Warning: Permanently added '10.128.0.175' (ECDSA) to the list of known hosts.
2019/11/16 00:50:22 fuzzer started
2019/11/16 00:50:24 dialing manager at 10.128.0.26:37763
2019/11/16 00:50:24 syscalls: 2566
2019/11/16 00:50:24 code coverage: enabled
2019/11/16 00:50:24 comparison tracing: enabled
2019/11/16 00:50:24 extra coverage: extra coverage is not supported by the kernel
2019/11/16 00:50:24 setuid sandbox: enabled
2019/11/16 00:50:24 namespace sandbox: enabled
2019/11/16 00:50:24 Android sandbox: /sys/fs/selinux/policy does not exist
2019/11/16 00:50:24 fault injection: enabled
2019/11/16 00:50:24 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/11/16 00:50:24 net packet injection: enabled
2019/11/16 00:50:24 net device setup: enabled
2019/11/16 00:50:24 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2019/11/16 00:50:24 devlink PCI setup: PCI device 0000:00:10.0 is not available
00:52:04 executing program 0:
ioctl$SG_GET_LOW_DMA(0xffffffffffffffff, 0x227a, &(0x7f0000000000))
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x40000, 0x0)
getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000100)={{0xcbe83f5373d63b5e, 0x2, 0x2, 0x0, 0xfd, 0x6, 0x2f, 0x7, 0x9, 0x9, 0x9, 0x6}, {0xd000, 0x2000, 0xf, 0x5, 0x39, 0x5, 0xac, 0x7, 0x6f, 0x1, 0xac, 0x1}, {0x4000, 0x4, 0xf, 0xd8, 0x40, 0x8c, 0x0, 0xff, 0x1, 0x6, 0x20, 0x3}, {0xb2b4907ff670c932, 0xd000, 0xd, 0x1, 0x7, 0x4, 0x2f, 0x7, 0x9, 0x6, 0x40, 0x1f}, {0x10000, 0x10000, 0x0, 0x89, 0x2, 0x0, 0x7, 0x81, 0x81, 0x1, 0xd6, 0x3f}, {0x0, 0x4, 0x19, 0x20, 0x40, 0x1, 0x6, 0x1f, 0x5a, 0xb, 0xc8, 0x5}, {0x2, 0x0, 0xd, 0x4e, 0xa8, 0x7f, 0xc4, 0x4, 0x6, 0xf8, 0x80, 0x20}, {0x4, 0x1000, 0xa, 0x20, 0x1, 0x50, 0x0, 0x9, 0x3, 0x1f, 0x1f, 0x2}, {0x5000, 0x1000}, {0x4, 0x3000}, 0x20070000, 0x0, 0x3000, 0x80000, 0x6, 0x4000, 0x10000, [0x175, 0x4, 0x4, 0x400]})
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_GET_SREGS(r1, 0x8138ae83, &(0x7f0000000240))
r2 = syz_open_dev$radio(&(0x7f0000000380)='/dev/radio#\x00', 0x1, 0x2)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f00000003c0)={&(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x3000, 0x1})
fsopen(&(0x7f0000000400)='jffs2\x00', 0x1)
r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000440)='/dev/dsp\x00', 0xe8193fdf94b8c282, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, &(0x7f0000000480)={0x0, @adiantum})
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
recvfrom(r4, &(0x7f00000004c0)=""/163, 0xa3, 0x41, 0x0, 0x0)
r5 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000580)='/dev/mixer\x00', 0x200000, 0x0)
ioctl$EVIOCGABS2F(r5, 0x8018456f, &(0x7f00000005c0)=""/140)
r6 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000680)='/dev/vcs\x00', 0x100, 0x0)
getsockopt$EBT_SO_GET_INFO(r6, 0x0, 0x80, &(0x7f00000006c0)={'nat\x00'}, &(0x7f0000000740)=0x78)
r7 = syz_open_dev$vcsn(&(0x7f0000001e80)='/dev/vcs#\x00', 0x2, 0x100001)
recvfrom$llc(r7, &(0x7f0000001ec0)=""/116, 0x74, 0x2000, &(0x7f0000001f40)={0x1a, 0xb67eda9fc06471bf, 0x0, 0x40, 0x4, 0x4, @link_local}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000001f80)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
getsockopt(r8, 0x9830, 0x5, &(0x7f0000001fc0)=""/109, &(0x7f0000002040)=0x6d)
keyctl$describe(0x6, 0x0, &(0x7f0000002080)=""/4096, 0x1000)
r9 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000003080)='/dev/dlm_plock\x00', 0x321842, 0x0)
ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_PPC_GET_PVINFO(r6, 0x4080aea1, &(0x7f00000030c0)=""/248)
r10 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000031c0)={0xffffffffffffffff}, 0xc)
ioctl$FS_IOC_FSSETXATTR(r10, 0x401c5820, &(0x7f0000003200)={0x40, 0x5a, 0x9, 0x6, 0x57})
sendto$x25(r2, &(0x7f0000003240)="bce637d009dfe7137651353e16bde52ecdd0ed7187e5ab6752efd12b6d070c323ee72663da0680cc397ac5dcf77aeea1badfec1ef6ae09da7fb0211bc3b8bec534501cb20fe9d6be891b1edbc3e9ba88ec5e6a554351d2b11548aa8668b71690b795e9918c6625b679ee03b605d75b89d7b507f50c752b6a4f3224f0ce9977ab205ab9e05e68bbadaf3de864a5dd5576a983956a91cc9a2e917f040e1c36e1830f665b6ae2aa4e4ba2", 0xa9, 0x10, &(0x7f0000003300)={0x9, @remote={[], 0x2}}, 0x12)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000003400)=<r11=>0x0)
perf_event_open(&(0x7f0000003380)={0x0, 0x70, 0x32, 0x4, 0x81, 0x2, 0x0, 0x17b, 0x10000, 0x4, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0xffff213d, 0x1, @perf_bp={&(0x7f0000003340), 0x9}, 0x30000, 0xfffffffffffffff7, 0x1b, 0x1, 0x100000000, 0x7, 0x4300}, r11, 0xb, r0, 0x8)

00:52:04 executing program 1:
r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x121200, 0x0)
setsockopt$inet_dccp_int(r0, 0x21, 0x11, &(0x7f0000000040)=0x6, 0x4)
r1 = syz_open_dev$mouse(&(0x7f0000000080)='/dev/input/mouse#\x00', 0xb, 0x101000)
bind$x25(r1, &(0x7f00000000c0)={0x9, @remote={[], 0x2}}, 0x12)
r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000100)='/dev/cachefiles\x00', 0x100, 0x0)
recvfrom$inet(r2, &(0x7f0000000140)=""/208, 0xd0, 0x20011021, &(0x7f0000000240)={0x2, 0x4e20, @rand_addr=0x1}, 0x10)
faccessat(r1, &(0x7f0000000280)='./file0\x00', 0x10, 0x800)
getpeername(r2, &(0x7f00000002c0)=@ax25={{0x3, @null}, [@null, @default, @null, @remote, @netrom, @default, @remote, @netrom]}, &(0x7f0000000340)=0x80)
openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000380)='/dev/qat_adf_ctl\x00', 0x107042, 0x0)
r3 = syz_open_dev$amidi(&(0x7f00000003c0)='/dev/amidi#\x00', 0x7, 0x40000)
getsockopt$nfc_llcp(r3, 0x118, 0x0, &(0x7f0000000400)=""/191, 0xbf)
lsetxattr$trusted_overlay_origin(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000500)='trusted.overlay.origin\x00', &(0x7f0000000540)='y\x00', 0x2, 0x4)
r4 = syz_open_procfs$namespace(0x0, &(0x7f0000000580)='ns/pid\x00')
ioctl$FS_IOC_SETVERSION(r4, 0x40087602, &(0x7f00000005c0)=0x10001)
r5 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000600)='/proc/sys/net/ipv4/vs/lblc_expiration\x00', 0x2, 0x0)
r6 = syz_genetlink_get_family_id$fou(&(0x7f0000000680)='fou\x00')
sendmsg$FOU_CMD_DEL(r5, &(0x7f0000000740)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x802010}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x28, r6, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_PEER_PORT={0x8, 0xa, 0x4e22}, @FOU_ATTR_IPPROTO={0x8, 0x3, 0x3a}]}, 0x28}, 0x1, 0x0, 0x0, 0x9000}, 0x0)
finit_module(r2, &(0x7f0000000780)=']#\x00', 0x3)
accept$netrom(r2, 0x0, &(0x7f00000007c0))
setsockopt$inet_mtu(r3, 0x0, 0xa, &(0x7f0000000800)=0x4, 0x4)
r7 = syz_open_dev$cec(&(0x7f0000000840)='/dev/cec#\x00', 0x2, 0x2)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000880)={<r8=>0x0})
ioctl$DRM_IOCTL_GEM_CLOSE(r7, 0x40086409, &(0x7f00000008c0)={r8})
socketpair(0x9, 0x6, 0x0, &(0x7f0000000900))
syz_open_dev$usbmon(&(0x7f0000000940)='/dev/usbmon#\x00', 0x7, 0x0)
r9 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000980)='/dev/dlm-monitor\x00', 0x538001, 0x0)
setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r9, 0x84, 0x7, &(0x7f00000009c0)={0xffffffff}, 0x4)
r10 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000a00)='/dev/mixer\x00', 0x800, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r10, 0x4010640d, &(0x7f0000000a40)={0x9, 0x2})
r11 = openat$null(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/null\x00', 0x400, 0x0)
ioctl$CAPI_GET_FLAGS(r11, 0x80044323, &(0x7f0000000ac0))

syzkaller login: [  153.416084][ T7907] IPVS: ftp: loaded support on port[0] = 21
[  153.509887][ T7909] IPVS: ftp: loaded support on port[0] = 21
[  153.600578][ T7907] chnl_net:caif_netlink_parms(): no params data found
[  153.639037][ T7907] bridge0: port 1(bridge_slave_0) entered blocking state
00:52:04 executing program 2:
r0 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0)
r1 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x5, 0x20000)
connect$l2tp(r0, &(0x7f0000000080)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x4e23, @broadcast}, 0x0, 0x1, 0x4, 0x3}}, 0x26)
clock_gettime(0x0, &(0x7f0000000180)={<r2=>0x0, <r3=>0x0})
rt_sigtimedwait(&(0x7f00000000c0)={0x6}, &(0x7f0000000100), &(0x7f00000001c0)={r2, r3+10000000}, 0x8)
r4 = socket$rds(0x15, 0x5, 0x0)
setsockopt$sock_timeval(r4, 0x1, 0x15, &(0x7f0000000200), 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(0xffffffffffffffff, 0x84, 0x1c, &(0x7f0000000240), &(0x7f0000000280)=0x4)
ioctl$DRM_IOCTL_ADD_CTX(r0, 0xc0086420, &(0x7f00000002c0)={<r5=>0x0})
ioctl$DRM_IOCTL_NEW_CTX(r1, 0x40086425, &(0x7f0000000300)={r5, 0x3})
fsconfig$FSCONFIG_SET_FD(r0, 0x5, &(0x7f0000000340)='^user%\'posix_acl_access-.posix_acl_accessselinux]$nodev\x00', 0x0, r0)
r6 = open(&(0x7f00000019c0)='./file0\x00', 0x101000, 0x80)
setsockopt$inet_mreqsrc(r6, 0x0, 0x27, &(0x7f0000001a00)={@empty, @loopback, @dev={0xac, 0x14, 0x14, 0xb}}, 0xc)
r7 = openat$cgroup_ro(r0, &(0x7f0000001a40)='pids.events\x00', 0x0, 0x0)
setsockopt$RXRPC_EXCLUSIVE_CONNECTION(r7, 0x110, 0x3)
prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x2)
getsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0xf, &(0x7f0000001a80)=""/5, &(0x7f0000001ac0)=0x5)
r8 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000001b00)='/dev/dlm-control\x00', 0x12bb5a44c10dc053, 0x0)
ioctl$DRM_IOCTL_VERSION(r8, 0xc0406400, &(0x7f0000001c80)={0x9e3e, 0x101, 0x3, 0x86, &(0x7f0000001b40)=""/134, 0x35, &(0x7f0000001c00)=""/53, 0x0, &(0x7f0000001c40)})
openat$zero(0xffffffffffffff9c, &(0x7f0000001cc0)='/dev/zero\x00', 0x401, 0x0)
memfd_create(&(0x7f0000001d00)='/dev/input/mouse#\x00', 0x2)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000001d40)={0x14})
ioctl$VIDIOC_G_EDID(0xffffffffffffffff, 0xc0285628, &(0x7f0000001dc0)={0x0, 0x1fdf8eab, 0x6f, [], &(0x7f0000001d80)=0x8})
ioctl$SIOCX25GDTEFACILITIES(r1, 0x89ea, &(0x7f0000001e00))
r9 = syz_open_dev$cec(&(0x7f0000001e40)='/dev/cec#\x00', 0x0, 0x2)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r9, 0xc0bc5351, &(0x7f0000001e80)={0x7, 0x2, 'client0\x00', 0x3, "9a0f36adddb203e1", "9d51fb23798a7a092d8bee441de67528ec350bb36c0c2b8fe2a9ef038229a7fb", 0x9, 0x8000})
r10 = openat$audio(0xffffffffffffff9c, &(0x7f0000001f40)='/dev/audio\x00', 0x444280, 0x0)
ioctl$FS_IOC_RESVSP(r10, 0x40305828, &(0x7f0000001f80)={0x0, 0x2, 0xfff})
bind$vsock_dgram(r10, &(0x7f0000001fc0)={0x28, 0x0, 0x2710, @my=0x0}, 0x10)
r11 = syz_open_dev$vcsa(&(0x7f0000002000)='/dev/vcsa#\x00', 0x7fff, 0x2)
ioctl$SIOCX25SDTEFACILITIES(r11, 0x89eb, &(0x7f0000002040)={0x9, 0x3, 0x0, 0x1, 0x5, 0x24, 0x10, "cd3a357e4d76689c4abe7bd3a9e83e6ebecb65e2", "757094c0f72e802a806ef55325f7333082db2bbd"})

[  153.648785][ T7907] bridge0: port 1(bridge_slave_0) entered disabled state
[  153.657412][ T7907] device bridge_slave_0 entered promiscuous mode
[  153.665618][ T7907] bridge0: port 2(bridge_slave_1) entered blocking state
[  153.673282][ T7907] bridge0: port 2(bridge_slave_1) entered disabled state
[  153.681773][ T7907] device bridge_slave_1 entered promiscuous mode
[  153.745941][ T7907] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  153.773989][ T7907] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  153.790950][ T7909] chnl_net:caif_netlink_parms(): no params data found
[  153.839492][ T7907] team0: Port device team_slave_0 added
[  153.850686][ T7907] team0: Port device team_slave_1 added
[  153.889706][ T7909] bridge0: port 1(bridge_slave_0) entered blocking state
[  153.897483][ T7909] bridge0: port 1(bridge_slave_0) entered disabled state
[  153.916551][ T7909] device bridge_slave_0 entered promiscuous mode
00:52:05 executing program 3:
r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x0, 0x0)
ioctl$TIOCMSET(r0, 0x5418, &(0x7f0000000040)=0x1f)
ioctl$VIDIOC_TRY_ENCODER_CMD(r0, 0xc028564e, &(0x7f0000000080)={0x1, 0x3, [0x8a, 0x5, 0x1, 0x4, 0x1ff, 0xa4, 0x20, 0xcbe8]})
r1 = accept4$x25(0xffffffffffffffff, &(0x7f00000000c0), &(0x7f0000000100)=0x12, 0x100800)
ioctl$SIOCX25GCAUSEDIAG(r1, 0x89e6, &(0x7f0000000140)={0x2, 0x2})
pipe2(&(0x7f0000000180)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0xc4800)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x70, 0x0, &(0x7f00000003c0)=[@decrefs, @clear_death={0x400c630f, 0x2}, @reply_sg={0x40486312, {0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000300)={@ptr={0x70742a85, 0x0, &(0x7f00000001c0)=""/239, 0xef, 0x1, 0x1f}, @ptr={0x70742a85, 0x1, &(0x7f00000002c0)=""/4, 0x4, 0x2, 0x14}, @fda={0x66646185, 0xa, 0x1, 0x23}}, &(0x7f0000000380)={0x0, 0x28, 0x50}}, 0xf49932a3dcefb71f}, @dead_binder_done], 0x48, 0x0, &(0x7f0000000440)="67151b5a72b01203798d7fd9c31b1ad8582621f274e80468f8a6444d417d90278f2f312360d7b869d6c9d393f0e3d4251b760b16d693e7cd73bc910313e59819e0b5cf67e3bb76cb"})
r3 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000500)='/dev/sequencer2\x00', 0x200000, 0x0)
ioctl$sock_inet6_SIOCDIFADDR(r3, 0x8936, &(0x7f0000000540)={@ipv4={[], [], @loopback}, 0x1e})
r4 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000580)='/dev/dlm_plock\x00', 0x100002, 0x0)
ioctl$VT_SETMODE(r4, 0x5602, &(0x7f00000005c0)={0x6, 0x80, 0x80, 0x4, 0x3})
r5 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000640)='/dev/dlm-control\x00', 0x101101, 0x0)
renameat2(r3, &(0x7f0000000600)='./file0\x00', r5, &(0x7f0000000680)='./file0\x00', 0x0)
pipe2(&(0x7f00000006c0)={<r6=>0xffffffffffffffff}, 0x800)
setsockopt$l2tp_PPPOL2TP_SO_LNSMODE(r6, 0x111, 0x4, 0x0, 0x4)
fcntl$F_SET_FILE_RW_HINT(r4, 0x40e, &(0x7f0000000700))
r7 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0)='/dev/vhost-vsock\x00', 0x2, 0x0)
open_by_handle_at(r7, &(0x7f0000000800)={0x98, 0x14, "573957c3585a2df8b24f828c01576cd6055081b23ca8f122cc5f2a4a299eb49f37b1b535e30e1759b0b289325c22b844ee08deaeee43d2d1e7de484546b8c7109357ddc7475738c0aa1c9b4c29c25d0840041ea8918b9db642be6c01564981354cbb0f1a7e9ac9a30b0fa18c12c1f5df27dc1f5f50064b572058f2c7dd7f5f71f5969b256275bfcb87eeebaa33668349"}, 0x200)
r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000900)={'team0\x00', <r9=>0x0})
ioctl$sock_inet6_SIOCSIFADDR(r8, 0x8916, &(0x7f0000000940)={@dev={0xfe, 0x80, [], 0x28}, 0x5, r9})
r10 = openat$audio(0xffffffffffffff9c, &(0x7f0000000980)='/dev/audio\x00', 0x1, 0x0)
ioctl$VIDIOC_G_JPEGCOMP(r10, 0x808c563d, &(0x7f00000009c0))
r11 = syz_open_dev$vcsn(&(0x7f0000000a80)='/dev/vcs#\x00', 0x0, 0x0)
ioctl$TIOCSTI(r11, 0x5412, 0x6)
r12 = syz_open_dev$sndmidi(&(0x7f0000000ac0)='/dev/snd/midiC#D#\x00', 0x7, 0x40)
r13 = accept4$llc(0xffffffffffffffff, &(0x7f0000000b00)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000000b40)=0x10, 0x6ceda38fc0a84968)
ioctl$FICLONERANGE(r12, 0x4020940d, &(0x7f0000000b80)={r13, 0x0, 0x1, 0x1, 0x3})
stat(&(0x7f0000001f40)='./file0\x00', &(0x7f0000001f80)={0x0, 0x0, 0x0, 0x0, 0x0, <r14=>0x0})
getresgid(&(0x7f0000002000), &(0x7f0000002040), &(0x7f0000002080)=<r15=>0x0)
getresuid(&(0x7f00000020c0)=<r16=>0x0, &(0x7f0000002100), &(0x7f0000002140))
syz_mount_image$hfsplus(&(0x7f0000000bc0)='hfsplus\x00', &(0x7f0000000c00)='./file0\x00', 0x2, 0x5, &(0x7f0000001ec0)=[{&(0x7f0000000c40)="f75dd3a7a9cb13805256f6d773dab2dfd41d39010ec6fb3ba8b0b1db36298dec2c0a62f39dda3f063367ae9f600e5a77e8f5d4868c4d0169d6278ca09c3fc811eb0a313f29bc24ae3d424c43cc944677344b6c659ea4c45c753b674ed280a29c20cc2a548b10d916126c4a6a5fc71db15463a9d35e3d3a46a0c38c6ed48400e3c7c9fc078b24c8db0d2eb7ef", 0x8c, 0xfffffffffffffff7}, {&(0x7f0000000d00)="cf307bbca9b9134c116d83fc2a", 0xd, 0x7}, {&(0x7f0000000d40)="ac2ac7616f7926ef2a625ae4f09ea2e09d000929e403e2705ecdf2f1f4d47d67dacbe3e8e33fddddc7f5c562d152c14542e3eda720f7db9d6084b95cf4045e5d941e091d1282f933e91ecb9ccf2d21da6a09be56cc3514e3c9449ba5aed1767ade0404f8a887c3ab89b9a6c69dd5c9e1e50e6a5b023288c232e915d3adfbbff5b134cb835e55b9e52584cdba4ecad3f156b6f3b0f7cde560c76aa8102e7d6fcec90072b53f51deffc3a13f154e4016d461c774a86584d9358012f95aa87076ab3abd81ad07999136f4fe9372acc3d08433adb9732cbdcf5db6730c3b5ffbf47c040dc4e3b855b94d9ed6e37ba254c8d3ebaebacab0ef72010de9805c131a889c149b80f0cc71de7893c67df868132ce15097d5fac7f2c29db22b0093ce779e73d39bf7a255b43612ee18304e50739667d340719a77296503a49bd0581a3c8011bb4c00903a05ee4e42ae83aba49c26023c90f812bcb44ed0bef7415373c2dbd612668b201810b178a929196ba1134ae75f9474a13760f733b1287e668fa779a252f8fba34d21f25ee695b56feb23664f68229f01d99e6c4988c7307449045a4bce4900b1dd5e81237b3446cdfce9710b28a80480faf8ded65d9748e8e161c1682b579ee8821763ad53b9140821a3ac1e5cec99b7d79485bd4056f2314decc904ebe14d1a828734b8538afa98886065caa491ae61228067a557d0160c38c603051538f1865ef767a64c794e1e00d876fed87bea53716e0eff45bd1a080941293e4e9b0235c1e5a317005bff5ed108be3f36600acc265697fedbeb20bb72194fa3958a2f6b2d51592f24b0a89f8996f829cace9811fdbe0118a6d8a1d60bffffd22d03f1678be3a3783319dc32f216a278d61c8f6f23fa800f459c1b0e401e7a25b3437c57e1153dbe28778a50b951edbb8540a01b9a28be52e39ff1a9734a80fb6d723fb284d3d25668546400a26bdfc4558ca0cde6f1414a6816daf49f736450102ca1ad07bda4688f045de6beaa43a67795b2a11b0bda9696688dc103e0995d53276ff70d907aab420d1140fb20dd1fbadf9145e768e7fc22fb9a2915f82f2ecb1647eeb201802b4696e5654d4e9b64cc8ae0560a382ce7b945d4f78e7783b1bc5928f1ed02a402fdd830c7ccd9c65cec070e2ef291435a8b0d965e5ac585c24dfb43c222dfa436d4be67c2103bec3b524f55e05a9f526719a40dbcb912320cc54bbf6483db3794de24d009ea37e04f6a02feb9594e8055a434acaaaa91897614cebee524590d6f2876ea6c82d6854e6525ddf3804618e25af8cfa58c3963a80786d0db2088770001664a96469a4dbd8b6684fb67d2a3914daaa8d8c27d41f12be0adb8dd976aeb7482827b08e95ac4e484ced90dfef156900e6bed8d374d959f723900c20e69c02b4cd878e46a2f017ff32949967ada037372825b44566cac69bb916fa3688c623168c89713870457d7d09641e790d8dec28f7fc6c60eb7c6bc6b73636e6de580a1cd4df59a3a95df9d5511ff8672c0e459ef097db395deb13e392291b6274996e486a61fbfc0902954fc5c66438985fb07ebcb9f881440027343d5b4d7c1469ee067c20d9430100b88af9e30d391da7c52f92dd94b14752fea6c37c09efd6681b1a3937db368d0c0d61e9ae43bbc58e85b48315d85d17a1bd994900b44da763c920397593c85622d77a097ce9922a11ed9a33d5595456d7ac17dcd10df0b4ad6aa29dc9aee64f6180eba50d0b35ea7b0878f90c299820e0d0760dcafee4abd19cd1a5e243f7af3d3d53f8ed32881604c601df54bc365669d73bea6ad1c68d04257d77325c6231bc1390a897761e5b3f4790b5d670a77d71583787d9eff8bf868e320753d7109b52e5c6f0c8e6e49047ce82e8e51d53398e8070d4c1f90001e03f26a2f059d91b59991d07e09f99d236c917fb0bc18eeef5b3f9bea0f68c4b5cb92ec5018ee24790d8c549ae0ec04a9ffe4b45f518418e1cc65b0a18b337893d85582c1f9b312706136f99b2a52e158f28e4802ee42382b1ebb1ae1bcc4e0f22da7c20a4298720dcc6a2e74ebaa96418fe09fc0516b6f92287936051ba9d1b67f42a9ad278d7695d77dbf36275e5f60ee0b56d4872c78db0ae6cc9f742ac0cdcf2672fb12981fd17433e4545cf6062d18119dc0ea5da223fb59a61aaf5c9f8262b2abb33ce61022f103f8ba0d80c0f91ded00af35a3071546a2e6c2660fcbd12776fb866551643bbb9952518a9df0e189764e0d0375be9f54a1956fcf9cd8092fc9c0a773bc053517dc3056e2996b03927675c5745b0a3e1f5522402272850055d55a16c3431c46c62bd6dcd1a040a2775b11b31727a5ea3578ffb8084ed2844acd32a9f98c1af77e2176b028fef45cecc75f00748f92c4af9b588b51519b773c783568c1aed2617f1b1880254649dbf91872629356d974800f40e24cadf13521f7a3ad54817b7a1ad81867d9ac844d09797083f93b02a58044b580d425c5e112929ed487effd38b12981b0db3182a9281757cf80e4123baa09c3f098366c42c01ca9f6fd70c0d09a9bf174b4d1fdbd5b05ef014981538be36fd0089918ca97a447ca9b9e9a991f2301f2b676c5b67b59b607bd20e86072431c75023fd55b09afa4d4734d7e6892759430689750fd246a4dbe0c6bd822a2a9d682de734b69ae5b69e99a8b9877cc7729de9aa108257a796032c1203b1b31c93ea975db5d99a88598d04f2521dcd447a4858e2651524e6d795c837e2d2403fe8c6e9541281df74f57f7649e06442c55801a6285ef750709bc29f180b09d2ea11a0528e8e9fb156ee6688b51b7cfe701d5a921cf5156f119d556f5326c6248dfcb7aa49b51405da38b3a6a370bac63dc7adfdfd2b67db7705b948c17c01a1bf4cb0b3e75bb23af50eb219a68f2f2dea6d97eaf9a2f78fb235fdcfa626c02e849d1a10c1e85887d0005b3178ebf172b08a2a5f867f979b9a2fa1c51c71775a406f0a067e0369285a2cbb1195640bad4a62870d2f84503741b4c64bfd0efa164eb1bafdfc537d260d71500fbf27bfa13a5a1918f5e3345879b5c191e3e93aebe6e5eeb45a96dd94cf075e798138577d7cb1c8f3413cc3f221ed4a5d4c5e4c03175dc14542bfe5b82172e21cf3f83633cdf2fe2512eac2caf6dc51c6bc0a844638178c03cd40bf0cadd63d3ec349cf6645a78f6d7c8288c7370809a80b3f6a2055f008db26fa1d5a0be4b7f50814d64e169567ba2a28fae2c24028caff9c9cf5bfe350531316d2eba30a5c3563aea229a360c4c3085bf971dc7c34eb4f0416772eee7bcca5c8c6499f3c70d317bdee61cc161397ab8a3d391f77088ac529065976fbd227a1d2cdb8b4c40cfa441c44f26ce87a17c9863dfbb9cf99b32fe697b64dd691809096488c390c443612f91bf3c00dc8f63b1c3f42d65c7164a7d4606de8376a92ba829cbe9cf65f7b8b8d7b2d1bf6114620a5fe93203f733088173f8baf3411ecf096fd6eec6f247f3522e7635c5a545aba42823c5cfd63b8ca861260c12610e569c985b88195660a8043874bb8d60126245f9856a2b1025f3284fcec0a203eed23462d1120b41d0bfa18fcae9aae58fb304c2ef431a1acffe7ea650636dd8ebbdcbc086fd831c672ab53ef525dc18978a21a775377659964307d818c4b43c34341a80d40604304f9f6cc028684798088b1bb27d7e6f49bd409edd26c5e73b05d4cbf800771d32dac0b7fff441114f9df4309be44be7e1cde6645ce044f2d9c61638bc1230a7be940325f148223e5c19b2398160ac236dbea5cd317a090ea1e8aee93941f53319dea40994710f80286e112421e36de4ebb7becf2e7cb9c260c9f5989de48bfeb51189483b479ee2641316140de3f13b2bb218e2f492615174850ae37788fadad0d12e07a375cbaea3f16d89e11ff6e433759e3bb2f6e21978a6bcd01e4676df12a938799f2699dc3237029f7485efe6b11595a461c040c5be39bab25f4407713bea0f81e1e2309350291a6af76ff4c3a08828d3f9a2779d9c556b961172529a4946cbdffd3c723cab13fd5da6f445869eb002960ec68869d54a772cf1533bcaef9a3f8d03bf901c62dda8647a252579a9e1d489865bf3761780cf625e5515f1aa3708d086f617503e094bd5d0d9daf4f67385458c633709fa26753e9d1b5374309f3983b44d3b6a481ca151bdca3865bbc531356e2ce0cda3a28c3d00ad2faeb38ff8831f544a4163dc61587859818599e710f3c4a02508fa6e1d7b9dd074b57e8de1a9a231923de1d836ced7a5eec1f11a4e740e81f84258ce999655caee5cdbeb2d75ee84b5442edbb11bb951496d131a2aab725a1adafb01417175624ce22ea468c31a9786e60b6adee2d62414deacc79371a7eef592a1a6c5b2c580894b23488c6147b52fd8b0fe9b651b7c9d63bf3d6f1baebedf752b7e485f2fb8ff87565e529261f8706ef8894e3a1c346d5699ed18e5de662c680820a868eb77a941e1d397127fac370c0da2a277d896cb6f87ed3fe0e84aaa53857324ccaad6dd0a4395df466ef4abcf11864227bb1c8b9d31713e17a97a3476701ce7995134e76a407c7c3029b03d2f6a98d327214c94107c99f354646347230779141e6ba9013f199d0c013be6df8121ada79fdb4af3e273235b1223ac4033268fc2700fccd8079f9624e3e51d0221b069f3bb79c3afda139abb5cf1a746150d24744f00454ffe7f9d6366f3113d7fee11164e55669e779446875d557ce9fb6b154d566bd0ffe4b0dacf36e6739d99830e30a7d2bc65bcc0c1833e572acfa87e6ccfb9ab915cb00cf7b70f42479b11ad2d1dbce51e9fb19deb02b453a1bd2fa8b23bae7e23a5a841a96ffac80ef97c91228aa0d8df3a49c90aa691b5f749d3617938b4e92b3015b553cd3d1d5b87566782d1cac0ef5c7cbb462cee0cf75e801a89b2347af7e67b3770fe41d63a969754198161bf76ae914c1405038b1c2655b03afb327d363d3e48846a7a4b7bb4862d534ee4f8459df7b29ee3996572efd9a896ec44ba2ebe2481ada70f605e17884fc7e17f3b473294cdd0cb930fc6eaa5c33da7f368a97262690c1edab03ce8a9f26f7deca881cbe8e68f902806191a37ed0b8cb31ec91b1c0476ef2a8ee8bacad4a2e325fb5a92f1ffff4fddb7dfb5f5671da58572c01941a8ee3671c30d6efe833087880bf4ff6fcb36a329695c229612ee9f921f3101cd5505af1d4bd987c99a869511d393025270d41a17e8bda19b2257d54f21612a5e92556cee47e4d0fad2fdde5330878ef052256e7bfbfcd1b2d4b0e20083c076b2da0dd88de67d65560969c3ce68e84e80685056dda702a29eb7fd816cd969b89065e32785afc22834f753b1d3c848a6c42c886553c4f5cf39fa511ff9bbd650e18d92e4518d1142015febbea86146ccf095c0c4518994d587a5376132b423b273104a01f4434df6553e9765c83ffdbaeefc5d60823ef85ff023078de896aac0e486f291cc0ee59b3be594aa68fd12ac8f405f8812d6ce1be15a9712f3f2d461328723e235fab900665f5bd81f48219a2cdb634a281809237b23f77f88ce5af37e0c2e9c973ba6db10a8283df4f8bea89613dc62049a35d5f3dee7dd01e2d278b22d3f0b018a865624a953fea80c861eeb1f1594c418168d4e66a1b689e58c379ae80a34b0c3960e7fe0f16dc71f2371139eddc12b2ea4ad0e09451742f20e918f29d74a1eeca17f34c1419d5a4c14b2819a0c74dc7df9968aad2f079afff95e5c18fac582ae4b4c37bbcb1cdfe817520c27b980f149eb925c", 0x1000, 0x19}, {&(0x7f0000001d40)="94019b8b202c29a0269920a962b4fe87164e8c1169a2a78f39c9e2ff7d3c037266d8acfef27e8d4372ec852e34a17383698bf63ffebf43d2d1d96597bc362e3de76fe971ed566ba83b174d3a24682f0352b7f2fbe55fc4a4064f41c8bb840439fa", 0x61, 0x3f}, {&(0x7f0000001dc0)="27099943d90d9d57a3b055dec91c35dc5bbe14daad0c0207f1ec5500a996c20dd85b74c377b17c1cc3e0407bbe424fd8706825c7c6d9558757d18715117fee2ac17ee4fc03d18b349d0ce52d216d7f838df821f1c7194dfb0d05b66d47959f57ead5f461016443ef33dc8d3ca28c9791bebc767245d707fabbc14df368878b8338228deab1818676c07f80fe20e89dcca0a05fca2d1aff46666eaf429cc54de08821eec72a53b771a99e2ebfe3272292738961f219e1af9bfd4e3a9e9afa410d922ba542688bd8b99ca2cd2b78de626ba75b7f152f0568bb190781ff1f2f917a3aac63ac", 0xe4, 0x2}], 0x20000, &(0x7f0000002180)={[{@barrier='barrier'}, {@gid={'gid', 0x3d, r14}}, {@type={'type', 0x3d, "7bf3c4f1"}}, {@barrier='barrier'}, {@gid={'gid', 0x3d, r15}}, {@force='force'}, {@umask={'umask', 0x3d, 0x4}}, {@nobarrier='nobarrier'}], [{@obj_user={'obj_user', 0x3d, 'em0\'md5sumwlan1lo'}}, {@smackfstransmute={'smackfstransmute', 0x3d, ']'}}, {@permit_directio='permit_directio'}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@euid_gt={'euid>', r16}}, {@audit='audit'}]})

[  153.999174][ T7907] device hsr_slave_0 entered promiscuous mode
[  154.027284][ T7907] device hsr_slave_1 entered promiscuous mode
00:52:05 executing program 4:
r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x9, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r0, 0xc08c5335, &(0x7f0000000040)={0x1, 0x7f, 0x80000001, 'queue1\x00', 0x2850000})
r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000100)='/dev/video36\x00', 0x2, 0x0)
ioctl$VIDIOC_STREAMON(r1, 0x40045612, &(0x7f0000000140)=0x1)
r2 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000180)='/proc/capi/capi20\x00', 0x0, 0x0)
ioctl$VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f00000001c0)={0x7, @sliced={0x6, [0xb1, 0x0, 0x6, 0x6, 0x1f, 0x800, 0x3, 0x1, 0xffff, 0x8, 0x5, 0x7fff, 0x3, 0x3, 0x9, 0x7f, 0x7, 0x3, 0x800, 0x5, 0x1, 0x9, 0xfffe, 0x3, 0x1, 0x7, 0x3475, 0x8e3, 0x1, 0xad4d, 0x6, 0x40, 0x0, 0xffff, 0x7, 0x8, 0x3ff, 0xfffa, 0x9, 0x100, 0x0, 0x4, 0x0, 0x5, 0x8001, 0x3, 0x3], 0x1}})
ioctl$VIDIOC_G_STD(r0, 0x80085617, &(0x7f00000002c0))
fchmod(r1, 0x1)
r3 = syz_open_dev$cec(&(0x7f0000000300)='/dev/cec#\x00', 0x2, 0x2)
ioctl$sock_inet6_udp_SIOCOUTQ(r3, 0x5411, &(0x7f0000000340))
r4 = syz_open_dev$cec(&(0x7f0000000380)='/dev/cec#\x00', 0x2, 0x2)
ioctl$TUNSETCARRIER(r4, 0x400454e2, &(0x7f00000003c0)=0x1)
r5 = openat$null(0xffffffffffffff9c, &(0x7f0000000400)='/dev/null\x00', 0x347043, 0x0)
setsockopt$inet6_icmp_ICMP_FILTER(r5, 0x1, 0x1, &(0x7f0000000440)={0x6}, 0x4)
ioctl$VHOST_RESET_OWNER(r2, 0xaf02, 0x0)
r6 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000480)='/dev/video37\x00', 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r6, 0xc0145608, &(0x7f00000004c0)={0x1ff, 0x2, 0x4})
r7 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000500)='/proc/capi/capi20ncci\x00', 0x80000, 0x0)
ioctl$EVIOCGABS0(r7, 0x80184540, &(0x7f0000000540)=""/78)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000600)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000640)=0x14)
setsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000680)={{{@in6=@ipv4={[], [], @loopback}, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x2, 0x4e23, 0x7, 0x2, 0x80, 0x0, 0x3b, r8, 0xee01}, {0x5, 0x1c21ac3, 0x0, 0x1000, 0x0, 0x4, 0x4, 0xb026}, {0x1, 0x4, 0x4, 0x200}, 0x7fff, 0x6e6bb1, 0x0, 0x1, 0x1, 0x3}, {{@in6=@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x4d2, 0x2b}, 0xa, @in=@broadcast, 0x3501, 0x4, 0x0, 0xc8, 0x200, 0xcd6d, 0xebf1}}, 0xe8)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000780)={@mcast2, 0x5, 0x2, 0x2, 0x1, 0x0, 0x6}, &(0x7f00000007c0)=0x20)
ioctl$VIDIOC_ENUMINPUT(r3, 0xc050561a, &(0x7f0000000800)={0x0, "ca17e8840613e56704cf1c275e746a6369878239caf235b4b7614f1b5aa0257b", 0xd3d9553061999f40, 0x8b, 0xf, 0xf900, 0x100, 0x8})
r9 = syz_open_dev$cec(&(0x7f0000000880)='/dev/cec#\x00', 0x2, 0x2)
ioctl$VFIO_GET_API_VERSION(r9, 0x3b64)
r10 = syz_open_procfs(0x0, &(0x7f00000008c0)='net/xfrm_stat\x00')
ioctl$PERF_EVENT_IOC_SET_FILTER(r10, 0x40082406, &(0x7f0000000900)='eth1&(\x00')
r11 = syz_open_dev$midi(&(0x7f0000000940)='/dev/midi#\x00', 0x9, 0x0)
accept(0xffffffffffffffff, &(0x7f0000000980)=@ll={0x11, 0x0, <r12=>0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000a00)=0x80)
r13 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000a40)='net/rfcomm\x00')
bind$xdp(r11, &(0x7f0000000a80)={0x2c, 0x6295d592584720f7, r12, 0x3c, r13}, 0x10)

[  154.203884][ T7909] bridge0: port 2(bridge_slave_1) entered blocking state
[  154.218521][ T7909] bridge0: port 2(bridge_slave_1) entered disabled state
[  154.232211][ T7914] IPVS: ftp: loaded support on port[0] = 21
[  154.236482][ T7909] device bridge_slave_1 entered promiscuous mode
[  154.309215][ T7916] IPVS: ftp: loaded support on port[0] = 21
[  154.414885][ T7909] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  154.544530][ T7909] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  154.588888][ T7907] bridge0: port 2(bridge_slave_1) entered blocking state
[  154.596127][ T7907] bridge0: port 2(bridge_slave_1) entered forwarding state
[  154.604303][ T7907] bridge0: port 1(bridge_slave_0) entered blocking state
[  154.611462][ T7907] bridge0: port 1(bridge_slave_0) entered forwarding state
[  154.691352][ T7923] IPVS: ftp: loaded support on port[0] = 21
[  154.719000][    T5] bridge0: port 1(bridge_slave_0) entered disabled state
[  154.747159][    T5] bridge0: port 2(bridge_slave_1) entered disabled state
[  154.872315][ T7909] team0: Port device team_slave_0 added
00:52:06 executing program 5:
r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x10500, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000240)={r0, 0xc0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=0x800, 0x0, 0x0, 0x0, &(0x7f0000000080)={0x8, 0x1}, 0x0, 0x0, &(0x7f00000000c0)={0x3, 0xa, 0x20, 0x5}, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=0x6}}, 0x10)
ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000280)=<r1=>0x0)
fcntl$setown(r0, 0x8, r1)
r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/dlm-control\x00', 0x244000, 0x0)
readlinkat(r2, &(0x7f0000000300)='./file0\x00', &(0x7f0000000340)=""/213, 0xd5)
ioctl$SIOCX25SFACILITIES(r0, 0x89e3, &(0x7f0000000440)={0x39, 0xfffffffc, 0xc, 0x6, 0x7})
r3 = syz_open_dev$sndpcmc(&(0x7f0000000480)='/dev/snd/pcmC#D#c\x00', 0x8, 0xa40)
ioctl$KDGKBMODE(r3, 0x4b44, &(0x7f00000004c0))
r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000500)='/dev/btrfs-control\x00', 0x20000, 0x0)
ioctl$int_out(r4, 0x5462, &(0x7f0000000540))
r5 = syz_open_dev$vcsn(&(0x7f0000000580)='/dev/vcs#\x00', 0x2, 0x40)
connect$rds(r5, &(0x7f00000005c0)={0x2, 0x4e22, @empty}, 0x10)
r6 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r7 = accept4$netrom(0xffffffffffffffff, 0x0, &(0x7f0000000600), 0x80000)
epoll_ctl$EPOLL_CTL_MOD(r6, 0x3, r7, &(0x7f0000000640)={0x80000000})
r8 = syz_open_dev$radio(&(0x7f00000009c0)='/dev/radio#\x00', 0x2, 0x2)
r9 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000a40)='IPVS\x00')
sendmsg$IPVS_CMD_DEL_DAEMON(r8, &(0x7f0000000b00)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x400d2000}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x1c, r9, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x800}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4044000}, 0x2000a010)
r10 = syz_open_dev$sndpcmp(&(0x7f0000000b40)='/dev/snd/pcmC#D#p\x00', 0x400, 0x4e17e60362079c85)
ioctl$IOC_PR_CLEAR(r10, 0x401070cd, &(0x7f0000000b80)={0x3})
r11 = epoll_create1(0x80000)
r12 = openat(0xffffffffffffffff, &(0x7f0000000bc0)='./file0\x00', 0x0, 0xd2)
r13 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000c00)='/dev/cuse\x00', 0x2, 0x0)
r14 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000c40)='io.max\x00', 0x2, 0x0)
poll(&(0x7f0000000c80)=[{r8, 0x52}, {r11, 0x2001}, {r12, 0x124}, {r13, 0x8}, {r14, 0x9}], 0x5, 0x90f)
r15 = accept4$ax25(0xffffffffffffffff, &(0x7f0000000cc0)={{}, [@netrom, @default, @bcast, @remote, @null, @netrom, @bcast, @null]}, &(0x7f0000000d40)=0x48, 0x100800)
ioctl$EXT4_IOC_SETFLAGS(r15, 0x40086602, &(0x7f0000000d80)=0x3)
r16 = syz_open_dev$midi(&(0x7f0000000dc0)='/dev/midi#\x00', 0x9, 0x50000)
ioctl$VT_ACTIVATE(r16, 0x5606, 0x5)

[  154.970836][ T7909] team0: Port device team_slave_1 added
[  155.104150][ T7914] chnl_net:caif_netlink_parms(): no params data found
[  155.159311][ T7909] device hsr_slave_0 entered promiscuous mode
[  155.206924][ T7909] device hsr_slave_1 entered promiscuous mode
[  155.248250][ T7909] debugfs: Directory 'hsr0' with parent '/' already present!
[  155.305146][ T7916] chnl_net:caif_netlink_parms(): no params data found
[  155.332880][ T7907] 8021q: adding VLAN 0 to HW filter on device bond0
[  155.342338][ T7914] bridge0: port 1(bridge_slave_0) entered blocking state
[  155.352549][ T7914] bridge0: port 1(bridge_slave_0) entered disabled state
[  155.360740][ T7914] device bridge_slave_0 entered promiscuous mode
[  155.406860][ T7954] IPVS: ftp: loaded support on port[0] = 21
[  155.429712][ T7914] bridge0: port 2(bridge_slave_1) entered blocking state
[  155.443357][ T7914] bridge0: port 2(bridge_slave_1) entered disabled state
[  155.454456][ T7914] device bridge_slave_1 entered promiscuous mode
[  155.491291][ T7907] 8021q: adding VLAN 0 to HW filter on device team0
[  155.553248][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  155.578243][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  155.601704][ T7916] bridge0: port 1(bridge_slave_0) entered blocking state
[  155.616462][ T7916] bridge0: port 1(bridge_slave_0) entered disabled state
[  155.648545][ T7916] device bridge_slave_0 entered promiscuous mode
[  155.669250][ T7916] bridge0: port 2(bridge_slave_1) entered blocking state
[  155.677391][ T7916] bridge0: port 2(bridge_slave_1) entered disabled state
[  155.697407][ T7916] device bridge_slave_1 entered promiscuous mode
[  155.716452][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  155.725094][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  155.741368][ T7942] bridge0: port 1(bridge_slave_0) entered blocking state
[  155.748535][ T7942] bridge0: port 1(bridge_slave_0) entered forwarding state
[  155.780190][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  155.800713][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  155.827114][ T7942] bridge0: port 2(bridge_slave_1) entered blocking state
[  155.834207][ T7942] bridge0: port 2(bridge_slave_1) entered forwarding state
[  155.860502][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  155.881135][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  155.974280][ T7923] chnl_net:caif_netlink_parms(): no params data found
[  155.992718][ T7914] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  156.019426][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  156.030120][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  156.052276][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  156.070114][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  156.081863][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  156.091541][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  156.103021][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  156.141863][ T7914] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  156.167135][ T7907] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  156.184607][ T7907] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  156.208985][ T7916] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  156.227748][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  156.243890][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  156.313297][ T7916] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  156.336275][ T7916] team0: Port device team_slave_0 added
[  156.350445][ T7914] team0: Port device team_slave_0 added
[  156.383733][ T7916] team0: Port device team_slave_1 added
[  156.401294][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  156.409724][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  156.418526][ T7914] team0: Port device team_slave_1 added
[  156.441613][ T7907] 8021q: adding VLAN 0 to HW filter on device batadv0
[  156.467463][ T7923] bridge0: port 1(bridge_slave_0) entered blocking state
[  156.474573][ T7923] bridge0: port 1(bridge_slave_0) entered disabled state
[  156.482952][ T7923] device bridge_slave_0 entered promiscuous mode
[  156.491342][ T7923] bridge0: port 2(bridge_slave_1) entered blocking state
[  156.498824][ T7923] bridge0: port 2(bridge_slave_1) entered disabled state
[  156.506428][ T7923] device bridge_slave_1 entered promiscuous mode
[  156.530803][ T7923] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  156.610139][ T7916] device hsr_slave_0 entered promiscuous mode
[  156.646941][ T7916] device hsr_slave_1 entered promiscuous mode
[  156.686580][ T7916] debugfs: Directory 'hsr0' with parent '/' already present!
[  156.699364][ T7954] chnl_net:caif_netlink_parms(): no params data found
[  156.720383][ T7923] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  156.779629][ T7914] device hsr_slave_0 entered promiscuous mode
[  156.817115][ T7914] device hsr_slave_1 entered promiscuous mode
[  156.836523][ T7914] debugfs: Directory 'hsr0' with parent '/' already present!
[  156.850496][ T7923] team0: Port device team_slave_0 added
[  156.903672][ T7909] 8021q: adding VLAN 0 to HW filter on device bond0
[  156.929708][ T7923] team0: Port device team_slave_1 added
[  157.023062][ T7909] 8021q: adding VLAN 0 to HW filter on device team0
[  157.047856][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  157.055698][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  157.179313][ T7923] device hsr_slave_0 entered promiscuous mode
[  157.206932][ T7923] device hsr_slave_1 entered promiscuous mode
[  157.266572][ T7923] debugfs: Directory 'hsr0' with parent '/' already present!
[  157.280430][ T7954] bridge0: port 1(bridge_slave_0) entered blocking state
[  157.306492][ T7954] bridge0: port 1(bridge_slave_0) entered disabled state
[  157.314537][ T7954] device bridge_slave_0 entered promiscuous mode
[  157.407467][ T7954] bridge0: port 2(bridge_slave_1) entered blocking state
[  157.414646][ T7954] bridge0: port 2(bridge_slave_1) entered disabled state
[  157.477376][ T7954] device bridge_slave_1 entered promiscuous mode
[  157.748125][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  157.783284][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
00:52:09 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0)
openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_TSS_ADDR(r1, 0xae47, 0x0)

[  157.856942][   T23] bridge0: port 1(bridge_slave_0) entered blocking state
[  157.864041][   T23] bridge0: port 1(bridge_slave_0) entered forwarding state
[  157.957193][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  157.965827][   T23] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  158.037709][   T23] bridge0: port 2(bridge_slave_1) entered blocking state
[  158.044810][   T23] bridge0: port 2(bridge_slave_1) entered forwarding state
[  158.078048][ T8058] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  158.179511][ T7954] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  158.248291][ T7954] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  158.372955][ T7955] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  158.497196][ T7955] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  158.505941][ T7955] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  158.571144][ T7955] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  158.623905][ T7955] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  158.662519][ T7955] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  158.691944][ T7955] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  158.743558][ T7916] 8021q: adding VLAN 0 to HW filter on device bond0
[  158.789608][ T7954] team0: Port device team_slave_0 added
[  158.821850][ T7955] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  158.882370][ T7909] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
00:52:10 executing program 0:

[  158.923189][ T7909] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  158.970491][ T7954] team0: Port device team_slave_1 added
00:52:10 executing program 0:

[  159.059855][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  159.099674][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
00:52:10 executing program 0:

[  159.128779][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  159.148817][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
00:52:10 executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
utimensat(r1, 0x0, &(0x7f0000f84fe0)={{0x0, 0x3ffffffe}}, 0x0)

[  159.185089][ T7916] 8021q: adding VLAN 0 to HW filter on device team0
[  159.239496][ T7954] device hsr_slave_0 entered promiscuous mode
[  159.276889][ T7954] device hsr_slave_1 entered promiscuous mode
[  159.306644][ T7954] debugfs: Directory 'hsr0' with parent '/' already present!
[  159.328427][ T7909] 8021q: adding VLAN 0 to HW filter on device batadv0
[  159.335618][ T7955] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  159.344741][ T7955] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  159.357192][ T7955] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  159.364955][ T7955] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  159.372954][ T7955] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  159.394597][ T7914] 8021q: adding VLAN 0 to HW filter on device bond0
00:52:10 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x2a7)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f7e5)
clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
setsockopt$inet6_int(r0, 0x29, 0x31, 0x0, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
r2 = socket$unix(0x1, 0x2, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
tkill(r1, 0x1c)
wait4(0xffffffffffffffff, 0x0, 0x0, 0x0)

[  159.406270][ T7955] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  159.430987][ T7955] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  159.442334][ T7955] bridge0: port 1(bridge_slave_0) entered blocking state
[  159.449470][ T7955] bridge0: port 1(bridge_slave_0) entered forwarding state
[  159.484511][ T7955] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  159.493437][ T7955] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  159.507402][ T7955] bridge0: port 2(bridge_slave_1) entered blocking state
[  159.508082][ T8112] ptrace attach of "/root/syz-executor.0"[8111] was attempted by "/root/syz-executor.0"[8112]
[  159.514484][ T7955] bridge0: port 2(bridge_slave_1) entered forwarding state
[  159.605556][ T7914] 8021q: adding VLAN 0 to HW filter on device team0
[  159.636173][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  159.649606][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
00:52:10 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000880)=ANY=[@ANYBLOB="b401000010001307000000e0f083d0876e8b1900000000000000000000000000fe8000eead5f2d00000000000000000000000000000000000000000021000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414bb0000000000000000000000000000000033000000fe8000000000000000000000000000bb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000008000b0000000000bc0001006d64350000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000088030000669ba8ccaec0d382a1359479b3a152f7ffffffffffffffeb87f0a52bc16211efb8f98be5ef742a104a42b7b673c5b96548fbe0a634cf2fe6619e751055001171c5f0b7aed3e747811b45b8a79f9f142dd7bf3b210c6a2fb4a6ced87eed0819f80d266e00"/364], 0x1b4}}, 0x0)

[  159.707290][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  159.729912][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  159.817234][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  159.825949][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  159.862753][ T7942] bridge0: port 1(bridge_slave_0) entered blocking state
[  159.869965][ T7942] bridge0: port 1(bridge_slave_0) entered forwarding state
[  159.911459][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  159.944657][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  159.987630][ T7942] bridge0: port 2(bridge_slave_1) entered blocking state
[  159.994736][ T7942] bridge0: port 2(bridge_slave_1) entered forwarding state
[  160.026702][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  160.035548][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  160.067284][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  160.075856][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  160.107866][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  160.127087][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  160.135619][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  160.187256][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  160.196065][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  160.227513][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  160.246991][ T7942] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  160.282593][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  160.290971][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  160.327136][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  160.424446][ T7916] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  160.445398][ T7916] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  160.492665][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  160.517270][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  160.531190][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
00:52:11 executing program 1:

[  160.548819][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  160.563544][ T7923] 8021q: adding VLAN 0 to HW filter on device bond0
[  160.581552][ T7914] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  160.604731][ T7914] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  160.632967][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  160.647166][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  160.655577][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  160.664581][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  160.673716][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  160.697101][ T7954] 8021q: adding VLAN 0 to HW filter on device bond0
[  160.711909][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  160.719537][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  160.731805][ T7916] 8021q: adding VLAN 0 to HW filter on device batadv0
[  160.748809][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  160.756270][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  160.775509][ T7923] 8021q: adding VLAN 0 to HW filter on device team0
[  160.782674][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  160.790821][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  160.802501][ T7914] 8021q: adding VLAN 0 to HW filter on device batadv0
[  160.826453][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  160.834118][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  160.843331][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  160.854687][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  160.864013][ T2846] bridge0: port 1(bridge_slave_0) entered blocking state
[  160.871168][ T2846] bridge0: port 1(bridge_slave_0) entered forwarding state
[  160.879213][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  160.888219][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  160.896660][ T2846] bridge0: port 2(bridge_slave_1) entered blocking state
[  160.903705][ T2846] bridge0: port 2(bridge_slave_1) entered forwarding state
[  160.911314][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  160.920080][ T2846] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  160.932900][ T7954] 8021q: adding VLAN 0 to HW filter on device team0
[  160.944426][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  160.952689][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  160.968313][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  160.985188][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  161.001408][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  161.012573][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  161.021715][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  161.030641][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  161.044407][ T7923] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  161.056248][ T7923] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  161.076914][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  161.085441][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  161.095373][ T7911] bridge0: port 1(bridge_slave_0) entered blocking state
[  161.102478][ T7911] bridge0: port 1(bridge_slave_0) entered forwarding state
[  161.110563][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  161.119283][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  161.127887][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  161.136841][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  161.145141][ T7911] bridge0: port 2(bridge_slave_1) entered blocking state
[  161.152420][ T7911] bridge0: port 2(bridge_slave_1) entered forwarding state
[  161.160087][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  161.169102][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  161.178149][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  161.193864][ T7923] 8021q: adding VLAN 0 to HW filter on device batadv0
[  161.205648][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  161.216730][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  161.225313][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  161.234223][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  161.242455][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  161.253389][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  161.262445][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  161.274500][ T7911] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  161.310003][ T7954] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  161.323660][ T7954] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  161.335183][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  161.346232][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  161.355235][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  161.379872][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  161.394353][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  161.420440][ T7954] 8021q: adding VLAN 0 to HW filter on device batadv0
00:52:13 executing program 2:

00:52:13 executing program 0:

00:52:13 executing program 1:

00:52:13 executing program 3:

00:52:13 executing program 4:

00:52:13 executing program 5:

00:52:13 executing program 5:

00:52:13 executing program 3:

00:52:13 executing program 1:

00:52:13 executing program 4:

00:52:13 executing program 0:

00:52:13 executing program 2:

00:52:13 executing program 5:

00:52:13 executing program 0:

00:52:13 executing program 3:

00:52:13 executing program 4:

00:52:13 executing program 1:

00:52:13 executing program 2:

00:52:13 executing program 5:

00:52:13 executing program 4:

00:52:13 executing program 3:

00:52:13 executing program 0:

00:52:13 executing program 1:

00:52:13 executing program 2:

00:52:13 executing program 3:

00:52:14 executing program 1:

00:52:14 executing program 0:

00:52:14 executing program 4:

00:52:14 executing program 5:

00:52:14 executing program 4:

00:52:14 executing program 3:

00:52:14 executing program 1:

00:52:14 executing program 2:

00:52:14 executing program 5:

00:52:14 executing program 0:

00:52:14 executing program 2:

00:52:14 executing program 4:

00:52:14 executing program 3:

00:52:14 executing program 1:

00:52:14 executing program 5:

00:52:14 executing program 2:

00:52:14 executing program 0:

00:52:14 executing program 3:

00:52:14 executing program 5:

00:52:14 executing program 1:

00:52:14 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, &(0x7f0000000100)={'nlmon\t\x00\x7f\xed\xb1[\xe5\xa3\xcd\xb6\x00'})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000280)={0x0, 0x0, @ioapic={0x3000, 0x0, 0x0, 0x0, 0x0, [{}, {0x0, 0x10}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, [], 0x6}]}})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x4cb]})
syz_open_procfs(0x0, 0x0)
pipe(0x0)
fstat(0xffffffffffffffff, 0x0)
fstat(0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
fsetxattr(0xffffffffffffffff, &(0x7f0000000040)=@known='system.posix_acl_default\x00', &(0x7f0000000080)='cgroup\x00', 0x7, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_GET_ONE_REG(0xffffffffffffffff, 0x4010aeab, &(0x7f0000000000)={0x2})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

00:52:14 executing program 2:
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = open(0x0, 0x40c5, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000300)=[{&(0x7f00000004c0)=""/85, 0x55}], 0x1, 0x2)
preadv(0xffffffffffffffff, &(0x7f0000000480), 0x1000000000000181, 0x2)
stat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140))
setsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000480), 0x1000000000000181, 0x2)
r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0)
ioctl$KVM_SET_VAPIC_ADDR(r1, 0x4008ae93, &(0x7f0000000240))
r2 = socket$inet(0x2, 0x1, 0x0)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23}, 0x10)
r3 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp\x00\xcdWq\xe9*\a4g\a^\x90\xb6\xe4kH2\x80/\x88\xb6\xbb\xeb`\xb8@#\x83tH\xae\xa5y\x1d\\]\x93\x93\xb5e\xd9\xd4\xb8A# \xc9*s\xd0g>\x16\xabM\x7foK\xec\x17f\xb9x\x11\xbf\xab\x16\xc5\xcb\x94\xff\x1c\xa0\x01\xb3I\x1c\xb9\xcc\xbb\xbe\x9c\xd0!\x13\xe1\xbc.\xfaG3\x85\xe0(\x18\xe9\xef%nM\'\aF\xb7\x95\xcbm\x04\xa8\x05\xef@&\xc4')
sendfile(r2, r3, 0x0, 0x80000003)

00:52:14 executing program 0:
getpid()
ioctl$SG_GET_ACCESS_COUNT(0xffffffffffffffff, 0x2289, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm-monitor\x00', 0x400, 0x0)
userfaultfd(0x80000)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340)='/dev/fuse\x00', 0x2, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0)
fchdir(r1)
mkdir(&(0x7f0000001340)='./file0\x00', 0x0)
open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
rmdir(&(0x7f00000000c0)='./file0\x00')
dup2(0xffffffffffffffff, r0)
r2 = gettid()
r3 = syz_open_procfs(r2, &(0x7f0000000240)='fdinfo/4\x00')
lseek(0xffffffffffffffff, 0x0, 0x1)
ioctl$RTC_WIE_OFF(r3, 0x7010)
syz_open_dev$cec(&(0x7f0000000100)='/dev/cec#\x00', 0x2, 0x2)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="03"], 0x1, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000700)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9})
r4 = socket(0x11, 0xa, 0x0)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r5=>0x0}, &(0x7f0000000200)=0xc)
r6 = getegid()
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000400)={{0x0, r5, r6, 0x0, 0x0, 0x4a, 0x81}, 0x7fffffff, 0x1b, 0x4, 0x8771, 0xb5, 0x2})
bind(0xffffffffffffffff, &(0x7f0000000140)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000700)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9})
socket(0x11, 0xa, 0x0)
getpid()
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x28, 0x35, 0x119, 0x0, 0x0, {0x4}, [@generic="ffd38d9b", @nested={0x10, 0x1, [@typed={0xc, 0x0, @u64}]}]}, 0x28}}, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000080)={{{@in=@multicast2, @in=@local}}, {{@in=@loopback}, 0x0, @in6=@loopback}}, &(0x7f00000001c0)=0xe8)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000380)={0x0, 0x0, <r8=>0x0}, &(0x7f00000003c0)=0xc)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000400)={{0x0, 0x0, 0x0, 0x0, r8, 0x4a, 0x81}, 0x0, 0x1b, 0x4, 0x8771, 0xb5, 0x2})

00:52:14 executing program 1:
r0 = socket$inet6_sctp(0xa, 0x80000000000001, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
connect$inet6(r0, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x75, &(0x7f0000000040), 0x8)

00:52:14 executing program 3:
capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000804000))
setresuid(0x0, 0x0, 0x0)

00:52:14 executing program 5:
r0 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x0)
r1 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x5, 0x20000)
connect$l2tp(r0, &(0x7f0000000080)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x4e23, @broadcast}, 0x0, 0x1, 0x4, 0x3}}, 0x26)
clock_gettime(0x0, &(0x7f0000000180)={<r2=>0x0, <r3=>0x0})
rt_sigtimedwait(&(0x7f00000000c0)={0x6}, &(0x7f0000000100), &(0x7f00000001c0)={r2, r3+10000000}, 0x8)
r4 = socket$rds(0x15, 0x5, 0x0)
setsockopt$sock_timeval(r4, 0x1, 0x15, &(0x7f0000000200), 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(0xffffffffffffffff, 0x84, 0x1c, &(0x7f0000000240), &(0x7f0000000280)=0x4)
ioctl$DRM_IOCTL_ADD_CTX(r0, 0xc0086420, &(0x7f00000002c0)={<r5=>0x0})
ioctl$DRM_IOCTL_NEW_CTX(r1, 0x40086425, &(0x7f0000000300)={r5, 0x3})
fsconfig$FSCONFIG_SET_FD(r0, 0x5, &(0x7f0000000340)='^user%\'posix_acl_access-.posix_acl_accessselinux]$nodev\x00', 0x0, r0)
r6 = open(&(0x7f00000019c0)='./file0\x00', 0x101000, 0x80)
setsockopt$inet_mreqsrc(r6, 0x0, 0x27, &(0x7f0000001a00)={@empty, @loopback, @dev={0xac, 0x14, 0x14, 0xb}}, 0xc)
r7 = openat$cgroup_ro(r0, &(0x7f0000001a40)='pids.events\x00', 0x0, 0x0)
setsockopt$RXRPC_EXCLUSIVE_CONNECTION(r7, 0x110, 0x3)
prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x2)
getsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0xf, &(0x7f0000001a80)=""/5, &(0x7f0000001ac0)=0x5)
r8 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000001b00)='/dev/dlm-control\x00', 0x12bb5a44c10dc053, 0x0)
ioctl$DRM_IOCTL_VERSION(r8, 0xc0406400, &(0x7f0000001c80)={0x9e3e, 0x101, 0x3, 0x86, &(0x7f0000001b40)=""/134, 0x35, &(0x7f0000001c00)=""/53, 0x0, &(0x7f0000001c40)})
openat$zero(0xffffffffffffff9c, &(0x7f0000001cc0)='/dev/zero\x00', 0x401, 0x0)
memfd_create(&(0x7f0000001d00)='/dev/input/mouse#\x00', 0x2)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000001d40)={0x14})
ioctl$VIDIOC_G_EDID(0xffffffffffffffff, 0xc0285628, &(0x7f0000001dc0)={0x0, 0x1fdf8eab, 0x6f, [], &(0x7f0000001d80)=0x8})
ioctl$SIOCX25GDTEFACILITIES(r1, 0x89ea, &(0x7f0000001e00))
r9 = syz_open_dev$cec(&(0x7f0000001e40)='/dev/cec#\x00', 0x0, 0x2)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r9, 0xc0bc5351, &(0x7f0000001e80)={0x7, 0x2, 'client0\x00', 0x3, "9a0f36adddb203e1", "9d51fb23798a7a092d8bee441de67528ec350bb36c0c2b8fe2a9ef038229a7fb", 0x9, 0x8000})
r10 = openat$audio(0xffffffffffffff9c, &(0x7f0000001f40)='/dev/audio\x00', 0x444280, 0x0)
ioctl$FS_IOC_RESVSP(r10, 0x40305828, &(0x7f0000001f80)={0x0, 0x2, 0xfff})
bind$vsock_dgram(r10, &(0x7f0000001fc0)={0x28, 0x0, 0x2710, @my=0x0}, 0x10)
r11 = syz_open_dev$vcsa(&(0x7f0000002000)='/dev/vcsa#\x00', 0x7fff, 0x2)
ioctl$SIOCX25SDTEFACILITIES(r11, 0x89eb, &(0x7f0000002040)={0x9, 0x3, 0x0, 0x1, 0x5, 0x24, 0x10, "cd3a357e4d76689c4abe7bd3a9e83e6ebecb65e2", "757094c0f72e802a806ef55325f7333082db2bbd"})

[  163.629808][ T8314] capability: warning: `syz-executor.3' uses 32-bit capabilities (legacy support in use)
[  163.670255][    C1] hrtimer: interrupt took 42906 ns
00:52:14 executing program 4:
perf_event_open(&(0x7f000001d000)={0x4, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket(0x200000000000011, 0x3, 0x0)
fcntl$setstatus(r0, 0x4, 0x2400)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'ip6_vti0\x00', <r1=>0x0})
bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @broadcast}, 0x14)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000002c0)=0x596, 0x4)
sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0)

00:52:14 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0xd}}, 0x5}, 0xffc4a851)
gettid()
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
ioctl$PPPIOCNEWUNIT(r5, 0xc004743e, &(0x7f0000000040)=0x2)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/fib_triestat\x00')
sendfile(r1, r6, 0x0, 0x7)
dup2(r0, r1)
timer_settime(0x0, 0x0, &(0x7f0000000180)={{}, {0x0, 0x989680}}, 0x0)
r7 = gettid()
tkill(r7, 0x1104400000016)
ioctl$DRM_IOCTL_AGP_ACQUIRE(r5, 0x6430)
tkill(0x0, 0x1004000000015)

00:52:15 executing program 2:
r0 = socket$inet_dccp(0x2, 0x6, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000180)={{0xc, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e22, 0x1, 'rr\x00', 0x6b, 0xd02, 0x7f}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x4e22, 0x2000, 0x6, 0x6, 0xfffffe00}}, 0x44)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x0, 0x4, &(0x7f00000000c0)=ANY=[], &(0x7f0000000100)='\x90\xa3\x9bu\x8b\xff\x03,\a\x00\xf5\v;=\x8a\xfb\x00}\x06\xd7q2\x04\xec\xad\x16X\xfe$\xf6T\x94\xe3\x19m\x9c\x93\x02\xbfV\xc4gv\xf8\xbc;\x95\xb5\xbcV\x1b\xa3D\xaaL\xd6n\x12p\x05Y\xba\xde\xf9\x99\x01\xdb\x84\x1f\x01\xebJ\xc2\xa008~C\xf9W\x82y\xf1\x8f(\xb6+H\xae\x9c\xef\xb6oz\xd0&\xe4\x10\xc3vB\xdf\x82\x9b\xf4\x85\xf1\'\xc0\xd6\x0e\x7f\xa0\x94\x1fNhS\xb6\xb1', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, 0x0, 0xffffffffffffffa6, 0x10, 0x0}, 0x70)

[  163.904479][ T8313] netlink: 'syz-executor.0': attribute type 1 has an invalid length.
[  163.940535][ T8331] IPVS: set_ctl: invalid protocol: 12 172.30.1.3:20002
00:52:15 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
openat$cgroup_subtree(r0, 0x0, 0x2, 0x0)
r1 = socket$inet(0x2, 0x800, 0x0)
setsockopt$bt_rfcomm_RFCOMM_LM(0xffffffffffffffff, 0x12, 0x3, 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @dev}, 0x10)
sendto$inet(r1, 0x0, 0x0, 0x200007fa, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000300)='sit0\x00', 0x1d3)
io_setup(0x100, &(0x7f0000000000)=<r2=>0x0)
r3 = socket$kcm(0x29, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r3, 0x89e0, &(0x7f000031aff8))
r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='mounts\x00')
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
sendfile(r5, r4, 0x0, 0x2000000000000005)
r6 = socket$kcm(0x29, 0x1000000000002, 0x0)
getsockopt$inet_sctp_SCTP_NODELAY(r1, 0x84, 0x3, &(0x7f0000000040), &(0x7f00000000c0)=0x4)
ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f000031aff8))
io_submit(r2, 0x4, &(0x7f0000002880)=[0x0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x8, r3, 0x0, 0x0, 0x6, 0x0, 0x2}, 0x0, &(0x7f0000002840)={0x0, 0x0, 0x0, 0x5, 0xf6, 0xffffffffffffffff, &(0x7f0000001840)="6352ee4b3e7ee47fd8fca01c245c5daca2224b23641ffc5b896a46bd069199a144cacb3247241fb81278f89e4c56fbfa8549c02ff218277bb679280ca1c39b311e7f42857fa62b4e54a9854196423d5d0af411733f88d8343e1e27b1ac2240c30c0bb8a83c6ee11261033d8d9f6816606f1a04052c38db64e4b0b0541b60b0d309e1f302bcd9cbe37d23e2865d9f96062a1745216055d699e44ea28863535da4cb6c3dfdc8468a63fe830bbd15d4268541c71f996c6aa92844f0bc2a394218e6660ca6c683a6af6c922f49e1304d362525561f3558f47d57f5fb913fb4be470d33637d3985b587f262c1d86a77c3bfbc2c338055b79518307b679dc9a726bbed78b7cfcc0daecf5dab513781f6149e0eb37f005f20bdb5481fca8a24eaf5402cd2b36c34afabd17925f70b8db7340cb2c7f45b40461cb6bc3733d77927b12ae478162b2e849412efbef180ca0681570e586853222f8a49ea619c7302e9309306c6e3bf2228352fc2a5f048ddabac72bf44ab04b11e595b362eee1250a8463f92329bc8fc47f5d80673f14fa53e0402b4fb50f60f8e107fe1daf3d41b587f098f5da0adddf519fde88257db0693bbcd30f44fc411f927183d9b13a31c3f5be916b1ac2d030dcfc169804efb47f5f66bbf8fb68d854f5137297153ee9118b45251743ec97d3388dd115da0364bc1622f27dca5505854a6c18d272c7c38c3f117a610d8721d6bd87461e542aaa27173e4f23b60616932e78dae27b927e1b8d721ab6c1bf911d5813d37491269b95e72bd587cad24b54feaf7e6a21241adc53976db740d67e1e8cbebbecd18a5b32573937babacc27e63acfa35d6d9833c418b5fba6046b391a0130921e701b9975e46dd3528120723422491b92debad4e6f454db78a10de4cd63d126dae268d5fa6a441c4dcf3caba146f708f7f9cfdf069da3521343ed576b5ba5ed38b60356b5e95dd14836e14ed66ce4d3c06a9098728d37fd93cadf8007fda397a41d9a0438556bc5930b5b2593ce933a61931a216a7a5ca74a183b94a5f1b34b54d54d94c31aebb7d68b95f2ad30922c2600029999e1e07fb941aa2199edf0abf1132e9910cea77586d3071df871401b852a26ce3e489594afee226e510e1541fde719b572feefd47018c51510552d93233da521d78a67ff0bcf9e6a96bd6dd59a77b7db87185f6a30ff4621f7700fc67256ae14cdae1610b337b78d02d330aa5870e5b7a50e099123a61a5d44f555b29eb7226a38d9f72afe99546b7ce149eb7b1387864837bf814ace55024698dfa49a085a0b510d088badb07214e4e275e2e8000660472c0e98d8987600400fea5bf70fe621e9cf29ca4f742913c239690f22c4e87b4349b93c385415f1659da1067695329498ac4e8eff4f8b1fa4f14f0a69769d7e11baa5ac5c49892475bdefc0fa9226f32cb3b3e181e16975443d1f1a41a3b06bc546c4ffc4b582b9c40b61ca5d2b44f29edf50028059b347fae497e81064de962da4f49e8018c687636470ac672cc03b30c82407185cb0984dae36436d369261380a8ce5c950d513b502c63048624b340aa892b077b8211cdf8eb62e2a9d00c53c0bed39d6b94e5aab7bae2315faeef1352728b062d33727a558d8da53c542c84154af8ef5c0d4b95a1c6fa41c9f3e53e9efa576c2113c638f0544cc7614538c628a44b33669e8585fa485d3408043ca88fd17b4ad43d1900170a208cc12995c1647928c5b6ff66d461b44fbdded99df7fa81531dd4638e36546b48bf8ef6b3cfedcb89c4e2beb3c669bfa37042955a40bc50cb8e049a0e4802b9b2876fde8dcec8a94fc1863203fd22900df74e23c32f8fd4468ca94358ab777a315d7e73f8d47fa94e30ddb8f57069e1ef98b3a9649008a4c3eb6cbad7c7926bfd571a4c183562c7ffa82be4f5dd8dfca5c436fc02c53287a362763826f01a5aec743670b5bf2a21e29937ed6199e2f9a4b48416b4f1dd1909d27f9279f58b0bd9c0a3fa061f024fba8c927e8478cd2fbfc07f8e72a42b953bb4e943b7b66b7e20a2bc46ab56c3959e666084333d39edbb7231439112a78aaf7fafdf6eb3b804eee443647e8d8829e4b6ab7911695673330cffe7cd2360d729115afcb635e8ff6b01f5573e2173f296ff022588f7c34eb5e8442eabc49f768665cc040c02edc7ee2470a999cc00a5de5416649f0f47a7792286d2fc2ac0644d4704176f2693b3833946d6d8f8cb2398cbce095ab28687e29ab1a7bc8299689843298fb24585598887018a8b7f3b626a8884fe0232a58e7aa6798a7ee470a0df1dbec23939ae7fa1bf003db857328183eebba1d567a63700be29859aa3b52a49e8356c6c10e2607bab026d788e4027020a5fe709b03d96d24c8ca6ae12a142c13f589c035e5b32659329a6a2f24cfaf1d0c23a7f07e3cf82a7c76f8755e0ef9c19e972522b299ccf65423e96", 0x6cb, 0x0, 0x0, 0x2}])
socketpair$unix(0x1, 0xe, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = dup(r7)
ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r8, 0xc0502100, &(0x7f0000000140)={0x0, <r9=>0x0})
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000002c0)={0x0, <r10=>0x0})
kcmp(r9, r10, 0x4, r6, r6)
setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0xf, 0x0, 0x0)
openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/attr/current\x00', 0x2, 0x0)
r11 = socket$kcm(0x2b, 0x8000000000001, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r11, 0x8912, 0x400200)
r12 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
close(r12)
pwritev(0xffffffffffffffff, 0x0, 0x0, 0x81003)
ioctl$RTC_SET_TIME(0xffffffffffffffff, 0x4024700a, &(0x7f0000000080)={0x1, 0x0, 0xe, 0x14, 0x20000000, 0x2})
flock(0xffffffffffffffff, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x102000002)

00:52:15 executing program 2:
r0 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$inet6(r0, &(0x7f00000007c0)=[{{&(0x7f0000000040)={0xa, 0x4e24, 0x0, @remote}, 0x1c, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000006546b317c7f45dd343e0c6aa156fe80000040000000000000000000000180000000000000029"], 0x30}}], 0x1, 0x0)

[  163.949596][ T8331] IPVS: set_ctl: invalid protocol: 12 172.30.1.3:20002
00:52:15 executing program 1:
r0 = gettid()
tkill(r0, 0x1104400000016)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={<r3=>r0, r2, 0x0, 0x1, &(0x7f0000000000)='\x00'}, 0x30)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x20, 0x0, 0x1}, r3, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(0xffffffffffffffff, 0xc0305710, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1800007, 0x31, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0)
sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = dup(r5)
ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200)
r7 = socket$inet6(0xa, 0x1, 0x8010000000000084)
r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r9=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r7, 0x84, 0x75, &(0x7f0000000040)={r9}, &(0x7f0000000080)=0x8)
getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r6, 0x84, 0x6, &(0x7f00000026c0)={r9, @in6={{0xa, 0x4e21, 0xfff, @rand_addr="42f6d6b4b8cd6a7e056213c9d87cc65e", 0xe6}}}, &(0x7f00000001c0)=0x84)
r10 = dup(r4)
preadv(0xffffffffffffffff, &(0x7f0000002600)=[{&(0x7f0000000100)=""/143, 0x8f}, {&(0x7f0000000280)=""/231, 0xe7}, {&(0x7f0000000380)=""/91, 0x5b}, {&(0x7f0000000080)=""/18, 0x12}, {&(0x7f0000000400)=""/4096, 0x1000}, {&(0x7f0000001400)=""/211, 0xd3}, {&(0x7f0000001500)=""/111, 0x6f}, {&(0x7f0000001580)=""/4096, 0x1000}, {&(0x7f0000002580)=""/127, 0x7f}], 0x9, 0x7f5)
ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400202)
setsockopt$IPT_SO_SET_ADD_COUNTERS(r10, 0x0, 0x41, &(0x7f0000000200)={'filter\x00', 0x3, [{}, {}, {}]}, 0x58)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r11=>0xffffffffffffffff})
r12 = dup(r11)
ioctl$PERF_EVENT_IOC_ENABLE(r12, 0x8912, 0x400200)
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r12, 0x84, 0x71, &(0x7f0000002780)={<r13=>0x0, 0x4}, &(0x7f00000027c0)=0x8)
setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r10, 0x84, 0x7b, &(0x7f0000002800)={r13, 0x5}, 0x8)

00:52:15 executing program 2:
r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9f, 0x0, 0x0, 0x1, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = fcntl$dupfd(r3, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)

[  164.038954][ T8313] netlink: 'syz-executor.0': attribute type 1 has an invalid length.
00:52:15 executing program 0:
getpid()
ioctl$SG_GET_ACCESS_COUNT(0xffffffffffffffff, 0x2289, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm-monitor\x00', 0x400, 0x0)
userfaultfd(0x80000)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340)='/dev/fuse\x00', 0x2, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0)
fchdir(r1)
mkdir(&(0x7f0000001340)='./file0\x00', 0x0)
open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
rmdir(&(0x7f00000000c0)='./file0\x00')
dup2(0xffffffffffffffff, r0)
r2 = gettid()
r3 = syz_open_procfs(r2, &(0x7f0000000240)='fdinfo/4\x00')
lseek(0xffffffffffffffff, 0x0, 0x1)
ioctl$RTC_WIE_OFF(r3, 0x7010)
syz_open_dev$cec(&(0x7f0000000100)='/dev/cec#\x00', 0x2, 0x2)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="03"], 0x1, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000700)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9})
r4 = socket(0x11, 0xa, 0x0)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r5=>0x0}, &(0x7f0000000200)=0xc)
r6 = getegid()
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000400)={{0x0, r5, r6, 0x0, 0x0, 0x4a, 0x81}, 0x7fffffff, 0x1b, 0x4, 0x8771, 0xb5, 0x2})
bind(0xffffffffffffffff, &(0x7f0000000140)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000700)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9})
socket(0x11, 0xa, 0x0)
getpid()
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x28, 0x35, 0x119, 0x0, 0x0, {0x4}, [@generic="ffd38d9b", @nested={0x10, 0x1, [@typed={0xc, 0x0, @u64}]}]}, 0x28}}, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000080)={{{@in=@multicast2, @in=@local}}, {{@in=@loopback}, 0x0, @in6=@loopback}}, &(0x7f00000001c0)=0xe8)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000380)={0x0, 0x0, <r8=>0x0}, &(0x7f00000003c0)=0xc)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000400)={{0x0, 0x0, 0x0, 0x0, r8, 0x4a, 0x81}, 0x0, 0x1b, 0x4, 0x8771, 0xb5, 0x2})

[  164.136267][    C0] Scheduler tracepoints stat_sleep, stat_iowait, stat_blocked and stat_runtime require the kernel parameter schedstats=enable or kernel.sched_schedstats=1
00:52:15 executing program 2:
getpid()
ioctl$SG_GET_ACCESS_COUNT(0xffffffffffffffff, 0x2289, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm-monitor\x00', 0x400, 0x0)
userfaultfd(0x80000)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000340)='/dev/fuse\x00', 0x2, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0)
fchdir(r1)
mkdir(&(0x7f0000001340)='./file0\x00', 0x0)
open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
rmdir(&(0x7f00000000c0)='./file0\x00')
dup2(0xffffffffffffffff, r0)
r2 = gettid()
r3 = syz_open_procfs(r2, &(0x7f0000000240)='fdinfo/4\x00')
lseek(0xffffffffffffffff, 0x0, 0x1)
ioctl$RTC_WIE_OFF(r3, 0x7010)
syz_open_dev$cec(&(0x7f0000000100)='/dev/cec#\x00', 0x2, 0x2)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88))
msgsnd(0x0, &(0x7f00000010c0)=ANY=[@ANYBLOB="03"], 0x1, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000700)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9})
r4 = socket(0x11, 0xa, 0x0)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r5=>0x0}, &(0x7f0000000200)=0xc)
r6 = getegid()
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000400)={{0x0, r5, r6, 0x0, 0x0, 0x4a, 0x81}, 0x7fffffff, 0x1b, 0x4, 0x8771, 0xb5, 0x2})
bind(0xffffffffffffffff, &(0x7f0000000140)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000700)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9})
socket(0x11, 0xa, 0x0)
getpid()
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x28, 0x35, 0x119, 0x0, 0x0, {0x4}, [@generic="ffd38d9b", @nested={0x10, 0x1, [@typed={0xc, 0x0, @u64}]}]}, 0x28}}, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000080)={{{@in=@multicast2, @in=@local}}, {{@in=@loopback}, 0x0, @in6=@loopback}}, &(0x7f00000001c0)=0xe8)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000380)={0x0, 0x0, <r8=>0x0}, &(0x7f00000003c0)=0xc)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000400)={{0x0, 0x0, 0x0, 0x0, r8, 0x4a, 0x81}, 0x0, 0x1b, 0x4, 0x8771, 0xb5, 0x2})

00:52:15 executing program 4:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f000014f000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001000)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@mcast2, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x2, 0x80}, {0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xffffffffffffffff}}}, 0xb8}}, 0x0)

[  164.352581][ T8351] netlink: 'syz-executor.0': attribute type 1 has an invalid length.
00:52:15 executing program 3:
fstat(0xffffffffffffffff, &(0x7f0000000000))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x9, 0x20800)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r3 = accept$alg(r2, 0x0, 0x0)
sendmmsg$alg(r3, &(0x7f0000008040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0)
recvmsg(r3, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000003500)=""/4096, 0x1000}], 0x1, 0x0, 0x6}, 0x0)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r5 = accept$alg(r4, 0x0, 0x0)
sendmmsg$alg(r5, &(0x7f0000008040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0)
recvmsg(r5, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000003500)=""/4096, 0x1000}], 0x1, 0x0, 0x6}, 0x0)
r6 = dup3(r3, r5, 0x80000)
write$nbd(r6, &(0x7f0000000240)={0x67446698, 0x0, 0x3, 0x3, 0x4, "3fd3c6e8c3cca311aff2baa6adfa357ee9e3bf6d5731b411025e78195af87c5cb5e670e6e14d0ed0bb8e387bdbfd04970db875ba16377cb5b20dc485286421fb22ef331a02f714348d6143e7da2cff32050f5e0a7b7ec0f03f31142728d5a984b52e7ac0991701ba109ed73538ca13beca36e249fd193fb6302a3d7cac972b796e162e537473dc03d9a87b8a67637548c6ad731b51331a70acb515ebcd"}, 0xad)
getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000000c0)={{{@in6=@ipv4={[], [], @loopback}, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}}, {{@in6=@mcast1}, 0x0, @in6=@remote}}, &(0x7f00000001c0)=0xe8)
syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000380)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="646f74732c666faad4ca93e3d5c865873c", @ANYRESDEC=r7, @ANYBLOB=',\x00'])

[  164.521869][ T8359] netlink: 'syz-executor.2': attribute type 1 has an invalid length.
00:52:15 executing program 5:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
setsockopt$inet_mreqsrc(r1, 0x0, 0x28, &(0x7f00000001c0)={@dev={0xac, 0x14, 0x14, 0x27}, @remote, @loopback}, 0xc)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x3)
r3 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x40500, 0x0)
setsockopt$netrom_NETROM_IDLE(r3, 0x103, 0x7, &(0x7f0000000200)=0x1000, 0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r5, 0x84, 0x66, &(0x7f0000000040)={<r6=>0x0, 0x6}, &(0x7f0000000080)=0x8)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f00000000c0)={r6, @in6={{0xa, 0x4e24, 0x8, @mcast1, 0x80000001}}, 0x0, 0xb3, 0xdfa, 0x8, 0xc0}, &(0x7f0000000180)=0xff40)
ioctl$FS_IOC_GETFSLABEL(r2, 0x800452d2, 0x0)

00:52:15 executing program 3:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000100)='/dev/uinput\x00', 0x805, 0x0)
write$uinput_user_dev(r2, &(0x7f0000000400)={'syz1\x00'}, 0x45c)
ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x5)
ioctl$UI_DEV_SETUP(r2, 0x5501, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$TUNSETTXFILTER(r4, 0x400454d1, &(0x7f0000000000)={0x1, 0x1, [@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}]})

00:52:15 executing program 0:
r0 = open(&(0x7f0000000140)='./bus\x00', 0x141042, 0x0)
r1 = creat(&(0x7f0000001380)='./file0\x00', 0x0)
r2 = creat(&(0x7f0000000240)='./file0\x00', 0x0)
ftruncate(r2, 0x2081ff)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
io_setup(0x8, &(0x7f00000003c0)=<r4=>0x0)
write$cgroup_pid(r0, &(0x7f0000000080), 0x12)
ioctl$KVM_GET_MP_STATE(r1, 0x8004ae98, &(0x7f0000000040))
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r6 = accept$alg(r5, 0x0, 0x0)
sendmmsg$alg(r6, &(0x7f0000008040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0)
recvmsg(r6, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000003500)=""/4096, 0x1000}], 0x1, 0x0, 0x6}, 0x0)
ioctl$FS_IOC_FIEMAP(r6, 0xc020660b, &(0x7f0000000280)={0x2ec14fa8, 0x0, 0xdc2b0965c701e82e, 0x6, 0x3, [{0x0, 0x0, 0x8, 0x0, 0x0, 0x1004}, {0x1, 0x1, 0x2, 0x0, 0x0, 0x102}, {0x1ff, 0x60, 0x42ee, 0x0, 0x0, 0x100}]})
io_submit(r4, 0x1, &(0x7f0000000500)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000240)="1e", 0x1, 0xdbed}])
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000200)={0x0, r1, 0x0, 0x0, 0x2})

00:52:15 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071")
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
accept$alg(r1, 0x0, 0x0)
r2 = dup2(r1, r0)
ioctl$TIOCSISO7816(r2, 0xc0285443, &(0x7f0000000040)={0x3b9a6e0c, 0xfffffffb, 0x97, 0x101, 0x3a})
r3 = socket$netlink(0x10, 0x3, 0x0)
writev(r3, &(0x7f0000000000)=[{&(0x7f0000000080)="390000001000090368fe07002b00000001000a0014000200450001070300001419001a0012000a0005000100"/57, 0x39}], 0x1)

00:52:15 executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0x3, &(0x7f0000000200)=ANY=[@ANYRESOCT], &(0x7f0000000080)='GPL\x00', 0x4, 0x114, &(0x7f0000000100)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0xfffffffffffffe1f, 0x10, 0x0, 0xfffffffffffffdd4}, 0x23)

[  164.703361][ T8376] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.4'.
[  164.717763][ T8377] input: syz1 as /devices/virtual/input/input5
00:52:15 executing program 2:
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x417500, 0x0)
perf_event_open(&(0x7f0000000480)={0x1, 0x70, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4000}, 0x0, 0xb, r0, 0x0)
r1 = open(&(0x7f0000000140)='./bus\x00', 0x14103e, 0x0)
accept$packet(r1, 0x0, &(0x7f0000000000))
r2 = open(0x0, 0x14103e, 0x0)
accept$packet(r2, 0x0, &(0x7f0000000000))
r3 = getpid()
sched_setscheduler(r3, 0x5, &(0x7f0000000380))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={r5, 0xc0, &(0x7f00000003c0)={0x0, <r6=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200), 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000400)={0x0, 0xffffffffffffffff, 0x0, 0x1, &(0x7f00000003c0)='\x00', r6}, 0x30)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x0, 0x12, &(0x7f00000001c0)='/dev/input/mouse#\x00', r6}, 0x30)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, r2, 0x0, 0x1, &(0x7f00000000c0)='\x00', r6}, 0x30)
r7 = socket$inet(0x2, 0x4000000000000001, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f0000000280)='fd/3\x00\x02\x17\x87:\xf4\x03\xdfc\x88,5I\xd7^\xb5D\xf7\xd7\xdb,(\xd5\x00\xc2\x06MG\xcd\xe9w\xe5s\x02\xf2\xea\xb6\xabsp\x12xT8\x01\x00\xd4S\xd8F\xab.x|\x8b\x87\xb0\xa2\xf5Y>\xb1 p\x998(\xe63\xcf\x7f\xac\x89F\x03n\x96\x15zsw\x98\xca\xcb3\xb6M=h\x01i.\xa3\xda}\x190~\xe7d6\xa5\x17\xb3\xe9\xd9QV\x0f\xf3\x02\xd6\xc1\xc3n\xcd*R\x9a\x95\x12\x05K\xa0<\xc9\xe3\xed\xab\xc9\x8bK\xb3\x86\xe2\x93f\x92iKA|e\x97k :,J36\x11\xf0\x99\x96\xb7]\xfd\xe3\v\xd8\x98\xc5o\xc6\xde\x80\xf7_\xc9\x8f\xaf\xf9\xd5\xb7ui\xea\xde\xd0\xeb\xd9\xf5_\v\xe2*\xa3\xf4\xab?n\xcb\x19i\x80\x91\xd2\xf6\x14\xfe!!0\x84L\x86\x81\x95,B\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xab*[\xa5\xb217\x93\xf3\x88\x92\xa6\xde\x11\xa2-J\x9d\xc9\xb2\x97\xa3\x88v\x9eR\x155\xc7N!\xdb\"8\xc8I\xb9c\xed\xa7!\t\x85s\xb1\xa5\xa7R2Yf\x1c\xf8\xc2z>\xb1\x9c\x02a\x87\xe9\xb8\xf8\xdcv\xb6\xe4\xa6\n\x0e\x83lM7\xcc?\xea\x19\x99\xce\x1c\x10\xd2lQ(\xc7\xe9\xef\xd2Q\vY\xf58\x10|8}uE\xaf\xb4w;\xbc\xe4\x01\xd8\xf2\xf9u\xc1Dt\'\x84\xb5\xa4\x83\xeft\xfc\xf3\xdd\x87<B%\xd1g\xd6\xe3\xca8\x9aT\x0e\xf5iA\x05\x13\x02\x14\to\xca\xf7\x04\x15U2\xaef\x1d\xb6\x9f')
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, &(0x7f0000001000)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000412ff8)='\x00\x00\x00\x00\x00\x00\x00\x00', 0x8)
r10 = accept$alg(r9, 0x0, 0x0)
sendfile(r10, r8, 0x0, 0x80000000)
ioctl$IOC_PR_RESERVE(r8, 0x401070c9, &(0x7f0000000280)={0x20})
setsockopt$inet_tcp_int(r7, 0x6, 0x80000000000002, &(0x7f0000000300)=0x80, 0x4)
bind$inet(r7, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r7, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$sock_int(r7, 0x1, 0x8, &(0x7f00000003c0), 0x4)
write$binfmt_elf64(r7, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0x2bcf)
accept$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r11=>0xffffffffffffffff})
r12 = dup(r11)
ioctl$PERF_EVENT_IOC_ENABLE(r12, 0x8912, 0x400200)
ioctl$PERF_EVENT_IOC_PERIOD(r12, 0x40082404, &(0x7f0000000080)=0x5)
shutdown(r7, 0x1)
recvmsg(r7, &(0x7f0000001440)={0x0, 0xa, &(0x7f00000015c0)=[{&(0x7f0000001600)=""/4096, 0xf99e}], 0x1, 0x0, 0xff96ce4aaaa47475, 0x7115}, 0x100)

00:52:18 executing program 1:
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x400, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82)
ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3)
syz_read_part_table(0x0, 0x6876b688bcd26e3, &(0x7f0000000080)=[{&(0x7f0000000000)="0201a5ffffff0a000000ff07000000ffffff81000800000000000000004000ffffff85000000e1000000887700720030b5829237c30000000000008000da55aa", 0x40, 0x1c0}])

00:52:18 executing program 5:
r0 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r0, &(0x7f0000000280)={0x0, 0x50, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eb04001800160009000586f9835b3f2f009148790003f85acc7c45", 0x2e}], 0x1}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x100400, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$LOOP_GET_STATUS64(r2, 0x4c05, &(0x7f0000000140))

00:52:18 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/sequencer2\x00', 0x282000, 0x0)
r2 = syz_open_dev$audion(&(0x7f0000000300)='/dev/audio#\x00', 0x2, 0x444540)
ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000340)={0x8000, 0x3be36358faca1f07, 0x0, r2})
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071")
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
setsockopt$TIPC_SRC_DROPPABLE(r4, 0x10f, 0x80, &(0x7f0000000380)=0x10001, 0x4)
r5 = socket$inet(0x10, 0x2, 0x0)
sendmsg(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="24000000180007841dfffd946f6105000a0081001f038b0504000800080015000a00ff7e280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0)
r6 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2)
ioctl$KVM_GET_CPUID2(r6, 0xc008ae91, &(0x7f0000000500)={0x7, 0x0, [{}, {}, {}, {}, {}, {}, {}]})

00:52:18 executing program 4:
pipe(&(0x7f0000000580)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
writev(r1, &(0x7f0000000100)=[{&(0x7f0000000800)="580000001400adfd8a987e40da2e6a262b", 0x11}], 0x1)
close(r2)
socket$netlink(0x10, 0x3, 0x4)
socket$inet(0x2b, 0x1, 0x1)
getsockopt$CAN_RAW_LOOPBACK(r1, 0x65, 0x3, &(0x7f0000000180), &(0x7f00000001c0)=0x4)
write$binfmt_misc(r1, &(0x7f0000001940)=ANY=[@ANYPTR64, @ANYBLOB="ad82d075530ade5c18162eb34b045452be0d927d4bf398dd6be26f2f846f45efb87ea5af960102bb864e1f3cb5bb407f419101a1ae0f31d2c0215e6be86c84"], 0x47)
splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
getsockopt$inet_dccp_buf(r4, 0x21, 0xc, &(0x7f0000000000)=""/224, &(0x7f0000000140)=0xe0)

00:52:18 executing program 0:
r0 = socket$inet6(0x10, 0x3, 0x0)
sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)="5500000018007fafb72d1cb2a2a280930206000000a843096c26230014000800040010e80f00ca8a9848a3c728f1c46b7b31afdc1338d54400009b84136ef75afb83de448daa7227c43ab8220000bf0cec6bab91d4", 0x55}], 0x1}, 0x0)
r1 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x80, 0x400)
getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r1, 0x84, 0xc, &(0x7f0000000040), &(0x7f0000000180)=0x4)

00:52:18 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/arp\x00')
r1 = syz_open_procfs(0x0, &(0x7f0000000080)='comm\x00')
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000180)='/dev/net/tun\x00', 0x0, 0x0)
r3 = socket$tipc(0x1e, 0x2, 0x0)
fcntl$setsig(r3, 0xa, 0x24)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000240)={'bcsf0\x00', 0x8011})
ioctl$TUNSETLINK(r2, 0x400454cd, 0x8000000001)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x21, 0x0, &(0x7f0000000000)="3f006671d7af52f647750500080089ea010000008000f109a708f78293c8744e1a", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r4 = socket$inet(0x2, 0xa, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x8955, &(0x7f0000000000)=0x2)
sendfile(r1, r0, 0x0, 0x80000000)

[  167.060204][ T8409] netlink: 'syz-executor.5': attribute type 9 has an invalid length.
[  167.082920][ T8407] netlink: 37 bytes leftover after parsing attributes in process `syz-executor.0'.
[  167.098758][ T8402] netlink: 'syz-executor.3': attribute type 21 has an invalid length.
00:52:18 executing program 4:
r0 = openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0)
unshare(0x2040400)
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xc80, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgget$private(0x0, 0x1d9d0f791b60a80e)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000380))
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000909000/0x4000)=nil, 0x4000}, 0x1})
socket$nl_route(0x10, 0x3, 0x0)
ioctl$KVM_X86_SET_MCE(0xffffffffffffffff, 0x4040ae9e, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
semop(0x0, 0x0, 0x0)
semctl$GETZCNT(0x0, 0x1, 0xf, &(0x7f0000000600)=""/4096)
ioctl$DRM_IOCTL_SG_ALLOC(r0, 0xc0106438, &(0x7f0000000480)={0xa4})
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r2, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
ioctl$sock_ifreq(r1, 0x8991, &(0x7f00000000c0)={'bond0\x00\x16\b\xea\xff\xff\x80\x00\x00\x02\xff', @ifru_names='bond_slave_1\x00'})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x2, 0x84200)
setsockopt$inet_sctp_SCTP_HMAC_IDENT(r4, 0x84, 0x16, &(0x7f0000000000)={0x6, [0x4, 0x9, 0x0, 0x8, 0xffff, 0x1]}, 0x10)
ioctl$sock_ifreq(r1, 0x8990, &(0x7f0000000240)={'bond0\x00\xe1\x03\n\x00!!\x00\x01\x00', @ifru_names='bond_slave_1\x00\x00\x00\b'})
syz_open_procfs(0x0, &(0x7f0000000280)='fd/3\x00\x02\x17\x87:\xf4\x03\xdfc\x88,5I\xd7^\xb5D\xf7\xd7\xdb,(\xd5\x00\xc2\x06MG\xcd\xe9w\xe5s\x02\xf2\xea\xb6\xabsp\x12xT8\x01\x00\xd4S\xd8F\xab.x|\x8b\x87\xb0\xa2\xf5Y>\xb1 p\x998(\xe63\xcf\x7f\xac\x89F\x03n\x96\x15zsw\x98\xca\xcb3\xb6M=h\x01i.\xa3\xda}\x190~\xe7d6\xa5\x17\xb3\xe9\xd9QV\x0f\xf3\x02\xd6\xc1\xc3n\xcd*R\x9a\x95\x12\x05K\xa0<\xc9\xe3\xed\xab\xc9\x8bK\xb3\x86\xe2\x93f\x92iKA|e\x97k :,J36\x11\xf0\x99\x96\xb7]\xfd\xe3\v\xd8\x98\xc5o\xc6\xde\x80\xf7_\xc9\x8f\xaf\xf9\xd5\xb7ui\xea\xde\xd0\xeb\xd9\xf5_\v\xe2*\xa3\xf4\xab?n\xcb\x19i\x80\x91\xd2\xf6\x14\xfe!!0\x84L\x86\x81\x95,B\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xab*[\xa5\xb217\x93\xf3\x88\x92\xa6\xde\x11\xa2-J\x9d\xc9\xb2\x97\xa3\x88v\x9eR\x155\xc7N!\xdb\"8\xc8I\xb9c\xed\xa7!\t\x85s\xb1\xa5\xa7R2Yf\x1c\xf8\xc2z>\xb1\x9c\x02a\x87\xe9\xb8\xf8\xdcv\xb6\xe4\xa6\n\x0e\x83lM7\xcc?\xea\x19\x99\xce\x1c\x10\xd2lQ(\xc7\xe9\xef\xd2Q\vY\xf58\x10|8}uE\xaf\xb4w;\xbc\xe4\x01\xd8\xf2\xf9u\xc1Dt\'\x84\xb5\xa4\x83\xeft\xfc\xf3\xdd\x87<B%\xd1g\xd6\xe3\xca8\x9aT\x0e\xf5iA\x05\x13\x02\x14\to\xca\xf7\x04\x15U2\xaef\x1d\xb6\x9f')
socket(0x10, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)

[  167.116811][ T8404] syz-executor.2 uses obsolete (PF_INET,SOCK_PACKET)
[  167.117646][ T8407] netlink: 37 bytes leftover after parsing attributes in process `syz-executor.0'.
[  167.125553][ T8409] netlink: 'syz-executor.5': attribute type 9 has an invalid length.
[  167.181554][ T8402] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
00:52:18 executing program 0:
bind$alg(0xffffffffffffffff, &(0x7f0000000480)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-generic\x00'}, 0x58)
r0 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000003c0)='cpuset\x00')
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$PPPIOCGIDLE(r1, 0x8010743f, &(0x7f0000000080))
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x3)
ioctl$GIO_UNIMAP(r3, 0x4b66, &(0x7f0000000040)={0x6, &(0x7f0000000000)=[{}, {}, {}, {}, {}, {}]})
sendfile(r0, r1, 0x0, 0x7ffff000)

[  167.233482][ T8412]  loop1: p1 p2 p3 < > p4
[  167.267016][ T8412] loop1: p2 size 1073741824 extends beyond EOD, truncated
[  167.288735][ T8412] loop1: p4 size 3657465856 extends beyond EOD, truncated
00:52:18 executing program 0:
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
r1 = creat(&(0x7f0000000240)='./file0\x00', 0xf6)
r2 = fanotify_init(0x3a, 0x0)
fanotify_mark(r2, 0x1, 0x8, r1, 0x0)
r3 = fanotify_init(0x0, 0x0)
getsockname$netlink(r1, &(0x7f0000000040), &(0x7f0000000080)=0xc)
fanotify_mark(r3, 0x2000000000000011, 0x2, r0, 0x0)
r4 = open$dir(&(0x7f0000000100)='./file0\x00', 0x4002, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r6 = accept$alg(r5, 0x0, 0x0)
sendmmsg$alg(r6, &(0x7f0000008040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
r8 = dup(r7)
ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200)
setsockopt$IP_VS_SO_SET_FLUSH(r8, 0x0, 0x485, 0x0, 0x0)
r9 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000600)='/dev/dlm-control\x00', 0x221281, 0x0)
ioctl$VIDIOC_S_CROP(r9, 0x4014563c, &(0x7f0000000640)={0x6, {0x0, 0x9, 0x2, 0x2}})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r10=>0xffffffffffffffff})
r11 = dup(r10)
ioctl$PERF_EVENT_IOC_ENABLE(r11, 0x8912, 0x400200)
r12 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0)='TIPCv2\x00')
sendmsg$TIPC_NL_LINK_SET(r11, &(0x7f00000005c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000580)={&(0x7f0000000680)=ANY=[@ANYBLOB="0000000078589b71718db9cb19337b5baebd7b771277841a36adc128f1815df263a983b8c5811be5c4400feb80d760f0edfe633a815e731f871e9c7cfcc73e633f3ca09250ccc9f21d9dd22b0fd98f80a0332505f3c8b1712416eebb7030e7c2c476a0bf", @ANYRES16=r12, @ANYBLOB="01002bbd7000fedbdf25090000005c0001002400020031ff0300070000000800010011000000080002000c09000008000100070000002c0004001400010002004e23ffffffff00000000000000001400020002004e21ffffffff0000000000000000080003000600000018000600040002000400020008000100ffffff7f04000200dbfe09000000010080a50000080002000000000000000100ea0000000800020004000000080002006afb0000180007000c0003000101000000000000080001000000f4fe0800020004000400"], 0xd4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000)
recvmsg(r6, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000003500)=""/4096, 0x1000}], 0x1, 0x0, 0x6}, 0x0)
sendmsg$alg(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)="c8b6d9348a5122a6a64aabe0a32071d6337d91d4c20c76a91902d3", 0x1b}, {&(0x7f0000000140)="846d7668a2a3b0275e242c18319f7317ade1652297d84dafde41cade8aa1a9c3c3604c578af426d0", 0x28}], 0x2, &(0x7f0000000400)=ANY=[@ANYBLOB="b00000000000000017010000020000009b000000c5eca2f89d252049aba61244bebd0ddd9561960c49de32c4c30c35b99c01556d0b05ac8924b829d0092f52060000000000000062ada76427fe537724a8ce91f75986db9a0e4b4669b45fb0e41c9483ea30f8e490339f48432d234849d791feb776f5cd4cf30221a76d5fee9ffd75e4d3b1ab505d26bfa4b4fcbf32390d774c613ae726e0dff32974e4d2fadff18bbb9a8f01d6bd2f65c97e4f938a0088014219c40ed2bdeec2cf4bbd45ac5a79f7c20036801c3dc0d65f9568a06c160fe74819fe554dd3dd0e57a084196b84c5306fc5a34e208b02900f9240955b004f30ddee2176f30a177a35d47fec63e6c4719a11f97bd4b428b5d9f9ca3e992aee6d72902b09437c4224e46fcd0060ac0b367adcec20c96e7c5397d02d0e8c17b6e8be6302a791f762e97bb2664de106dbe0c958b854de0b2534370cd0d06dadf44e5e11bd868eec63ff"], 0xb0, 0x74004800}, 0x40000)
truncate(&(0x7f0000000180)='./file0\x00', 0x90002)
sendfile(r4, r4, 0x0, 0x8800000)

[  167.418503][   T26] kauditd_printk_skb: 2 callbacks suppressed
[  167.418511][   T26] audit: type=1800 audit(1573865538.527:31): pid=8437 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=16583 res=0
00:52:18 executing program 5:
listen(0xffffffffffffffff, 0x0)
r0 = socket$unix(0x1, 0x1, 0x0)
connect(r0, &(0x7f0000985ff8)=@un=@abs={0x1}, 0x8)
r1 = socket$kcm(0x10, 0x3, 0x10)
r2 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x3, 0x48000)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000040)={r2, &(0x7f0000000140)="885ef522a7304d6fb41855c846872334196d9d482e85e2774dcf1692e2b0841da6e7f834270e13ee2ab920b7d530f3e7573a3d790ca2cf1bfca6267578e134c94980b4c13f559d71eea2ef3b9895bc1c2d8787aa845447425058e0c643d2712954f7f047ada7de6ef2ee8fcf846ac311b48f2f2e4a89da565b409c57d1c7046d2861622837bc45a1a4e381ab8a77e6e2fcdbc8afe08d8b1832be9b28f472189ab89f67edb79abd860e6ea76d7a77a8eb466f04a28ee3bdf5e6effce0e43551fb5c7403c561536a76167f6b422a9fdeec4bd6fe0350f22e8ace247143dee19deb58ad091849", &(0x7f00000002c0)=""/74}, 0x20)
sendmsg$kcm(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000000c0)="2e0000002300817ee418000aac0f000dac0f00b38e8a5b3f00009148790000f85acc7c4500"/49, 0x2e}], 0x1, 0x0, 0xfffffffffffffe84}, 0x0)

[  167.589211][ T8421] bond0: (slave bond_slave_1): Releasing backup interface
00:52:18 executing program 5:
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r1 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x200, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x10, &(0x7f0000000680)=[@in={0x2, 0x0, @dev}]}, &(0x7f0000000600)=0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={<r4=>0x0, 0x1ff}, &(0x7f0000000080)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x66, &(0x7f0000000140)={r4, 0x80}, &(0x7f0000000200)=0x8)
mkdir(&(0x7f00000001c0)='./file0\x00', 0x162)
mkdir(&(0x7f00000009c0)='./file1\x00', 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = syz_open_procfs(0x0, 0x0)
r6 = gettid()
r7 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip_tables_names\x00')
fcntl$getownex(r7, 0x10, &(0x7f0000000940)={0x0, <r8=>0x0})
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, <r9=>0x0}, &(0x7f00000002c0)=0xc)
r10 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip_tables_names\x00')
r11 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r11, 0x1, 0x11, &(0x7f0000000240)={0x0, <r12=>0x0}, 0x0)
setuid(r12)
r13 = getegid()
sendmsg$unix(r5, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000000800)=[{0x0}, {&(0x7f0000000380)="a53d165780f28852ae3187209e764a82c1af774e26e51a6b3406c03b0f380e660512c864b5105a15704d517c859157093f08cbe2fdcd1f5f4df8ee141cb3c7df2f4aa700fecf7cb90e1c8533fb4ced4280557c38fe96cf88473f8f5a564cd00a5faef5ec2596ce3e5b39d9167d44bdc8e66a3c5143d6e9e7fc33dbb221c4fef0f07bac660c7ebffa42ad098d94d6121fb39b0a3c2aac3002a2ea469092cb9b63b9359f0f1d63907c850a7c6b493cfdd5864df1dda47e1ee87f91f513a133c0a096039cfeaefb7bcc3fc48438d9", 0xcd}, {0x0}, {&(0x7f0000000540)="a7c74460610627fb4a45bdfb7b2d6a5a6fe9ec6633a07f1b5e01ee0100621050b9ae73ce1be732180adf66f302893d15997fe274b4e51f74141e5fa2bd56d86493bd322e73c1d557", 0x48}, {&(0x7f0000000700)}, {&(0x7f00000007c0)}], 0x6, &(0x7f0000000980)=ANY=[@ANYBLOB="1c006a3f181e05f63e265c663b362ee225c3c580b900000200fa7f6fca09f1d40000", @ANYRES32=r6, @ANYRES32, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r8, @ANYRES32=r9, @ANYRES32, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32=r10, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB, @ANYPTR, @ANYRES32=r12, @ANYRES32=r13, @ANYBLOB='\x00\x00\x00\x00'], 0x96, 0x48081}, 0x40)
setxattr$system_posix_acl(&(0x7f0000000580)='./file1\x00', &(0x7f00000005c0)='syst\xb1\xaf}posix_acl_default\x00', &(0x7f0000000c40)={{}, {}, [{}, {0x2, 0x4}], {}, [{}, {}, {0x8, 0x2}, {0x8, 0x0, r13}, {0x8, 0x1}], {}, {0x20, 0x2}}, 0x5c, 0x0)
mount$overlay(0x40000f, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000})
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0)

00:52:19 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
write$binfmt_elf32(r0, &(0x7f0000000200)={{0x7f, 0x45, 0x4c, 0x46, 0x81, 0x9, 0x2, 0xfc, 0x5, 0x2, 0x3e, 0x0, 0x8, 0x38, 0x2, 0x80000000, 0x7, 0x20, 0x2, 0x7ff, 0x5, 0x3}, [{0x2, 0x3, 0xfffffffb, 0x9, 0xffffffff, 0x3ff, 0x7f, 0x3f}], "53786d45f28027511811c732b6", [[], []]}, 0x265)
mount(&(0x7f0000000000)=@md0='/dev/md0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='cgroup2\x00', 0x200060, &(0x7f0000000100)='wlan0self]wlan0selinuxtrustedeth1/vmnet0#wlan1selinuxvmnet1^vboxnet1\x00')
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x36cc, &(0x7f00000000c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="2402000023002908fde2587e4e2e000000000000000004000000100011002ad3c4dbd7d47a811c1c6486aea4ed1697ece6f0e179706500"], 0x24}, 0x1, 0x60}, 0x0)

[  167.949207][ T8432] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
00:52:19 executing program 1:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071")
r1 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x1a, &(0x7f00000000c0)=ANY=[@ANYPTR=&(0x7f0000000000)=ANY=[], @ANYPTR, @ANYPTR, @ANYRES64], 0x4)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x343a, @dev={0xfe, 0x80, [], 0x1e}, 0x2}, 0xe)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhost-vsock\x00', 0x2, 0x0)
ioctl$VHOST_VSOCK_SET_RUNNING(r2, 0x4004af61, &(0x7f0000000140)=0x1)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r4 = accept$alg(r3, 0x0, 0x0)
sendmmsg$alg(r4, &(0x7f0000008040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0)
recvmsg(r4, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000003500)=""/4096, 0x1000}], 0x1, 0x0, 0x6}, 0x0)
close(r4)
socket$bt_rfcomm(0x1f, 0x1, 0x3)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0xf)
ioctl$KDADDIO(r5, 0x400455c8, 0x100000001)
r6 = socket$inet6(0xa, 0x1, 0x8010000000000084)
r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [<r8=>0x0]}, &(0x7f000095dffc)=0x8)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r6, 0x84, 0x75, &(0x7f0000000040)={r8}, &(0x7f0000000080)=0x8)
setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000180)={r8, @in6={{0xa, 0x4e21, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x4122eba7}}, 0x1, 0x8}, 0x90)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
r10 = dup(r9)
ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200)
ioctl$UFFDIO_COPY(r10, 0xc028aa03, &(0x7f0000000240)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x3000, 0x1})
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)

[  168.028782][   T26] audit: type=1800 audit(1573865539.137:32): pid=8437 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=16583 res=0
[  168.060503][ T8451] overlayfs: workdir and upperdir must reside under the same mount
00:52:19 executing program 3:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=@newlink={0x6c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x4c, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0x3c, 0x2, [@IFLA_BR_VLAN_DEFAULT_PVID={0x8}, @IFLA_BR_AGEING_TIME={0x8}, @IFLA_BR_MCAST_STATS_ENABLED={0x8}, @IFLA_BR_MCAST_HASH_MAX, @IFLA_BR_MCAST_MEMBERSHIP_INTVL={0x8}, @IFLA_BR_MCAST_LAST_MEMBER_CNT={0x8}, @IFLA_BR_MCAST_MEMBERSHIP_INTVL={0x120}]}}}]}, 0x6c}}, 0x0)
r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000300)='/dev/qat_adf_ctl\x00', 0x80, 0x0)
setsockopt$CAN_RAW_RECV_OWN_MSGS(r1, 0x65, 0x4, &(0x7f0000000340)=0x1, 0x4)
set_thread_area(&(0x7f0000000080)={0x325, 0x0, 0x0, 0x1, 0x2, 0x0, 0x1, 0x0, 0x1})
r2 = syz_open_dev$adsp(&(0x7f00000000c0)='/dev/adsp#\x00', 0xfffffffffffffffc, 0x94202)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
accept$alg(r3, 0x0, 0x0)
io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f00000002c0)=[0xffffffffffffffff, r0, r2, r3], 0x4)
sendto$inet(r2, &(0x7f0000000100)="e7c6286c5e380707a051a29328894efbdeaf1223a2a26958d6d13b719504b1bdcc3967d2c55c741172496baa4fdc8c7dfce4109e64fc8977d2f4e5c95c2339d5b1b5e4de53e21348790d2985e0a887f2021cbc24e0f6f34452610a73eec529a0843726903d54b713647c4e66fdf2b38a4765de6fbc1e08231a35e483a6ab6dccbc45a85ff39a6e3d834a00c69737b728b88964ac076f0e1813772524fcc0d05bd6ecc5cbfc4f2b4862c47af7541dea2f15eae2fbdb15dd2c7457d11f425b97cab81e71428e65c1", 0xc7, 0x4000818, &(0x7f0000000200)={0x2, 0x4e20, @local}, 0x10)
socket$isdn(0x22, 0x3, 0x1)
r4 = syz_open_dev$media(&(0x7f0000000240)='/dev/media#\x00', 0x72000000000000, 0x83800)
ioctl$VHOST_SET_LOG_FD(r4, 0x4004af07, &(0x7f0000000280))

[  168.077882][ T8427] bond0: (slave bond_slave_1): Releasing backup interface
00:52:19 executing program 5:
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r1 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x200, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x10, &(0x7f0000000680)=[@in={0x2, 0x0, @dev}]}, &(0x7f0000000600)=0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={<r4=>0x0, 0x1ff}, &(0x7f0000000080)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x66, &(0x7f0000000140)={r4, 0x80}, &(0x7f0000000200)=0x8)
mkdir(&(0x7f00000001c0)='./file0\x00', 0x162)
mkdir(&(0x7f00000009c0)='./file1\x00', 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = syz_open_procfs(0x0, 0x0)
r6 = gettid()
r7 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip_tables_names\x00')
fcntl$getownex(r7, 0x10, &(0x7f0000000940)={0x0, <r8=>0x0})
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, <r9=>0x0}, &(0x7f00000002c0)=0xc)
r10 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip_tables_names\x00')
r11 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r11, 0x1, 0x11, &(0x7f0000000240)={0x0, <r12=>0x0}, 0x0)
setuid(r12)
r13 = getegid()
sendmsg$unix(r5, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000000800)=[{0x0}, {&(0x7f0000000380)="a53d165780f28852ae3187209e764a82c1af774e26e51a6b3406c03b0f380e660512c864b5105a15704d517c859157093f08cbe2fdcd1f5f4df8ee141cb3c7df2f4aa700fecf7cb90e1c8533fb4ced4280557c38fe96cf88473f8f5a564cd00a5faef5ec2596ce3e5b39d9167d44bdc8e66a3c5143d6e9e7fc33dbb221c4fef0f07bac660c7ebffa42ad098d94d6121fb39b0a3c2aac3002a2ea469092cb9b63b9359f0f1d63907c850a7c6b493cfdd5864df1dda47e1ee87f91f513a133c0a096039cfeaefb7bcc3fc48438d9", 0xcd}, {0x0}, {&(0x7f0000000540)="a7c74460610627fb4a45bdfb7b2d6a5a6fe9ec6633a07f1b5e01ee0100621050b9ae73ce1be732180adf66f302893d15997fe274b4e51f74141e5fa2bd56d86493bd322e73c1d557", 0x48}, {&(0x7f0000000700)}, {&(0x7f00000007c0)}], 0x6, &(0x7f0000000980)=ANY=[@ANYBLOB="1c006a3f181e05f63e265c663b362ee225c3c580b900000200fa7f6fca09f1d40000", @ANYRES32=r6, @ANYRES32, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r8, @ANYRES32=r9, @ANYRES32, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32=r10, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB, @ANYPTR, @ANYRES32=r12, @ANYRES32=r13, @ANYBLOB='\x00\x00\x00\x00'], 0x96, 0x48081}, 0x40)
setxattr$system_posix_acl(&(0x7f0000000580)='./file1\x00', &(0x7f00000005c0)='syst\xb1\xaf}posix_acl_default\x00', &(0x7f0000000c40)={{}, {}, [{}, {0x2, 0x4}], {}, [{}, {}, {0x8, 0x2}, {0x8, 0x0, r13}, {0x8, 0x1}], {}, {0x20, 0x2}}, 0x5c, 0x0)
mount$overlay(0x40000f, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000})
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0)

00:52:19 executing program 0:
r0 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000040)={'ip6erspan0\x00', 0x1000})
r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0)
write$binfmt_elf64(r1, &(0x7f0000000000)=ANY=[@ANYRES64], 0x8)
unlink(&(0x7f0000000180)='./file1\x00')
fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000080)=0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
getsockopt$inet_tcp_int(r3, 0x6, 0xa, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
close(r1)

[  168.360161][ T8477] overlayfs: conflicting lowerdir path
[  168.507733][   T66] Bluetooth: Error in BCSP hdr checksum
[  168.531191][ T8464] netlink: 'syz-executor.3': attribute type 39 has an invalid length.
[  168.539564][ T8464] netlink: 'syz-executor.3': attribute type 42 has an invalid length.
[  168.547837][ T8464] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'.
[  168.562982][ T8432] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  168.579599][ T8464] netlink: 'syz-executor.3': attribute type 39 has an invalid length.
00:52:19 executing program 5:
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r1 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x200, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x10, &(0x7f0000000680)=[@in={0x2, 0x0, @dev}]}, &(0x7f0000000600)=0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={<r4=>0x0, 0x1ff}, &(0x7f0000000080)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x66, &(0x7f0000000140)={r4, 0x80}, &(0x7f0000000200)=0x8)
mkdir(&(0x7f00000001c0)='./file0\x00', 0x162)
mkdir(&(0x7f00000009c0)='./file1\x00', 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = syz_open_procfs(0x0, 0x0)
r6 = gettid()
r7 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip_tables_names\x00')
fcntl$getownex(r7, 0x10, &(0x7f0000000940)={0x0, <r8=>0x0})
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, <r9=>0x0}, &(0x7f00000002c0)=0xc)
r10 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip_tables_names\x00')
r11 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r11, 0x1, 0x11, &(0x7f0000000240)={0x0, <r12=>0x0}, 0x0)
setuid(r12)
r13 = getegid()
sendmsg$unix(r5, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000000800)=[{0x0}, {&(0x7f0000000380)="a53d165780f28852ae3187209e764a82c1af774e26e51a6b3406c03b0f380e660512c864b5105a15704d517c859157093f08cbe2fdcd1f5f4df8ee141cb3c7df2f4aa700fecf7cb90e1c8533fb4ced4280557c38fe96cf88473f8f5a564cd00a5faef5ec2596ce3e5b39d9167d44bdc8e66a3c5143d6e9e7fc33dbb221c4fef0f07bac660c7ebffa42ad098d94d6121fb39b0a3c2aac3002a2ea469092cb9b63b9359f0f1d63907c850a7c6b493cfdd5864df1dda47e1ee87f91f513a133c0a096039cfeaefb7bcc3fc48438d9", 0xcd}, {0x0}, {&(0x7f0000000540)="a7c74460610627fb4a45bdfb7b2d6a5a6fe9ec6633a07f1b5e01ee0100621050b9ae73ce1be732180adf66f302893d15997fe274b4e51f74141e5fa2bd56d86493bd322e73c1d557", 0x48}, {&(0x7f0000000700)}, {&(0x7f00000007c0)}], 0x6, &(0x7f0000000980)=ANY=[@ANYBLOB="1c006a3f181e05f63e265c663b362ee225c3c580b900000200fa7f6fca09f1d40000", @ANYRES32=r6, @ANYRES32, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r8, @ANYRES32=r9, @ANYRES32, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32=r10, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB, @ANYPTR, @ANYRES32=r12, @ANYRES32=r13, @ANYBLOB='\x00\x00\x00\x00'], 0x96, 0x48081}, 0x40)
setxattr$system_posix_acl(&(0x7f0000000580)='./file1\x00', &(0x7f00000005c0)='syst\xb1\xaf}posix_acl_default\x00', &(0x7f0000000c40)={{}, {}, [{}, {0x2, 0x4}], {}, [{}, {}, {0x8, 0x2}, {0x8, 0x0, r13}, {0x8, 0x1}], {}, {0x20, 0x2}}, 0x5c, 0x0)
mount$overlay(0x40000f, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000})
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0)

[  168.605974][ T8464] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.3'.
[  168.757402][ T8486] overlayfs: conflicting lowerdir path
00:52:20 executing program 0:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net//yz0\x00', 0x1ff)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
creat(&(0x7f0000000080)='./file0\x00', 0x0)
mount$fuse(0x20000000, &(0x7f0000000040)='./file0\x00', 0x0, 0x7a00, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
syz_mount_image$ntfs(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x918020, 0x0)

00:52:20 executing program 4:
r0 = openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0)
unshare(0x2040400)
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xc80, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
msgget$private(0x0, 0x1d9d0f791b60a80e)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000380))
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000909000/0x4000)=nil, 0x4000}, 0x1})
socket$nl_route(0x10, 0x3, 0x0)
ioctl$KVM_X86_SET_MCE(0xffffffffffffffff, 0x4040ae9e, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
semop(0x0, 0x0, 0x0)
semctl$GETZCNT(0x0, 0x1, 0xf, &(0x7f0000000600)=""/4096)
ioctl$DRM_IOCTL_SG_ALLOC(r0, 0xc0106438, &(0x7f0000000480)={0xa4})
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r2, 0x0, 0x0)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
ioctl$sock_ifreq(r1, 0x8991, &(0x7f00000000c0)={'bond0\x00\x16\b\xea\xff\xff\x80\x00\x00\x02\xff', @ifru_names='bond_slave_1\x00'})
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
syz_open_dev$sndctrl(&(0x7f0000000040)='/dev/snd/controlC#\x00', 0x2, 0x84200)
setsockopt$inet_sctp_SCTP_HMAC_IDENT(r4, 0x84, 0x16, &(0x7f0000000000)={0x6, [0x4, 0x9, 0x0, 0x8, 0xffff, 0x1]}, 0x10)
ioctl$sock_ifreq(r1, 0x8990, &(0x7f0000000240)={'bond0\x00\xe1\x03\n\x00!!\x00\x01\x00', @ifru_names='bond_slave_1\x00\x00\x00\b'})
syz_open_procfs(0x0, &(0x7f0000000280)='fd/3\x00\x02\x17\x87:\xf4\x03\xdfc\x88,5I\xd7^\xb5D\xf7\xd7\xdb,(\xd5\x00\xc2\x06MG\xcd\xe9w\xe5s\x02\xf2\xea\xb6\xabsp\x12xT8\x01\x00\xd4S\xd8F\xab.x|\x8b\x87\xb0\xa2\xf5Y>\xb1 p\x998(\xe63\xcf\x7f\xac\x89F\x03n\x96\x15zsw\x98\xca\xcb3\xb6M=h\x01i.\xa3\xda}\x190~\xe7d6\xa5\x17\xb3\xe9\xd9QV\x0f\xf3\x02\xd6\xc1\xc3n\xcd*R\x9a\x95\x12\x05K\xa0<\xc9\xe3\xed\xab\xc9\x8bK\xb3\x86\xe2\x93f\x92iKA|e\x97k :,J36\x11\xf0\x99\x96\xb7]\xfd\xe3\v\xd8\x98\xc5o\xc6\xde\x80\xf7_\xc9\x8f\xaf\xf9\xd5\xb7ui\xea\xde\xd0\xeb\xd9\xf5_\v\xe2*\xa3\xf4\xab?n\xcb\x19i\x80\x91\xd2\xf6\x14\xfe!!0\x84L\x86\x81\x95,B\x11\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xab*[\xa5\xb217\x93\xf3\x88\x92\xa6\xde\x11\xa2-J\x9d\xc9\xb2\x97\xa3\x88v\x9eR\x155\xc7N!\xdb\"8\xc8I\xb9c\xed\xa7!\t\x85s\xb1\xa5\xa7R2Yf\x1c\xf8\xc2z>\xb1\x9c\x02a\x87\xe9\xb8\xf8\xdcv\xb6\xe4\xa6\n\x0e\x83lM7\xcc?\xea\x19\x99\xce\x1c\x10\xd2lQ(\xc7\xe9\xef\xd2Q\vY\xf58\x10|8}uE\xaf\xb4w;\xbc\xe4\x01\xd8\xf2\xf9u\xc1Dt\'\x84\xb5\xa4\x83\xeft\xfc\xf3\xdd\x87<B%\xd1g\xd6\xe3\xca8\x9aT\x0e\xf5iA\x05\x13\x02\x14\to\xca\xf7\x04\x15U2\xaef\x1d\xb6\x9f')
socket(0x10, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)

00:52:20 executing program 3:
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eba06ec400002339e00586f9835b3f00009148790000f85acc7c45", 0x2e}], 0x1}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$kcm(r2, &(0x7f0000000140)={&(0x7f0000000000)=@isdn={0x22, 0x20, 0x7f, 0xfd, 0xff}, 0x80, &(0x7f00000000c0), 0x0, 0x0, 0x150}, 0x4000000)

00:52:20 executing program 5:
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r1 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x200, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x10, &(0x7f0000000680)=[@in={0x2, 0x0, @dev}]}, &(0x7f0000000600)=0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={<r4=>0x0, 0x1ff}, &(0x7f0000000080)=0x8)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x66, &(0x7f0000000140)={r4, 0x80}, &(0x7f0000000200)=0x8)
mkdir(&(0x7f00000001c0)='./file0\x00', 0x162)
mkdir(&(0x7f00000009c0)='./file1\x00', 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r5 = syz_open_procfs(0x0, 0x0)
r6 = gettid()
r7 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip_tables_names\x00')
fcntl$getownex(r7, 0x10, &(0x7f0000000940)={0x0, <r8=>0x0})
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, <r9=>0x0}, &(0x7f00000002c0)=0xc)
r10 = syz_open_procfs(0x0, &(0x7f0000000240)='net/ip_tables_names\x00')
r11 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r11, 0x1, 0x11, &(0x7f0000000240)={0x0, <r12=>0x0}, 0x0)
setuid(r12)
r13 = getegid()
sendmsg$unix(r5, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000000800)=[{0x0}, {&(0x7f0000000380)="a53d165780f28852ae3187209e764a82c1af774e26e51a6b3406c03b0f380e660512c864b5105a15704d517c859157093f08cbe2fdcd1f5f4df8ee141cb3c7df2f4aa700fecf7cb90e1c8533fb4ced4280557c38fe96cf88473f8f5a564cd00a5faef5ec2596ce3e5b39d9167d44bdc8e66a3c5143d6e9e7fc33dbb221c4fef0f07bac660c7ebffa42ad098d94d6121fb39b0a3c2aac3002a2ea469092cb9b63b9359f0f1d63907c850a7c6b493cfdd5864df1dda47e1ee87f91f513a133c0a096039cfeaefb7bcc3fc48438d9", 0xcd}, {0x0}, {&(0x7f0000000540)="a7c74460610627fb4a45bdfb7b2d6a5a6fe9ec6633a07f1b5e01ee0100621050b9ae73ce1be732180adf66f302893d15997fe274b4e51f74141e5fa2bd56d86493bd322e73c1d557", 0x48}, {&(0x7f0000000700)}, {&(0x7f00000007c0)}], 0x6, &(0x7f0000000980)=ANY=[@ANYBLOB="1c006a3f181e05f63e265c663b362ee225c3c580b900000200fa7f6fca09f1d40000", @ANYRES32=r6, @ANYRES32, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r8, @ANYRES32=r9, @ANYRES32, @ANYBLOB="0000000020000000000000000100000001000000", @ANYRES32=r10, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB, @ANYPTR, @ANYRES32=r12, @ANYRES32=r13, @ANYBLOB='\x00\x00\x00\x00'], 0x96, 0x48081}, 0x40)
setxattr$system_posix_acl(&(0x7f0000000580)='./file1\x00', &(0x7f00000005c0)='syst\xb1\xaf}posix_acl_default\x00', &(0x7f0000000c40)={{}, {}, [{}, {0x2, 0x4}], {}, [{}, {}, {0x8, 0x2}, {0x8, 0x0, r13}, {0x8, 0x1}], {}, {0x20, 0x2}}, 0x5c, 0x0)
mount$overlay(0x40000f, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000})
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0)

00:52:20 executing program 2:
openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x242102, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0))
accept4$nfc_llcp(0xffffffffffffffff, 0x0, &(0x7f0000000100), 0x80000)
r0 = dup(0xffffffffffffffff)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
getsockopt$XDP_MMAP_OFFSETS(r2, 0x11b, 0x1, &(0x7f0000000180), &(0x7f0000000200)=0x80)
ioctl$GIO_SCRNMAP(r0, 0x4b40, &(0x7f0000000240)=""/19)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
chroot(&(0x7f0000000140)='./file0\x00')
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(0xffffffffffffffff, 0xc0505405, &(0x7f0000000040)={{0x6, 0x1, 0x3, 0x1, 0x4}, 0x1, 0xa, 0x100004})

[  168.911469][ T8498] netlink: 26 bytes leftover after parsing attributes in process `syz-executor.3'.
[  168.936573][ T8493] option changes via remount are deprecated (pid=8491 comm=syz-executor.0)
[  168.977562][ T8494] bond0: (slave bond_slave_1): Releasing backup interface
00:52:20 executing program 5:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x26e1, 0x0)
write$cgroup_int(r0, &(0x7f0000000080), 0x87f1a7)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
mmap$binder(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x4)
ioctl$RTC_VL_READ(r2, 0x80047013, &(0x7f0000000140))
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
syz_extract_tcp_res(&(0x7f0000000100), 0x20, 0x0)
ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071")
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
r5 = openat$cgroup_int(r4, &(0x7f0000000040)='memory.high\x00', 0x2, 0x0)
writev(r5, &(0x7f0000000700)=[{&(0x7f0000000000)='g', 0x1}], 0x1)

[  169.019454][ T8497] overlayfs: conflicting lowerdir path
00:52:20 executing program 0:
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net//yz0\x00', 0x1ff)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
creat(&(0x7f0000000080)='./file0\x00', 0x0)
mount$fuse(0x20000000, &(0x7f0000000040)='./file0\x00', 0x0, 0x7a00, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
syz_mount_image$ntfs(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x918020, 0x0)

[  169.530351][ T8510] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  169.671571][ T8521] option changes via remount are deprecated (pid=8520 comm=syz-executor.0)
[  170.287499][ T2846] Bluetooth: hci0: command 0x1003 tx timeout
[  170.294812][ T8470] Bluetooth: hci0: sending frame failed (-49)
[  172.366927][ T7942] Bluetooth: hci0: command 0x1001 tx timeout
[  172.373042][ T8470] Bluetooth: hci0: sending frame failed (-49)
[  174.456587][ T2846] Bluetooth: hci0: command 0x1009 tx timeout
[  178.614273][ T8458] ==================================================================
[  178.622629][ T8458] BUG: KASAN: use-after-free in kfree_skb+0x2a/0xb0
[  178.629203][ T8458] Read of size 4 at addr ffff8880a996c494 by task syz-executor.1/8458
[  178.637388][ T8458] 
[  178.639717][ T8458] CPU: 0 PID: 8458 Comm: syz-executor.1 Not tainted 5.4.0-rc7+ #0
[  178.647502][ T8458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  178.657551][ T8458] Call Trace:
[  178.660830][ T8458]  dump_stack+0x1fb/0x318
[  178.665154][ T8458]  print_address_description+0x75/0x5c0
[  178.670693][ T8458]  ? vprintk_func+0x158/0x170
[  178.675344][ T8458]  ? printk+0x62/0x8d
[  178.679302][ T8458]  ? vprintk_emit+0x2d4/0x3a0
[  178.683973][ T8458]  __kasan_report+0x14b/0x1c0
[  178.688637][ T8458]  ? _raw_spin_lock_bh+0x40/0x50
[  178.693610][ T8458]  ? kfree_skb+0x2a/0xb0
[  178.697885][ T8458]  kasan_report+0x26/0x50
[  178.702204][ T8458]  check_memory_region+0x2cf/0x2e0
[  178.707346][ T8458]  __kasan_check_read+0x11/0x20
[  178.712211][ T8458]  kfree_skb+0x2a/0xb0
[  178.716260][ T8458]  bcsp_close+0xb1/0xf0
[  178.720397][ T8458]  hci_uart_tty_close+0x201/0x240
[  178.725411][ T8458]  ? hci_uart_tty_open+0x340/0x340
[  178.730504][ T8458]  tty_ldisc_close+0x126/0x180
[  178.735257][ T8458]  tty_ldisc_release+0x248/0x5a0
[  178.740178][ T8458]  tty_release_struct+0x2a/0xe0
[  178.745009][ T8458]  tty_release+0xce9/0xfa0
[  178.749407][ T8458]  ? tty_release_struct+0xe0/0xe0
[  178.754422][ T8458]  __fput+0x2e4/0x740
[  178.758386][ T8458]  ____fput+0x15/0x20
[  178.762344][ T8458]  task_work_run+0x17e/0x1b0
[  178.766927][ T8458]  prepare_exit_to_usermode+0x459/0x580
[  178.772462][ T8458]  syscall_return_slowpath+0x113/0x4a0
[  178.779465][ T8458]  do_syscall_64+0x11f/0x1c0
[  178.784031][ T8458]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  178.789897][ T8458] RIP: 0033:0x414201
[  178.793784][ T8458] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  178.813456][ T8458] RSP: 002b:00007ffeb91d4900 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  178.821918][ T8458] RAX: 0000000000000000 RBX: 0000000000000008 RCX: 0000000000414201
[  178.829888][ T8458] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
[  178.837838][ T8458] RBP: 0000000000000001 R08: 00000000e44719e0 R09: 00000000f90f8c42
[  178.845834][ T8458] R10: 00007ffeb91d49e0 R11: 0000000000000293 R12: 000000000075c9a0
[  178.853790][ T8458] R13: 000000000075c9a0 R14: 0000000000761c88 R15: 000000000075c07c
[  178.861767][ T8458] 
[  178.864185][ T8458] Allocated by task 66:
[  178.868323][ T8458]  __kasan_kmalloc+0x11c/0x1b0
[  178.873160][ T8458]  kasan_slab_alloc+0xf/0x20
[  178.877744][ T8458]  kmem_cache_alloc_node+0x235/0x280
[  178.883019][ T8458]  __alloc_skb+0x9f/0x500
[  178.887347][ T8458]  bcsp_recv+0x12e7/0x1720
[  178.891735][ T8458]  hci_uart_tty_receive+0x16b/0x470
[  178.896912][ T8458]  tty_ldisc_receive_buf+0x12e/0x170
[  178.902168][ T8458]  tty_port_default_receive_buf+0x82/0xb0
[  178.907861][ T8458]  flush_to_ldisc+0x328/0x550
[  178.912525][ T8458]  process_one_work+0x7ef/0x10e0
[  178.917436][ T8458]  worker_thread+0xc01/0x1630
[  178.922171][ T8458]  kthread+0x332/0x350
[  178.926226][ T8458]  ret_from_fork+0x24/0x30
[  178.930612][ T8458] 
[  178.932920][ T8458] Freed by task 66:
[  178.936709][ T8458]  __kasan_slab_free+0x12a/0x1e0
[  178.941623][ T8458]  kasan_slab_free+0xe/0x10
[  178.946099][ T8458]  kmem_cache_free+0x81/0xf0
[  178.950664][ T8458]  __kfree_skb+0x118/0x170
[  178.955053][ T8458]  kfree_skb+0x6f/0xb0
[  178.959099][ T8458]  bcsp_recv+0x99c/0x1720
[  178.963402][ T8458]  hci_uart_tty_receive+0x16b/0x470
[  178.968594][ T8458]  tty_ldisc_receive_buf+0x12e/0x170
[  178.973851][ T8458]  tty_port_default_receive_buf+0x82/0xb0
[  178.979543][ T8458]  flush_to_ldisc+0x328/0x550
[  178.984208][ T8458]  process_one_work+0x7ef/0x10e0
[  178.989122][ T8458]  worker_thread+0xc01/0x1630
[  178.993770][ T8458]  kthread+0x332/0x350
[  178.997816][ T8458]  ret_from_fork+0x24/0x30
[  179.002217][ T8458] 
[  179.004534][ T8458] The buggy address belongs to the object at ffff8880a996c3c0
[  179.004534][ T8458]  which belongs to the cache skbuff_head_cache of size 224
[  179.019206][ T8458] The buggy address is located 212 bytes inside of
[  179.019206][ T8458]  224-byte region [ffff8880a996c3c0, ffff8880a996c4a0)
[  179.032584][ T8458] The buggy address belongs to the page:
[  179.038203][ T8458] page:ffffea0002a65b00 refcount:1 mapcount:0 mapping:ffff8880a99c8a80 index:0x0
[  179.047421][ T8458] flags: 0x1fffc0000000200(slab)
[  179.052343][ T8458] raw: 01fffc0000000200 ffffea0002658ac8 ffffea000285b8c8 ffff8880a99c8a80
[  179.061025][ T8458] raw: 0000000000000000 ffff8880a996c000 000000010000000c 0000000000000000
[  179.069588][ T8458] page dumped because: kasan: bad access detected
[  179.075990][ T8458] 
[  179.078297][ T8458] Memory state around the buggy address:
[  179.083909][ T8458]  ffff8880a996c380: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[  179.091947][ T8458]  ffff8880a996c400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  179.099989][ T8458] >ffff8880a996c480: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc
[  179.108029][ T8458]                          ^
[  179.112594][ T8458]  ffff8880a996c500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  179.120629][ T8458]  ffff8880a996c580: fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc
[  179.128661][ T8458] ==================================================================
[  179.136692][ T8458] Disabling lock debugging due to kernel taint
[  179.143647][ T8458] Kernel panic - not syncing: panic_on_warn set ...
[  179.150257][ T8458] CPU: 1 PID: 8458 Comm: syz-executor.1 Tainted: G    B             5.4.0-rc7+ #0
[  179.159548][ T8458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  179.169588][ T8458] Call Trace:
[  179.172867][ T8458]  dump_stack+0x1fb/0x318
[  179.177195][ T8458]  panic+0x264/0x7a9
[  179.181069][ T8458]  ? __kasan_report+0x195/0x1c0
[  179.186049][ T8458]  ? trace_hardirqs_on+0x34/0x80
[  179.190977][ T8458]  ? __kasan_report+0x195/0x1c0
[  179.195816][ T8458]  __kasan_report+0x1bb/0x1c0
[  179.200474][ T8458]  ? _raw_spin_lock_bh+0x40/0x50
[  179.205391][ T8458]  ? kfree_skb+0x2a/0xb0
[  179.209611][ T8458]  kasan_report+0x26/0x50
[  179.213920][ T8458]  check_memory_region+0x2cf/0x2e0
[  179.219005][ T8458]  __kasan_check_read+0x11/0x20
[  179.223829][ T8458]  kfree_skb+0x2a/0xb0
[  179.227873][ T8458]  bcsp_close+0xb1/0xf0
[  179.232019][ T8458]  hci_uart_tty_close+0x201/0x240
[  179.237021][ T8458]  ? hci_uart_tty_open+0x340/0x340
[  179.242120][ T8458]  tty_ldisc_close+0x126/0x180
[  179.246869][ T8458]  tty_ldisc_release+0x248/0x5a0
[  179.251801][ T8458]  tty_release_struct+0x2a/0xe0
[  179.256629][ T8458]  tty_release+0xce9/0xfa0
[  179.261022][ T8458]  ? tty_release_struct+0xe0/0xe0
[  179.266022][ T8458]  __fput+0x2e4/0x740
[  179.269980][ T8458]  ____fput+0x15/0x20
[  179.273934][ T8458]  task_work_run+0x17e/0x1b0
[  179.278500][ T8458]  prepare_exit_to_usermode+0x459/0x580
[  179.284020][ T8458]  syscall_return_slowpath+0x113/0x4a0
[  179.289599][ T8458]  do_syscall_64+0x11f/0x1c0
[  179.294178][ T8458]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  179.300051][ T8458] RIP: 0033:0x414201
[  179.303928][ T8458] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
[  179.323611][ T8458] RSP: 002b:00007ffeb91d4900 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  179.331998][ T8458] RAX: 0000000000000000 RBX: 0000000000000008 RCX: 0000000000414201
[  179.339943][ T8458] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007
[  179.347977][ T8458] RBP: 0000000000000001 R08: 00000000e44719e0 R09: 00000000f90f8c42
[  179.355999][ T8458] R10: 00007ffeb91d49e0 R11: 0000000000000293 R12: 000000000075c9a0
[  179.363944][ T8458] R13: 000000000075c9a0 R14: 0000000000761c88 R15: 000000000075c07c
[  179.373528][ T8458] Kernel Offset: disabled
[  179.377857][ T8458] Rebooting in 86400 seconds..