0x1, 0xad4d, 0x6, 0x40, 0x0, 0xffff, 0x7, 0x8, 0x3ff, 0xfffa, 0x9, 0x100, 0x0, 0x4, 0x0, 0x5, 0x8001, 0x3, 0x3], 0x1}}) ioctl$VIDIOC_G_STD(r0, 0x80085617, &(0x7f00000002c0)) fchmod(r1, 0x1) r3 = syz_open_dev$cec(&(0x7f0000000300)='/dev/cec#\x00', 0x2, 0x2) ioctl$sock_inet6_udp_SIOCOUTQ(r3, 0x5411, &(0x7f0000000340)) r4 = syz_open_dev$cec(&(0x7f0000000380)='/dev/cec#\x00', 0x2, 0x2) ioctl$TUNSETCARRIER(r4, 0x400454e2, &(0x7f00000003c0)=0x1) r5 = openat$null(0xffffffffffffff9c, &(0x7f0000000400)='/dev/null\x00', 0x347043, 0x0) setsockopt$inet6_icmp_ICMP_FILTER(r5, 0x1, 0x1, &(0x7f0000000440)={0x6}, 0x4) ioctl$VHOST_RESET_OWNER(r2, 0xaf02, 0x0) r6 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000480)='/dev/video37\x00', 0x2, 0x0) ioctl$VIDIOC_REQBUFS(r6, 0xc0145608, &(0x7f00000004c0)={0x1ff, 0x2, 0x4}) r7 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000500)='/proc/capi/capi20ncci\x00', 0x80000, 0x0) ioctl$EVIOCGABS0(r7, 0x80184540, &(0x7f0000000540)=""/78) getsockname$packet(0xffffffffffffffff, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000640)=0x14) setsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000680)={{{@in6=@ipv4={[], [], @loopback}, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x2, 0x4e23, 0x7, 0x2, 0x80, 0x0, 0x3b, r8, 0xee01}, {0x5, 0x1c21ac3, 0x0, 0x1000, 0x0, 0x4, 0x4, 0xb026}, {0x1, 0x4, 0x4, 0x200}, 0x7fff, 0x6e6bb1, 0x0, 0x1, 0x1, 0x3}, {{@in6=@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x4d2, 0x2b}, 0xa, @in=@broadcast, 0x3501, 0x4, 0x0, 0xc8, 0x200, 0xcd6d, 0xebf1}}, 0xe8) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000780)={@mcast2, 0x5, 0x2, 0x2, 0x1, 0x0, 0x6}, &(0x7f00000007c0)=0x20) ioctl$VIDIOC_ENUMINPUT(r3, 0xc050561a, &(0x7f0000000800)={0x0, "ca17e8840613e56704cf1c275e746a6369878239caf235b4b7614f1b5aa0257b", 0xd3d9553061999f40, 0x8b, 0xf, 0xf900, 0x100, 0x8}) r9 = syz_open_dev$cec(&(0x7f0000000880)='/dev/cec#\x00', 0x2, 0x2) ioctl$VFIO_GET_API_VERSION(r9, 0x3b64) r10 = syz_open_procfs(0x0, &(0x7f00000008c0)='net/xfrm_stat\x00') ioctl$PERF_EVENT_IOC_SET_FILTER(r10, 0x40082406, &(0x7f0000000900)='eth1&(\x00') r11 = syz_open_dev$midi(&(0x7f0000000940)='/dev/midi#\x00', 0x9, 0x0) accept(0xffffffffffffffff, &(0x7f0000000980)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000a00)=0x80) r13 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000a40)='net/rfcomm\x00') bind$xdp(r11, &(0x7f0000000a80)={0x2c, 0x6295d592584720f7, r12, 0x3c, r13}, 0x10) [ 154.203884][ T7909] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.218521][ T7909] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.232211][ T7914] IPVS: ftp: loaded support on port[0] = 21 [ 154.236482][ T7909] device bridge_slave_1 entered promiscuous mode [ 154.309215][ T7916] IPVS: ftp: loaded support on port[0] = 21 [ 154.414885][ T7909] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 154.544530][ T7909] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 154.588888][ T7907] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.596127][ T7907] bridge0: port 2(bridge_slave_1) entered forwarding state [ 154.604303][ T7907] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.611462][ T7907] bridge0: port 1(bridge_slave_0) entered forwarding state [ 154.691352][ T7923] IPVS: ftp: loaded support on port[0] = 21 [ 154.719000][ T5] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.747159][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.872315][ T7909] team0: Port device team_slave_0 added 00:52:06 executing program 5: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x10500, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000240)={r0, 0xc0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=0x800, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x8, 0x1}, 0x0, 0x0, &(0x7f00000000c0)={0x3, 0xa, 0x20, 0x5}, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=0x6}}, 0x10) ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000280)=0x0) fcntl$setown(r0, 0x8, r1) r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/dlm-control\x00', 0x244000, 0x0) readlinkat(r2, &(0x7f0000000300)='./file0\x00', &(0x7f0000000340)=""/213, 0xd5) ioctl$SIOCX25SFACILITIES(r0, 0x89e3, &(0x7f0000000440)={0x39, 0xfffffffc, 0xc, 0x6, 0x7}) r3 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x8, 0xa40) ioctl$KDGKBMODE(r3, 0x4b44, &(0x7f00000004c0)) r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000500)='/dev/btrfs-control\x00', 0x20000, 0x0) ioctl$int_out(r4, 0x5462, &(0x7f0000000540)) r5 = syz_open_dev$vcsn(&(0x7f0000000580)='/dev/vcs#\x00', 0x2, 0x40) connect$rds(r5, &(0x7f00000005c0)={0x2, 0x4e22, @empty}, 0x10) r6 = dup2(0xffffffffffffffff, 0xffffffffffffffff) r7 = accept4$netrom(0xffffffffffffffff, 0x0, &(0x7f0000000600), 0x80000) epoll_ctl$EPOLL_CTL_MOD(r6, 0x3, r7, &(0x7f0000000640)={0x80000000}) r8 = syz_open_dev$radio(&(0x7f00000009c0)='/dev/radio#\x00', 0x2, 0x2) r9 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000a40)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DAEMON(r8, &(0x7f0000000b00)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x400d2000}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x1c, r9, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x800}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4044000}, 0x2000a010) r10 = syz_open_dev$sndpcmp(&(0x7f0000000b40)='/dev/snd/pcmC#D#p\x00', 0x400, 0x4e17e60362079c85) ioctl$IOC_PR_CLEAR(r10, 0x401070cd, &(0x7f0000000b80)={0x3}) r11 = epoll_create1(0x80000) r12 = openat(0xffffffffffffffff, &(0x7f0000000bc0)='./file0\x00', 0x0, 0xd2) r13 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000c00)='/dev/cuse\x00', 0x2, 0x0) r14 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000c40)='io.max\x00', 0x2, 0x0) poll(&(0x7f0000000c80)=[{r8, 0x52}, {r11, 0x2001}, {r12, 0x124}, {r13, 0x8}, {r14, 0x9}], 0x5, 0x90f) r15 = accept4$ax25(0xffffffffffffffff, &(0x7f0000000cc0)={{}, [@netrom, @default, @bcast, @remote, @null, @netrom, @bcast, @null]}, &(0x7f0000000d40)=0x48, 0x100800) ioctl$EXT4_IOC_SETFLAGS(r15, 0x40086602, &(0x7f0000000d80)=0x3) r16 = syz_open_dev$midi(&(0x7f0000000dc0)='/dev/midi#\x00', 0x9, 0x50000) ioctl$VT_ACTIVATE(r16, 0x5606, 0x5) [ 154.970836][ T7909] team0: Port device team_slave_1 added [ 155.104150][ T7914] chnl_net:caif_netlink_parms(): no params data found [ 155.159311][ T7909] device hsr_slave_0 entered promiscuous mode [ 155.206924][ T7909] device hsr_slave_1 entered promiscuous mode [ 155.248250][ T7909] debugfs: Directory 'hsr0' with parent '/' already present! [ 155.305146][ T7916] chnl_net:caif_netlink_parms(): no params data found [ 155.332880][ T7907] 8021q: adding VLAN 0 to HW filter on device bond0 [ 155.342338][ T7914] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.352549][ T7914] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.360740][ T7914] device bridge_slave_0 entered promiscuous mode [ 155.406860][ T7954] IPVS: ftp: loaded support on port[0] = 21 [ 155.429712][ T7914] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.443357][ T7914] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.454456][ T7914] device bridge_slave_1 entered promiscuous mode [ 155.491291][ T7907] 8021q: adding VLAN 0 to HW filter on device team0 [ 155.553248][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 155.578243][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 155.601704][ T7916] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.616462][ T7916] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.648545][ T7916] device bridge_slave_0 entered promiscuous mode [ 155.669250][ T7916] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.677391][ T7916] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.697407][ T7916] device bridge_slave_1 entered promiscuous mode [ 155.716452][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 155.725094][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 155.741368][ T7942] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.748535][ T7942] bridge0: port 1(bridge_slave_0) entered forwarding state [ 155.780190][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 155.800713][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 155.827114][ T7942] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.834207][ T7942] bridge0: port 2(bridge_slave_1) entered forwarding state [ 155.860502][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 155.881135][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 155.974280][ T7923] chnl_net:caif_netlink_parms(): no params data found [ 155.992718][ T7914] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 156.019426][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 156.030120][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 156.052276][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 156.070114][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 156.081863][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 156.091541][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 156.103021][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 156.141863][ T7914] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 156.167135][ T7907] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 156.184607][ T7907] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 156.208985][ T7916] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 156.227748][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 156.243890][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 156.313297][ T7916] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 156.336275][ T7916] team0: Port device team_slave_0 added [ 156.350445][ T7914] team0: Port device team_slave_0 added [ 156.383733][ T7916] team0: Port device team_slave_1 added [ 156.401294][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 156.409724][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 156.418526][ T7914] team0: Port device team_slave_1 added [ 156.441613][ T7907] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 156.467463][ T7923] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.474573][ T7923] bridge0: port 1(bridge_slave_0) entered disabled state [ 156.482952][ T7923] device bridge_slave_0 entered promiscuous mode [ 156.491342][ T7923] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.498824][ T7923] bridge0: port 2(bridge_slave_1) entered disabled state [ 156.506428][ T7923] device bridge_slave_1 entered promiscuous mode [ 156.530803][ T7923] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 156.610139][ T7916] device hsr_slave_0 entered promiscuous mode [ 156.646941][ T7916] device hsr_slave_1 entered promiscuous mode [ 156.686580][ T7916] debugfs: Directory 'hsr0' with parent '/' already present! [ 156.699364][ T7954] chnl_net:caif_netlink_parms(): no params data found [ 156.720383][ T7923] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 156.779629][ T7914] device hsr_slave_0 entered promiscuous mode [ 156.817115][ T7914] device hsr_slave_1 entered promiscuous mode [ 156.836523][ T7914] debugfs: Directory 'hsr0' with parent '/' already present! [ 156.850496][ T7923] team0: Port device team_slave_0 added [ 156.903672][ T7909] 8021q: adding VLAN 0 to HW filter on device bond0 [ 156.929708][ T7923] team0: Port device team_slave_1 added [ 157.023062][ T7909] 8021q: adding VLAN 0 to HW filter on device team0 [ 157.047856][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 157.055698][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 157.179313][ T7923] device hsr_slave_0 entered promiscuous mode [ 157.206932][ T7923] device hsr_slave_1 entered promiscuous mode [ 157.266572][ T7923] debugfs: Directory 'hsr0' with parent '/' already present! [ 157.280430][ T7954] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.306492][ T7954] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.314537][ T7954] device bridge_slave_0 entered promiscuous mode [ 157.407467][ T7954] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.414646][ T7954] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.477376][ T7954] device bridge_slave_1 entered promiscuous mode [ 157.748125][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 157.783284][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready 00:52:09 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_TSS_ADDR(r1, 0xae47, 0x0) [ 157.856942][ T23] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.864041][ T23] bridge0: port 1(bridge_slave_0) entered forwarding state [ 157.957193][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 157.965827][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 158.037709][ T23] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.044810][ T23] bridge0: port 2(bridge_slave_1) entered forwarding state [ 158.078048][ T8058] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 158.179511][ T7954] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 158.248291][ T7954] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 158.372955][ T7955] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 158.497196][ T7955] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 158.505941][ T7955] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 158.571144][ T7955] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 158.623905][ T7955] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 158.662519][ T7955] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 158.691944][ T7955] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 158.743558][ T7916] 8021q: adding VLAN 0 to HW filter on device bond0 [ 158.789608][ T7954] team0: Port device team_slave_0 added [ 158.821850][ T7955] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 158.882370][ T7909] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network 00:52:10 executing program 0: [ 158.923189][ T7909] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 158.970491][ T7954] team0: Port device team_slave_1 added 00:52:10 executing program 0: [ 159.059855][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 159.099674][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready 00:52:10 executing program 0: [ 159.128779][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 159.148817][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 00:52:10 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) utimensat(r1, 0x0, &(0x7f0000f84fe0)={{0x0, 0x3ffffffe}}, 0x0) [ 159.185089][ T7916] 8021q: adding VLAN 0 to HW filter on device team0 [ 159.239496][ T7954] device hsr_slave_0 entered promiscuous mode [ 159.276889][ T7954] device hsr_slave_1 entered promiscuous mode [ 159.306644][ T7954] debugfs: Directory 'hsr0' with parent '/' already present! [ 159.328427][ T7909] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 159.335618][ T7955] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 159.344741][ T7955] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 159.357192][ T7955] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 159.364955][ T7955] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 159.372954][ T7955] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 159.394597][ T7914] 8021q: adding VLAN 0 to HW filter on device bond0 00:52:10 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x2a7) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_int(r0, 0x29, 0x31, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) tkill(r1, 0x1c) wait4(0xffffffffffffffff, 0x0, 0x0, 0x0) [ 159.406270][ T7955] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 159.430987][ T7955] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 159.442334][ T7955] bridge0: port 1(bridge_slave_0) entered blocking state [ 159.449470][ T7955] bridge0: port 1(bridge_slave_0) entered forwarding state [ 159.484511][ T7955] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 159.493437][ T7955] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 159.507402][ T7955] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.508082][ T8112] ptrace attach of "/root/syz-executor.0"[8111] was attempted by "/root/syz-executor.0"[8112] [ 159.514484][ T7955] bridge0: port 2(bridge_slave_1) entered forwarding state [ 159.605556][ T7914] 8021q: adding VLAN 0 to HW filter on device team0 [ 159.636173][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 159.649606][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 00:52:10 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000880)=ANY=[@ANYBLOB="b401000010001307000000e0f083d0876e8b1900000000000000000000000000fe8000eead5f2d00000000000000000000000000000000000000000021000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414bb0000000000000000000000000000000033000000fe8000000000000000000000000000bb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000008000b0000000000bc0001006d64350000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000088030000669ba8ccaec0d382a1359479b3a152f7ffffffffffffffeb87f0a52bc16211efb8f98be5ef742a104a42b7b673c5b96548fbe0a634cf2fe6619e751055001171c5f0b7aed3e747811b45b8a79f9f142dd7bf3b210c6a2fb4a6ced87eed0819f80d266e00"/364], 0x1b4}}, 0x0) [ 159.707290][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 159.729912][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 159.817234][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 159.825949][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 159.862753][ T7942] bridge0: port 1(bridge_slave_0) entered blocking state [ 159.869965][ T7942] bridge0: port 1(bridge_slave_0) entered forwarding state [ 159.911459][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 159.944657][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 159.987630][ T7942] bridge0: port 2(bridge_slave_1) entered blocking state [ 159.994736][ T7942] bridge0: port 2(bridge_slave_1) entered forwarding state [ 160.026702][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 160.035548][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 160.067284][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 160.075856][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 160.107866][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 160.127087][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 160.135619][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 160.187256][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 160.196065][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 160.227513][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 160.246991][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 160.282593][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 160.290971][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 160.327136][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 160.424446][ T7916] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 160.445398][ T7916] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 160.492665][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 160.517270][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 160.531190][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready 00:52:11 executing program 1: [ 160.548819][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 160.563544][ T7923] 8021q: adding VLAN 0 to HW filter on device bond0 [ 160.581552][ T7914] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 160.604731][ T7914] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 160.632967][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 160.647166][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 160.655577][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 160.664581][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 160.673716][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 160.697101][ T7954] 8021q: adding VLAN 0 to HW filter on device bond0 [ 160.711909][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 160.719537][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 160.731805][ T7916] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 160.748809][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 160.756270][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 160.775509][ T7923] 8021q: adding VLAN 0 to HW filter on device team0 [ 160.782674][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 160.790821][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 160.802501][ T7914] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 160.826453][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 160.834118][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 160.843331][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 160.854687][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 160.864013][ T2846] bridge0: port 1(bridge_slave_0) entered blocking state [ 160.871168][ T2846] bridge0: port 1(bridge_slave_0) entered forwarding state [ 160.879213][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 160.888219][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 160.896660][ T2846] bridge0: port 2(bridge_slave_1) entered blocking state [ 160.903705][ T2846] bridge0: port 2(bridge_slave_1) entered forwarding state [ 160.911314][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 160.920080][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 160.932900][ T7954] 8021q: adding VLAN 0 to HW filter on device team0 [ 160.944426][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 160.952689][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 160.968313][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 160.985188][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 161.001408][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 161.012573][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 161.021715][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 161.030641][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 161.044407][ T7923] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 161.056248][ T7923] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 161.076914][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 161.085441][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 161.095373][ T7911] bridge0: port 1(bridge_slave_0) entered blocking state [ 161.102478][ T7911] bridge0: port 1(bridge_slave_0) entered forwarding state [ 161.110563][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 161.119283][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 161.127887][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 161.136841][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 161.145141][ T7911] bridge0: port 2(bridge_slave_1) entered blocking state [ 161.152420][ T7911] bridge0: port 2(bridge_slave_1) entered forwarding state [ 161.160087][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 161.169102][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 161.178149][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 161.193864][ T7923] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 161.205648][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 161.216730][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 161.225313][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 161.234223][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 161.242455][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 161.253389][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 161.262445][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 161.274500][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 161.310003][ T7954] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 161.323660][ T7954] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 161.335183][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 161.346232][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 161.355235][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 161.379872][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 161.394353][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 161.420440][ T7954] 8021q: adding VLAN 0 to HW filter on device batadv0 00:52:13 executing program 2: 00:52:13 executing program 0: 00:52:13 executing program 1: 00:52:13 executing program 3: 00:52:13 executing program 4: 00:52:13 executing program 5: 00:52:13 executing program 5: 00:52:13 executing program 3: 00:52:13 executing program 1: 00:52:13 executing program 4: 00:52:13 executing program 0: 00:52:13 executing program 2: 00:52:13 executing program 5: 00:52:13 executing program 0: 00:52:13 executing program 3: 00:52:13 executing program 4: 00:52:13 executing program 1: 00:52:13 executing program 2: 00:52:13 executing program 5: 00:52:13 executing program 4: 00:52:13 executing program 3: 00:52:13 executing program 0: 00:52:13 executing program 1: 00:52:13 executing program 2: 00:52:13 executing program 3: 00:52:14 executing program 1: 00:52:14 executing program 0: 00:52:14 executing program 4: 00:52:14 executing program 5: 00:52:14 executing program 4: 00:52:14 executing program 3: 00:52:14 executing program 1: 00:52:14 executing program 2: 00:52:14 executing program 5: 00:52:14 executing program 0: 00:52:14 executing program 2: 00:52:14 executing program 4: 00:52:14 executing program 3: 00:52:14 executing program 1: 00:52:14 executing program 5: 00:52:14 executing program 2: 00:52:14 executing program 0: 00:52:14 executing program 3: 00:52:14 executing program 5: 00:52:14 executing program 1: 00:52:14 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000100)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x0, 0x0, @ioapic={0x3000, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x10}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, [], 0x6}]}}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x4cb]}) syz_open_procfs(0x0, 0x0) pipe(0x0) fstat(0xffffffffffffffff, 0x0) fstat(0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) fsetxattr(0xffffffffffffffff, &(0x7f0000000040)=@known='system.posix_acl_default\x00', &(0x7f0000000080)='cgroup\x00', 0x7, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_GET_ONE_REG(0xffffffffffffffff, 0x4010aeab, &(0x7f0000000000)={0x2}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:52:14 executing program 2: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open(0x0, 0x40c5, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000300)=[{&(0x7f00000004c0)=""/85, 0x55}], 0x1, 0x2) preadv(0xffffffffffffffff, &(0x7f0000000480), 0x1000000000000181, 0x2) stat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)) setsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000480), 0x1000000000000181, 0x2) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r1, 0x4008ae93, &(0x7f0000000240)) r2 = socket$inet(0x2, 0x1, 0x0) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23}, 0x10) r3 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp\x00\xcdWq\xe9*\a4g\a^\x90\xb6\xe4kH2\x80/\x88\xb6\xbb\xeb`\xb8@#\x83tH\xae\xa5y\x1d\\]\x93\x93\xb5e\xd9\xd4\xb8A# \xc9*s\xd0g>\x16\xabM\x7foK\xec\x17f\xb9x\x11\xbf\xab\x16\xc5\xcb\x94\xff\x1c\xa0\x01\xb3I\x1c\xb9\xcc\xbb\xbe\x9c\xd0!\x13\xe1\xbc.\xfaG3\x85\xe0(\x18\xe9\xef%nM\'\aF\xb7\x95\xcbm\x04\xa8\x05\xef@&\xc4') sendfile(r2, r3, 0x0, 0x80000003) 00:52:14 executing program 0: getpid() ioctl$SG_GET_ACCESS_COUNT(0xffffffffffffffff, 0x2289, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm-monitor\x00', 0x400, 0x0) userfaultfd(0x80000) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340)='/dev/fuse\x00', 0x2, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) fchdir(r1) mkdir(&(0x7f0000001340)='./file0\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) rmdir(&(0x7f00000000c0)='./file0\x00') dup2(0xffffffffffffffff, r0) r2 = gettid() r3 = syz_open_procfs(r2, &(0x7f0000000240)='fdinfo/4\x00') lseek(0xffffffffffffffff, 0x0, 0x1) ioctl$RTC_WIE_OFF(r3, 0x7010) syz_open_dev$cec(&(0x7f0000000100)='/dev/cec#\x00', 0x2, 0x2) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88)) msgsnd(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="03"], 0x1, 0x0) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000700)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}) r4 = socket(0x11, 0xa, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0}, &(0x7f0000000200)=0xc) r6 = getegid() msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000400)={{0x0, r5, r6, 0x0, 0x0, 0x4a, 0x81}, 0x7fffffff, 0x1b, 0x4, 0x8771, 0xb5, 0x2}) bind(0xffffffffffffffff, &(0x7f0000000140)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000700)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}) socket(0x11, 0xa, 0x0) getpid() r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x28, 0x35, 0x119, 0x0, 0x0, {0x4}, [@generic="ffd38d9b", @nested={0x10, 0x1, [@typed={0xc, 0x0, @u64}]}]}, 0x28}}, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000080)={{{@in=@multicast2, @in=@local}}, {{@in=@loopback}, 0x0, @in6=@loopback}}, &(0x7f00000001c0)=0xe8) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000380)={0x0, 0x0, 0x0}, &(0x7f00000003c0)=0xc) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000400)={{0x0, 0x0, 0x0, 0x0, r8, 0x4a, 0x81}, 0x0, 0x1b, 0x4, 0x8771, 0xb5, 0x2}) 00:52:14 executing program 1: r0 = socket$inet6_sctp(0xa, 0x80000000000001, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r0, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x75, &(0x7f0000000040), 0x8) 00:52:14 executing program 3: capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000804000)) setresuid(0x0, 0x0, 0x0) 00:52:14 executing program 5: r0 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x5, 0x20000) connect$l2tp(r0, &(0x7f0000000080)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x4e23, @broadcast}, 0x0, 0x1, 0x4, 0x3}}, 0x26) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) rt_sigtimedwait(&(0x7f00000000c0)={0x6}, &(0x7f0000000100), &(0x7f00000001c0)={r2, r3+10000000}, 0x8) r4 = socket$rds(0x15, 0x5, 0x0) setsockopt$sock_timeval(r4, 0x1, 0x15, &(0x7f0000000200), 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(0xffffffffffffffff, 0x84, 0x1c, &(0x7f0000000240), &(0x7f0000000280)=0x4) ioctl$DRM_IOCTL_ADD_CTX(r0, 0xc0086420, &(0x7f00000002c0)={0x0}) ioctl$DRM_IOCTL_NEW_CTX(r1, 0x40086425, &(0x7f0000000300)={r5, 0x3}) fsconfig$FSCONFIG_SET_FD(r0, 0x5, &(0x7f0000000340)='^user%\'posix_acl_access-.posix_acl_accessselinux]$nodev\x00', 0x0, r0) r6 = open(&(0x7f00000019c0)='./file0\x00', 0x101000, 0x80) setsockopt$inet_mreqsrc(r6, 0x0, 0x27, &(0x7f0000001a00)={@empty, @loopback, @dev={0xac, 0x14, 0x14, 0xb}}, 0xc) r7 = openat$cgroup_ro(r0, &(0x7f0000001a40)='pids.events\x00', 0x0, 0x0) setsockopt$RXRPC_EXCLUSIVE_CONNECTION(r7, 0x110, 0x3) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x2) getsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0xf, &(0x7f0000001a80)=""/5, &(0x7f0000001ac0)=0x5) r8 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000001b00)='/dev/dlm-control\x00', 0x12bb5a44c10dc053, 0x0) ioctl$DRM_IOCTL_VERSION(r8, 0xc0406400, &(0x7f0000001c80)={0x9e3e, 0x101, 0x3, 0x86, &(0x7f0000001b40)=""/134, 0x35, &(0x7f0000001c00)=""/53, 0x0, &(0x7f0000001c40)}) openat$zero(0xffffffffffffff9c, &(0x7f0000001cc0)='/dev/zero\x00', 0x401, 0x0) memfd_create(&(0x7f0000001d00)='/dev/input/mouse#\x00', 0x2) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000001d40)={0x14}) ioctl$VIDIOC_G_EDID(0xffffffffffffffff, 0xc0285628, &(0x7f0000001dc0)={0x0, 0x1fdf8eab, 0x6f, [], &(0x7f0000001d80)=0x8}) ioctl$SIOCX25GDTEFACILITIES(r1, 0x89ea, &(0x7f0000001e00)) r9 = syz_open_dev$cec(&(0x7f0000001e40)='/dev/cec#\x00', 0x0, 0x2) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r9, 0xc0bc5351, &(0x7f0000001e80)={0x7, 0x2, 'client0\x00', 0x3, "9a0f36adddb203e1", "9d51fb23798a7a092d8bee441de67528ec350bb36c0c2b8fe2a9ef038229a7fb", 0x9, 0x8000}) r10 = openat$audio(0xffffffffffffff9c, &(0x7f0000001f40)='/dev/audio\x00', 0x444280, 0x0) ioctl$FS_IOC_RESVSP(r10, 0x40305828, &(0x7f0000001f80)={0x0, 0x2, 0xfff}) bind$vsock_dgram(r10, &(0x7f0000001fc0)={0x28, 0x0, 0x2710, @my=0x0}, 0x10) r11 = syz_open_dev$vcsa(&(0x7f0000002000)='/dev/vcsa#\x00', 0x7fff, 0x2) ioctl$SIOCX25SDTEFACILITIES(r11, 0x89eb, &(0x7f0000002040)={0x9, 0x3, 0x0, 0x1, 0x5, 0x24, 0x10, "cd3a357e4d76689c4abe7bd3a9e83e6ebecb65e2", "757094c0f72e802a806ef55325f7333082db2bbd"}) [ 163.629808][ T8314] capability: warning: `syz-executor.3' uses 32-bit capabilities (legacy support in use) [ 163.670255][ C1] hrtimer: interrupt took 42906 ns 00:52:14 executing program 4: perf_event_open(&(0x7f000001d000)={0x4, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x200000000000011, 0x3, 0x0) fcntl$setstatus(r0, 0x4, 0x2400) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000002c0)=0x596, 0x4) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) 00:52:14 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0xd}}, 0x5}, 0xffc4a851) gettid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$PPPIOCNEWUNIT(r5, 0xc004743e, &(0x7f0000000040)=0x2) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/fib_triestat\x00') sendfile(r1, r6, 0x0, 0x7) dup2(r0, r1) timer_settime(0x0, 0x0, &(0x7f0000000180)={{}, {0x0, 0x989680}}, 0x0) r7 = gettid() tkill(r7, 0x1104400000016) ioctl$DRM_IOCTL_AGP_ACQUIRE(r5, 0x6430) tkill(0x0, 0x1004000000015) 00:52:15 executing program 2: r0 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000180)={{0xc, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e22, 0x1, 'rr\x00', 0x6b, 0xd02, 0x7f}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4e22, 0x2000, 0x6, 0x6, 0xfffffe00}}, 0x44) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x4, &(0x7f00000000c0)=ANY=[], &(0x7f0000000100)='\x90\xa3\x9bu\x8b\xff\x03,\a\x00\xf5\v;=\x8a\xfb\x00}\x06\xd7q2\x04\xec\xad\x16X\xfe$\xf6T\x94\xe3\x19m\x9c\x93\x02\xbfV\xc4gv\xf8\xbc;\x95\xb5\xbcV\x1b\xa3D\xaaL\xd6n\x12p\x05Y\xba\xde\xf9\x99\x01\xdb\x84\x1f\x01\xebJ\xc2\xa008~C\xf9W\x82y\xf1\x8f(\xb6+H\xae\x9c\xef\xb6oz\xd0&\xe4\x10\xc3vB\xdf\x82\x9b\xf4\x85\xf1\'\xc0\xd6\x0e\x7f\xa0\x94\x1fNhS\xb6\xb1', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0xffffffffffffffa6, 0x10, 0x0}, 0x70) [ 163.904479][ T8313] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 163.940535][ T8331] IPVS: set_ctl: invalid protocol: 12 172.30.1.3:20002 00:52:15 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) openat$cgroup_subtree(r0, 0x0, 0x2, 0x0) r1 = socket$inet(0x2, 0x800, 0x0) setsockopt$bt_rfcomm_RFCOMM_LM(0xffffffffffffffff, 0x12, 0x3, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @dev}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fa, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000300)='sit0\x00', 0x1d3) io_setup(0x100, &(0x7f0000000000)=0x0) r3 = socket$kcm(0x29, 0x0, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f000031aff8)) r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='mounts\x00') socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) sendfile(r5, r4, 0x0, 0x2000000000000005) r6 = socket$kcm(0x29, 0x1000000000002, 0x0) getsockopt$inet_sctp_SCTP_NODELAY(r1, 0x84, 0x3, &(0x7f0000000040), &(0x7f00000000c0)=0x4) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f000031aff8)) io_submit(r2, 0x4, &(0x7f0000002880)=[0x0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x8, r3, 0x0, 0x0, 0x6, 0x0, 0x2}, 0x0, &(0x7f0000002840)={0x0, 0x0, 0x0, 0x5, 0xf6, 0xffffffffffffffff, &(0x7f0000001840)="6352ee4b3e7ee47fd8fca01c245c5daca2224b23641ffc5b896a46bd069199a144cacb3247241fb81278f89e4c56fbfa8549c02ff218277bb679280ca1c39b311e7f42857fa62b4e54a9854196423d5d0af411733f88d8343e1e27b1ac2240c30c0bb8a83c6ee11261033d8d9f6816606f1a04052c38db64e4b0b0541b60b0d309e1f302bcd9cbe37d23e2865d9f96062a1745216055d699e44ea28863535da4cb6c3dfdc8468a63fe830bbd15d4268541c71f996c6aa92844f0bc2a394218e6660ca6c683a6af6c922f49e1304d362525561f3558f47d57f5fb913fb4be470d33637d3985b587f262c1d86a77c3bfbc2c338055b79518307b679dc9a726bbed78b7cfcc0daecf5dab513781f6149e0eb37f005f20bdb5481fca8a24eaf5402cd2b36c34afabd17925f70b8db7340cb2c7f45b40461cb6bc3733d77927b12ae478162b2e849412efbef180ca0681570e586853222f8a49ea619c7302e9309306c6e3bf2228352fc2a5f048ddabac72bf44ab04b11e595b362eee1250a8463f92329bc8fc47f5d80673f14fa53e0402b4fb50f60f8e107fe1daf3d41b587f098f5da0adddf519fde88257db0693bbcd30f44fc411f927183d9b13a31c3f5be916b1ac2d030dcfc169804efb47f5f66bbf8fb68d854f5137297153ee9118b45251743ec97d3388dd115da0364bc1622f27dca5505854a6c18d272c7c38c3f117a610d8721d6bd87461e542aaa27173e4f23b60616932e78dae27b927e1b8d721ab6c1bf911d5813d37491269b95e72bd587cad24b54feaf7e6a21241adc53976db740d67e1e8cbebbecd18a5b32573937babacc27e63acfa35d6d9833c418b5fba6046b391a0130921e701b9975e46dd3528120723422491b92debad4e6f454db78a10de4cd63d126dae268d5fa6a441c4dcf3caba146f708f7f9cfdf069da3521343ed576b5ba5ed38b60356b5e95dd14836e14ed66ce4d3c06a9098728d37fd93cadf8007fda397a41d9a0438556bc5930b5b2593ce933a61931a216a7a5ca74a183b94a5f1b34b54d54d94c31aebb7d68b95f2ad30922c2600029999e1e07fb941aa2199edf0abf1132e9910cea77586d3071df871401b852a26ce3e489594afee226e510e1541fde719b572feefd47018c51510552d93233da521d78a67ff0bcf9e6a96bd6dd59a77b7db87185f6a30ff4621f7700fc67256ae14cdae1610b337b78d02d330aa5870e5b7a50e099123a61a5d44f555b29eb7226a38d9f72afe99546b7ce149eb7b1387864837bf814ace55024698dfa49a085a0b510d088badb07214e4e275e2e8000660472c0e98d8987600400fea5bf70fe621e9cf29ca4f742913c239690f22c4e87b4349b93c385415f1659da1067695329498ac4e8eff4f8b1fa4f14f0a69769d7e11baa5ac5c49892475bdefc0fa9226f32cb3b3e181e16975443d1f1a41a3b06bc546c4ffc4b582b9c40b61ca5d2b44f29edf50028059b347fae497e81064de962da4f49e8018c687636470ac672cc03b30c82407185cb0984dae36436d369261380a8ce5c950d513b502c63048624b340aa892b077b8211cdf8eb62e2a9d00c53c0bed39d6b94e5aab7bae2315faeef1352728b062d33727a558d8da53c542c84154af8ef5c0d4b95a1c6fa41c9f3e53e9efa576c2113c638f0544cc7614538c628a44b33669e8585fa485d3408043ca88fd17b4ad43d1900170a208cc12995c1647928c5b6ff66d461b44fbdded99df7fa81531dd4638e36546b48bf8ef6b3cfedcb89c4e2beb3c669bfa37042955a40bc50cb8e049a0e4802b9b2876fde8dcec8a94fc1863203fd22900df74e23c32f8fd4468ca94358ab777a315d7e73f8d47fa94e30ddb8f57069e1ef98b3a9649008a4c3eb6cbad7c7926bfd571a4c183562c7ffa82be4f5dd8dfca5c436fc02c53287a362763826f01a5aec743670b5bf2a21e29937ed6199e2f9a4b48416b4f1dd1909d27f9279f58b0bd9c0a3fa061f024fba8c927e8478cd2fbfc07f8e72a42b953bb4e943b7b66b7e20a2bc46ab56c3959e666084333d39edbb7231439112a78aaf7fafdf6eb3b804eee443647e8d8829e4b6ab7911695673330cffe7cd2360d729115afcb635e8ff6b01f5573e2173f296ff022588f7c34eb5e8442eabc49f768665cc040c02edc7ee2470a999cc00a5de5416649f0f47a7792286d2fc2ac0644d4704176f2693b3833946d6d8f8cb2398cbce095ab28687e29ab1a7bc8299689843298fb24585598887018a8b7f3b626a8884fe0232a58e7aa6798a7ee470a0df1dbec23939ae7fa1bf003db857328183eebba1d567a63700be29859aa3b52a49e8356c6c10e2607bab026d788e4027020a5fe709b03d96d24c8ca6ae12a142c13f589c035e5b32659329a6a2f24cfaf1d0c23a7f07e3cf82a7c76f8755e0ef9c19e972522b299ccf65423e96", 0x6cb, 0x0, 0x0, 0x2}]) socketpair$unix(0x1, 0xe, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = dup(r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r8, 0xc0502100, &(0x7f0000000140)={0x0, 0x0}) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000002c0)={0x0, 0x0}) kcmp(r9, r10, 0x4, r6, r6) setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0xf, 0x0, 0x0) openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/attr/current\x00', 0x2, 0x0) r11 = socket$kcm(0x2b, 0x8000000000001, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r11, 0x8912, 0x400200) r12 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r12) pwritev(0xffffffffffffffff, 0x0, 0x0, 0x81003) ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000080)={0x1, 0x0, 0xe, 0x14, 0x20000000, 0x2}) flock(0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x102000002) 00:52:15 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f00000007c0)=[{{&(0x7f0000000040)={0xa, 0x4e24, 0x0, @remote}, 0x1c, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000006546b317c7f45dd343e0c6aa156fe80000040000000000000000000000180000000000000029"], 0x30}}], 0x1, 0x0) [ 163.949596][ T8331] IPVS: set_ctl: invalid protocol: 12 172.30.1.3:20002 00:52:15 executing program 1: r0 = gettid() tkill(r0, 0x1104400000016) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={r0, r2, 0x0, 0x1, &(0x7f0000000000)='\x00'}, 0x30) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x20, 0x0, 0x1}, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(0xffffffffffffffff, 0xc0305710, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1800007, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = socket$inet6(0xa, 0x1, 0x8010000000000084) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r7, 0x84, 0x75, &(0x7f0000000040)={r9}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r6, 0x84, 0x6, &(0x7f00000026c0)={r9, @in6={{0xa, 0x4e21, 0xfff, @rand_addr="42f6d6b4b8cd6a7e056213c9d87cc65e", 0xe6}}}, &(0x7f00000001c0)=0x84) r10 = dup(r4) preadv(0xffffffffffffffff, &(0x7f0000002600)=[{&(0x7f0000000100)=""/143, 0x8f}, {&(0x7f0000000280)=""/231, 0xe7}, {&(0x7f0000000380)=""/91, 0x5b}, {&(0x7f0000000080)=""/18, 0x12}, {&(0x7f0000000400)=""/4096, 0x1000}, {&(0x7f0000001400)=""/211, 0xd3}, {&(0x7f0000001500)=""/111, 0x6f}, {&(0x7f0000001580)=""/4096, 0x1000}, {&(0x7f0000002580)=""/127, 0x7f}], 0x9, 0x7f5) ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400202) setsockopt$IPT_SO_SET_ADD_COUNTERS(r10, 0x0, 0x41, &(0x7f0000000200)={'filter\x00', 0x3, [{}, {}, {}]}, 0x58) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r12 = dup(r11) ioctl$PERF_EVENT_IOC_ENABLE(r12, 0x8912, 0x400200) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r12, 0x84, 0x71, &(0x7f0000002780)={0x0, 0x4}, &(0x7f00000027c0)=0x8) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r10, 0x84, 0x7b, &(0x7f0000002800)={r13, 0x5}, 0x8) 00:52:15 executing program 2: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f, 0x0, 0x0, 0x1, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) [ 164.038954][ T8313] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 00:52:15 executing program 0: getpid() ioctl$SG_GET_ACCESS_COUNT(0xffffffffffffffff, 0x2289, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm-monitor\x00', 0x400, 0x0) userfaultfd(0x80000) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340)='/dev/fuse\x00', 0x2, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) fchdir(r1) mkdir(&(0x7f0000001340)='./file0\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) rmdir(&(0x7f00000000c0)='./file0\x00') dup2(0xffffffffffffffff, r0) r2 = gettid() r3 = syz_open_procfs(r2, &(0x7f0000000240)='fdinfo/4\x00') lseek(0xffffffffffffffff, 0x0, 0x1) ioctl$RTC_WIE_OFF(r3, 0x7010) syz_open_dev$cec(&(0x7f0000000100)='/dev/cec#\x00', 0x2, 0x2) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88)) msgsnd(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="03"], 0x1, 0x0) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000700)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}) r4 = socket(0x11, 0xa, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0}, &(0x7f0000000200)=0xc) r6 = getegid() msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000400)={{0x0, r5, r6, 0x0, 0x0, 0x4a, 0x81}, 0x7fffffff, 0x1b, 0x4, 0x8771, 0xb5, 0x2}) bind(0xffffffffffffffff, &(0x7f0000000140)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000700)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}) socket(0x11, 0xa, 0x0) getpid() r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x28, 0x35, 0x119, 0x0, 0x0, {0x4}, [@generic="ffd38d9b", @nested={0x10, 0x1, [@typed={0xc, 0x0, @u64}]}]}, 0x28}}, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000080)={{{@in=@multicast2, @in=@local}}, {{@in=@loopback}, 0x0, @in6=@loopback}}, &(0x7f00000001c0)=0xe8) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000380)={0x0, 0x0, 0x0}, &(0x7f00000003c0)=0xc) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000400)={{0x0, 0x0, 0x0, 0x0, r8, 0x4a, 0x81}, 0x0, 0x1b, 0x4, 0x8771, 0xb5, 0x2}) [ 164.136267][ C0] Scheduler tracepoints stat_sleep, stat_iowait, stat_blocked and stat_runtime require the kernel parameter schedstats=enable or kernel.sched_schedstats=1 00:52:15 executing program 2: getpid() ioctl$SG_GET_ACCESS_COUNT(0xffffffffffffffff, 0x2289, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm-monitor\x00', 0x400, 0x0) userfaultfd(0x80000) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340)='/dev/fuse\x00', 0x2, 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0) fchdir(r1) mkdir(&(0x7f0000001340)='./file0\x00', 0x0) open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) rmdir(&(0x7f00000000c0)='./file0\x00') dup2(0xffffffffffffffff, r0) r2 = gettid() r3 = syz_open_procfs(r2, &(0x7f0000000240)='fdinfo/4\x00') lseek(0xffffffffffffffff, 0x0, 0x1) ioctl$RTC_WIE_OFF(r3, 0x7010) syz_open_dev$cec(&(0x7f0000000100)='/dev/cec#\x00', 0x2, 0x2) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88)) msgsnd(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="03"], 0x1, 0x0) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000700)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}) r4 = socket(0x11, 0xa, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0}, &(0x7f0000000200)=0xc) r6 = getegid() msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000400)={{0x0, r5, r6, 0x0, 0x0, 0x4a, 0x81}, 0x7fffffff, 0x1b, 0x4, 0x8771, 0xb5, 0x2}) bind(0xffffffffffffffff, &(0x7f0000000140)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000700)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}) socket(0x11, 0xa, 0x0) getpid() r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x28, 0x35, 0x119, 0x0, 0x0, {0x4}, [@generic="ffd38d9b", @nested={0x10, 0x1, [@typed={0xc, 0x0, @u64}]}]}, 0x28}}, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000080)={{{@in=@multicast2, @in=@local}}, {{@in=@loopback}, 0x0, @in6=@loopback}}, &(0x7f00000001c0)=0xe8) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000380)={0x0, 0x0, 0x0}, &(0x7f00000003c0)=0xc) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000400)={{0x0, 0x0, 0x0, 0x0, r8, 0x4a, 0x81}, 0x0, 0x1b, 0x4, 0x8771, 0xb5, 0x2}) 00:52:15 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f000014f000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001000)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@mcast2, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x2, 0x80}, {0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}}}, 0xb8}}, 0x0) [ 164.352581][ T8351] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 00:52:15 executing program 3: fstat(0xffffffffffffffff, &(0x7f0000000000)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x9, 0x20800) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r3 = accept$alg(r2, 0x0, 0x0) sendmmsg$alg(r3, &(0x7f0000008040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r3, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000003500)=""/4096, 0x1000}], 0x1, 0x0, 0x6}, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r5 = accept$alg(r4, 0x0, 0x0) sendmmsg$alg(r5, &(0x7f0000008040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r5, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000003500)=""/4096, 0x1000}], 0x1, 0x0, 0x6}, 0x0) r6 = dup3(r3, r5, 0x80000) write$nbd(r6, &(0x7f0000000240)={0x67446698, 0x0, 0x3, 0x3, 0x4, "3fd3c6e8c3cca311aff2baa6adfa357ee9e3bf6d5731b411025e78195af87c5cb5e670e6e14d0ed0bb8e387bdbfd04970db875ba16377cb5b20dc485286421fb22ef331a02f714348d6143e7da2cff32050f5e0a7b7ec0f03f31142728d5a984b52e7ac0991701ba109ed73538ca13beca36e249fd193fb6302a3d7cac972b796e162e537473dc03d9a87b8a67637548c6ad731b51331a70acb515ebcd"}, 0xad) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000000c0)={{{@in6=@ipv4={[], [], @loopback}, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}, 0x0, @in6=@remote}}, &(0x7f00000001c0)=0xe8) syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000380)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="646f74732c666faad4ca93e3d5c865873c", @ANYRESDEC=r7, @ANYBLOB=',\x00']) [ 164.521869][ T8359] netlink: 'syz-executor.2': attribute type 1 has an invalid length. 00:52:15 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$inet_mreqsrc(r1, 0x0, 0x28, &(0x7f00000001c0)={@dev={0xac, 0x14, 0x14, 0x27}, @remote, @loopback}, 0xc) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x3) r3 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x40500, 0x0) setsockopt$netrom_NETROM_IDLE(r3, 0x103, 0x7, &(0x7f0000000200)=0x1000, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r5, 0x84, 0x66, &(0x7f0000000040)={0x0, 0x6}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f00000000c0)={r6, @in6={{0xa, 0x4e24, 0x8, @mcast1, 0x80000001}}, 0x0, 0xb3, 0xdfa, 0x8, 0xc0}, &(0x7f0000000180)=0xff40) ioctl$FS_IOC_GETFSLABEL(r2, 0x800452d2, 0x0) 00:52:15 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000100)='/dev/uinput\x00', 0x805, 0x0) write$uinput_user_dev(r2, &(0x7f0000000400)={'syz1\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x5) ioctl$UI_DEV_SETUP(r2, 0x5501, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$TUNSETTXFILTER(r4, 0x400454d1, &(0x7f0000000000)={0x1, 0x1, [@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}]}) 00:52:15 executing program 0: r0 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0) r1 = creat(&(0x7f0000001380)='./file0\x00', 0x0) r2 = creat(&(0x7f0000000240)='./file0\x00', 0x0) ftruncate(r2, 0x2081ff) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) io_setup(0x8, &(0x7f00000003c0)=0x0) write$cgroup_pid(r0, &(0x7f0000000080), 0x12) ioctl$KVM_GET_MP_STATE(r1, 0x8004ae98, &(0x7f0000000040)) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r6 = accept$alg(r5, 0x0, 0x0) sendmmsg$alg(r6, &(0x7f0000008040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r6, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000003500)=""/4096, 0x1000}], 0x1, 0x0, 0x6}, 0x0) ioctl$FS_IOC_FIEMAP(r6, 0xc020660b, &(0x7f0000000280)={0x2ec14fa8, 0x0, 0xdc2b0965c701e82e, 0x6, 0x3, [{0x0, 0x0, 0x8, 0x0, 0x0, 0x1004}, {0x1, 0x1, 0x2, 0x0, 0x0, 0x102}, {0x1ff, 0x60, 0x42ee, 0x0, 0x0, 0x100}]}) io_submit(r4, 0x1, &(0x7f0000000500)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000240)="1e", 0x1, 0xdbed}]) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000200)={0x0, r1, 0x0, 0x0, 0x2}) 00:52:15 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) accept$alg(r1, 0x0, 0x0) r2 = dup2(r1, r0) ioctl$TIOCSISO7816(r2, 0xc0285443, &(0x7f0000000040)={0x3b9a6e0c, 0xfffffffb, 0x97, 0x101, 0x3a}) r3 = socket$netlink(0x10, 0x3, 0x0) writev(r3, &(0x7f0000000000)=[{&(0x7f0000000080)="390000001000090368fe07002b00000001000a0014000200450001070300001419001a0012000a0005000100"/57, 0x39}], 0x1) 00:52:15 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0x3, &(0x7f0000000200)=ANY=[@ANYRESOCT], &(0x7f0000000080)='GPL\x00', 0x4, 0x114, &(0x7f0000000100)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffe1f, 0x10, 0x0, 0xfffffffffffffdd4}, 0x23) [ 164.703361][ T8376] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.4'. [ 164.717763][ T8377] input: syz1 as /devices/virtual/input/input5 00:52:15 executing program 2: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x417500, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4000}, 0x0, 0xb, r0, 0x0) r1 = open(&(0x7f0000000140)='./bus\x00', 0x14103e, 0x0) accept$packet(r1, 0x0, &(0x7f0000000000)) r2 = open(0x0, 0x14103e, 0x0) accept$packet(r2, 0x0, &(0x7f0000000000)) r3 = getpid() sched_setscheduler(r3, 0x5, &(0x7f0000000380)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={r5, 0xc0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200), 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000400)={0x0, 0xffffffffffffffff, 0x0, 0x1, &(0x7f00000003c0)='\x00', r6}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x0, 0x12, &(0x7f00000001c0)='/dev/input/mouse#\x00', r6}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, r2, 0x0, 0x1, &(0x7f00000000c0)='\x00', r6}, 0x30) r7 = socket$inet(0x2, 0x4000000000000001, 0x0) r8 = syz_open_procfs(0x0, &(0x7f0000000280)='fd/3\x00\x02\x17\x87:\xf4\x03\xdfc\x88,5I\xd7^\xb5D\xf7\xd7\xdb,(\xd5\x00\xc2\x06MG\xcd\xe9w\xe5s\x02\xf2\xea\xb6\xabsp\x12xT8\x01\x00\xd4S\xd8F\xab.x|\x8b\x87\xb0\xa2\xf5Y>\xb1 p\x998(\xe63\xcf\x7f\xac\x89F\x03n\x96\x15zsw\x98\xca\xcb3\xb6M=h\x01i.\xa3\xda}\x190~\xe7d6\xa5\x17\xb3\xe9\xd9QV\x0f\xf3\x02\xd6\xc1\xc3n\xcd*R\x9a\x95\x12\x05K\xa0<\xc9\xe3\xed\xab\xc9\x8bK\xb3\x86\xe2\x93f\x92iKA|e\x97k :,J36\x11\xf0\x99\x96\xb7]\xfd\xe3\v\xd8\x98\xc5o\xc6\xde\x80\xf7_\xc9\x8f\xaf\xf9\xd5\xb7ui\xea\xde\xd0\xeb\xd9\xf5_\v\xe2*\xa3\xf4\xab?n\xcb\x19i\x80\x91\xd2\xf6\x14\xfe!!0\x84L\x86\x81\x95,B\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xab*[\xa5\xb217\x93\xf3\x88\x92\xa6\xde\x11\xa2-J\x9d\xc9\xb2\x97\xa3\x88v\x9eR\x155\xc7N!\xdb\"8\xc8I\xb9c\xed\xa7!\t\x85s\xb1\xa5\xa7R2Yf\x1c\xf8\xc2z>\xb1\x9c\x02a\x87\xe9\xb8\xf8\xdcv\xb6\xe4\xa6\n\x0e\x83lM7\xcc?\xea\x19\x99\xce\x1c\x10\xd2lQ(\xc7\xe9\xef\xd2Q\vY\xf58\x10|8}uE\xaf\xb4w;\xbc\xe4\x01\xd8\xf2\xf9u\xc1Dt\'\x84\xb5\xa4\x83\xeft\xfc\xf3\xdd\x870xffffffffffffffff}) r12 = dup(r11) ioctl$PERF_EVENT_IOC_ENABLE(r12, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_PERIOD(r12, 0x40082404, &(0x7f0000000080)=0x5) shutdown(r7, 0x1) recvmsg(r7, &(0x7f0000001440)={0x0, 0xa, &(0x7f00000015c0)=[{&(0x7f0000001600)=""/4096, 0xf99e}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x7115}, 0x100) 00:52:18 executing program 1: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x400, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) syz_read_part_table(0x0, 0x6876b688bcd26e3, &(0x7f0000000080)=[{&(0x7f0000000000)="0201a5ffffff0a000000ff07000000ffffff81000800000000000000004000ffffff85000000e1000000887700720030b5829237c30000000000008000da55aa", 0x40, 0x1c0}]) 00:52:18 executing program 5: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000280)={0x0, 0x50, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eb04001800160009000586f9835b3f2f009148790003f85acc7c45", 0x2e}], 0x1}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x100400, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$LOOP_GET_STATUS64(r2, 0x4c05, &(0x7f0000000140)) 00:52:18 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/sequencer2\x00', 0x282000, 0x0) r2 = syz_open_dev$audion(&(0x7f0000000300)='/dev/audio#\x00', 0x2, 0x444540) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000340)={0x8000, 0x3be36358faca1f07, 0x0, r2}) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071") socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) setsockopt$TIPC_SRC_DROPPABLE(r4, 0x10f, 0x80, &(0x7f0000000380)=0x10001, 0x4) r5 = socket$inet(0x10, 0x2, 0x0) sendmsg(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="24000000180007841dfffd946f6105000a0081001f038b0504000800080015000a00ff7e280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0) r6 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) ioctl$KVM_GET_CPUID2(r6, 0xc008ae91, &(0x7f0000000500)={0x7, 0x0, [{}, {}, {}, {}, {}, {}, {}]}) 00:52:18 executing program 4: pipe(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000100)=[{&(0x7f0000000800)="580000001400adfd8a987e40da2e6a262b", 0x11}], 0x1) close(r2) socket$netlink(0x10, 0x3, 0x4) socket$inet(0x2b, 0x1, 0x1) getsockopt$CAN_RAW_LOOPBACK(r1, 0x65, 0x3, &(0x7f0000000180), &(0x7f00000001c0)=0x4) write$binfmt_misc(r1, &(0x7f0000001940)=ANY=[@ANYPTR64, @ANYBLOB="ad82d075530ade5c18162eb34b045452be0d927d4bf398dd6be26f2f846f45efb87ea5af960102bb864e1f3cb5bb407f419101a1ae0f31d2c0215e6be86c84"], 0x47) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) getsockopt$inet_dccp_buf(r4, 0x21, 0xc, &(0x7f0000000000)=""/224, &(0x7f0000000140)=0xe0) 00:52:18 executing program 0: r0 = socket$inet6(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)="5500000018007fafb72d1cb2a2a280930206000000a843096c26230014000800040010e80f00ca8a9848a3c728f1c46b7b31afdc1338d54400009b84136ef75afb83de448daa7227c43ab8220000bf0cec6bab91d4", 0x55}], 0x1}, 0x0) r1 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x80, 0x400) getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f0000000040), &(0x7f0000000180)=0x4) 00:52:18 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/arp\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000080)='comm\x00') r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180)='/dev/net/tun\x00', 0x0, 0x0) r3 = socket$tipc(0x1e, 0x2, 0x0) fcntl$setsig(r3, 0xa, 0x24) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000240)={'bcsf0\x00', 0x8011}) ioctl$TUNSETLINK(r2, 0x400454cd, 0x8000000001) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x21, 0x0, &(0x7f0000000000)="3f006671d7af52f647750500080089ea010000008000f109a708f78293c8744e1a", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r4 = socket$inet(0x2, 0xa, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x8955, &(0x7f0000000000)=0x2) sendfile(r1, r0, 0x0, 0x80000000) [ 167.060204][ T8409] netlink: 'syz-executor.5': attribute type 9 has an invalid length. [ 167.082920][ T8407] netlink: 37 bytes leftover after parsing attributes in process `syz-executor.0'. [ 167.098758][ T8402] netlink: 'syz-executor.3': attribute type 21 has an invalid length. 00:52:18 executing program 4: r0 = openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) unshare(0x2040400) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xc80, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) msgget$private(0x0, 0x1d9d0f791b60a80e) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000380)) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000909000/0x4000)=nil, 0x4000}, 0x1}) socket$nl_route(0x10, 0x3, 0x0) ioctl$KVM_X86_SET_MCE(0xffffffffffffffff, 0x4040ae9e, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) semop(0x0, 0x0, 0x0) semctl$GETZCNT(0x0, 0x1, 0xf, &(0x7f0000000600)=""/4096) ioctl$DRM_IOCTL_SG_ALLOC(r0, 0xc0106438, &(0x7f0000000480)={0xa4}) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, 0x0, 0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0) ioctl$sock_ifreq(r1, 0x8991, &(0x7f00000000c0)={'bond0\x00\x16\b\xea\xff\xff\x80\x00\x00\x02\xff', @ifru_names='bond_slave_1\x00'}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x2, 0x84200) setsockopt$inet_sctp_SCTP_HMAC_IDENT(r4, 0x84, 0x16, &(0x7f0000000000)={0x6, [0x4, 0x9, 0x0, 0x8, 0xffff, 0x1]}, 0x10) ioctl$sock_ifreq(r1, 0x8990, &(0x7f0000000240)={'bond0\x00\xe1\x03\n\x00!!\x00\x01\x00', @ifru_names='bond_slave_1\x00\x00\x00\b'}) syz_open_procfs(0x0, &(0x7f0000000280)='fd/3\x00\x02\x17\x87:\xf4\x03\xdfc\x88,5I\xd7^\xb5D\xf7\xd7\xdb,(\xd5\x00\xc2\x06MG\xcd\xe9w\xe5s\x02\xf2\xea\xb6\xabsp\x12xT8\x01\x00\xd4S\xd8F\xab.x|\x8b\x87\xb0\xa2\xf5Y>\xb1 p\x998(\xe63\xcf\x7f\xac\x89F\x03n\x96\x15zsw\x98\xca\xcb3\xb6M=h\x01i.\xa3\xda}\x190~\xe7d6\xa5\x17\xb3\xe9\xd9QV\x0f\xf3\x02\xd6\xc1\xc3n\xcd*R\x9a\x95\x12\x05K\xa0<\xc9\xe3\xed\xab\xc9\x8bK\xb3\x86\xe2\x93f\x92iKA|e\x97k :,J36\x11\xf0\x99\x96\xb7]\xfd\xe3\v\xd8\x98\xc5o\xc6\xde\x80\xf7_\xc9\x8f\xaf\xf9\xd5\xb7ui\xea\xde\xd0\xeb\xd9\xf5_\v\xe2*\xa3\xf4\xab?n\xcb\x19i\x80\x91\xd2\xf6\x14\xfe!!0\x84L\x86\x81\x95,B\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xab*[\xa5\xb217\x93\xf3\x88\x92\xa6\xde\x11\xa2-J\x9d\xc9\xb2\x97\xa3\x88v\x9eR\x155\xc7N!\xdb\"8\xc8I\xb9c\xed\xa7!\t\x85s\xb1\xa5\xa7R2Yf\x1c\xf8\xc2z>\xb1\x9c\x02a\x87\xe9\xb8\xf8\xdcv\xb6\xe4\xa6\n\x0e\x83lM7\xcc?\xea\x19\x99\xce\x1c\x10\xd2lQ(\xc7\xe9\xef\xd2Q\vY\xf58\x10|8}uE\xaf\xb4w;\xbc\xe4\x01\xd8\xf2\xf9u\xc1Dt\'\x84\xb5\xa4\x83\xeft\xfc\xf3\xdd\x870xffffffffffffffff}) ioctl$PPPIOCGIDLE(r1, 0x8010743f, &(0x7f0000000080)) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x3) ioctl$GIO_UNIMAP(r3, 0x4b66, &(0x7f0000000040)={0x6, &(0x7f0000000000)=[{}, {}, {}, {}, {}, {}]}) sendfile(r0, r1, 0x0, 0x7ffff000) [ 167.233482][ T8412] loop1: p1 p2 p3 < > p4 [ 167.267016][ T8412] loop1: p2 size 1073741824 extends beyond EOD, truncated [ 167.288735][ T8412] loop1: p4 size 3657465856 extends beyond EOD, truncated 00:52:18 executing program 0: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r1 = creat(&(0x7f0000000240)='./file0\x00', 0xf6) r2 = fanotify_init(0x3a, 0x0) fanotify_mark(r2, 0x1, 0x8, r1, 0x0) r3 = fanotify_init(0x0, 0x0) getsockname$netlink(r1, &(0x7f0000000040), &(0x7f0000000080)=0xc) fanotify_mark(r3, 0x2000000000000011, 0x2, r0, 0x0) r4 = open$dir(&(0x7f0000000100)='./file0\x00', 0x4002, 0x0) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r6 = accept$alg(r5, 0x0, 0x0) sendmmsg$alg(r6, &(0x7f0000008040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = dup(r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) setsockopt$IP_VS_SO_SET_FLUSH(r8, 0x0, 0x485, 0x0, 0x0) r9 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000600)='/dev/dlm-control\x00', 0x221281, 0x0) ioctl$VIDIOC_S_CROP(r9, 0x4014563c, &(0x7f0000000640)={0x6, {0x0, 0x9, 0x2, 0x2}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r11 = dup(r10) ioctl$PERF_EVENT_IOC_ENABLE(r11, 0x8912, 0x400200) r12 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_SET(r11, &(0x7f00000005c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000680)=ANY=[@ANYBLOB="0000000078589b71718db9cb19337b5baebd7b771277841a36adc128f1815df263a983b8c5811be5c4400feb80d760f0edfe633a815e731f871e9c7cfcc73e633f3ca09250ccc9f21d9dd22b0fd98f80a0332505f3c8b1712416eebb7030e7c2c476a0bf", @ANYRES16=r12, @ANYBLOB="01002bbd7000fedbdf25090000005c0001002400020031ff0300070000000800010011000000080002000c09000008000100070000002c0004001400010002004e23ffffffff00000000000000001400020002004e21ffffffff0000000000000000080003000600000018000600040002000400020008000100ffffff7f04000200dbfe09000000010080a50000080002000000000000000100ea0000000800020004000000080002006afb0000180007000c0003000101000000000000080001000000f4fe0800020004000400"], 0xd4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000) recvmsg(r6, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000003500)=""/4096, 0x1000}], 0x1, 0x0, 0x6}, 0x0) sendmsg$alg(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)="c8b6d9348a5122a6a64aabe0a32071d6337d91d4c20c76a91902d3", 0x1b}, {&(0x7f0000000140)="846d7668a2a3b0275e242c18319f7317ade1652297d84dafde41cade8aa1a9c3c3604c578af426d0", 0x28}], 0x2, &(0x7f0000000400)=ANY=[@ANYBLOB="b00000000000000017010000020000009b000000c5eca2f89d252049aba61244bebd0ddd9561960c49de32c4c30c35b99c01556d0b05ac8924b829d0092f52060000000000000062ada76427fe537724a8ce91f75986db9a0e4b4669b45fb0e41c9483ea30f8e490339f48432d234849d791feb776f5cd4cf30221a76d5fee9ffd75e4d3b1ab505d26bfa4b4fcbf32390d774c613ae726e0dff32974e4d2fadff18bbb9a8f01d6bd2f65c97e4f938a0088014219c40ed2bdeec2cf4bbd45ac5a79f7c20036801c3dc0d65f9568a06c160fe74819fe554dd3dd0e57a084196b84c5306fc5a34e208b02900f9240955b004f30ddee2176f30a177a35d47fec63e6c4719a11f97bd4b428b5d9f9ca3e992aee6d72902b09437c4224e46fcd0060ac0b367adcec20c96e7c5397d02d0e8c17b6e8be6302a791f762e97bb2664de106dbe0c958b854de0b2534370cd0d06dadf44e5e11bd868eec63ff"], 0xb0, 0x74004800}, 0x40000) truncate(&(0x7f0000000180)='./file0\x00', 0x90002) sendfile(r4, r4, 0x0, 0x8800000) [ 167.418503][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 167.418511][ T26] audit: type=1800 audit(1573865538.527:31): pid=8437 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=16583 res=0 00:52:18 executing program 5: listen(0xffffffffffffffff, 0x0) r0 = socket$unix(0x1, 0x1, 0x0) connect(r0, &(0x7f0000985ff8)=@un=@abs={0x1}, 0x8) r1 = socket$kcm(0x10, 0x3, 0x10) r2 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x3, 0x48000) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000040)={r2, &(0x7f0000000140)="885ef522a7304d6fb41855c846872334196d9d482e85e2774dcf1692e2b0841da6e7f834270e13ee2ab920b7d530f3e7573a3d790ca2cf1bfca6267578e134c94980b4c13f559d71eea2ef3b9895bc1c2d8787aa845447425058e0c643d2712954f7f047ada7de6ef2ee8fcf846ac311b48f2f2e4a89da565b409c57d1c7046d2861622837bc45a1a4e381ab8a77e6e2fcdbc8afe08d8b1832be9b28f472189ab89f67edb79abd860e6ea76d7a77a8eb466f04a28ee3bdf5e6effce0e43551fb5c7403c561536a76167f6b422a9fdeec4bd6fe0350f22e8ace247143dee19deb58ad091849", &(0x7f00000002c0)=""/74}, 0x20) sendmsg$kcm(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000000c0)="2e0000002300817ee418000aac0f000dac0f00b38e8a5b3f00009148790000f85acc7c4500"/49, 0x2e}], 0x1, 0x0, 0xfffffffffffffe84}, 0x0) [ 167.589211][ T8421] bond0: (slave bond_slave_1): Releasing backup interface 00:52:18 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x200, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x10, &(0x7f0000000680)=[@in={0x2, 0x0, @dev}]}, &(0x7f0000000600)=0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={0x0, 0x1ff}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x66, &(0x7f0000000140)={r4, 0x80}, &(0x7f0000000200)=0x8) mkdir(&(0x7f00000001c0)='./file0\x00', 0x162) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = syz_open_procfs(0x0, 0x0) r6 = gettid() r7 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip_tables_names\x00') fcntl$getownex(r7, 0x10, &(0x7f0000000940)={0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f00000002c0)=0xc) r10 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip_tables_names\x00') r11 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r11, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, 0x0) setuid(r12) r13 = getegid() sendmsg$unix(r5, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000000800)=[{0x0}, {&(0x7f0000000380)="a53d165780f28852ae3187209e764a82c1af774e26e51a6b3406c03b0f380e660512c864b5105a15704d517c859157093f08cbe2fdcd1f5f4df8ee141cb3c7df2f4aa700fecf7cb90e1c8533fb4ced4280557c38fe96cf88473f8f5a564cd00a5faef5ec2596ce3e5b39d9167d44bdc8e66a3c5143d6e9e7fc33dbb221c4fef0f07bac660c7ebffa42ad098d94d6121fb39b0a3c2aac3002a2ea469092cb9b63b9359f0f1d63907c850a7c6b493cfdd5864df1dda47e1ee87f91f513a133c0a096039cfeaefb7bcc3fc48438d9", 0xcd}, {0x0}, {&(0x7f0000000540)="a7c74460610627fb4a45bdfb7b2d6a5a6fe9ec6633a07f1b5e01ee0100621050b9ae73ce1be732180adf66f302893d15997fe274b4e51f74141e5fa2bd56d86493bd322e73c1d557", 0x48}, {&(0x7f0000000700)}, {&(0x7f00000007c0)}], 0x6, &(0x7f0000000980)=ANY=[@ANYBLOB="1c006a3f181e05f63e265c663b362ee225c3c580b900000200fa7f6fca09f1d40000", @ANYRES32=r6, @ANYRES32, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r8, @ANYRES32=r9, @ANYRES32, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32=r10, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB, @ANYPTR, @ANYRES32=r12, @ANYRES32=r13, @ANYBLOB='\x00\x00\x00\x00'], 0x96, 0x48081}, 0x40) setxattr$system_posix_acl(&(0x7f0000000580)='./file1\x00', &(0x7f00000005c0)='syst\xb1\xaf}posix_acl_default\x00', &(0x7f0000000c40)={{}, {}, [{}, {0x2, 0x4}], {}, [{}, {}, {0x8, 0x2}, {0x8, 0x0, r13}, {0x8, 0x1}], {}, {0x20, 0x2}}, 0x5c, 0x0) mount$overlay(0x40000f, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) 00:52:19 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) write$binfmt_elf32(r0, &(0x7f0000000200)={{0x7f, 0x45, 0x4c, 0x46, 0x81, 0x9, 0x2, 0xfc, 0x5, 0x2, 0x3e, 0x0, 0x8, 0x38, 0x2, 0x80000000, 0x7, 0x20, 0x2, 0x7ff, 0x5, 0x3}, [{0x2, 0x3, 0xfffffffb, 0x9, 0xffffffff, 0x3ff, 0x7f, 0x3f}], "53786d45f28027511811c732b6", [[], []]}, 0x265) mount(&(0x7f0000000000)=@md0='/dev/md0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='cgroup2\x00', 0x200060, &(0x7f0000000100)='wlan0self]wlan0selinuxtrustedeth1/vmnet0#wlan1selinuxvmnet1^vboxnet1\x00') sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x36cc, &(0x7f00000000c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="2402000023002908fde2587e4e2e000000000000000004000000100011002ad3c4dbd7d47a811c1c6486aea4ed1697ece6f0e179706500"], 0x24}, 0x1, 0x60}, 0x0) [ 167.949207][ T8432] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 00:52:19 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071") r1 = socket$inet6(0xa, 0x5, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x1a, &(0x7f00000000c0)=ANY=[@ANYPTR=&(0x7f0000000000)=ANY=[], @ANYPTR, @ANYPTR, @ANYRES64], 0x4) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x343a, @dev={0xfe, 0x80, [], 0x1e}, 0x2}, 0xe) r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000140)=0x1) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) r4 = accept$alg(r3, 0x0, 0x0) sendmmsg$alg(r4, &(0x7f0000008040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) recvmsg(r4, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000003500)=""/4096, 0x1000}], 0x1, 0x0, 0x6}, 0x0) close(r4) socket$bt_rfcomm(0x1f, 0x1, 0x3) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r5, 0x400455c8, 0x100000001) r6 = socket$inet6(0xa, 0x1, 0x8010000000000084) r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r6, 0x84, 0x75, &(0x7f0000000040)={r8}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000180)={r8, @in6={{0xa, 0x4e21, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x4122eba7}}, 0x1, 0x8}, 0x90) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r10 = dup(r9) ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200) ioctl$UFFDIO_COPY(r10, 0xc028aa03, &(0x7f0000000240)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x3000, 0x1}) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) [ 168.028782][ T26] audit: type=1800 audit(1573865539.137:32): pid=8437 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=16583 res=0 [ 168.060503][ T8451] overlayfs: workdir and upperdir must reside under the same mount 00:52:19 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=@newlink={0x6c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x4c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0x3c, 0x2, [@IFLA_BR_VLAN_DEFAULT_PVID={0x8}, @IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_STATS_ENABLED={0x8}, @IFLA_BR_MCAST_HASH_MAX, @IFLA_BR_MCAST_MEMBERSHIP_INTVL={0x8}, @IFLA_BR_MCAST_LAST_MEMBER_CNT={0x8}, @IFLA_BR_MCAST_MEMBERSHIP_INTVL={0x120}]}}}]}, 0x6c}}, 0x0) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/qat_adf_ctl\x00', 0x80, 0x0) setsockopt$CAN_RAW_RECV_OWN_MSGS(r1, 0x65, 0x4, &(0x7f0000000340)=0x1, 0x4) set_thread_area(&(0x7f0000000080)={0x325, 0x0, 0x0, 0x1, 0x2, 0x0, 0x1, 0x0, 0x1}) r2 = syz_open_dev$adsp(&(0x7f00000000c0)='/dev/adsp#\x00', 0xfffffffffffffffc, 0x94202) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) accept$alg(r3, 0x0, 0x0) io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f00000002c0)=[0xffffffffffffffff, r0, r2, r3], 0x4) sendto$inet(r2, &(0x7f0000000100)="e7c6286c5e380707a051a29328894efbdeaf1223a2a26958d6d13b719504b1bdcc3967d2c55c741172496baa4fdc8c7dfce4109e64fc8977d2f4e5c95c2339d5b1b5e4de53e21348790d2985e0a887f2021cbc24e0f6f34452610a73eec529a0843726903d54b713647c4e66fdf2b38a4765de6fbc1e08231a35e483a6ab6dccbc45a85ff39a6e3d834a00c69737b728b88964ac076f0e1813772524fcc0d05bd6ecc5cbfc4f2b4862c47af7541dea2f15eae2fbdb15dd2c7457d11f425b97cab81e71428e65c1", 0xc7, 0x4000818, &(0x7f0000000200)={0x2, 0x4e20, @local}, 0x10) socket$isdn(0x22, 0x3, 0x1) r4 = syz_open_dev$media(&(0x7f0000000240)='/dev/media#\x00', 0x72000000000000, 0x83800) ioctl$VHOST_SET_LOG_FD(r4, 0x4004af07, &(0x7f0000000280)) [ 168.077882][ T8427] bond0: (slave bond_slave_1): Releasing backup interface 00:52:19 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x200, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x10, &(0x7f0000000680)=[@in={0x2, 0x0, @dev}]}, &(0x7f0000000600)=0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={0x0, 0x1ff}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x66, &(0x7f0000000140)={r4, 0x80}, &(0x7f0000000200)=0x8) mkdir(&(0x7f00000001c0)='./file0\x00', 0x162) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = syz_open_procfs(0x0, 0x0) r6 = gettid() r7 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip_tables_names\x00') fcntl$getownex(r7, 0x10, &(0x7f0000000940)={0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f00000002c0)=0xc) r10 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip_tables_names\x00') r11 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r11, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, 0x0) setuid(r12) r13 = getegid() sendmsg$unix(r5, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000000800)=[{0x0}, {&(0x7f0000000380)="a53d165780f28852ae3187209e764a82c1af774e26e51a6b3406c03b0f380e660512c864b5105a15704d517c859157093f08cbe2fdcd1f5f4df8ee141cb3c7df2f4aa700fecf7cb90e1c8533fb4ced4280557c38fe96cf88473f8f5a564cd00a5faef5ec2596ce3e5b39d9167d44bdc8e66a3c5143d6e9e7fc33dbb221c4fef0f07bac660c7ebffa42ad098d94d6121fb39b0a3c2aac3002a2ea469092cb9b63b9359f0f1d63907c850a7c6b493cfdd5864df1dda47e1ee87f91f513a133c0a096039cfeaefb7bcc3fc48438d9", 0xcd}, {0x0}, {&(0x7f0000000540)="a7c74460610627fb4a45bdfb7b2d6a5a6fe9ec6633a07f1b5e01ee0100621050b9ae73ce1be732180adf66f302893d15997fe274b4e51f74141e5fa2bd56d86493bd322e73c1d557", 0x48}, {&(0x7f0000000700)}, {&(0x7f00000007c0)}], 0x6, &(0x7f0000000980)=ANY=[@ANYBLOB="1c006a3f181e05f63e265c663b362ee225c3c580b900000200fa7f6fca09f1d40000", @ANYRES32=r6, @ANYRES32, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r8, @ANYRES32=r9, @ANYRES32, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32=r10, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB, @ANYPTR, @ANYRES32=r12, @ANYRES32=r13, @ANYBLOB='\x00\x00\x00\x00'], 0x96, 0x48081}, 0x40) setxattr$system_posix_acl(&(0x7f0000000580)='./file1\x00', &(0x7f00000005c0)='syst\xb1\xaf}posix_acl_default\x00', &(0x7f0000000c40)={{}, {}, [{}, {0x2, 0x4}], {}, [{}, {}, {0x8, 0x2}, {0x8, 0x0, r13}, {0x8, 0x1}], {}, {0x20, 0x2}}, 0x5c, 0x0) mount$overlay(0x40000f, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) 00:52:19 executing program 0: r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'ip6erspan0\x00', 0x1000}) r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0) write$binfmt_elf64(r1, &(0x7f0000000000)=ANY=[@ANYRES64], 0x8) unlink(&(0x7f0000000180)='./file1\x00') fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000080)=0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) getsockopt$inet_tcp_int(r3, 0x6, 0xa, &(0x7f00000000c0), &(0x7f0000000100)=0x4) close(r1) [ 168.360161][ T8477] overlayfs: conflicting lowerdir path [ 168.507733][ T66] Bluetooth: Error in BCSP hdr checksum [ 168.531191][ T8464] netlink: 'syz-executor.3': attribute type 39 has an invalid length. [ 168.539564][ T8464] netlink: 'syz-executor.3': attribute type 42 has an invalid length. [ 168.547837][ T8464] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 168.562982][ T8432] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 168.579599][ T8464] netlink: 'syz-executor.3': attribute type 39 has an invalid length. 00:52:19 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x200, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x10, &(0x7f0000000680)=[@in={0x2, 0x0, @dev}]}, &(0x7f0000000600)=0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={0x0, 0x1ff}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x66, &(0x7f0000000140)={r4, 0x80}, &(0x7f0000000200)=0x8) mkdir(&(0x7f00000001c0)='./file0\x00', 0x162) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = syz_open_procfs(0x0, 0x0) r6 = gettid() r7 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip_tables_names\x00') fcntl$getownex(r7, 0x10, &(0x7f0000000940)={0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f00000002c0)=0xc) r10 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip_tables_names\x00') r11 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r11, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, 0x0) setuid(r12) r13 = getegid() sendmsg$unix(r5, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000000800)=[{0x0}, {&(0x7f0000000380)="a53d165780f28852ae3187209e764a82c1af774e26e51a6b3406c03b0f380e660512c864b5105a15704d517c859157093f08cbe2fdcd1f5f4df8ee141cb3c7df2f4aa700fecf7cb90e1c8533fb4ced4280557c38fe96cf88473f8f5a564cd00a5faef5ec2596ce3e5b39d9167d44bdc8e66a3c5143d6e9e7fc33dbb221c4fef0f07bac660c7ebffa42ad098d94d6121fb39b0a3c2aac3002a2ea469092cb9b63b9359f0f1d63907c850a7c6b493cfdd5864df1dda47e1ee87f91f513a133c0a096039cfeaefb7bcc3fc48438d9", 0xcd}, {0x0}, {&(0x7f0000000540)="a7c74460610627fb4a45bdfb7b2d6a5a6fe9ec6633a07f1b5e01ee0100621050b9ae73ce1be732180adf66f302893d15997fe274b4e51f74141e5fa2bd56d86493bd322e73c1d557", 0x48}, {&(0x7f0000000700)}, {&(0x7f00000007c0)}], 0x6, &(0x7f0000000980)=ANY=[@ANYBLOB="1c006a3f181e05f63e265c663b362ee225c3c580b900000200fa7f6fca09f1d40000", @ANYRES32=r6, @ANYRES32, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r8, @ANYRES32=r9, @ANYRES32, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32=r10, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB, @ANYPTR, @ANYRES32=r12, @ANYRES32=r13, @ANYBLOB='\x00\x00\x00\x00'], 0x96, 0x48081}, 0x40) setxattr$system_posix_acl(&(0x7f0000000580)='./file1\x00', &(0x7f00000005c0)='syst\xb1\xaf}posix_acl_default\x00', &(0x7f0000000c40)={{}, {}, [{}, {0x2, 0x4}], {}, [{}, {}, {0x8, 0x2}, {0x8, 0x0, r13}, {0x8, 0x1}], {}, {0x20, 0x2}}, 0x5c, 0x0) mount$overlay(0x40000f, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) [ 168.605974][ T8464] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'. [ 168.757402][ T8486] overlayfs: conflicting lowerdir path 00:52:20 executing program 0: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net//yz0\x00', 0x1ff) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000040)='./file0\x00', 0x0, 0x7a00, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ntfs(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x918020, 0x0) 00:52:20 executing program 4: r0 = openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) unshare(0x2040400) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xc80, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) msgget$private(0x0, 0x1d9d0f791b60a80e) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000380)) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000909000/0x4000)=nil, 0x4000}, 0x1}) socket$nl_route(0x10, 0x3, 0x0) ioctl$KVM_X86_SET_MCE(0xffffffffffffffff, 0x4040ae9e, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) semop(0x0, 0x0, 0x0) semctl$GETZCNT(0x0, 0x1, 0xf, &(0x7f0000000600)=""/4096) ioctl$DRM_IOCTL_SG_ALLOC(r0, 0xc0106438, &(0x7f0000000480)={0xa4}) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, 0x0, 0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0) ioctl$sock_ifreq(r1, 0x8991, &(0x7f00000000c0)={'bond0\x00\x16\b\xea\xff\xff\x80\x00\x00\x02\xff', @ifru_names='bond_slave_1\x00'}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x2, 0x84200) setsockopt$inet_sctp_SCTP_HMAC_IDENT(r4, 0x84, 0x16, &(0x7f0000000000)={0x6, [0x4, 0x9, 0x0, 0x8, 0xffff, 0x1]}, 0x10) ioctl$sock_ifreq(r1, 0x8990, &(0x7f0000000240)={'bond0\x00\xe1\x03\n\x00!!\x00\x01\x00', @ifru_names='bond_slave_1\x00\x00\x00\b'}) syz_open_procfs(0x0, &(0x7f0000000280)='fd/3\x00\x02\x17\x87:\xf4\x03\xdfc\x88,5I\xd7^\xb5D\xf7\xd7\xdb,(\xd5\x00\xc2\x06MG\xcd\xe9w\xe5s\x02\xf2\xea\xb6\xabsp\x12xT8\x01\x00\xd4S\xd8F\xab.x|\x8b\x87\xb0\xa2\xf5Y>\xb1 p\x998(\xe63\xcf\x7f\xac\x89F\x03n\x96\x15zsw\x98\xca\xcb3\xb6M=h\x01i.\xa3\xda}\x190~\xe7d6\xa5\x17\xb3\xe9\xd9QV\x0f\xf3\x02\xd6\xc1\xc3n\xcd*R\x9a\x95\x12\x05K\xa0<\xc9\xe3\xed\xab\xc9\x8bK\xb3\x86\xe2\x93f\x92iKA|e\x97k :,J36\x11\xf0\x99\x96\xb7]\xfd\xe3\v\xd8\x98\xc5o\xc6\xde\x80\xf7_\xc9\x8f\xaf\xf9\xd5\xb7ui\xea\xde\xd0\xeb\xd9\xf5_\v\xe2*\xa3\xf4\xab?n\xcb\x19i\x80\x91\xd2\xf6\x14\xfe!!0\x84L\x86\x81\x95,B\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xab*[\xa5\xb217\x93\xf3\x88\x92\xa6\xde\x11\xa2-J\x9d\xc9\xb2\x97\xa3\x88v\x9eR\x155\xc7N!\xdb\"8\xc8I\xb9c\xed\xa7!\t\x85s\xb1\xa5\xa7R2Yf\x1c\xf8\xc2z>\xb1\x9c\x02a\x87\xe9\xb8\xf8\xdcv\xb6\xe4\xa6\n\x0e\x83lM7\xcc?\xea\x19\x99\xce\x1c\x10\xd2lQ(\xc7\xe9\xef\xd2Q\vY\xf58\x10|8}uE\xaf\xb4w;\xbc\xe4\x01\xd8\xf2\xf9u\xc1Dt\'\x84\xb5\xa4\x83\xeft\xfc\xf3\xdd\x870xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$kcm(r2, &(0x7f0000000140)={&(0x7f0000000000)=@isdn={0x22, 0x20, 0x7f, 0xfd, 0xff}, 0x80, &(0x7f00000000c0), 0x0, 0x0, 0x150}, 0x4000000) 00:52:20 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x200, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x10, &(0x7f0000000680)=[@in={0x2, 0x0, @dev}]}, &(0x7f0000000600)=0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={0x0, 0x1ff}, &(0x7f0000000080)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x66, &(0x7f0000000140)={r4, 0x80}, &(0x7f0000000200)=0x8) mkdir(&(0x7f00000001c0)='./file0\x00', 0x162) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = syz_open_procfs(0x0, 0x0) r6 = gettid() r7 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip_tables_names\x00') fcntl$getownex(r7, 0x10, &(0x7f0000000940)={0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f00000002c0)=0xc) r10 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip_tables_names\x00') r11 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r11, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, 0x0) setuid(r12) r13 = getegid() sendmsg$unix(r5, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000000800)=[{0x0}, {&(0x7f0000000380)="a53d165780f28852ae3187209e764a82c1af774e26e51a6b3406c03b0f380e660512c864b5105a15704d517c859157093f08cbe2fdcd1f5f4df8ee141cb3c7df2f4aa700fecf7cb90e1c8533fb4ced4280557c38fe96cf88473f8f5a564cd00a5faef5ec2596ce3e5b39d9167d44bdc8e66a3c5143d6e9e7fc33dbb221c4fef0f07bac660c7ebffa42ad098d94d6121fb39b0a3c2aac3002a2ea469092cb9b63b9359f0f1d63907c850a7c6b493cfdd5864df1dda47e1ee87f91f513a133c0a096039cfeaefb7bcc3fc48438d9", 0xcd}, {0x0}, {&(0x7f0000000540)="a7c74460610627fb4a45bdfb7b2d6a5a6fe9ec6633a07f1b5e01ee0100621050b9ae73ce1be732180adf66f302893d15997fe274b4e51f74141e5fa2bd56d86493bd322e73c1d557", 0x48}, {&(0x7f0000000700)}, {&(0x7f00000007c0)}], 0x6, &(0x7f0000000980)=ANY=[@ANYBLOB="1c006a3f181e05f63e265c663b362ee225c3c580b900000200fa7f6fca09f1d40000", @ANYRES32=r6, @ANYRES32, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r8, @ANYRES32=r9, @ANYRES32, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32=r10, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB, @ANYPTR, @ANYRES32=r12, @ANYRES32=r13, @ANYBLOB='\x00\x00\x00\x00'], 0x96, 0x48081}, 0x40) setxattr$system_posix_acl(&(0x7f0000000580)='./file1\x00', &(0x7f00000005c0)='syst\xb1\xaf}posix_acl_default\x00', &(0x7f0000000c40)={{}, {}, [{}, {0x2, 0x4}], {}, [{}, {}, {0x8, 0x2}, {0x8, 0x0, r13}, {0x8, 0x1}], {}, {0x20, 0x2}}, 0x5c, 0x0) mount$overlay(0x40000f, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) 00:52:20 executing program 2: openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x242102, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) accept4$nfc_llcp(0xffffffffffffffff, 0x0, &(0x7f0000000100), 0x80000) r0 = dup(0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getsockopt$XDP_MMAP_OFFSETS(r2, 0x11b, 0x1, &(0x7f0000000180), &(0x7f0000000200)=0x80) ioctl$GIO_SCRNMAP(r0, 0x4b40, &(0x7f0000000240)=""/19) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) chroot(&(0x7f0000000140)='./file0\x00') socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(0xffffffffffffffff, 0xc0505405, &(0x7f0000000040)={{0x6, 0x1, 0x3, 0x1, 0x4}, 0x1, 0xa, 0x100004}) [ 168.911469][ T8498] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.3'. [ 168.936573][ T8493] option changes via remount are deprecated (pid=8491 comm=syz-executor.0) [ 168.977562][ T8494] bond0: (slave bond_slave_1): Releasing backup interface 00:52:20 executing program 5: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x26e1, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0x87f1a7) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x4) ioctl$RTC_VL_READ(r2, 0x80047013, &(0x7f0000000140)) r3 = socket$inet_udplite(0x2, 0x2, 0x88) syz_extract_tcp_res(&(0x7f0000000100), 0x20, 0x0) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071") r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r5 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.high\x00', 0x2, 0x0) writev(r5, &(0x7f0000000700)=[{&(0x7f0000000000)='g', 0x1}], 0x1) [ 169.019454][ T8497] overlayfs: conflicting lowerdir path 00:52:20 executing program 0: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net//yz0\x00', 0x1ff) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x0) mount$fuse(0x20000000, &(0x7f0000000040)='./file0\x00', 0x0, 0x7a00, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ntfs(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x918020, 0x0) [ 169.530351][ T8510] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 169.671571][ T8521] option changes via remount are deprecated (pid=8520 comm=syz-executor.0) [ 170.287499][ T2846] Bluetooth: hci0: command 0x1003 tx timeout [ 170.294812][ T8470] Bluetooth: hci0: sending frame failed (-49) [ 172.366927][ T7942] Bluetooth: hci0: command 0x1001 tx timeout [ 172.373042][ T8470] Bluetooth: hci0: sending frame failed (-49) [ 174.456587][ T2846] Bluetooth: hci0: command 0x1009 tx timeout [ 178.614273][ T8458] ================================================================== [ 178.622629][ T8458] BUG: KASAN: use-after-free in kfree_skb+0x2a/0xb0 [ 178.629203][ T8458] Read of size 4 at addr ffff8880a996c494 by task syz-executor.1/8458 [ 178.637388][ T8458] [ 178.639717][ T8458] CPU: 0 PID: 8458 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0 [ 178.647502][ T8458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 178.657551][ T8458] Call Trace: [ 178.660830][ T8458] dump_stack+0x1fb/0x318 [ 178.665154][ T8458] print_address_description+0x75/0x5c0 [ 178.670693][ T8458] ? vprintk_func+0x158/0x170 [ 178.675344][ T8458] ? printk+0x62/0x8d [ 178.679302][ T8458] ? vprintk_emit+0x2d4/0x3a0 [ 178.683973][ T8458] __kasan_report+0x14b/0x1c0 [ 178.688637][ T8458] ? _raw_spin_lock_bh+0x40/0x50 [ 178.693610][ T8458] ? kfree_skb+0x2a/0xb0 [ 178.697885][ T8458] kasan_report+0x26/0x50 [ 178.702204][ T8458] check_memory_region+0x2cf/0x2e0 [ 178.707346][ T8458] __kasan_check_read+0x11/0x20 [ 178.712211][ T8458] kfree_skb+0x2a/0xb0 [ 178.716260][ T8458] bcsp_close+0xb1/0xf0 [ 178.720397][ T8458] hci_uart_tty_close+0x201/0x240 [ 178.725411][ T8458] ? hci_uart_tty_open+0x340/0x340 [ 178.730504][ T8458] tty_ldisc_close+0x126/0x180 [ 178.735257][ T8458] tty_ldisc_release+0x248/0x5a0 [ 178.740178][ T8458] tty_release_struct+0x2a/0xe0 [ 178.745009][ T8458] tty_release+0xce9/0xfa0 [ 178.749407][ T8458] ? tty_release_struct+0xe0/0xe0 [ 178.754422][ T8458] __fput+0x2e4/0x740 [ 178.758386][ T8458] ____fput+0x15/0x20 [ 178.762344][ T8458] task_work_run+0x17e/0x1b0 [ 178.766927][ T8458] prepare_exit_to_usermode+0x459/0x580 [ 178.772462][ T8458] syscall_return_slowpath+0x113/0x4a0 [ 178.779465][ T8458] do_syscall_64+0x11f/0x1c0 [ 178.784031][ T8458] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 178.789897][ T8458] RIP: 0033:0x414201 [ 178.793784][ T8458] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 178.813456][ T8458] RSP: 002b:00007ffeb91d4900 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 178.821918][ T8458] RAX: 0000000000000000 RBX: 0000000000000008 RCX: 0000000000414201 [ 178.829888][ T8458] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 178.837838][ T8458] RBP: 0000000000000001 R08: 00000000e44719e0 R09: 00000000f90f8c42 [ 178.845834][ T8458] R10: 00007ffeb91d49e0 R11: 0000000000000293 R12: 000000000075c9a0 [ 178.853790][ T8458] R13: 000000000075c9a0 R14: 0000000000761c88 R15: 000000000075c07c [ 178.861767][ T8458] [ 178.864185][ T8458] Allocated by task 66: [ 178.868323][ T8458] __kasan_kmalloc+0x11c/0x1b0 [ 178.873160][ T8458] kasan_slab_alloc+0xf/0x20 [ 178.877744][ T8458] kmem_cache_alloc_node+0x235/0x280 [ 178.883019][ T8458] __alloc_skb+0x9f/0x500 [ 178.887347][ T8458] bcsp_recv+0x12e7/0x1720 [ 178.891735][ T8458] hci_uart_tty_receive+0x16b/0x470 [ 178.896912][ T8458] tty_ldisc_receive_buf+0x12e/0x170 [ 178.902168][ T8458] tty_port_default_receive_buf+0x82/0xb0 [ 178.907861][ T8458] flush_to_ldisc+0x328/0x550 [ 178.912525][ T8458] process_one_work+0x7ef/0x10e0 [ 178.917436][ T8458] worker_thread+0xc01/0x1630 [ 178.922171][ T8458] kthread+0x332/0x350 [ 178.926226][ T8458] ret_from_fork+0x24/0x30 [ 178.930612][ T8458] [ 178.932920][ T8458] Freed by task 66: [ 178.936709][ T8458] __kasan_slab_free+0x12a/0x1e0 [ 178.941623][ T8458] kasan_slab_free+0xe/0x10 [ 178.946099][ T8458] kmem_cache_free+0x81/0xf0 [ 178.950664][ T8458] __kfree_skb+0x118/0x170 [ 178.955053][ T8458] kfree_skb+0x6f/0xb0 [ 178.959099][ T8458] bcsp_recv+0x99c/0x1720 [ 178.963402][ T8458] hci_uart_tty_receive+0x16b/0x470 [ 178.968594][ T8458] tty_ldisc_receive_buf+0x12e/0x170 [ 178.973851][ T8458] tty_port_default_receive_buf+0x82/0xb0 [ 178.979543][ T8458] flush_to_ldisc+0x328/0x550 [ 178.984208][ T8458] process_one_work+0x7ef/0x10e0 [ 178.989122][ T8458] worker_thread+0xc01/0x1630 [ 178.993770][ T8458] kthread+0x332/0x350 [ 178.997816][ T8458] ret_from_fork+0x24/0x30 [ 179.002217][ T8458] [ 179.004534][ T8458] The buggy address belongs to the object at ffff8880a996c3c0 [ 179.004534][ T8458] which belongs to the cache skbuff_head_cache of size 224 [ 179.019206][ T8458] The buggy address is located 212 bytes inside of [ 179.019206][ T8458] 224-byte region [ffff8880a996c3c0, ffff8880a996c4a0) [ 179.032584][ T8458] The buggy address belongs to the page: [ 179.038203][ T8458] page:ffffea0002a65b00 refcount:1 mapcount:0 mapping:ffff8880a99c8a80 index:0x0 [ 179.047421][ T8458] flags: 0x1fffc0000000200(slab) [ 179.052343][ T8458] raw: 01fffc0000000200 ffffea0002658ac8 ffffea000285b8c8 ffff8880a99c8a80 [ 179.061025][ T8458] raw: 0000000000000000 ffff8880a996c000 000000010000000c 0000000000000000 [ 179.069588][ T8458] page dumped because: kasan: bad access detected [ 179.075990][ T8458] [ 179.078297][ T8458] Memory state around the buggy address: [ 179.083909][ T8458] ffff8880a996c380: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 179.091947][ T8458] ffff8880a996c400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 179.099989][ T8458] >ffff8880a996c480: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 179.108029][ T8458] ^ [ 179.112594][ T8458] ffff8880a996c500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 179.120629][ T8458] ffff8880a996c580: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc [ 179.128661][ T8458] ================================================================== [ 179.136692][ T8458] Disabling lock debugging due to kernel taint [ 179.143647][ T8458] Kernel panic - not syncing: panic_on_warn set ... [ 179.150257][ T8458] CPU: 1 PID: 8458 Comm: syz-executor.1 Tainted: G B 5.4.0-rc7+ #0 [ 179.159548][ T8458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 179.169588][ T8458] Call Trace: [ 179.172867][ T8458] dump_stack+0x1fb/0x318 [ 179.177195][ T8458] panic+0x264/0x7a9 [ 179.181069][ T8458] ? __kasan_report+0x195/0x1c0 [ 179.186049][ T8458] ? trace_hardirqs_on+0x34/0x80 [ 179.190977][ T8458] ? __kasan_report+0x195/0x1c0 [ 179.195816][ T8458] __kasan_report+0x1bb/0x1c0 [ 179.200474][ T8458] ? _raw_spin_lock_bh+0x40/0x50 [ 179.205391][ T8458] ? kfree_skb+0x2a/0xb0 [ 179.209611][ T8458] kasan_report+0x26/0x50 [ 179.213920][ T8458] check_memory_region+0x2cf/0x2e0 [ 179.219005][ T8458] __kasan_check_read+0x11/0x20 [ 179.223829][ T8458] kfree_skb+0x2a/0xb0 [ 179.227873][ T8458] bcsp_close+0xb1/0xf0 [ 179.232019][ T8458] hci_uart_tty_close+0x201/0x240 [ 179.237021][ T8458] ? hci_uart_tty_open+0x340/0x340 [ 179.242120][ T8458] tty_ldisc_close+0x126/0x180 [ 179.246869][ T8458] tty_ldisc_release+0x248/0x5a0 [ 179.251801][ T8458] tty_release_struct+0x2a/0xe0 [ 179.256629][ T8458] tty_release+0xce9/0xfa0 [ 179.261022][ T8458] ? tty_release_struct+0xe0/0xe0 [ 179.266022][ T8458] __fput+0x2e4/0x740 [ 179.269980][ T8458] ____fput+0x15/0x20 [ 179.273934][ T8458] task_work_run+0x17e/0x1b0 [ 179.278500][ T8458] prepare_exit_to_usermode+0x459/0x580 [ 179.284020][ T8458] syscall_return_slowpath+0x113/0x4a0 [ 179.289599][ T8458] do_syscall_64+0x11f/0x1c0 [ 179.294178][ T8458] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 179.300051][ T8458] RIP: 0033:0x414201 [ 179.303928][ T8458] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 179.323611][ T8458] RSP: 002b:00007ffeb91d4900 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 179.331998][ T8458] RAX: 0000000000000000 RBX: 0000000000000008 RCX: 0000000000414201 [ 179.339943][ T8458] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 179.347977][ T8458] RBP: 0000000000000001 R08: 00000000e44719e0 R09: 00000000f90f8c42 [ 179.355999][ T8458] R10: 00007ffeb91d49e0 R11: 0000000000000293 R12: 000000000075c9a0 [ 179.363944][ T8458] R13: 000000000075c9a0 R14: 0000000000761c88 R15: 000000000075c07c [ 179.373528][ T8458] Kernel Offset: disabled [ 179.377857][ T8458] Rebooting in 86400 seconds..