[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 65.657013] audit: type=1800 audit(1543853897.708:25): pid=6780 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 65.676096] audit: type=1800 audit(1543853897.728:26): pid=6780 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 65.695515] audit: type=1800 audit(1543853897.738:27): pid=6780 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.95' (ECDSA) to the list of known hosts. 2018/12/03 16:18:32 fuzzer started 2018/12/03 16:18:38 dialing manager at 10.128.0.26:37509 2018/12/03 16:18:38 syscalls: 1 2018/12/03 16:18:38 code coverage: enabled 2018/12/03 16:18:38 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/12/03 16:18:38 setuid sandbox: enabled 2018/12/03 16:18:38 namespace sandbox: enabled 2018/12/03 16:18:38 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/03 16:18:38 fault injection: enabled 2018/12/03 16:18:38 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/03 16:18:38 net packet injection: enabled 2018/12/03 16:18:38 net device setup: enabled 16:21:30 executing program 0: syzkaller login: [ 259.442766] IPVS: ftp: loaded support on port[0] = 21 [ 261.788471] bridge0: port 1(bridge_slave_0) entered blocking state [ 261.795047] bridge0: port 1(bridge_slave_0) entered disabled state [ 261.803889] device bridge_slave_0 entered promiscuous mode [ 261.941833] bridge0: port 2(bridge_slave_1) entered blocking state [ 261.948296] bridge0: port 2(bridge_slave_1) entered disabled state [ 261.957051] device bridge_slave_1 entered promiscuous mode [ 262.097694] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 262.234963] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 262.663176] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 262.807042] bond0: Enslaving bond_slave_1 as an active interface with an up link 16:21:35 executing program 1: [ 263.155610] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 263.162841] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 263.781099] IPVS: ftp: loaded support on port[0] = 21 [ 264.033881] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 264.042580] team0: Port device team_slave_0 added [ 264.318707] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 264.327039] team0: Port device team_slave_1 added [ 264.546638] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 264.553848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 264.562975] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 264.845537] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 264.852748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 264.861883] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 265.156634] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 265.164418] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 265.173531] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 265.392660] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 265.400347] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 265.409662] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 267.446956] bridge0: port 1(bridge_slave_0) entered blocking state [ 267.453616] bridge0: port 1(bridge_slave_0) entered disabled state [ 267.462349] device bridge_slave_0 entered promiscuous mode [ 267.648478] bridge0: port 2(bridge_slave_1) entered blocking state [ 267.655068] bridge0: port 2(bridge_slave_1) entered disabled state [ 267.664184] device bridge_slave_1 entered promiscuous mode [ 267.806626] bridge0: port 2(bridge_slave_1) entered blocking state [ 267.813213] bridge0: port 2(bridge_slave_1) entered forwarding state [ 267.820161] bridge0: port 1(bridge_slave_0) entered blocking state [ 267.826768] bridge0: port 1(bridge_slave_0) entered forwarding state [ 267.835866] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 267.871104] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 268.057040] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 268.491893] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 16:21:40 executing program 2: [ 268.783609] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 269.080235] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 269.407958] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 269.416918] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 269.603290] IPVS: ftp: loaded support on port[0] = 21 [ 269.736953] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 269.744163] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 270.526327] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 270.534734] team0: Port device team_slave_0 added [ 270.833886] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 270.842241] team0: Port device team_slave_1 added [ 271.052776] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 271.059912] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 271.069082] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 271.376893] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 271.384160] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 271.393169] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 271.757248] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 271.765159] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 271.774361] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 272.070091] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 272.077855] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 272.086973] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 273.985284] bridge0: port 1(bridge_slave_0) entered blocking state [ 273.991927] bridge0: port 1(bridge_slave_0) entered disabled state [ 274.000415] device bridge_slave_0 entered promiscuous mode [ 274.344591] bridge0: port 2(bridge_slave_1) entered blocking state [ 274.351071] bridge0: port 2(bridge_slave_1) entered disabled state [ 274.360114] device bridge_slave_1 entered promiscuous mode [ 274.638728] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 274.889597] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 275.115483] bridge0: port 2(bridge_slave_1) entered blocking state [ 275.122107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 275.129045] bridge0: port 1(bridge_slave_0) entered blocking state [ 275.135611] bridge0: port 1(bridge_slave_0) entered forwarding state [ 275.144444] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 275.661974] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 275.692310] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 275.993299] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 276.165969] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 276.173173] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 276.403433] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 276.410515] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 277.137143] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 277.145627] team0: Port device team_slave_0 added 16:21:49 executing program 3: [ 277.519655] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 277.528026] team0: Port device team_slave_1 added [ 277.923346] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 277.930469] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 277.939311] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 278.266777] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 278.274095] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 278.283162] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 278.600976] IPVS: ftp: loaded support on port[0] = 21 [ 278.633928] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 278.641818] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 278.650840] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 279.047511] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 279.055705] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 279.064836] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 279.157667] 8021q: adding VLAN 0 to HW filter on device bond0 [ 280.644964] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 281.823718] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 281.830151] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 281.838223] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 282.769496] bridge0: port 2(bridge_slave_1) entered blocking state [ 282.776049] bridge0: port 2(bridge_slave_1) entered forwarding state [ 282.783068] bridge0: port 1(bridge_slave_0) entered blocking state [ 282.789554] bridge0: port 1(bridge_slave_0) entered forwarding state [ 282.798435] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 282.841792] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 282.929019] 8021q: adding VLAN 0 to HW filter on device team0 [ 283.998292] bridge0: port 1(bridge_slave_0) entered blocking state [ 284.004955] bridge0: port 1(bridge_slave_0) entered disabled state [ 284.014033] device bridge_slave_0 entered promiscuous mode [ 284.395273] bridge0: port 2(bridge_slave_1) entered blocking state [ 284.401882] bridge0: port 2(bridge_slave_1) entered disabled state [ 284.410408] device bridge_slave_1 entered promiscuous mode [ 284.793844] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 285.138474] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 286.142661] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 286.461300] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 286.883497] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 286.890582] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 287.208316] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 287.215500] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 16:22:00 executing program 4: [ 288.353990] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 288.362357] team0: Port device team_slave_0 added [ 288.814352] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 288.822809] team0: Port device team_slave_1 added [ 289.263482] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 289.270590] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 289.279522] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 289.467264] 8021q: adding VLAN 0 to HW filter on device bond0 [ 289.577646] IPVS: ftp: loaded support on port[0] = 21 [ 289.616679] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 289.624349] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 289.633399] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 290.069136] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 290.076941] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 290.086133] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 290.511732] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 290.519319] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 290.528350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 291.146869] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 16:22:03 executing program 0: 16:22:03 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000040)='/dev/nbd#\x00', 0x0, 0x0) ioctl$NBD_SET_BLKSIZE(r1, 0xab01, 0x6) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000080)=[@mss={0x2, 0xcab3}], 0x1) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='dctcp-reno\x00', 0xb) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0xffffffffffffffff) bind$inet6(r2, &(0x7f0000d84000)={0xa, 0x2}, 0x1c) ioctl$void(r2, 0x5450) r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x101001, 0x0) ioctl$RTC_AIE_OFF(r3, 0x7002) listen(r2, 0x0) sendto$inet6(r0, &(0x7f0000f6f000), 0x1000000, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) [ 292.027416] Unknown ioctl 28674 [ 292.050465] TCP: request_sock_TCPv6: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. [ 292.124340] Unknown ioctl 28674 16:22:04 executing program 0: sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB], 0x1}}, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x1, 0x0) socket$bt_rfcomm(0x1f, 0x3, 0x3) accept$inet6(0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000080)=0x1c) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/attr/current\x00', 0x2, 0x0) ioctl(r0, 0xffffffffffffffb7, &(0x7f0000000080)) r1 = syz_open_dev$mouse(&(0x7f0000000140)='/dev/input/mouse#\x00', 0x3, 0x0) ioctl$UFFDIO_UNREGISTER(r1, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ff9000/0x4000)=nil, 0x4000}) [ 292.700610] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 292.707116] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 292.715124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 16:22:04 executing program 0: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0a5c2d023c126285718070") r1 = socket$inet(0x2, 0x200000002, 0x0) r2 = socket$l2tp(0x18, 0x1, 0x1) r3 = socket$inet6_udp(0xa, 0x2, 0x0) r4 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, r3, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) connect$l2tp(r2, &(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, r1, 0x3, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x3a) close(r1) 16:22:05 executing program 0: r0 = socket$kcm(0x10, 0x2, 0x0) recvmsg(r0, &(0x7f0000003780)={0x0, 0x0, &(0x7f00000035c0)=[{&(0x7f00000000c0)=""/152, 0x98}, {&(0x7f0000000240)=""/154, 0x8f}, {&(0x7f0000001500)=""/4096, 0x1000}, {&(0x7f0000002500)=""/4096, 0x1000}], 0x4, &(0x7f0000003680)=""/204, 0xcc}, 0x0) 16:22:06 executing program 0: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x82000, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000000c0)={r0, 0x0, 0x1, 0x396c9131, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20) move_pages(0x0, 0x2000, &(0x7f0000000000)=[&(0x7f0000cb8000/0x3000)=nil], &(0x7f0000003b80), &(0x7f0000000040), 0x0) request_key(&(0x7f0000000180)='ceph\x00', &(0x7f00000001c0)={'syz'}, &(0x7f0000000200)="f6f00f09d6", 0xfffffffffffffff8) [ 294.355459] 8021q: adding VLAN 0 to HW filter on device team0 16:22:06 executing program 0: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x82000, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f00000000c0)={r0, 0x0, 0x1, 0x396c9131, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}, 0x20) move_pages(0x0, 0x2000, &(0x7f0000000000)=[&(0x7f0000cb8000/0x3000)=nil], &(0x7f0000003b80), &(0x7f0000000040), 0x0) request_key(&(0x7f0000000180)='ceph\x00', &(0x7f00000001c0)={'syz'}, &(0x7f0000000200)="f6f00f09d6", 0xfffffffffffffff8) 16:22:07 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000005880)='stack\x00') socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) fstat(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = getgid() fstat(0xffffffffffffff9c, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fstat(r3, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f00000001c0)={0x0, 0x0, 0x0}, &(0x7f0000000200)=0xc) getgroups(0xa, &(0x7f0000000280)=[0xee00, 0x0, 0xee01, 0x0, 0x0, 0xee00, 0xffffffffffffffff, 0xffffffffffffffff, 0xee01, 0xffffffffffffffff]) fstat(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setgroups(0x7, &(0x7f0000000340)=[r4, r5, r6, r7, r8, r9, r10]) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) ioctl$LOOP_CHANGE_FD(r0, 0x4c03, r1) [ 295.402327] bridge0: port 2(bridge_slave_1) entered blocking state [ 295.408943] bridge0: port 2(bridge_slave_1) entered forwarding state [ 295.416117] bridge0: port 1(bridge_slave_0) entered blocking state [ 295.422698] bridge0: port 1(bridge_slave_0) entered forwarding state [ 295.431392] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 296.359527] bridge0: port 1(bridge_slave_0) entered blocking state [ 296.366187] bridge0: port 1(bridge_slave_0) entered disabled state [ 296.374926] device bridge_slave_0 entered promiscuous mode [ 296.412536] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 296.764987] bridge0: port 2(bridge_slave_1) entered blocking state [ 296.771478] bridge0: port 2(bridge_slave_1) entered disabled state [ 296.780212] device bridge_slave_1 entered promiscuous mode [ 297.170078] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 297.495037] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 298.453678] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 298.780316] 8021q: adding VLAN 0 to HW filter on device bond0 [ 298.793338] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 299.058602] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 299.065838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 299.380853] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 299.389684] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 300.075233] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 300.456809] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 300.465132] team0: Port device team_slave_0 added [ 300.933790] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 300.942199] team0: Port device team_slave_1 added [ 301.282075] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 301.289158] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 301.298322] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 301.357080] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 301.363852] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 301.372535] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 301.604029] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 301.611116] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 301.620233] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 301.838522] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 301.846345] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 301.856541] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 302.088979] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 302.096810] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 302.106193] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 302.387314] 8021q: adding VLAN 0 to HW filter on device team0 16:22:14 executing program 1: r0 = memfd_create(&(0x7f00000003c0)="ceaed21fb12e00020000", 0x0) write$binfmt_elf32(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="7f454c469507ff27050c00000000000003001dc957c6ff5804b11b45078abdb79a4b42292efc0d213de48b77c7dc7a7d95f47157750cb9c9053d82e0d987f2e1df105c5cd6e1e06eabb14b0e01f6e6a60ab699d07348f51fe32a7a379be223f73df37b9d973207871f849c6e4f6c695bbcee53cb833f40bb7b8fb7d2b4079d847817060d8dbcd034bc941cea075b6dc6c04fc32d56c87aa6b84fdc43a466a4f4f4003d6ec2bcacd3031019fd141bc1347f3a774aa0f0c8457dd9b317d9e89373cb44397d18e3a76e9b8a106a640c5675"], 0xd0) clone(0x2102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execveat(r0, &(0x7f0000000100)='\x00', 0x0, 0x0, 0x1000) [ 304.698675] bridge0: port 2(bridge_slave_1) entered blocking state [ 304.705375] bridge0: port 2(bridge_slave_1) entered forwarding state [ 304.712435] bridge0: port 1(bridge_slave_0) entered blocking state [ 304.718909] bridge0: port 1(bridge_slave_0) entered forwarding state [ 304.727572] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 304.734586] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 306.919284] 8021q: adding VLAN 0 to HW filter on device bond0 16:22:19 executing program 2: syz_emit_ethernet(0x3e, &(0x7f0000000040)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0xffffff84, 0x0, @remote, @dev}, @icmp=@parameter_prob={0x12, 0x2, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local={0xac, 0x5c}, @dev}}}}}}, 0x0) [ 307.699531] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 308.194861] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 308.201208] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 308.209044] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 308.711217] 8021q: adding VLAN 0 to HW filter on device team0 [ 311.221505] 8021q: adding VLAN 0 to HW filter on device bond0 [ 311.722067] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 16:22:24 executing program 3: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x1, 0x0, 0x0, 0x0) mremap(&(0x7f0000bca000/0x1000)=nil, 0x1000, 0x4000, 0x3, &(0x7f0000903000/0x4000)=nil) mbind(&(0x7f0000126000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0) [ 312.197063] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 312.203420] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 312.211026] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 312.490841] 8021q: adding VLAN 0 to HW filter on device team0 16:22:26 executing program 4: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000500)='cpuset\x00', 0x0, 0x0) 16:22:26 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x4e23, @broadcast}, 0x10) ioctl$sock_inet_SIOCADDRT(r0, 0x890b, &(0x7f0000000200)={0x0, {}, {0x2, 0x0, @multicast2}, {0x2, 0x0, @dev}, 0x2a4, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)='ip6_vti0\x00'}) ioctl$sock_inet_SIOCDELRT(r0, 0x890c, &(0x7f0000000000)={0x0, {}, {0x2, 0x0, @multicast2}, {0x2, 0x0, @dev}, 0xab852ebbe6fbd72e, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)='syz_tun\x00'}) 16:22:26 executing program 5: r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x2, 0x2) recvmmsg(0xffffffffffffffff, &(0x7f0000003e80)=[{{0x0, 0x0, &(0x7f0000001300)=[{&(0x7f0000000040)=""/190, 0xbe}, {&(0x7f0000000100)=""/79, 0x4f}, {&(0x7f0000000180)=""/11, 0xb}, {&(0x7f00000001c0)=""/34, 0x22}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/253, 0xfd}], 0x6, 0x0, 0x0, 0x4a3000000000}, 0x7}, {{&(0x7f0000001380)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, 0x80, &(0x7f0000003640)=[{&(0x7f0000001400)=""/84, 0x54}, {&(0x7f0000001480)=""/4096, 0x1000}, {&(0x7f0000002480)=""/12, 0xc}, {&(0x7f00000024c0)}, {&(0x7f0000002500)=""/4096, 0x1000}, {&(0x7f0000003500)=""/39, 0x27}, {&(0x7f0000003540)=""/239, 0xef}], 0x7, &(0x7f00000036c0)=""/214, 0xd6, 0x1}, 0x7ff}, {{&(0x7f00000037c0)=@l2, 0x80, &(0x7f0000003b40)=[{&(0x7f0000003840)=""/191, 0xbf}, {&(0x7f0000003900)=""/239, 0xef}, {&(0x7f0000003a00)=""/5, 0x5}, {&(0x7f0000003a40)=""/65, 0x41}, {&(0x7f0000003ac0)=""/100, 0x64}], 0x5, &(0x7f0000003bc0)=""/122, 0x7a, 0x5}, 0x8}, {{0x0, 0x0, &(0x7f0000003d40)=[{&(0x7f0000003c40)=""/215, 0xd7}], 0x1, &(0x7f0000003d80)=""/236, 0xec, 0x6f3}, 0x8000}], 0x4, 0x21, &(0x7f0000003f80)={0x0, 0x989680}) ioctl$sock_ifreq(r0, 0x89f3, &(0x7f0000003fc0)={'tunl0\x00', @ifru_addrs=@hci={0x1f, r1, 0x3}}) fcntl$getownex(r0, 0x10, &(0x7f0000004000)={0x0, 0x0}) ptrace$getregset(0x4204, r2, 0x3, &(0x7f0000004100)={&(0x7f0000004040)=""/133, 0x85}) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0xc058534f, &(0x7f0000004140)={{0x9, 0x6}, 0x1, 0x40, 0x9fbb, {0x59, 0x6}, 0x8000, 0x5}) openat$cgroup_int(r0, &(0x7f00000041c0)='io.bfq.weight\x00', 0x2, 0x0) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000004240)={{{@in=@broadcast, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in=@multicast1}}, &(0x7f0000004340)=0xe8) r4 = geteuid() r5 = getuid() getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000004380)={0x0, 0x0, 0x0}, &(0x7f00000043c0)=0xc) stat(&(0x7f0000004400)='./file0\x00', &(0x7f0000004440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r8 = getegid() getresgid(&(0x7f00000044c0), &(0x7f0000004500), &(0x7f0000004540)=0x0) stat(&(0x7f0000004580)='./file0\x00', &(0x7f00000045c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r11 = getgid() fsetxattr$system_posix_acl(r0, &(0x7f0000004200)='system.posix_acl_access\x00', &(0x7f0000004640)={{}, {0x1, 0x2}, [{0x2, 0x3, r3}, {0x2, 0x2, r4}, {0x2, 0x2, r5}], {0x4, 0x4}, [{0x8, 0x7, r6}, {0x8, 0x2, r7}, {0x8, 0x4, r8}, {0x8, 0x1, r9}, {0x8, 0x2, r10}, {0x8, 0x4, r11}], {0x10, 0x4}, {0x20, 0x5}}, 0x6c, 0x2) write$P9_RREMOVE(r0, &(0x7f00000046c0)={0x7, 0x7b, 0x1}, 0x7) r12 = syz_open_dev$mouse(&(0x7f0000004700)='/dev/input/mouse#\x00', 0x200, 0x10000) getsockopt$ARPT_SO_GET_INFO(r12, 0x0, 0x60, &(0x7f0000004740)={'filter\x00'}, &(0x7f00000047c0)=0x44) ioctl$KVM_GET_LAPIC(r12, 0x8400ae8e, &(0x7f0000004800)={"e56b5b0b4fb3212d7e3d8fe4685a61d91313d4b56491fd269facb7a9c45c017e66e0903e48d3e67c016a5d2244436ced8d8092f9dde44866c57a3f396c191b82fad7d72c88e118ee6cc0946a4d8f83e382efc1acaac169b5d7ae43c56067f8884a85fc66ae7da50b5e385b973783eb608757720325157f5448cc674b7300baadc33333b9122fa52490336bd45ee96482f280d88dc866821743064632802e9584b623017c5f51c7ba7b285427588442c457a23e3084f8128182513f422e0c2ca1b407cb90e9a28dd9e8833d115048422f8b88a23afdf39c43b9eb894198254092cbf53bc30b8cdfad9073370942bdaf2ebab53250f1b6aba7f25ecf6f27d95a23e1302f42f2b2f5c866caeb7bfa29e54f3f6208dbcbd0b318f6f70c0d7740adbe92f52e43270a196a8d05fa53fe5b663410312252f6cd1ea8036246e31d04b83de4df29f3a1c4534a401b6be8a78c6336cdc0a36424d88855fc5d702ab020090f9d49f0fb288f6bf9f050207a23e3967df70e38fb505ff81ed42bac4532f8a87afebc383546d9e78c8fc4ff9f4cecb94c5ca120d39cdb9e57a6746652d99af6d545d4640b106eed06b095fe858da77e77b109c3ad73bb3cc4fbb47dac8d7a01ad517f3753e217bcd449e84faf781ad72fd948d5cfc40bb356e4a5ba39a51487ecb87b55fc427214c16eb632cdd901bb8fa1e3e21e17e4d11e5259112522b551fe17795cb2821e35706ac9cccfc46d91166ac927e2a91400899c16ea5da94c1080d664562fcab5fcb27a69e425ee4aa1d50aa622b59f12594dde32ff76dcb2ac200015f61fbb79f157367bad486c1366fb2971fd5f337095fbeb50ede486b97748a228cbf318450506928c42d88411fa1d2371ff558c26b60aa5a8f9e5d72561fd5d874d80cf36dbf988324ef1889ee635fb90b615198f3fad07cefe6bb9676eb42334cea8b4b5c90a183adfb4e25c7d79c406800fcd7a23c5b5f45b5fec8630c8fcad70722a19c79afd574cb42f78da8905c4835c68626c04a0b133c2af33c89a620c02e7fe6a2f44894f7a182309967a6d91081e62c48a58c8b4e8b2fc6e8672b2a25f416fdf9e4d46a6806aaa6479a9a156aae0ab95a0b8c1aa0bfbdcf10e451e365a108436eee90dd9273aa6eb7b9c08789f532366f9b69e04aa7c4b2edc6ccb456a2e417ebfeac0153c42338be167d63266e8d56621e3b505ead521c737482b58b4ef112839fcc6d7cce70d6b09b7abab0497c4cb5dfcfe9f9ab91932cf8d1251b5275fa6904410a0fbf8403d59722e80da434eeddfde5ccf166cf541dccb15248457da6dd97fc972b6a6f71c9e3b74c799f2813d0ac66888658fd5ec6b1ac3b502a99e39731415d66f7f42830327d634a9c1d123379bc6a99c7eadd8f3d8453df9c93650eefbc89f5080af687f243b82e09ec29cc1d6b8f0a153b31adfdc"}) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r12, 0x84, 0x22, &(0x7f0000004c00)={0x20, 0xb, 0x0, 0x7ff, 0x0}, &(0x7f0000004c40)=0x10) setsockopt$inet_sctp6_SCTP_MAXSEG(r12, 0x84, 0xd, &(0x7f0000004c80)=@assoc_value={r13, 0x9}, 0x8) getsockopt$bt_BT_CHANNEL_POLICY(r12, 0x112, 0xa, &(0x7f0000004cc0)=0x20, &(0x7f0000004d00)=0x4) ioctl$sock_inet_SIOCSIFNETMASK(r12, 0x891c, &(0x7f0000004d40)={'irlan0\x00', {0x2, 0x4e22, @empty}}) getsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000004d80), &(0x7f0000004dc0)=0xb) setsockopt$IP_VS_SO_SET_DEL(r0, 0x0, 0x484, &(0x7f0000004e00)={0x5e, @multicast2, 0x4e23, 0x1, 'ovf\x00', 0x2a, 0x1f, 0x6}, 0x2c) ioctl$UI_SET_FFBIT(r0, 0x4004556b, 0x2d) getsockopt$sock_int(r12, 0x1, 0x3b, &(0x7f0000004e40), &(0x7f0000004e80)=0x4) ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000004ec0)={&(0x7f0000ffc000/0x4000)=nil, 0x4000}) 16:22:26 executing program 1: openat$vhci(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vhci\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYBLOB="145f420000000000000007ff000000000300de0006000000000000000000080000000000000008000500ac14141b080003000100000f01"], 0x1}}, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00%'], 0x1}}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000002c0)="b8010000000f01c166b8e2000f00d8b9800000c00f3235004000000f304a0fc75f20c44379608d00000100f22e0f01ca67440ff6143f66ba4000b846c95182ef0f01cf400f01df", 0x47}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x2, 0x2, 0x1000, &(0x7f0000010000/0x1000)=nil}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key$user(&(0x7f0000000100)='user\x00', 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:22:26 executing program 2: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0a5c2d023c126285718070") r1 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) ioctl$NBD_DO_IT(r1, 0x1260) 16:22:26 executing program 3: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0a5c2d023c126285718070") r1 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) ioctl$NBD_DO_IT(r1, 0x1261) [ 314.401299] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 16:22:26 executing program 3: 16:22:26 executing program 0: 16:22:26 executing program 4: 16:22:26 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x8) sched_setaffinity(0x0, 0x0, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0xc0d, 0x0) write$uinput_user_dev(r0, &(0x7f0000000400)={'syz1\x00'}, 0x45c) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) ioctl$UI_GET_SYSNAME(r0, 0x8040552c, 0x0) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000100)={@remote, 0x3}) [ 314.971859] input: syz1 as /devices/virtual/input/input5 16:22:27 executing program 3: gettid() mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x0, &(0x7f0000130000/0x800000)=nil) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x8) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000)='/dev/uinput\x00', 0xc0d, 0x0) write$uinput_user_dev(r0, &(0x7f0000000400)={'syz1\x00'}, 0x45c) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) ioctl$UI_GET_SYSNAME(r0, 0x8040552c, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) [ 315.067722] input: syz1 as /devices/virtual/input/input6 16:22:27 executing program 1: openat$vhci(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vhci\x00', 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYBLOB="145f420000000000000007ff000000000300de0006000000000000000000080000000000000008000500ac14141b080003000100000f01"], 0x1}}, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00%'], 0x1}}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000002c0)="b8010000000f01c166b8e2000f00d8b9800000c00f3235004000000f304a0fc75f20c44379608d00000100f22e0f01ca67440ff6143f66ba4000b846c95182ef0f01cf400f01df", 0x47}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x2, 0x2, 0x1000, &(0x7f0000010000/0x1000)=nil}) ioctl$KVM_RUN(r2, 0xae80, 0x0) add_key$user(&(0x7f0000000100)='user\x00', 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 16:22:27 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETAW(r0, 0x5456, &(0x7f00000000c0)) 16:22:27 executing program 4: [ 315.338196] input: syz1 as /devices/virtual/input/input7 [ 315.847518] IPVS: ftp: loaded support on port[0] = 21 [ 317.146113] bridge0: port 1(bridge_slave_0) entered blocking state [ 317.152570] bridge0: port 1(bridge_slave_0) entered disabled state [ 317.160100] device bridge_slave_0 entered promiscuous mode [ 317.253860] bridge0: port 2(bridge_slave_1) entered blocking state [ 317.260422] bridge0: port 2(bridge_slave_1) entered disabled state [ 317.269260] device bridge_slave_1 entered promiscuous mode [ 317.396534] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 317.500055] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 317.725264] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 317.803636] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 317.883146] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 317.890118] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 317.964877] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 317.972083] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 318.190246] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 318.198099] team0: Port device team_slave_0 added [ 318.268235] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 318.275721] team0: Port device team_slave_1 added [ 318.344505] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 318.421123] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 318.497517] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 318.504817] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 318.513845] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 318.585031] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 318.592300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 318.601137] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 319.439902] bridge0: port 2(bridge_slave_1) entered blocking state [ 319.446376] bridge0: port 2(bridge_slave_1) entered forwarding state [ 319.453374] bridge0: port 1(bridge_slave_0) entered blocking state [ 319.459794] bridge0: port 1(bridge_slave_0) entered forwarding state [ 319.468018] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 319.871998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 322.517862] 8021q: adding VLAN 0 to HW filter on device bond0 [ 322.810468] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 323.094921] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 323.101194] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 323.109383] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 323.385702] 8021q: adding VLAN 0 to HW filter on device team0 16:22:37 executing program 5: 16:22:37 executing program 2: 16:22:37 executing program 4: 16:22:37 executing program 3: 16:22:37 executing program 0: 16:22:37 executing program 1: 16:22:37 executing program 3: 16:22:37 executing program 2: 16:22:37 executing program 4: 16:22:37 executing program 5: 16:22:37 executing program 1: 16:22:37 executing program 0: bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000080), 0x4) 16:22:37 executing program 3: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/nullb0\x00', 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r0, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/nullb0\x00', 0x4000, 0x0) preadv(r1, &(0x7f0000000040)=[{&(0x7f0000000400)=""/4096, 0x2d000}], 0x1, 0x0) 16:22:37 executing program 2: pipe(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$UI_SET_SNDBIT(0xffffffffffffffff, 0x4004556a, 0x1) write(r1, &(0x7f00000001c0), 0xfffffef3) timer_create(0x7, &(0x7f0000000540)={0x0, 0xe, 0x0, @thr={0x0, 0x0}}, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) write$P9_RXATTRWALK(r0, &(0x7f0000000a00)={0xf, 0x1f, 0x0, 0x4}, 0xf) getsockopt$inet_int(r1, 0x0, 0x12, 0x0, &(0x7f00000000c0)) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) connect$inet6(r2, &(0x7f0000000080)={0xa, 0x4e21, 0x0, @ipv4={[], [], @loopback}}, 0x1c) getsockopt$inet_buf(r0, 0x0, 0x2c, 0x0, &(0x7f0000000380)) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) ioctl$FS_IOC_FSGETXATTR(r1, 0x801c581f, &(0x7f0000000180)={0x0, 0x0, 0x821a, 0x1b, 0x3}) 16:22:38 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x3, 0xb) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, &(0x7f0000000140)="420fb507b805000000b98de92d630f01c1f2430f3566b869008ec0f0814b00ec480000470f017a00f3f7e4470f017cc0423e26460f21f6410f01df", 0x3b}], 0x1, 0x0, &(0x7f0000000000), 0x101) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000100)={0x0, 0x4000}) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000000)) ioctl$KVM_RUN(r2, 0xae80, 0x0) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, 0x0, &(0x7f00000001c0)) 16:22:38 executing program 4: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000001000), 0x1000) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) open(&(0x7f00000001c0)='./file0/file1\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f0000001000), 0x1000) write$FUSE_ENTRY(r0, &(0x7f0000002000)={0x90, 0x0, 0x2}, 0x90) mount$fuse(0x0, &(0x7f00000000c0)='./file0/file1\x00', 0x0, 0x0, 0x0) 16:22:38 executing program 1: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote, 0x1}, 0x1c) 16:22:38 executing program 0: socket$inet6(0xa, 0x0, 0x0) read(0xffffffffffffffff, &(0x7f0000000140)=""/28, 0x1c) r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000000040)) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000340)='/dev/sequencer2\x00', 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000440)='/dev/snd/midiC#D#\x00', 0xe440, 0x1) write$cgroup_type(r1, &(0x7f00000000c0)='threaded\x00', 0xff4c) timer_settime(0x0, 0x0, &(0x7f0000000280)={{}, {0x0, 0x1c9c380}}, 0x0) tkill(r0, 0x1000000000015) 16:22:38 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000"], 0x0}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x1800000000000000, 0x130, 0x0, &(0x7f0000000b00)="b90703e6680d698ca59e40f02cead5dc77ee41dea43e63a377fb8a977c3f1d1700040000d82148a2ac14141ee049eb98713f046740466a4b03003417ef6c9079a2ee9747b34b8182e40b2572d6a20963922d9a4fe66befe41f827286784adb78b94d873ae3bfb84e9eb7d54b40b4f30ff6a20c46aefc11e5d52772b76f4087c688fb85358a300ed2ca3c5bfa6a6eac5ca288efc03068d22d43d5d97f000000000000000cc4168ead0a3fc779213a717fbc88673bb3a02ac6d4b6fb26a972ab970dc8695f97528a1c3af778469949ed1629da9c8cb1880e35ad6fb71e34fcdbdadc83d27eac154347cecaa7db0e19b28079494d880068030b5711a42db4712989a4c1b9ef2748878fd7270b90bc83c0d7a83210f9a0bf427f37272548ed6fa54057e34c2a737a8d48effe4863131657ef", 0x0, 0x100}, 0x28) 16:22:38 executing program 1: socket$nl_generic(0x10, 0x3, 0x10) ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, 0x0) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, 0x0) bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x10) writev(r0, &(0x7f0000000080)=[{&(0x7f0000000800)="480000001500197f09004b0101048c590188ffffcf5d3474bc9240e10520613057fff7e07900e0413ff26bb452cf9e8a62bf5b3b8c3cfe5f0028213ee20600d4ff5bffff00c7e5ed", 0x48}], 0x1) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 326.824101] hrtimer: interrupt took 352408 ns 16:22:39 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) 16:22:39 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x201, 0x0) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000040)) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) readv(r1, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/55, 0x37}], 0x20000000000002e8) ioctl$KDSETMODE(0xffffffffffffffff, 0x4b3a, 0x0) ioctl$TCSETS(r1, 0x5402, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x5a}) read(r1, &(0x7f0000000180)=""/19, 0x65bf19fb) 16:22:39 executing program 4: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000001000), 0x1000) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) open(&(0x7f00000001c0)='./file0/file1\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f0000001000), 0x1000) write$FUSE_ENTRY(r0, &(0x7f0000002000)={0x90, 0x0, 0x2}, 0x90) mount$fuse(0x0, &(0x7f00000000c0)='./file0/file1\x00', 0x0, 0x0, 0x0) 16:22:39 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000001000), 0x1000) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) open(&(0x7f00000001c0)='./file0/file1\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f0000001000), 0x1000) write$FUSE_ENTRY(r0, &(0x7f0000002000)={0x90, 0x0, 0x2}, 0x90) mount$fuse(0x0, &(0x7f00000000c0)='./file0/file1\x00', 0x0, 0x0, 0x0) 16:22:39 executing program 0: r0 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r0) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x3}, 0x4) setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f0000000200)=0x2, 0x4) setsockopt$packet_tx_ring(r1, 0x107, 0x5, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @local, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @remote={0xac, 0x223}, @local}, @igmp={0x0, 0x0, 0x0, @broadcast}}}}}, 0x0) 16:22:41 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000001000), 0x1000) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) open(&(0x7f00000001c0)='./file0/file1\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f0000001000), 0x1000) write$FUSE_ENTRY(r0, &(0x7f0000002000)={0x90, 0x0, 0x2}, 0x90) mount$fuse(0x0, &(0x7f00000000c0)='./file0/file1\x00', 0x0, 0x0, 0x0) 16:22:41 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000080)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000001000), 0x1000) read$FUSE(r0, &(0x7f0000002000), 0x1000) mount$fuse(0x0, &(0x7f0000000000)='./file0/file0\x00', 0x0, 0x0, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) write$FUSE_DIRENT(r0, &(0x7f0000000500)=ANY=[@ANYBLOB="9000000000000000020000000000000001000000000000000000000b000000000066ce656d316e6f246576656d310000000000000000000000400000619fcd3823b7c94f5a3276ce8c9461000000000000001c000000000000002b7379737465746a48be1b31486dcc6370757365746367726f7570246367726f00040000000000000000000000000000000000000000"], 0x90) 16:22:41 executing program 3: 16:22:41 executing program 2: 16:22:41 executing program 0: 16:22:41 executing program 3: 16:22:41 executing program 0: 16:22:41 executing program 2: 16:22:41 executing program 3: 16:22:41 executing program 4: 16:22:41 executing program 0: 16:22:41 executing program 2: 16:22:42 executing program 1: 16:22:42 executing program 5: mkdirat(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000080)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000001000), 0x1000) read$FUSE(r0, &(0x7f0000002000), 0x1000) mount$fuse(0x0, &(0x7f0000000000)='./file0/file0\x00', 0x0, 0x0, 0x0) write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) write$FUSE_DIRENT(r0, &(0x7f0000000500)=ANY=[@ANYBLOB="9000000000000000020000000000000001000000000000000000000b000000000066ce656d316e6f246576656d310000000000000000000000400000619fcd3823b7c94f5a3276ce8c9461000000000000001c000000000000002b7379737465746a48be1b31486dcc6370757365746367726f7570246367726f00040000000000000000000000000000000000000000"], 0x90) 16:22:42 executing program 3: 16:22:42 executing program 2: 16:22:42 executing program 4: 16:22:42 executing program 0: 16:22:42 executing program 4: 16:22:42 executing program 1: 16:22:42 executing program 0: 16:22:42 executing program 3: 16:22:42 executing program 2: 16:22:42 executing program 4: 16:22:42 executing program 1: 16:22:43 executing program 5: 16:22:43 executing program 3: 16:22:43 executing program 2: 16:22:43 executing program 0: 16:22:43 executing program 4: 16:22:43 executing program 1: 16:22:43 executing program 3: 16:22:43 executing program 4: 16:22:43 executing program 0: 16:22:43 executing program 2: 16:22:43 executing program 5: 16:22:43 executing program 3: 16:22:43 executing program 1: 16:22:43 executing program 4: 16:22:44 executing program 5: 16:22:44 executing program 0: 16:22:44 executing program 3: 16:22:44 executing program 1: 16:22:44 executing program 2: 16:22:44 executing program 5: 16:22:44 executing program 4: 16:22:44 executing program 0: 16:22:44 executing program 1: 16:22:44 executing program 2: 16:22:44 executing program 3: 16:22:44 executing program 5: 16:22:44 executing program 4: 16:22:45 executing program 1: 16:22:45 executing program 0: 16:22:45 executing program 2: 16:22:45 executing program 3: 16:22:45 executing program 4: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000240)="0a5c2d023c126285718070") bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000080), 0x4) 16:22:45 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='net/route\x00') preadv(r0, &(0x7f0000000480), 0x10000000000001e1, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x0, 0x0, 0x0) 16:22:45 executing program 2: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer\x00', 0x80000000000046, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000340)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f79805854fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") sendfile(r0, r1, 0x0, 0x2b428a52) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:22:45 executing program 3: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x14, 0x1d, 0xfffffffffffffffd, 0x0, 0x0, {0x1f}}, 0x14}}, 0x0) 16:22:45 executing program 0: r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vhci\x00', 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ppoll(&(0x7f0000001440)=[{r0}, {}, {r0, 0x100}], 0x3, 0x0, 0x0, 0x0) 16:22:45 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = creat(&(0x7f0000000000)='./file0\x00', 0x0) syz_kvm_setup_cpu$x86(r3, r2, &(0x7f0000fe6000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) 16:22:45 executing program 4: r0 = open$dir(&(0x7f0000000100)='.\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) name_to_handle_at(r0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140)={0x8}, 0x0, 0x0) 16:22:46 executing program 5: r0 = open$dir(&(0x7f0000000100)='.\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) name_to_handle_at(r0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000140)={0xc, 0x0, "e1e223e3"}, 0x0, 0x0) 16:22:46 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000140)=0x400, 0x4) recvmmsg(r0, &(0x7f000000b7c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) 16:22:46 executing program 2: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer\x00', 0x80000000000046, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000340)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f79805854fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") sendfile(r0, r1, 0x0, 0x2b428a52) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:22:46 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer\x00', 0x80000000000046, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000340)="2f65786500000000000409004bddd9de91be10eebf000ee9a90f79805854fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a") sendfile(r0, r1, 0x0, 0x2b428a52) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 16:22:46 executing program 4: rt_tgsigqueueinfo(0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$vivid(&(0x7f0000000000)='/dev/video#\x00', 0x3, 0x2) ioctl$VIDIOC_G_OUTPUT(r0, 0x8004562e, &(0x7f0000000040)) ptrace(0xffffffffffffffff, 0x0) ptrace$poke(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$PPPIOCGMRU(0xffffffffffffffff, 0x80047453, 0x0) 16:22:46 executing program 1: mkdir(0x0, 0x0) setns(0xffffffffffffffff, 0x0) ioctl$EVIOCGBITKEY(0xffffffffffffffff, 0x80404521, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$BLKFRASET(0xffffffffffffffff, 0x1264, 0x0) fadvise64(0xffffffffffffffff, 0x0, 0x200, 0x0) syz_genetlink_get_family_id$nbd(0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sched_setscheduler(0x0, 0x5, &(0x7f0000000200)) seccomp(0x1, 0x0, &(0x7f0000001980)={0x2, &(0x7f0000000000)=[{0x20, 0x0, 0x0, 0x9}, {0x6}]}) shmget$private(0x0, 0x4000, 0x10, &(0x7f0000ff9000/0x4000)=nil) 16:22:46 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(0xffffffffffffffff, 0x0) openat(0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x24000, 0x0) ioctl$BLKGETSIZE64(0xffffffffffffffff, 0x80081272, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(0xffffffffffffffff, 0x8917, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0) setsockopt$inet6_MCAST_LEAVE_GROUP(0xffffffffffffffff, 0x29, 0x2d, 0x0, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x48b, 0x0, 0x0) fsetxattr$trusted_overlay_upper(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) prlimit64(0x0, 0x0, &(0x7f00000001c0), 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) accept(0xffffffffffffffff, 0x0, 0x0) r3 = creat(&(0x7f0000000040)='./bus\x00', 0x0) clone(0x10002102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$EXT4_IOC_GROUP_ADD(r3, 0x40286608, &(0x7f00000000c0)={0x10}) pread64(0xffffffffffffffff, 0x0, 0x0, 0x0) 16:22:46 executing program 5: 16:22:46 executing program 2: 16:22:46 executing program 3: 16:22:46 executing program 0: getsockopt$bt_BT_SECURITY(0xffffffffffffffff, 0x112, 0x4, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x6) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r1 = socket$inet_tcp(0x2, 0x1, 0x0) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) setsockopt$sock_timeval(r1, 0x1, 0x15, &(0x7f00000001c0)={0x0, r2/1000+30000}, 0xff35) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_int(r1, 0x6, 0x4000000000014, &(0x7f0000000180)=0x80000000002, 0x93) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000240)={0x0, 0x0, 0x5}, 0x14) ioctl$sock_inet6_udp_SIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000000)=0x80, 0x4) sendto$inet(r1, &(0x7f0000000100), 0xfffffffffffffdf4, 0x0, 0x0, 0x0) 16:22:47 executing program 4: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x4a, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_opts(r0, 0x0, 0x4, 0x0, 0x0) 16:22:47 executing program 2: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) r1 = eventfd(0x9) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000080)={0x0, r1}) 16:22:47 executing program 3: 16:22:47 executing program 5: 16:22:47 executing program 3: 16:22:47 executing program 1: 16:22:47 executing program 4: 16:22:47 executing program 0: 16:22:47 executing program 3: 16:22:47 executing program 2: 16:22:47 executing program 1: 16:22:47 executing program 5: 16:22:48 executing program 4: 16:22:48 executing program 0: 16:22:48 executing program 3: 16:22:48 executing program 1: 16:22:48 executing program 2: 16:22:48 executing program 4: 16:22:48 executing program 5: 16:22:48 executing program 0: 16:22:48 executing program 2: 16:22:48 executing program 3: 16:22:48 executing program 1: 16:22:48 executing program 4: 16:22:48 executing program 5: 16:22:49 executing program 3: 16:22:49 executing program 0: 16:22:49 executing program 2: 16:22:49 executing program 4: 16:22:49 executing program 1: 16:22:49 executing program 3: 16:22:49 executing program 5: 16:22:49 executing program 2: 16:22:49 executing program 0: 16:22:49 executing program 4: 16:22:49 executing program 1: 16:22:49 executing program 3: 16:22:49 executing program 4: 16:22:50 executing program 2: 16:22:50 executing program 5: 16:22:50 executing program 1: 16:22:50 executing program 0: 16:22:50 executing program 3: 16:22:50 executing program 4: 16:22:50 executing program 2: 16:22:50 executing program 5: 16:22:50 executing program 1: 16:22:50 executing program 4: 16:22:50 executing program 0: 16:22:50 executing program 2: 16:22:50 executing program 5: 16:22:51 executing program 3: 16:22:51 executing program 1: 16:22:51 executing program 0: 16:22:51 executing program 4: 16:22:51 executing program 5: 16:22:51 executing program 2: 16:22:51 executing program 1: 16:22:51 executing program 3: 16:22:51 executing program 5: 16:22:51 executing program 0: 16:22:51 executing program 4: 16:22:51 executing program 3: r0 = socket(0x1e, 0x1, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e1, &(0x7f0000000040)) 16:22:52 executing program 2: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_dev$usbmon(&(0x7f0000000140)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYBLOB="145f420000000000000007ff000000000300de0006000000000000000000080000000000000008000500ac14141b080003000100000f01"], 0x1}}, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000fcdbdf25"], 0x1}}, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000002c0)="b8010000000f01c166b8e2000f00d8b9800000c00f3235004000000f304a0fc75f20c44379608d00000100f22e0f01ca67440ff6143f66ba4000b846c95182ef0f01cf400f01df", 0x47}], 0x1, 0x0, 0x0, 0x0) openat(0xffffffffffffffff, 0x0, 0x48040, 0x4) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x3, 0x6000, 0x1000, &(0x7f0000010000/0x1000)=nil}) ioctl$KVM_RUN(r3, 0xae80, 0x0) add_key$user(&(0x7f0000000100)='user\x00', 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 16:22:52 executing program 1: pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) sendto$inet6(r1, &(0x7f0000000100), 0x0, 0x20000001, 0x0, 0x0) splice(r1, 0x0, r0, 0x0, 0x40000ab15, 0x0) 16:22:52 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_XCRS(r2, 0x4188aea7, &(0x7f00000000c0)=ANY=[@ANYBLOB="0200000000000000b85b000000000000000000000000000000000020"]) 16:22:52 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0xa, 0xe, &(0x7f0000000500)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000000000012d6405000000000065040400010000000704000001000000b7050000002000006a0a00fe000000008500000049000000b7000000000000009500000000000000"], 0x0}, 0x48) 16:22:52 executing program 5: openat$vhci(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vhci\x00', 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYBLOB="145f420000000000000007ff000000000300de0006000000000000000000080000000000000008000500ac14141b080003000100000f01"], 0x1}}, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000000), 0xc, 0x0}, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000002c0)="b8010000000f01c166b8e2000f00d8b9800000c00f3235004000000f304a0fc75f20c44379608d00000100f22e0f01ca67440ff6143f66ba4000b846c95182ef0f01cf400f01df", 0x47}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x3, 0x0, 0x1000, &(0x7f0000010000/0x1000)=nil}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 16:22:52 executing program 3: r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vhci\x00', 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ppoll(&(0x7f0000001440)=[{0xffffffffffffffff, 0x4}, {r0, 0x10}, {}, {0xffffffffffffffff, 0x100}, {r0, 0x100}], 0x5, &(0x7f0000001480)={0x77359400}, &(0x7f00000014c0)={0x4}, 0x8) 16:22:52 executing program 4: socketpair(0x1b, 0xe, 0x0, &(0x7f00000002c0)) r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x9, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) recvmsg(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340)=@nfc, 0x80, &(0x7f0000000580)=[{&(0x7f00000003c0)=""/53, 0x35}, {&(0x7f0000000400)=""/10, 0xa}, {&(0x7f0000000440)=""/27, 0x1b}, {&(0x7f0000000940)=""/78, 0x4e}, {&(0x7f0000000500)=""/35, 0x23}], 0x5, &(0x7f0000000600)=""/167, 0xa7, 0xfff}, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000900)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x10, 0x6, 0x8, &(0x7f0000000100)={0xffffffffffffffff}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000280)={0xffffffffffffffff, r0, 0x0, 0x14, &(0x7f0000000040)=':.selfselinuxcgroup\x00'}, 0x30) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000007c0)={r2, 0x50, &(0x7f0000000480)}, 0x10) socketpair(0xf, 0x80807, 0x1, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x894c, &(0x7f00000009c0)={r3}) perf_event_open(&(0x7f000025c000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x120, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000780)={&(0x7f0000000740)='./file0\x00', r4}, 0x6e) r6 = socket$kcm(0x2, 0x3, 0x2) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, &(0x7f0000000540)='/\x00') socket$kcm(0xa, 0x6, 0x0) socketpair(0x9, 0x7, 0xfffffffffffffffc, &(0x7f0000000240)={0xffffffffffffffff}) getpid() socketpair(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x10, 0x200000000000, 0x0, 0x0, 0x4, 0x1}, 0x2c) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r7, 0x40042409, 0xfffffffffffffffd) ioctl$sock_kcm_SIOCKCMUNATTACH(r3, 0x89e1, &(0x7f00000000c0)={r5}) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x2400, 0x801) ioctl$PERF_EVENT_IOC_DISABLE(r8, 0x2401, 0x0) socket$kcm(0x29, 0x7, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r8, 0x89e0, &(0x7f0000000300)={0xffffffffffffffff, r1}) 16:22:52 executing program 0: r0 = socket$inet6(0xa, 0x5, 0x0) shutdown(r0, 0x0) sendmmsg(r0, &(0x7f000000b480)=[{{&(0x7f00000002c0)=@in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [0x8]}, 0x9}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000080)="10", 0x1}], 0x1}}], 0x1, 0x0) 16:22:52 executing program 3: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0a5c2d023c126285718070") pipe2(0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$PR_GET_NO_NEW_PRIVS(0x2a) 16:22:52 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000200)='./file1\x00', 0x0) r2 = creat(&(0x7f0000000200)='./file1\x00', 0x0) fallocate(r1, 0x0, 0xc478, 0x5) write$P9_ROPEN(r2, &(0x7f0000000000)={0x18}, 0xffffff73) ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, 0x0) getdents64(r1, 0x0, 0x0) fanotify_init(0x3, 0x0) fallocate(r1, 0x3, 0x93ad, 0x8001) ioctl$KDSKBMODE(r2, 0x4b45, &(0x7f0000000080)) 16:22:53 executing program 5: openat$vhci(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vhci\x00', 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYBLOB="145f420000000000000007ff000000000300de0006000000000000000000080000000000000008000500ac14141b080003000100000f01"], 0x1}}, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000000), 0xc, 0x0}, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000002c0)="b8010000000f01c166b8e2000f00d8b9800000c00f3235004000000f304a0fc75f20c44379608d00000100f22e0f01ca67440ff6143f66ba4000b846c95182ef0f01cf400f01df", 0x47}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x3, 0x0, 0x1000, &(0x7f0000010000/0x1000)=nil}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 16:22:53 executing program 2: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm-monitor\x00', 0x4000, 0x0) ioctl$TUNSETVNETLE(0xffffffffffffffff, 0x400454dc, &(0x7f0000000000)) 16:22:53 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) stat(&(0x7f00000000c0)='./file0/file0\x00', 0x0) read$FUSE(r1, &(0x7f00000030c0), 0x1000) read$FUSE(r1, 0x0, 0x0) write$FUSE_INIT(r1, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) write$FUSE_DIRENT(0xffffffffffffffff, 0x0, 0x0) 16:22:53 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='net/fib_triestat\x00') preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0) getresuid(0x0, &(0x7f0000000300), &(0x7f0000000340)) 16:22:53 executing program 4: socketpair(0x1b, 0xe, 0x0, &(0x7f00000002c0)) r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x9, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) recvmsg(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000340)=@nfc, 0x80, &(0x7f0000000580)=[{&(0x7f00000003c0)=""/53, 0x35}, {&(0x7f0000000400)=""/10, 0xa}, {&(0x7f0000000440)=""/27, 0x1b}, {&(0x7f0000000940)=""/78, 0x4e}, {&(0x7f0000000500)=""/35, 0x23}], 0x5, &(0x7f0000000600)=""/167, 0xa7, 0xfff}, 0x0) socketpair$inet_smc(0x2b, 0x1, 0x0, &(0x7f0000000900)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x10, 0x6, 0x8, &(0x7f0000000100)={0xffffffffffffffff}) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000280)={0xffffffffffffffff, r0, 0x0, 0x14, &(0x7f0000000040)=':.selfselinuxcgroup\x00'}, 0x30) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000007c0)={r2, 0x50, &(0x7f0000000480)}, 0x10) socketpair(0xf, 0x80807, 0x1, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x894c, &(0x7f00000009c0)={r3}) perf_event_open(&(0x7f000025c000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x120, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000780)={&(0x7f0000000740)='./file0\x00', r4}, 0x6e) r6 = socket$kcm(0x2, 0x3, 0x2) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, &(0x7f0000000540)='/\x00') socket$kcm(0xa, 0x6, 0x0) socketpair(0x9, 0x7, 0xfffffffffffffffc, &(0x7f0000000240)={0xffffffffffffffff}) getpid() socketpair(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x10, 0x200000000000, 0x0, 0x0, 0x4, 0x1}, 0x2c) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r7, 0x40042409, 0xfffffffffffffffd) ioctl$sock_kcm_SIOCKCMUNATTACH(r3, 0x89e1, &(0x7f00000000c0)={r5}) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x2400, 0x801) ioctl$PERF_EVENT_IOC_DISABLE(r8, 0x2401, 0x0) socket$kcm(0x29, 0x7, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r8, 0x89e0, &(0x7f0000000300)={0xffffffffffffffff, r1}) 16:22:53 executing program 1: getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f00000001c0)={{{@in6=@dev, @in6=@loopback}}, {{@in6=@ipv4={[], [], @multicast2}}, 0x0, @in6}}, &(0x7f0000000100)=0xe8) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x100000000}) clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f0000000180)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000080)=@assoc_value, 0x0) ptrace(0x10, r0) ptrace$poke(0x4209, r0, &(0x7f00000000c0), 0x0) 16:22:53 executing program 5: openat$vhci(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vhci\x00', 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYBLOB="145f420000000000000007ff000000000300de0006000000000000000000080000000000000008000500ac14141b080003000100000f01"], 0x1}}, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000000), 0xc, 0x0}, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000002c0)="b8010000000f01c166b8e2000f00d8b9800000c00f3235004000000f304a0fc75f20c44379608d00000100f22e0f01ca67440ff6143f66ba4000b846c95182ef0f01cf400f01df", 0x47}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x3, 0x0, 0x1000, &(0x7f0000010000/0x1000)=nil}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 16:22:53 executing program 2: r0 = socket$inet6(0xa, 0x400000000000803, 0x4) r1 = msgget(0x3, 0x427) msgsnd(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="0000100000f551137fdab49cbb8d222b465bbc751663849c56dc1ba8a98f7b000084d39c38595826e3db24a55a4fccb777bcffff000017c6ed35dc28e8ce820c550000000000000077c5de70904e5d601546ccc0e6a481fc48df90128b24009f6de8d5dc63f628a51c8d92a82d"], 0x1, 0x800) ioctl(r0, 0x400001000008912, &(0x7f0000000140)="0a5c2d023c126285718070") msgrcv(0x0, 0x0, 0x6d, 0x2, 0x0) [ 341.897019] ptrace attach of "/root/syz-executor1"[9088] was attempted by "/root/syz-executor1"[9099] 16:22:54 executing program 1: r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vhci\x00', 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ppoll(&(0x7f0000001440)=[{0xffffffffffffffff, 0x4}, {r0}, {}, {}, {r0, 0x100}], 0x5, &(0x7f0000001480)={0x77359400}, &(0x7f00000014c0)={0x4}, 0x8) 16:22:54 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x100000000}) clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000180)) ptrace(0x10, r1) ptrace$poke(0x4209, r1, &(0x7f00000000c0), 0x70f000) 16:22:54 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000440)='net/fib_triestat\x00') preadv(r0, &(0x7f0000000480), 0x2000000000000113, 0x0) getresuid(0x0, &(0x7f0000000300), &(0x7f0000000340)) [ 342.293249] ================================================================== [ 342.300700] BUG: KMSAN: kernel-infoleak in _copy_to_user+0x19a/0x230 [ 342.307228] CPU: 0 PID: 9119 Comm: syz-executor4 Not tainted 4.20.0-rc3+ #102 [ 342.314520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 342.323890] Call Trace: [ 342.326507] dump_stack+0x32d/0x480 [ 342.330162] ? _copy_to_user+0x19a/0x230 [ 342.334281] kmsan_report+0x12c/0x290 [ 342.338125] kmsan_internal_check_memory+0x514/0xa50 [ 342.343267] ? do_page_fault+0x98/0xd0 [ 342.347211] kmsan_copy_to_user+0x78/0xd0 [ 342.351389] _copy_to_user+0x19a/0x230 [ 342.355320] copy_siginfo_to_user+0x80/0x160 [ 342.359808] ptrace_request+0x24a5/0x2900 [ 342.364010] ? __msan_poison_alloca+0x1e0/0x270 [ 342.368740] ? arch_ptrace+0x89/0x1150 [ 342.372673] ? __se_sys_ptrace+0x46c/0x990 [ 342.376953] arch_ptrace+0xb66/0x1150 [ 342.380804] __se_sys_ptrace+0x46c/0x990 [ 342.384931] __x64_sys_ptrace+0x56/0x70 [ 342.388937] do_syscall_64+0xcf/0x110 16:22:54 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000001000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0}) close(r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x8, 0x0, &(0x7f000000dff8)=[@release={0x400c630e}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0x0, 0x0, 0x0}) r2 = dup(r1) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000002c0)={0x1c, 0x0, &(0x7f0000000140)=[@acquire, @acquire_done], 0x0, 0x0, 0x0}) [ 342.392770] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 342.397981] RIP: 0033:0x457569 [ 342.401202] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 342.420147] RSP: 002b:00007f9f1365bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000065 [ 342.427884] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 342.435170] RDX: 00000000200000c0 RSI: 0000000000000138 RDI: 0000000000004209 [ 342.442464] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 342.449753] R10: 000000000070f000 R11: 0000000000000246 R12: 00007f9f1365c6d4 [ 342.457042] R13: 00000000004c3882 R14: 00000000004d5ce0 R15: 00000000ffffffff [ 342.464360] [ 342.466004] Local variable description: ----kiov@ptrace_request [ 342.472067] Variable was created at: [ 342.475810] ptrace_request+0x1a9/0x2900 [ 342.479898] arch_ptrace+0xb66/0x1150 [ 342.483701] [ 342.485343] Bytes 0-15 of 48 are uninitialized 16:22:54 executing program 5: r0 = socket$inet(0x2, 0x803, 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f00000000c0)=@req3={0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x1c) r1 = socket$inet6(0xa, 0x3, 0x6) ioctl(r1, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000001840)={{{@in=@broadcast, @in, 0x0, 0x0, 0x0, 0x0, 0x2}}, {{@in=@broadcast, 0x0, 0xff}, 0x0, @in6=@loopback}}, 0xe8) syz_emit_ethernet(0x2a, &(0x7f0000000240)={@link_local, @empty, [], {@ipv4={0x800, {{0x5, 0x4, 0xe805, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x4, 0x0, @empty, @broadcast}, @udp={0x0, 0x0, 0x8}}}}}, 0x0) [ 342.489957] Memory access of size 48 starts at ffff888173b0fd50 [ 342.496043] Data copied to user address 000000000070f000 [ 342.501501] ================================================================== [ 342.508869] Disabling lock debugging due to kernel taint [ 342.514332] Kernel panic - not syncing: panic_on_warn set ... [ 342.520244] CPU: 0 PID: 9119 Comm: syz-executor4 Tainted: G B 4.20.0-rc3+ #102 [ 342.528921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 342.538309] Call Trace: [ 342.540934] dump_stack+0x32d/0x480 [ 342.544608] panic+0x624/0xc08 [ 342.547889] kmsan_report+0x28a/0x290 [ 342.551731] kmsan_internal_check_memory+0x514/0xa50 [ 342.556909] ? do_page_fault+0x98/0xd0 [ 342.560878] kmsan_copy_to_user+0x78/0xd0 [ 342.565075] _copy_to_user+0x19a/0x230 [ 342.569028] copy_siginfo_to_user+0x80/0x160 [ 342.573481] ptrace_request+0x24a5/0x2900 [ 342.577679] ? __msan_poison_alloca+0x1e0/0x270 [ 342.582393] ? arch_ptrace+0x89/0x1150 [ 342.586312] ? __se_sys_ptrace+0x46c/0x990 [ 342.590584] arch_ptrace+0xb66/0x1150 [ 342.594429] __se_sys_ptrace+0x46c/0x990 [ 342.598549] __x64_sys_ptrace+0x56/0x70 [ 342.602561] do_syscall_64+0xcf/0x110 [ 342.606402] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 342.611636] RIP: 0033:0x457569 [ 342.614866] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 342.633792] RSP: 002b:00007f9f1365bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000065 [ 342.641539] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000457569 [ 342.648842] RDX: 00000000200000c0 RSI: 0000000000000138 RDI: 0000000000004209 [ 342.656146] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 342.663504] R10: 000000000070f000 R11: 0000000000000246 R12: 00007f9f1365c6d4 [ 342.670792] R13: 00000000004c3882 R14: 00000000004d5ce0 R15: 00000000ffffffff [ 342.679083] Kernel Offset: disabled [ 342.682740] Rebooting in 86400 seconds..