[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 60.464023][ T26] audit: type=1800 audit(1571913504.174:25): pid=8720 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 60.490804][ T26] audit: type=1800 audit(1571913504.174:26): pid=8720 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 60.523436][ T26] audit: type=1800 audit(1571913504.174:27): pid=8720 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.201' (ECDSA) to the list of known hosts. 2019/10/24 10:38:32 fuzzer started 2019/10/24 10:38:34 dialing manager at 10.128.0.26:38287 2019/10/24 10:38:34 syscalls: 2525 2019/10/24 10:38:34 code coverage: enabled 2019/10/24 10:38:34 comparison tracing: enabled 2019/10/24 10:38:34 extra coverage: extra coverage is not supported by the kernel 2019/10/24 10:38:34 setuid sandbox: enabled 2019/10/24 10:38:34 namespace sandbox: enabled 2019/10/24 10:38:34 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/24 10:38:34 fault injection: enabled 2019/10/24 10:38:34 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/24 10:38:34 net packet injection: enabled 2019/10/24 10:38:34 net device setup: enabled 2019/10/24 10:38:34 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 10:40:28 executing program 0: io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 10:40:29 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETA(r1, 0x5406, &(0x7f00000000c0)={0xfffc, 0x0, 0x0, 0x2}) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0xa}) syzkaller login: [ 185.447498][ T8889] IPVS: ftp: loaded support on port[0] = 21 [ 185.611223][ T8891] IPVS: ftp: loaded support on port[0] = 21 [ 185.628226][ T8889] chnl_net:caif_netlink_parms(): no params data found [ 185.691786][ T8889] bridge0: port 1(bridge_slave_0) entered blocking state [ 185.699478][ T8889] bridge0: port 1(bridge_slave_0) entered disabled state [ 185.709264][ T8889] device bridge_slave_0 entered promiscuous mode [ 185.724486][ T8889] bridge0: port 2(bridge_slave_1) entered blocking state [ 185.733355][ T8889] bridge0: port 2(bridge_slave_1) entered disabled state [ 185.742820][ T8889] device bridge_slave_1 entered promiscuous mode [ 185.772138][ T8889] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 185.784607][ T8889] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 10:40:29 executing program 2: r0 = syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0x0, 0x0) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(r0, 0xc0305615, &(0x7f0000000040)) [ 185.815613][ T8889] team0: Port device team_slave_0 added [ 185.834496][ T8889] team0: Port device team_slave_1 added [ 185.953391][ T8891] chnl_net:caif_netlink_parms(): no params data found 10:40:29 executing program 3: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0xa925, 0x2b, 0x0, 0xffffffffffffffff}) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000000)=0x1) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000080)=0x2) [ 186.073547][ T8889] device hsr_slave_0 entered promiscuous mode [ 186.161048][ T8889] device hsr_slave_1 entered promiscuous mode 10:40:30 executing program 4: accept4(0xffffffffffffffff, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @initdev}}}, 0x0, 0x80000) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) getpid() sched_setscheduler(0x0, 0x0, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000440)='ns/mnt\x00') bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10) r0 = socket(0x15, 0x805, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10) getpgid(0x0) getpgrp(0xffffffffffffffff) getsockopt(0xffffffffffffffff, 0x114, 0x2715, &(0x7f0000af0fe7)=""/13, &(0x7f000033bffc)=0x3e3) socket(0x15, 0x805, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000001040)={{{@in=@remote, @in=@remote}}, {{@in=@loopback}, 0x0, @in=@loopback}}, &(0x7f0000001140)=0xe8) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket(0x15, 0x80005, 0x0) getsockopt(r1, 0x114, 0x2715, &(0x7f0000af0fe7)=""/13, &(0x7f000033bffc)=0x3e3) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000001200), &(0x7f0000001240)=0xc) clone3(&(0x7f0000001480)={0x0, &(0x7f0000001280), 0x0, &(0x7f0000001300), 0x0, 0x0, &(0x7f0000001340)=""/227, 0xe3, &(0x7f0000001440)=""/52}, 0x40) [ 186.234139][ T8895] IPVS: ftp: loaded support on port[0] = 21 [ 186.253847][ T8889] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.261138][ T8889] bridge0: port 2(bridge_slave_1) entered forwarding state [ 186.269053][ T8889] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.276330][ T8889] bridge0: port 1(bridge_slave_0) entered forwarding state [ 186.305228][ T8897] IPVS: ftp: loaded support on port[0] = 21 [ 186.399410][ T8891] bridge0: port 1(bridge_slave_0) entered blocking state [ 186.420700][ T8891] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.440797][ T8891] device bridge_slave_0 entered promiscuous mode [ 186.448903][ T8891] bridge0: port 2(bridge_slave_1) entered blocking state [ 186.471547][ T8891] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.481678][ T8891] device bridge_slave_1 entered promiscuous mode 10:40:30 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ifreq(r0, 0x89f5, &(0x7f0000000080)={'sit0\x00', @ifru_flags}) [ 186.544692][ T8899] IPVS: ftp: loaded support on port[0] = 21 [ 186.590070][ T8891] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 186.613712][ T3496] bridge0: port 1(bridge_slave_0) entered disabled state [ 186.633953][ T3496] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.670949][ T8891] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 186.712326][ T8891] team0: Port device team_slave_0 added [ 186.754697][ T8891] team0: Port device team_slave_1 added [ 186.754849][ T8902] IPVS: ftp: loaded support on port[0] = 21 [ 186.783411][ T8897] chnl_net:caif_netlink_parms(): no params data found [ 186.798811][ T8889] 8021q: adding VLAN 0 to HW filter on device bond0 [ 186.871681][ T8891] device hsr_slave_0 entered promiscuous mode [ 186.920172][ T8891] device hsr_slave_1 entered promiscuous mode [ 186.990060][ T8891] debugfs: Directory 'hsr0' with parent '/' already present! [ 187.073986][ T3496] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 187.082697][ T3496] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 187.092753][ T8897] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.100426][ T8897] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.108228][ T8897] device bridge_slave_0 entered promiscuous mode [ 187.116078][ T8897] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.123261][ T8897] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.131289][ T8897] device bridge_slave_1 entered promiscuous mode [ 187.164026][ T8889] 8021q: adding VLAN 0 to HW filter on device team0 [ 187.181620][ T8895] chnl_net:caif_netlink_parms(): no params data found [ 187.233895][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 187.243375][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 187.252988][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.260222][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 187.278050][ T8902] chnl_net:caif_netlink_parms(): no params data found [ 187.288380][ T8897] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 187.299446][ T8897] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 187.316725][ T8899] chnl_net:caif_netlink_parms(): no params data found [ 187.329205][ T2619] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 187.337983][ T2619] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 187.346945][ T2619] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.354038][ T2619] bridge0: port 2(bridge_slave_1) entered forwarding state [ 187.404802][ T3496] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 187.414252][ T3496] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 187.435946][ T8897] team0: Port device team_slave_0 added [ 187.443581][ T8897] team0: Port device team_slave_1 added [ 187.462337][ T8895] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.469500][ T8895] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.477894][ T8895] device bridge_slave_0 entered promiscuous mode [ 187.542756][ T8897] device hsr_slave_0 entered promiscuous mode [ 187.580152][ T8897] device hsr_slave_1 entered promiscuous mode [ 187.629796][ T8897] debugfs: Directory 'hsr0' with parent '/' already present! [ 187.640378][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 187.649227][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 187.659492][ T8895] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.666785][ T8895] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.675343][ T8895] device bridge_slave_1 entered promiscuous mode [ 187.691567][ T8902] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.699514][ T8902] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.708022][ T8902] device bridge_slave_0 entered promiscuous mode [ 187.736820][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 187.746099][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 187.755479][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 187.764601][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 187.773920][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 187.786987][ T8902] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.794272][ T8902] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.802519][ T8902] device bridge_slave_1 entered promiscuous mode [ 187.830609][ T8891] 8021q: adding VLAN 0 to HW filter on device bond0 [ 187.839466][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 187.852568][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 187.866784][ T8895] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 187.877362][ T8899] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.885009][ T8899] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.896791][ T8899] device bridge_slave_0 entered promiscuous mode [ 187.909376][ T8899] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.918290][ T8899] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.926624][ T8899] device bridge_slave_1 entered promiscuous mode [ 187.947982][ T8899] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 187.965623][ T8895] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 187.983754][ T8902] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 187.994830][ T8889] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 188.004738][ T8899] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 188.034699][ T8902] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 188.055608][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 188.064005][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 188.077423][ T8891] 8021q: adding VLAN 0 to HW filter on device team0 [ 188.086661][ T8895] team0: Port device team_slave_0 added [ 188.101557][ T8895] team0: Port device team_slave_1 added [ 188.114447][ T8902] team0: Port device team_slave_0 added [ 188.132821][ T8899] team0: Port device team_slave_0 added [ 188.158731][ T3496] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 188.167663][ T3496] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 188.176811][ T3496] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.183948][ T3496] bridge0: port 1(bridge_slave_0) entered forwarding state [ 188.192410][ T3496] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 188.201321][ T3496] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 188.210280][ T3496] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.217636][ T3496] bridge0: port 2(bridge_slave_1) entered forwarding state [ 188.225432][ T3496] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 188.235505][ T3496] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 188.244747][ T8902] team0: Port device team_slave_1 added [ 188.262491][ T8899] team0: Port device team_slave_1 added [ 188.342829][ T8895] device hsr_slave_0 entered promiscuous mode [ 188.380369][ T8895] device hsr_slave_1 entered promiscuous mode [ 188.419848][ T8895] debugfs: Directory 'hsr0' with parent '/' already present! [ 188.436635][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 188.445761][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 188.456766][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 188.512767][ T8902] device hsr_slave_0 entered promiscuous mode [ 188.570720][ T8902] device hsr_slave_1 entered promiscuous mode [ 188.630767][ T8902] debugfs: Directory 'hsr0' with parent '/' already present! [ 188.733171][ T8899] device hsr_slave_0 entered promiscuous mode [ 188.771218][ T8899] device hsr_slave_1 entered promiscuous mode [ 188.810088][ T8899] debugfs: Directory 'hsr0' with parent '/' already present! [ 188.824437][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 188.833371][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 188.842811][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 188.890450][ T8897] 8021q: adding VLAN 0 to HW filter on device bond0 [ 188.898457][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 188.908529][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 188.928113][ T8889] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 188.941237][ T8891] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 188.955115][ T8891] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 188.974976][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 188.983605][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 188.996456][ T8897] 8021q: adding VLAN 0 to HW filter on device team0 [ 189.017867][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 189.026048][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 189.034493][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 189.043408][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 189.052825][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.059962][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 189.070286][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 189.116550][ T8891] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 189.137758][ T3496] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 189.148045][ T3496] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 189.157723][ T3496] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.164876][ T3496] bridge0: port 2(bridge_slave_1) entered forwarding state [ 189.180343][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 189.227103][ T8899] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.252497][ T8902] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.276151][ T8899] 8021q: adding VLAN 0 to HW filter on device team0 [ 189.283303][ T2619] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 189.292725][ T2619] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 189.301616][ T2619] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 189.312963][ T2619] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 189.321646][ T2619] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 189.330381][ T2619] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 189.338225][ T2619] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 189.346810][ T2619] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 189.362960][ T8895] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.383283][ T8897] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 189.401196][ T8897] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 189.421734][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 189.439459][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 189.472185][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready 10:40:33 executing program 0: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000300)="1400000013000507ed008064d200100033000080", 0x14}], 0x1}, 0x0) [ 189.489931][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 189.499498][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 189.508485][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 189.516979][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.524111][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 189.541386][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 189.551638][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 189.562533][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.569722][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 189.580225][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 189.589329][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 189.599422][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 189.608568][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 189.640159][ T8897] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 189.661513][ T8905] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 189.677796][ T8902] 8021q: adding VLAN 0 to HW filter on device team0 10:40:33 executing program 0: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$sock_int(r0, 0x1, 0x3c, 0x0, &(0x7f0000000040)) [ 189.720296][ T8905] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 189.737084][ T8905] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready 10:40:33 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000001c0)=0x4) [ 189.768818][ T8905] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 189.783879][ T8905] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 189.801266][ T8905] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 189.820750][ T8905] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 189.837325][ T8905] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 189.855063][ T8905] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready 10:40:33 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000b80)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000200)={0x2, 0x1004e20, @loopback}, 0x10) sendto$inet(r1, &(0x7f0000000140)="6812334f6743a747f8", 0x9, 0x8800, &(0x7f00000000c0)={0x2, 0x4e21, @remote}, 0x10) connect$inet(r1, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendmsg$TIPC_NL_LINK_GET(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000580)={0x3c, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x28, 0x1, [@TIPC_NLA_BEARER_PROP={0x24, 0x2, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8}]}]}]}, 0x3c}}, 0x0) recvmmsg(r1, &(0x7f0000001000)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) [ 189.864040][ T8905] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 189.873064][ T8905] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 189.881437][ T8905] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 189.916804][ T8895] 8021q: adding VLAN 0 to HW filter on device team0 [ 189.925837][ T8899] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 189.944485][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 189.977402][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 189.986341][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 189.995277][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.002392][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.008847][ T8943] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 190.011631][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.037176][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.046032][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.053307][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.061558][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 10:40:33 executing program 0: getsockname$inet(0xffffffffffffffff, 0x0, &(0x7f0000000340)) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x3, 0x0) ioctl$sock_bt_hidp_HIDPCONNDEL(0xffffffffffffffff, 0x400448c9, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xe5f8440516fa1285}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() r1 = socket$unix(0x1, 0x2, 0x0) perf_event_open(&(0x7f00000002c0)={0x0, 0x70, 0x3f, 0xf7, 0x0, 0x0, 0x0, 0x3, 0x14010, 0x4, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x4, @perf_config_ext, 0xc5fdf6b7354019df, 0x0, 0x0, 0x8, 0x5, 0x0, 0xbe}, 0x0, 0x3, r0, 0xb) bind$unix(r1, &(0x7f00000006c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) ioctl$int_in(r1, 0x0, &(0x7f0000000000)=0x2) socketpair(0x11, 0x2, 0x0, &(0x7f0000000040)) connect$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = syz_open_procfs(0x0, &(0x7f00000012c0)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xedX#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80') openat$cgroup_ro(r2, &(0x7f00000000c0)='mem\x00\x01y7SwaS.\x06\x95r\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed0xffffffffffffffff}) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007140)=[{{&(0x7f0000001340)=@nl=@unspec, 0x80, 0x0, 0x0, 0x0, 0xfffffea0}}], 0x400015d, 0x0, 0x0) [ 190.095262][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 190.107501][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.125620][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 190.135783][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.150728][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 190.166004][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 190.175139][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 190.190560][ T48] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready 10:40:33 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x20, r3, 0x101, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x5}]}]}, 0x20}}, 0x0) [ 190.197447][ C0] hrtimer: interrupt took 57043 ns [ 190.216879][ T8899] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 190.228558][ T8902] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 190.282432][ T8902] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 190.340849][ T8905] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 190.366028][ T8905] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready 10:40:34 executing program 3: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0xa925, 0x2b, 0x0, 0xffffffffffffffff}) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000000)=0x1) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000080)=0x2) [ 190.395578][ T8905] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 190.402678][ T8954] ion_buffer_destroy: buffer still mapped in the kernel [ 190.410719][ T8905] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.417851][ T8905] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.433260][ T8958] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 190.433269][ T8905] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.444216][ T8905] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.465370][ T8905] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.472532][ T8905] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.487304][ T8905] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 10:40:34 executing program 3: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0xa925, 0x2b, 0x0, 0xffffffffffffffff}) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000000)=0x1) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000080)=0x2) [ 190.496742][ T8905] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.512317][ T8905] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 190.525871][ T8905] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 190.539502][ T8905] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 190.555918][ T8905] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.566045][ T8905] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 190.580410][ T8905] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 190.596319][ T8905] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 190.605217][ T8905] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 190.620238][ T8905] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 190.628920][ T8905] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 190.651701][ T8895] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 190.673170][ T2619] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 190.682621][ T2619] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 190.709047][ T8902] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 190.725369][ T8895] 8021q: adding VLAN 0 to HW filter on device batadv0 10:40:34 executing program 3: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r0, 0xc0184900, &(0x7f0000000040)={0xa925, 0x2b, 0x0, 0xffffffffffffffff}) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000000)=0x1) ioctl$DMA_BUF_IOCTL_SYNC(r1, 0x40086200, &(0x7f0000000080)=0x2) 10:40:34 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x20, r3, 0x101, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x5}]}]}, 0x20}}, 0x0) [ 191.101311][ T8993] netlink: 'syz-executor.1': attribute type 1 has an invalid length. 10:40:35 executing program 4: accept4(0xffffffffffffffff, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @initdev}}}, 0x0, 0x80000) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) getpid() sched_setscheduler(0x0, 0x0, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000440)='ns/mnt\x00') bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10) r0 = socket(0x15, 0x805, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10) getpgid(0x0) getpgrp(0xffffffffffffffff) getsockopt(0xffffffffffffffff, 0x114, 0x2715, &(0x7f0000af0fe7)=""/13, &(0x7f000033bffc)=0x3e3) socket(0x15, 0x805, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000001040)={{{@in=@remote, @in=@remote}}, {{@in=@loopback}, 0x0, @in=@loopback}}, &(0x7f0000001140)=0xe8) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket(0x15, 0x80005, 0x0) getsockopt(r1, 0x114, 0x2715, &(0x7f0000af0fe7)=""/13, &(0x7f000033bffc)=0x3e3) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000001200), &(0x7f0000001240)=0xc) clone3(&(0x7f0000001480)={0x0, &(0x7f0000001280), 0x0, &(0x7f0000001300), 0x0, 0x0, &(0x7f0000001340)=""/227, 0xe3, &(0x7f0000001440)=""/52}, 0x40) 10:40:35 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000002300)=ANY=[@ANYRES64], 0xfffffffffffffddc) r1 = socket(0x2, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000002c0)='bridge0\x00', 0x10) sendto$unix(r1, &(0x7f0000000180)="210000d9", 0xff25, 0x4008000, &(0x7f00000001c0)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendto$unix(r1, 0x0, 0x0, 0x0, &(0x7f00000000c0)=@abs={0x0, 0x0, 0x6a0000e1}, 0x6e) 10:40:35 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) r2 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560a067fffffff81004e220000000058000b4824ca944f64009400050028925aa8000000000000008000f0fffeffff09000000fff5dd000000100001000a0c0900fcff0000040e05a5", 0x58}], 0x1) 10:40:35 executing program 5: r0 = socket(0x10, 0x2, 0xc) write(r0, &(0x7f0000000000)="1f0000000104ff00fd4354c007110000f305010008000100010423dcffdf00", 0x1f) write(r0, &(0x7f00000000c0)="1f0000000104fffffd3b54c007110000f30501000b00040000b2f30c6dca31", 0x1f) 10:40:35 executing program 0: getsockname$inet(0xffffffffffffffff, 0x0, &(0x7f0000000340)) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x3, 0x0) ioctl$sock_bt_hidp_HIDPCONNDEL(0xffffffffffffffff, 0x400448c9, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xe5f8440516fa1285}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() r1 = socket$unix(0x1, 0x2, 0x0) perf_event_open(&(0x7f00000002c0)={0x0, 0x70, 0x3f, 0xf7, 0x0, 0x0, 0x0, 0x3, 0x14010, 0x4, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x4, @perf_config_ext, 0xc5fdf6b7354019df, 0x0, 0x0, 0x8, 0x5, 0x0, 0xbe}, 0x0, 0x3, r0, 0xb) bind$unix(r1, &(0x7f00000006c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) ioctl$int_in(r1, 0x0, &(0x7f0000000000)=0x2) socketpair(0x11, 0x2, 0x0, &(0x7f0000000040)) connect$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = syz_open_procfs(0x0, &(0x7f00000012c0)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xedX#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80') openat$cgroup_ro(r2, &(0x7f00000000c0)='mem\x00\x01y7SwaS.\x06\x95r\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed0xffffffffffffffff}) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007140)=[{{&(0x7f0000001340)=@nl=@unspec, 0x80, 0x0, 0x0, 0x0, 0xfffffea0}}], 0x400015d, 0x0, 0x0) 10:40:35 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x20, r3, 0x101, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x5}]}]}, 0x20}}, 0x0) 10:40:35 executing program 3: getsockname$inet(0xffffffffffffffff, 0x0, &(0x7f0000000340)) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x3, 0x0) ioctl$sock_bt_hidp_HIDPCONNDEL(0xffffffffffffffff, 0x400448c9, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xe5f8440516fa1285}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() r1 = socket$unix(0x1, 0x2, 0x0) perf_event_open(&(0x7f00000002c0)={0x0, 0x70, 0x3f, 0xf7, 0x0, 0x0, 0x0, 0x3, 0x14010, 0x4, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x4, @perf_config_ext, 0xc5fdf6b7354019df, 0x0, 0x0, 0x8, 0x5, 0x0, 0xbe}, 0x0, 0x3, r0, 0xb) bind$unix(r1, &(0x7f00000006c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) ioctl$int_in(r1, 0x0, &(0x7f0000000000)=0x2) socketpair(0x11, 0x2, 0x0, &(0x7f0000000040)) connect$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = syz_open_procfs(0x0, &(0x7f00000012c0)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xedX#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80') openat$cgroup_ro(r2, &(0x7f00000000c0)='mem\x00\x01y7SwaS.\x06\x95r\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed0xffffffffffffffff}) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007140)=[{{&(0x7f0000001340)=@nl=@unspec, 0x80, 0x0, 0x0, 0x0, 0xfffffea0}}], 0x400015d, 0x0, 0x0) [ 191.374217][ T9009] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.5'. [ 191.386421][ T9011] raw_sendmsg: syz-executor.2 forgot to set AF_INET. Fix it! [ 191.395811][ T9010] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 191.414530][ T9009] netlink: 'syz-executor.5': attribute type 4 has an invalid length. 10:40:35 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_MON_SET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)={0x20, r3, 0x101, 0x0, 0x0, {}, [@TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x5}]}]}, 0x20}}, 0x0) [ 191.484207][ T9009] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.5'. 10:40:35 executing program 2: getsockname$inet(0xffffffffffffffff, 0x0, &(0x7f0000000340)) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x3, 0x0) ioctl$sock_bt_hidp_HIDPCONNDEL(0xffffffffffffffff, 0x400448c9, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xe5f8440516fa1285}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() r1 = socket$unix(0x1, 0x2, 0x0) perf_event_open(&(0x7f00000002c0)={0x0, 0x70, 0x3f, 0xf7, 0x0, 0x0, 0x0, 0x3, 0x14010, 0x4, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x4, @perf_config_ext, 0xc5fdf6b7354019df, 0x0, 0x0, 0x8, 0x5, 0x0, 0xbe}, 0x0, 0x3, r0, 0xb) bind$unix(r1, &(0x7f00000006c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) ioctl$int_in(r1, 0x0, &(0x7f0000000000)=0x2) socketpair(0x11, 0x2, 0x0, &(0x7f0000000040)) connect$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = syz_open_procfs(0x0, &(0x7f00000012c0)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xedX#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80') openat$cgroup_ro(r2, &(0x7f00000000c0)='mem\x00\x01y7SwaS.\x06\x95r\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed0xffffffffffffffff}) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007140)=[{{&(0x7f0000001340)=@nl=@unspec, 0x80, 0x0, 0x0, 0x0, 0xfffffea0}}], 0x400015d, 0x0, 0x0) 10:40:35 executing program 5: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r0, &(0x7f0000d83fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f000095dff8)=ANY=[@ANYBLOB="0100f8ff", @ANYRES32=0x0], &(0x7f0000000180)=0x8) socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000340)={0x0, 0x0}) close(r1) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f0000000180)=0x8) getsockopt$inet_sctp_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f0000000380)={r3}, &(0x7f00000003c0)=0x10) [ 191.636011][ T9024] netlink: 'syz-executor.1': attribute type 1 has an invalid length. 10:40:35 executing program 1: socketpair(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8947, &(0x7f0000000080)='ip6tnl0\x00') 10:40:35 executing program 4: accept4(0xffffffffffffffff, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @initdev}}}, 0x0, 0x80000) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) getpid() sched_setscheduler(0x0, 0x0, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000440)='ns/mnt\x00') bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10) r0 = socket(0x15, 0x805, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10) getpgid(0x0) getpgrp(0xffffffffffffffff) getsockopt(0xffffffffffffffff, 0x114, 0x2715, &(0x7f0000af0fe7)=""/13, &(0x7f000033bffc)=0x3e3) socket(0x15, 0x805, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000001040)={{{@in=@remote, @in=@remote}}, {{@in=@loopback}, 0x0, @in=@loopback}}, &(0x7f0000001140)=0xe8) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket(0x15, 0x80005, 0x0) getsockopt(r1, 0x114, 0x2715, &(0x7f0000af0fe7)=""/13, &(0x7f000033bffc)=0x3e3) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000001200), &(0x7f0000001240)=0xc) clone3(&(0x7f0000001480)={0x0, &(0x7f0000001280), 0x0, &(0x7f0000001300), 0x0, 0x0, &(0x7f0000001340)=""/227, 0xe3, &(0x7f0000001440)=""/52}, 0x40) 10:40:35 executing program 5: r0 = socket(0x10, 0x802, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getsockopt$SO_BINDTODEVICE(r0, 0x1, 0x1c, &(0x7f0000000000), 0x20a154cc) 10:40:35 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x68b, &(0x7f0000000100)={&(0x7f00000002c0)={0x14, 0x0, 0xa, 0x319}, 0x14}}, 0x0) r2 = socket(0x10, 0x80002, 0xc) sendmmsg$alg(r2, &(0x7f0000000140), 0xffffffffffffff68, 0x0) 10:40:35 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt(r0, 0xff, 0x0, 0x0, 0x0) 10:40:35 executing program 0: getsockname$inet(0xffffffffffffffff, 0x0, &(0x7f0000000340)) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x3, 0x0) ioctl$sock_bt_hidp_HIDPCONNDEL(0xffffffffffffffff, 0x400448c9, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xe5f8440516fa1285}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() r1 = socket$unix(0x1, 0x2, 0x0) perf_event_open(&(0x7f00000002c0)={0x0, 0x70, 0x3f, 0xf7, 0x0, 0x0, 0x0, 0x3, 0x14010, 0x4, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x4, @perf_config_ext, 0xc5fdf6b7354019df, 0x0, 0x0, 0x8, 0x5, 0x0, 0xbe}, 0x0, 0x3, r0, 0xb) bind$unix(r1, &(0x7f00000006c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) ioctl$int_in(r1, 0x0, &(0x7f0000000000)=0x2) socketpair(0x11, 0x2, 0x0, &(0x7f0000000040)) connect$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = syz_open_procfs(0x0, &(0x7f00000012c0)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xedX#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80') openat$cgroup_ro(r2, &(0x7f00000000c0)='mem\x00\x01y7SwaS.\x06\x95r\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed0xffffffffffffffff}) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007140)=[{{&(0x7f0000001340)=@nl=@unspec, 0x80, 0x0, 0x0, 0x0, 0xfffffea0}}], 0x400015d, 0x0, 0x0) 10:40:36 executing program 5: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@array]}}, &(0x7f0000003580)=""/4096, 0x32, 0x1000, 0x8}, 0x20) 10:40:36 executing program 4: accept4(0xffffffffffffffff, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @initdev}}}, 0x0, 0x80000) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) getpid() sched_setscheduler(0x0, 0x0, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000440)='ns/mnt\x00') bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10) r0 = socket(0x15, 0x805, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @loopback}, 0x10) getpgid(0x0) getpgrp(0xffffffffffffffff) getsockopt(0xffffffffffffffff, 0x114, 0x2715, &(0x7f0000af0fe7)=""/13, &(0x7f000033bffc)=0x3e3) socket(0x15, 0x805, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000001040)={{{@in=@remote, @in=@remote}}, {{@in=@loopback}, 0x0, @in=@loopback}}, &(0x7f0000001140)=0xe8) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket(0x15, 0x80005, 0x0) getsockopt(r1, 0x114, 0x2715, &(0x7f0000af0fe7)=""/13, &(0x7f000033bffc)=0x3e3) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000001200), &(0x7f0000001240)=0xc) clone3(&(0x7f0000001480)={0x0, &(0x7f0000001280), 0x0, &(0x7f0000001300), 0x0, 0x0, &(0x7f0000001340)=""/227, 0xe3, &(0x7f0000001440)=""/52}, 0x40) 10:40:36 executing program 3: getsockname$inet(0xffffffffffffffff, 0x0, &(0x7f0000000340)) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x3, 0x0) ioctl$sock_bt_hidp_HIDPCONNDEL(0xffffffffffffffff, 0x400448c9, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xe5f8440516fa1285}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() r1 = socket$unix(0x1, 0x2, 0x0) perf_event_open(&(0x7f00000002c0)={0x0, 0x70, 0x3f, 0xf7, 0x0, 0x0, 0x0, 0x3, 0x14010, 0x4, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x4, @perf_config_ext, 0xc5fdf6b7354019df, 0x0, 0x0, 0x8, 0x5, 0x0, 0xbe}, 0x0, 0x3, r0, 0xb) bind$unix(r1, &(0x7f00000006c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) ioctl$int_in(r1, 0x0, &(0x7f0000000000)=0x2) socketpair(0x11, 0x2, 0x0, &(0x7f0000000040)) connect$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = syz_open_procfs(0x0, &(0x7f00000012c0)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xedX#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80') openat$cgroup_ro(r2, &(0x7f00000000c0)='mem\x00\x01y7SwaS.\x06\x95r\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed0xffffffffffffffff}) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007140)=[{{&(0x7f0000001340)=@nl=@unspec, 0x80, 0x0, 0x0, 0x0, 0xfffffea0}}], 0x400015d, 0x0, 0x0) 10:40:36 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000500)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x80}) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000000)={0x7e}) [ 192.414384][ T9059] BPF:[1] ARRAY (anon) [ 192.430986][ T9059] BPF:type_id=0 index_type_id=0 nr_elems=0 [ 192.451393][ T9059] BPF: [ 192.459016][ T9059] BPF:Invalid elem [ 192.489499][ T9059] BPF: [ 192.489499][ T9059] [ 192.529290][ T9065] BPF:[1] ARRAY (anon) [ 192.586989][ T9065] BPF:type_id=0 index_type_id=0 nr_elems=0 10:40:36 executing program 2: getsockname$inet(0xffffffffffffffff, 0x0, &(0x7f0000000340)) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x3, 0x0) ioctl$sock_bt_hidp_HIDPCONNDEL(0xffffffffffffffff, 0x400448c9, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xe5f8440516fa1285}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() r1 = socket$unix(0x1, 0x2, 0x0) perf_event_open(&(0x7f00000002c0)={0x0, 0x70, 0x3f, 0xf7, 0x0, 0x0, 0x0, 0x3, 0x14010, 0x4, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x4, @perf_config_ext, 0xc5fdf6b7354019df, 0x0, 0x0, 0x8, 0x5, 0x0, 0xbe}, 0x0, 0x3, r0, 0xb) bind$unix(r1, &(0x7f00000006c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) ioctl$int_in(r1, 0x0, &(0x7f0000000000)=0x2) socketpair(0x11, 0x2, 0x0, &(0x7f0000000040)) connect$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = syz_open_procfs(0x0, &(0x7f00000012c0)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xedX#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80') openat$cgroup_ro(r2, &(0x7f00000000c0)='mem\x00\x01y7SwaS.\x06\x95r\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed0xffffffffffffffff}) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007140)=[{{&(0x7f0000001340)=@nl=@unspec, 0x80, 0x0, 0x0, 0x0, 0xfffffea0}}], 0x400015d, 0x0, 0x0) [ 192.652973][ T9065] BPF: 10:40:36 executing program 1: r0 = socket$kcm(0xa, 0x2, 0x88) sendmsg$kcm(r0, &(0x7f0000004740)={&(0x7f0000000580)=@in6={0xa, 0x4e21, 0x0, @local}, 0x80, 0x0}, 0xe803) sendmsg$kcm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000b80)='9', 0x1}], 0x1}, 0xc000) r1 = socket$kcm(0x29, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000003c80)={0x0, 0x0, &(0x7f00000039c0)=[{&(0x7f0000003840)='l', 0x1}], 0x1}, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000001140)="9f", 0x1}], 0x1}, 0x0) [ 192.674108][ T9065] BPF:Invalid elem [ 192.704250][ T9065] BPF: [ 192.704250][ T9065] 10:40:36 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0xf4}, {0x0, 0xd8}, {0x0}, {&(0x7f00000001c0)="0d00000000003639408fa3a3ba27660199783b0a82f79b32a7c8225086600a38e07d4db88a66596759e95307b680ab73e03c53555c97e8e37d01da4d44a994354a9fa3f355214eeabd24fd620b2022d5ad63b369aaffe9a6b608a5fece0eca95d71f2d3e60613a027fb50cbcbd92d44076d3b97247e066165ccf1032f51d36ab231f6c", 0x83}], 0x4, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x196, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 10:40:36 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) mmap(&(0x7f0000ff0000/0x10000)=nil, 0x10000, 0x0, 0x11011, r0, 0x0) mremap(&(0x7f0000ff6000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000ff3000/0x1000)=nil) 10:40:36 executing program 4: r0 = syz_open_dev$sndctrl(&(0x7f0000000200)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_LIST(r0, 0xc1105511, &(0x7f00000000c0)={0x0, 0x2, 0x2, 0x0, &(0x7f0000000280)=[{}, {}]}) 10:40:36 executing program 0: getsockname$inet(0xffffffffffffffff, 0x0, &(0x7f0000000340)) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x3, 0x0) ioctl$sock_bt_hidp_HIDPCONNDEL(0xffffffffffffffff, 0x400448c9, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xe5f8440516fa1285}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() r1 = socket$unix(0x1, 0x2, 0x0) perf_event_open(&(0x7f00000002c0)={0x0, 0x70, 0x3f, 0xf7, 0x0, 0x0, 0x0, 0x3, 0x14010, 0x4, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x4, @perf_config_ext, 0xc5fdf6b7354019df, 0x0, 0x0, 0x8, 0x5, 0x0, 0xbe}, 0x0, 0x3, r0, 0xb) bind$unix(r1, &(0x7f00000006c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) ioctl$int_in(r1, 0x0, &(0x7f0000000000)=0x2) socketpair(0x11, 0x2, 0x0, &(0x7f0000000040)) connect$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = syz_open_procfs(0x0, &(0x7f00000012c0)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xedX#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80') openat$cgroup_ro(r2, &(0x7f00000000c0)='mem\x00\x01y7SwaS.\x06\x95r\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed0xffffffffffffffff}) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007140)=[{{&(0x7f0000001340)=@nl=@unspec, 0x80, 0x0, 0x0, 0x0, 0xfffffea0}}], 0x400015d, 0x0, 0x0) 10:40:36 executing program 4: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_OPERSTATE={0x8, 0x3, 0x2f}, @IFLA_LINKINFO={0x14, 0x12, @ipip6={{0xc, 0x1, 'ip6tnl\x00'}, {0x4}}}]}, 0x3c}}, 0x0) [ 193.169834][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 193.175867][ C0] protocol 88fb is buggy, dev hsr_slave_1 10:40:37 executing program 4: io_submit(0x0, 0x1, &(0x7f0000000040)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x316}]) sendmsg(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f00000001c0)=@nfc={0x27, 0x10001}, 0x80, 0x0, 0x0, &(0x7f0000000540)=[{0x10, 0x0, 0xf1}], 0x10}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 10:40:37 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000300)='cpuset.mems\x00', 0x2, 0x0) r2 = openat$cgroup_ro(r0, &(0x7f0000000280)='cpuacct.usage_all\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x1000) 10:40:37 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000040)={0x0, 0x0, @ioapic={0x3000}}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[], 0x0, 0xffffffffffffffff}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000180)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) 10:40:37 executing program 3: getsockname$inet(0xffffffffffffffff, 0x0, &(0x7f0000000340)) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x3, 0x0) ioctl$sock_bt_hidp_HIDPCONNDEL(0xffffffffffffffff, 0x400448c9, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xe5f8440516fa1285}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() r1 = socket$unix(0x1, 0x2, 0x0) perf_event_open(&(0x7f00000002c0)={0x0, 0x70, 0x3f, 0xf7, 0x0, 0x0, 0x0, 0x3, 0x14010, 0x4, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x4, @perf_config_ext, 0xc5fdf6b7354019df, 0x0, 0x0, 0x8, 0x5, 0x0, 0xbe}, 0x0, 0x3, r0, 0xb) bind$unix(r1, &(0x7f00000006c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) ioctl$int_in(r1, 0x0, &(0x7f0000000000)=0x2) socketpair(0x11, 0x2, 0x0, &(0x7f0000000040)) connect$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = syz_open_procfs(0x0, &(0x7f00000012c0)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xedX#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80') openat$cgroup_ro(r2, &(0x7f00000000c0)='mem\x00\x01y7SwaS.\x06\x95r\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed0xffffffffffffffff}) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007140)=[{{&(0x7f0000001340)=@nl=@unspec, 0x80, 0x0, 0x0, 0x0, 0xfffffea0}}], 0x400015d, 0x0, 0x0) [ 193.510474][ T9112] EXT4-fs: Warning: mounting with data=journal disables delayed allocation and O_DIRECT support! 10:40:37 executing program 2: getsockname$inet(0xffffffffffffffff, 0x0, &(0x7f0000000340)) syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x3, 0x0) ioctl$sock_bt_hidp_HIDPCONNDEL(0xffffffffffffffff, 0x400448c9, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xe5f8440516fa1285}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() r1 = socket$unix(0x1, 0x2, 0x0) perf_event_open(&(0x7f00000002c0)={0x0, 0x70, 0x3f, 0xf7, 0x0, 0x0, 0x0, 0x3, 0x14010, 0x4, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff, 0x4, @perf_config_ext, 0xc5fdf6b7354019df, 0x0, 0x0, 0x8, 0x5, 0x0, 0xbe}, 0x0, 0x3, r0, 0xb) bind$unix(r1, &(0x7f00000006c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) ioctl$int_in(r1, 0x0, &(0x7f0000000000)=0x2) socketpair(0x11, 0x2, 0x0, &(0x7f0000000040)) connect$unix(r1, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = syz_open_procfs(0x0, &(0x7f00000012c0)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xedX#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80') openat$cgroup_ro(r2, &(0x7f00000000c0)='mem\x00\x01y7SwaS.\x06\x95r\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed0xffffffffffffffff}) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sendmmsg(r1, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000007140)=[{{&(0x7f0000001340)=@nl=@unspec, 0x80, 0x0, 0x0, 0x0, 0xfffffea0}}], 0x400015d, 0x0, 0x0) [ 193.584929][ T9112] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 193.601180][ T9122] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 193.602657][ T9112] EXT4-fs (loop4): first meta block group too large: 65537 (group descriptor block count 1) [ 193.739550][ T9122] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 193.757107][ T9129] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 193.789159][ T9129] EXT4-fs (loop4): first meta block group too large: 65537 (group descriptor block count 1) 10:40:37 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x3, 0x0, 0x0) 10:40:37 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41d1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="740000002d000b05000000fffbff63a55b0bd467", @ANYRES32, @ANYBLOB="00000014f1ffffffffffffff080001007366710048000200ff03000000000080b9a00600000000000000030000000033cc3598c9aa8178bdf1000000000000000000000001009900007c24f1583940ea0e363002e94564838f54825863fe646c248656cb5d845549c55af303007bfb7232a524afef20c0034fbd32262c964c61f3771603fd386dc70a77e506002bd950e808d63007d6c6251ac28f6b621f863af067671514a2ab528d7d2bef3b8444b64c874370810633f2eb7d7a89d0f3cf2074bb2e180708593cd728826dfe7b7bc2cbc705ed95700983ea22eefa47c53252758e28ba5302e15a86aff40a0cb6088e18f3326fa3a5dcd32cb951da688b87960000000000321e6e4daef23cf875a45a0643142ac688f2a10d2a194d7079ce17e9cbda5da7ecf526f153140e6740200000b3c3c00b656f9021957cb27486eea0345bdf43b770452e1353b94884160ab1357707dacc631c885e515d18f9e1697a8604cd27f232de351b821c373ad44e60efd73e28c85c3f602e6f2d8268632cf7ab32f50ae8dc09e8b4eac7c711a4eae1a64d7a79f6905f21ae9d412522ea6922cc73de45faa9ed7fca3f51b8735a5b80a3e4f2a734244c4bb59be1d2a81c2e4a41fd55019f6e63433634d7b5e8bf7e7ef1a7af72ce50388b86e4fe38648bcedcedc38ff9d9c3c7c8951f7fecd29780fd125117ed98a16b66e623abd8f08738bd5222de9ddfc43e84ab45beb28f0da722c8a8fbd2b506ffe4df874644f112a094546909b98ec249578181e8594f3aefb4db554dadd97be43ed277f88ad03bd90fb53921b37a7d2e"], 0x74}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000180)=[{0x2, 0x1000000000000, &(0x7f0000000080), 0x0, &(0x7f0000000100)}], 0x492492492492642, 0x0) 10:40:39 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./\x00g\x04\x7f\x80F\xda\xc64\x02\x01.\xadrouE$\x95_\x92\xa6\xc6l1\xca\x94\xc4\x8c]<\xe7\xde\xed\x15\x9e\xc1\xca7M:?\x80\xbf\xed\xdd\xbd0[\x9a/\x8c\xc2z\xc8\x15\x10\x82\x15\xc1+\x99\'a\xdb\xf3\xcb\x02j\x1a3\x17\x06\xc3\xb0\xfbo\xa4[\x130\x9b\xb6\x8cf\xc0JF\xefI\x13\xfe\\\x95\x8c\xa3\xe1}\xd2Sg\x93\x90\x84\x00b\xc6\x9d\xea\x1f\xed\xb7|\xae\x83M\xa0\xe6\xac\xdc\xc5\x8aj\x8e/\xc0\xe7\xaa\xab\x18\x9a,9l\x0e\xce`K\x81\xab\xee\xd6\x89\xd9\xa6Zo\xc9\x90\xba\x87\xba3?~\x05G^2\xe9\xb5v\xf8o\x89t\xb6\xd8_\xb6\xb5\x0eSLRaQ\xb0<%\x82gu\xbd\x17\xe0\xd1\xa7\x1e\xfb+JT\x9b\x0eM\xfc\x80w4\xcb\x8b\x91\xc5\x8b\xdbKQ\x1e\x9b\xe7O>1Y\xca\x99\xf2a\xbf\xf6y\xa3\xc6@X\x99\xdb!\xa8\x9b\xc1\xd5\xe8\xae\xc5w:\xf5', 0x200002, 0x0) mkdirat$cgroup(r1, &(0x7f00000000c0)='.\xe9\x00', 0x1ff) 10:40:39 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/udp6\x00') syz_kvm_setup_cpu$x86(r5, r4, &(0x7f0000fe6000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffe71) 10:40:39 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) mmap(&(0x7f0000008000/0x1000)=nil, 0x1000, 0x300000a, 0x8013, r0, 0x0) writev(r0, &(0x7f0000001280)=[{&(0x7f0000000140)="e1", 0x1}], 0x1) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000040)={0x8}) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x19}}, 0x10) setsockopt$sock_int(r1, 0x1, 0x6, &(0x7f0000000140)=0x32, 0x4) connect$inet(r1, &(0x7f0000000200)={0x2, 0x0, @broadcast}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x4000000000001a8, 0x0) 10:40:39 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41d1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="740000002d000b05000000fffbff63a55b0bd467", @ANYRES32, @ANYBLOB="00000014f1ffffffffffffff080001007366710048000200ff03000000000080b9a00600000000000000030000000033cc3598c9aa8178bdf1000000000000000000000001009900007c24f1583940ea0e363002e94564838f54825863fe646c248656cb5d845549c55af303007bfb7232a524afef20c0034fbd32262c964c61f3771603fd386dc70a77e506002bd950e808d63007d6c6251ac28f6b621f863af067671514a2ab528d7d2bef3b8444b64c874370810633f2eb7d7a89d0f3cf2074bb2e180708593cd728826dfe7b7bc2cbc705ed95700983ea22eefa47c53252758e28ba5302e15a86aff40a0cb6088e18f3326fa3a5dcd32cb951da688b87960000000000321e6e4daef23cf875a45a0643142ac688f2a10d2a194d7079ce17e9cbda5da7ecf526f153140e6740200000b3c3c00b656f9021957cb27486eea0345bdf43b770452e1353b94884160ab1357707dacc631c885e515d18f9e1697a8604cd27f232de351b821c373ad44e60efd73e28c85c3f602e6f2d8268632cf7ab32f50ae8dc09e8b4eac7c711a4eae1a64d7a79f6905f21ae9d412522ea6922cc73de45faa9ed7fca3f51b8735a5b80a3e4f2a734244c4bb59be1d2a81c2e4a41fd55019f6e63433634d7b5e8bf7e7ef1a7af72ce50388b86e4fe38648bcedcedc38ff9d9c3c7c8951f7fecd29780fd125117ed98a16b66e623abd8f08738bd5222de9ddfc43e84ab45beb28f0da722c8a8fbd2b506ffe4df874644f112a094546909b98ec249578181e8594f3aefb4db554dadd97be43ed277f88ad03bd90fb53921b37a7d2e"], 0x74}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000180)=[{0x2, 0x1000000000000, &(0x7f0000000080), 0x0, &(0x7f0000000100)}], 0x492492492492642, 0x0) 10:40:39 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ipip={{0xc, 0x1, 'ipip\x00'}, {0xc, 0x2, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @empty}]}}}]}, 0x3c}}, 0x0) 10:40:39 executing program 2: r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) r3 = add_key$keyring(&(0x7f00000004c0)='keyring\x00', &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$setperm(0x5, r3, 0x202002) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) keyctl$chown(0x4, r3, r1, r2) keyctl$restrict_keyring(0xb, r3, 0x0, 0x0) 10:40:39 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r0, &(0x7f00000000c0)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e24, @remote}}, 0x24) sendmmsg(0xffffffffffffffff, &(0x7f0000005c00), 0x0, 0x0) sendmmsg(r0, &(0x7f0000005c00)=[{{0x0, 0xfffffffffffffd95, 0x0, 0x0, &(0x7f0000000000)=[{0x18, 0x110, 0x1, "ec"}], 0x18}}], 0x1, 0x0) 10:40:39 executing program 2: r0 = syz_open_dev$sndctrl(&(0x7f0000000240)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000000)=0x8) read$FUSE(r0, &(0x7f0000001080), 0x1000) 10:40:39 executing program 0: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r0) close(r1) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000040)) write$cgroup_type(0xffffffffffffffff, 0x0, 0x0) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0xfffffc61) close(r1) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmsg(r0, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x2000012e}], 0x1, 0x0, 0xd01}, 0x3f00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8916, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='/\x02roup.stap\x00', 0x2761, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000080)={0x0, 0x3fff80000, 0x8}, 0xc) bpf$MAP_CREATE(0x0, &(0x7f00000002c0)={0x12, 0x4, 0x4, 0x6, 0x41, 0xffffffffffffffff, 0x5, [], 0x0, 0xffffffffffffffff, 0x2, 0x5}, 0x3c) 10:40:39 executing program 5: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_RESET_LINK_STATS(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x1f, r1, 0x20b, 0x0, 0x0, {{}, 0x0, 0x410c, 0x0, {0xe0, 0x14, 'syz0\x00\x12\xc0;\xf3\x18\x1cy~T9\xaf\xd8\xda\'\xe68\xe3\x15\xd3c\xc4\xb5Q\xf9\xa5eX\x96\xc7\x06\xa8&\x18\x10i\xe9\x8ax2\xe7\xf5\x9bA\x17\xa1@\xf0\x05\xdd\xfb{\xc5\xa9/\xd5\xf7c\n\x95\x00\x8ft!\xa2\xfec\x92\xd2\x80\x99\xc5\x98\xd3q\xf0\xbb8\x16\x9f}\aq\xcd\xbb9O@n\x90%\x9e\xbe\x03\x92\x06\x82\xcc)\xe1W\x84[y\x16\x92B\x13k~\xdb\xb7\t\x89$.\xc2RZ\xdcy5\x93\xc3\\!\x8bUe\xe8\xb9\xe7\x01\xb9!\xcd&\x82FI\xc2y\xf1\x91*\x0e\xa2\x82C@\x06*\x17+%\xe7\xf0G\x03.lO2\xef\x03\xdcTd.w\xc9\xcd\xb4\xaf)\xb9\x10\b\xf4\xd0\x96\xce\x94\xb1v\xa7\xdb?1j\xcd\xc5}\x1btWmf\xa1\xe7C\x96\xed0\xbd\xe2\xba(sjH}\xb4OE\xca'}}}, 0xfc}}, 0x0) 10:40:39 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41d1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="740000002d000b05000000fffbff63a55b0bd467", @ANYRES32, @ANYBLOB="00000014f1ffffffffffffff080001007366710048000200ff03000000000080b9a00600000000000000030000000033cc3598c9aa8178bdf1000000000000000000000001009900007c24f1583940ea0e363002e94564838f54825863fe646c248656cb5d845549c55af303007bfb7232a524afef20c0034fbd32262c964c61f3771603fd386dc70a77e506002bd950e808d63007d6c6251ac28f6b621f863af067671514a2ab528d7d2bef3b8444b64c874370810633f2eb7d7a89d0f3cf2074bb2e180708593cd728826dfe7b7bc2cbc705ed95700983ea22eefa47c53252758e28ba5302e15a86aff40a0cb6088e18f3326fa3a5dcd32cb951da688b87960000000000321e6e4daef23cf875a45a0643142ac688f2a10d2a194d7079ce17e9cbda5da7ecf526f153140e6740200000b3c3c00b656f9021957cb27486eea0345bdf43b770452e1353b94884160ab1357707dacc631c885e515d18f9e1697a8604cd27f232de351b821c373ad44e60efd73e28c85c3f602e6f2d8268632cf7ab32f50ae8dc09e8b4eac7c711a4eae1a64d7a79f6905f21ae9d412522ea6922cc73de45faa9ed7fca3f51b8735a5b80a3e4f2a734244c4bb59be1d2a81c2e4a41fd55019f6e63433634d7b5e8bf7e7ef1a7af72ce50388b86e4fe38648bcedcedc38ff9d9c3c7c8951f7fecd29780fd125117ed98a16b66e623abd8f08738bd5222de9ddfc43e84ab45beb28f0da722c8a8fbd2b506ffe4df874644f112a094546909b98ec249578181e8594f3aefb4db554dadd97be43ed277f88ad03bd90fb53921b37a7d2e"], 0x74}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000180)=[{0x2, 0x1000000000000, &(0x7f0000000080), 0x0, &(0x7f0000000100)}], 0x492492492492642, 0x0) 10:40:40 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x1b, 0x0}}], 0x400000000000398, 0x0, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/dev\x00') preadv(r0, &(0x7f00000017c0), 0x315, 0x0) 10:40:40 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r0, &(0x7f00000000c0)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e24, @remote}}, 0x24) sendmmsg(0xffffffffffffffff, &(0x7f0000005c00), 0x0, 0x0) sendmmsg(r0, &(0x7f0000005c00)=[{{0x0, 0xfffffffffffffd95, 0x0, 0x0, &(0x7f0000000000)=[{0x18, 0x110, 0x1, "ec"}], 0x18}}], 0x1, 0x0) 10:40:40 executing program 5: r0 = socket$inet(0x10, 0x2, 0x0) sendmsg(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000080)="240000001a0007041dfffd946f6105000a0000001f00e2ffffff08000800040035000000", 0x24}], 0x1}, 0x0) 10:40:40 executing program 5: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x5eb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='io.max\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f0000000000)=ANY=[@ANYBLOB='7:2\t'], 0x4) 10:40:40 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x1b, 0x0}}], 0x400000000000398, 0x0, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/dev\x00') preadv(r0, &(0x7f00000017c0), 0x315, 0x0) 10:40:40 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41d1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="740000002d000b05000000fffbff63a55b0bd467", @ANYRES32, @ANYBLOB="00000014f1ffffffffffffff080001007366710048000200ff03000000000080b9a00600000000000000030000000033cc3598c9aa8178bdf1000000000000000000000001009900007c24f1583940ea0e363002e94564838f54825863fe646c248656cb5d845549c55af303007bfb7232a524afef20c0034fbd32262c964c61f3771603fd386dc70a77e506002bd950e808d63007d6c6251ac28f6b621f863af067671514a2ab528d7d2bef3b8444b64c874370810633f2eb7d7a89d0f3cf2074bb2e180708593cd728826dfe7b7bc2cbc705ed95700983ea22eefa47c53252758e28ba5302e15a86aff40a0cb6088e18f3326fa3a5dcd32cb951da688b87960000000000321e6e4daef23cf875a45a0643142ac688f2a10d2a194d7079ce17e9cbda5da7ecf526f153140e6740200000b3c3c00b656f9021957cb27486eea0345bdf43b770452e1353b94884160ab1357707dacc631c885e515d18f9e1697a8604cd27f232de351b821c373ad44e60efd73e28c85c3f602e6f2d8268632cf7ab32f50ae8dc09e8b4eac7c711a4eae1a64d7a79f6905f21ae9d412522ea6922cc73de45faa9ed7fca3f51b8735a5b80a3e4f2a734244c4bb59be1d2a81c2e4a41fd55019f6e63433634d7b5e8bf7e7ef1a7af72ce50388b86e4fe38648bcedcedc38ff9d9c3c7c8951f7fecd29780fd125117ed98a16b66e623abd8f08738bd5222de9ddfc43e84ab45beb28f0da722c8a8fbd2b506ffe4df874644f112a094546909b98ec249578181e8594f3aefb4db554dadd97be43ed277f88ad03bd90fb53921b37a7d2e"], 0x74}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000180)=[{0x2, 0x1000000000000, &(0x7f0000000080), 0x0, &(0x7f0000000100)}], 0x492492492492642, 0x0) 10:40:40 executing program 3: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r0, &(0x7f00000000c0)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e24, @remote}}, 0x24) sendmmsg(0xffffffffffffffff, &(0x7f0000005c00), 0x0, 0x0) sendmmsg(r0, &(0x7f0000005c00)=[{{0x0, 0xfffffffffffffd95, 0x0, 0x0, &(0x7f0000000000)=[{0x18, 0x110, 0x1, "ec"}], 0x18}}], 0x1, 0x0) [ 196.935406][ T9212] ================================================================== [ 196.943759][ T9212] BUG: KASAN: use-after-free in nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 196.952101][ T9212] Read of size 1 at addr ffff8880a2166c04 by task syz-executor.3/9212 [ 196.960286][ T9212] [ 196.962642][ T9212] CPU: 1 PID: 9212 Comm: syz-executor.3 Not tainted 5.4.0-rc4-next-20191024 #0 [ 196.971582][ T9212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 196.981649][ T9212] Call Trace: [ 196.984966][ T9212] dump_stack+0x172/0x1f0 [ 196.989406][ T9212] ? nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 196.995413][ T9212] print_address_description.constprop.0.cold+0xd4/0x30b [ 197.002491][ T9212] ? nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 197.008489][ T9212] ? nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 197.014496][ T9212] __kasan_report.cold+0x1b/0x41 [ 197.019435][ T9212] ? nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 197.025538][ T9212] kasan_report+0x12/0x20 [ 197.029890][ T9212] __asan_report_load1_noabort+0x14/0x20 [ 197.035547][ T9212] nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 197.041379][ T9212] ? nf_ct_expect_unregister_notifier+0x140/0x140 [ 197.047825][ T9212] nf_confirm+0x3d8/0x4d0 [ 197.052181][ T9212] ipv4_confirm+0x14c/0x240 [ 197.056701][ T9212] nf_hook_slow+0xbc/0x1e0 [ 197.061145][ T9212] ip_output+0x40d/0x670 [ 197.065413][ T9212] ? ip_mc_output+0xf60/0xf60 [ 197.070108][ T9212] ? retint_kernel+0x2b/0x2b [ 197.074732][ T9212] ? __ip_finish_output+0xbd0/0xbd0 [ 197.080045][ T9212] ip_local_out+0xbb/0x1b0 [ 197.084483][ T9212] ip_send_skb+0x42/0xf0 [ 197.088743][ T9212] udp_send_skb.isra.0+0x6d5/0x11b0 [ 197.093961][ T9212] ? xfrm_lookup_route+0x5b/0x1e0 [ 197.099101][ T9212] udp_sendmsg+0x1e8f/0x2810 [ 197.105570][ T9212] ? ip_reply_glue_bits+0xc0/0xc0 [ 197.110632][ T9212] ? udp_unicast_rcv_skb.isra.0+0x360/0x360 [ 197.116634][ T9212] ? tomoyo_unix_entry+0x5d0/0x5d0 [ 197.121803][ T9212] ? ___might_sleep+0x163/0x2c0 [ 197.126899][ T9212] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 197.132552][ T9212] ? aa_sk_perm+0x288/0x870 [ 197.137088][ T9212] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 197.142664][ T9212] inet_sendmsg+0x9e/0xe0 [ 197.147030][ T9212] ? inet_sendmsg+0x9e/0xe0 [ 197.151558][ T9212] ? inet_send_prepare+0x4e0/0x4e0 [ 197.156687][ T9212] sock_sendmsg+0xd7/0x130 [ 197.161121][ T9212] kernel_sendmsg+0x44/0x50 [ 197.165649][ T9212] rxrpc_send_data_packet+0x10cb/0x36b0 [ 197.171225][ T9212] ? rxrpc_send_abort_packet+0xe70/0xe70 [ 197.176900][ T9212] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 197.183188][ T9212] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 197.188767][ T9212] ? rxrpc_get_connection+0xa3/0x380 [ 197.194095][ T9212] rxrpc_send_data+0x1097/0x4130 [ 197.199054][ T9212] ? rxrpc_send_data+0x1097/0x4130 [ 197.204468][ T9212] ? rxrpc_kernel_abort_call+0x8b0/0x8b0 [ 197.210335][ T9212] ? __this_cpu_preempt_check+0x35/0x190 [ 197.216029][ T9212] ? retint_kernel+0x2b/0x2b [ 197.220728][ T9212] ? rxrpc_do_sendmsg+0x1009/0x1d5f [ 197.225947][ T9212] ? rxrpc_put_peer+0x19/0x760 [ 197.230720][ T9212] ? rxrpc_put_peer+0x101/0x760 [ 197.235757][ T9212] ? rxrpc_put_peer+0x106/0x760 [ 197.240630][ T9212] rxrpc_do_sendmsg+0xb8e/0x1d5f [ 197.245691][ T9212] ? rxrpc_kernel_send_data+0x4e0/0x4e0 [ 197.251345][ T9212] ? mutex_unlock+0xd/0x10 [ 197.255774][ T9212] ? __local_bh_enable_ip+0x15a/0x270 [ 197.261174][ T9212] rxrpc_sendmsg+0x4d6/0x5f0 [ 197.266203][ T9212] ? rxrpc_kernel_probe_life+0x40/0x40 [ 197.271666][ T9212] sock_sendmsg+0xd7/0x130 [ 197.276093][ T9212] ___sys_sendmsg+0x3e2/0x920 [ 197.280796][ T9212] ? copy_msghdr_from_user+0x440/0x440 [ 197.286283][ T9212] ? lock_downgrade+0x920/0x920 [ 197.291161][ T9212] ? rcu_read_lock_held+0x9c/0xb0 [ 197.296270][ T9212] ? __kasan_check_read+0x11/0x20 [ 197.301400][ T9212] ? __fget+0x37f/0x550 [ 197.305577][ T9212] ? ksys_dup3+0x3e0/0x3e0 [ 197.310011][ T9212] ? __this_cpu_preempt_check+0x35/0x190 [ 197.315688][ T9212] ? __fget_light+0x1a9/0x230 [ 197.320380][ T9212] ? __fdget+0x1b/0x20 [ 197.324453][ T9212] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.331063][ T9212] ? sockfd_lookup_light+0xcb/0x180 [ 197.336291][ T9212] __sys_sendmmsg+0x1bf/0x4d0 [ 197.340991][ T9212] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 197.346139][ T9212] ? _copy_to_user+0x118/0x160 [ 197.350927][ T9212] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 197.357187][ T9212] ? put_timespec64+0xda/0x140 [ 197.361975][ T9212] ? nsecs_to_jiffies+0x30/0x30 [ 197.366858][ T9212] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 197.372343][ T9212] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 197.377819][ T9212] ? do_syscall_64+0x26/0x760 10:40:41 executing program 2: r0 = syz_open_dev$sndctrl(&(0x7f0000000240)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000000)=0x8) read$FUSE(r0, &(0x7f0000001080), 0x1000) 10:40:41 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x1b, 0x0}}], 0x400000000000398, 0x0, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/dev\x00') preadv(r0, &(0x7f00000017c0), 0x315, 0x0) [ 197.382518][ T9212] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.388605][ T9212] ? do_syscall_64+0x26/0x760 [ 197.393299][ T9212] __x64_sys_sendmmsg+0x9d/0x100 [ 197.398264][ T9212] do_syscall_64+0xfa/0x760 [ 197.402790][ T9212] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.408694][ T9212] RIP: 0033:0x459ef9 [ 197.412602][ T9212] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 197.432227][ T9212] RSP: 002b:00007f7539aa2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 197.440867][ T9212] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459ef9 [ 197.448997][ T9212] RDX: 0000000000000001 RSI: 0000000020005c00 RDI: 0000000000000004 [ 197.456982][ T9212] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 197.464968][ T9212] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7539aa36d4 [ 197.473244][ T9212] R13: 00000000004c7ab9 R14: 00000000004dd908 R15: 00000000ffffffff [ 197.481245][ T9212] [ 197.483579][ T9212] Allocated by task 9212: [ 197.487921][ T9212] save_stack+0x23/0x90 [ 197.492114][ T9212] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 197.497766][ T9212] kasan_krealloc+0x84/0xc0 [ 197.502369][ T9212] krealloc+0xa6/0xd0 [ 197.502395][ T9212] nf_ct_ext_add+0x2c7/0x630 [ 197.502412][ T9212] init_conntrack.isra.0+0x5ed/0x11a0 [ 197.502421][ T9212] nf_conntrack_in+0xd94/0x1460 [ 197.502432][ T9212] ipv4_conntrack_local+0x127/0x220 [ 197.511087][ T9212] nf_hook_slow+0xbc/0x1e0 [ 197.511103][ T9212] __ip_local_out+0x403/0x870 [ 197.511115][ T9212] ip_local_out+0x2d/0x1b0 [ 197.511125][ T9212] ip_send_skb+0x42/0xf0 [ 197.511138][ T9212] udp_send_skb.isra.0+0x6d5/0x11b0 [ 197.511147][ T9212] udp_sendmsg+0x1e8f/0x2810 [ 197.511165][ T9212] inet_sendmsg+0x9e/0xe0 [ 197.558777][ T9212] sock_sendmsg+0xd7/0x130 [ 197.563248][ T9212] kernel_sendmsg+0x44/0x50 [ 197.567737][ T9212] rxrpc_send_data_packet+0x10cb/0x36b0 [ 197.573330][ T9212] rxrpc_send_data+0x1097/0x4130 [ 197.578285][ T9212] rxrpc_do_sendmsg+0xb8e/0x1d5f [ 197.583366][ T9212] rxrpc_sendmsg+0x4d6/0x5f0 [ 197.587970][ T9212] sock_sendmsg+0xd7/0x130 [ 197.592407][ T9212] ___sys_sendmsg+0x3e2/0x920 [ 197.597138][ T9212] __sys_sendmmsg+0x1bf/0x4d0 [ 197.601834][ T9212] __x64_sys_sendmmsg+0x9d/0x100 [ 197.606774][ T9212] do_syscall_64+0xfa/0x760 [ 197.611355][ T9212] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.617654][ T9212] [ 197.619963][ T9212] Freed by task 9212: [ 197.624081][ T9212] save_stack+0x23/0x90 [ 197.628233][ T9212] __kasan_slab_free+0x102/0x150 [ 197.633158][ T9212] kasan_slab_free+0xe/0x10 [ 197.637643][ T9212] kfree+0x10a/0x2c0 [ 197.641522][ T9212] nf_ct_ext_destroy+0x2ab/0x2e0 [ 197.646595][ T9212] nf_conntrack_free+0x8f/0xe0 [ 197.651350][ T9212] destroy_conntrack+0x1a2/0x270 [ 197.656293][ T9212] nf_conntrack_destroy+0xed/0x230 [ 197.661409][ T9212] __nf_conntrack_confirm+0x21ca/0x2830 [ 197.666952][ T9212] nf_confirm+0x3e7/0x4d0 [ 197.671268][ T9212] ipv4_confirm+0x14c/0x240 [ 197.675757][ T9212] nf_hook_slow+0xbc/0x1e0 [ 197.680163][ T9212] ip_output+0x40d/0x670 [ 197.684415][ T9212] ip_local_out+0xbb/0x1b0 [ 197.688828][ T9212] ip_send_skb+0x42/0xf0 [ 197.693067][ T9212] udp_send_skb.isra.0+0x6d5/0x11b0 [ 197.698248][ T9212] udp_sendmsg+0x1e8f/0x2810 [ 197.702820][ T9212] inet_sendmsg+0x9e/0xe0 [ 197.707128][ T9212] sock_sendmsg+0xd7/0x130 [ 197.711543][ T9212] kernel_sendmsg+0x44/0x50 [ 197.716029][ T9212] rxrpc_send_data_packet+0x10cb/0x36b0 [ 197.721574][ T9212] rxrpc_send_data+0x1097/0x4130 [ 197.726586][ T9212] rxrpc_do_sendmsg+0xb8e/0x1d5f [ 197.731520][ T9212] rxrpc_sendmsg+0x4d6/0x5f0 [ 197.736092][ T9212] sock_sendmsg+0xd7/0x130 [ 197.740493][ T9212] ___sys_sendmsg+0x3e2/0x920 [ 197.745152][ T9212] __sys_sendmmsg+0x1bf/0x4d0 [ 197.749810][ T9212] __x64_sys_sendmmsg+0x9d/0x100 [ 197.754732][ T9212] do_syscall_64+0xfa/0x760 [ 197.759235][ T9212] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 197.765102][ T9212] [ 197.767417][ T9212] The buggy address belongs to the object at ffff8880a2166c00 [ 197.767417][ T9212] which belongs to the cache kmalloc-128 of size 128 [ 197.781466][ T9212] The buggy address is located 4 bytes inside of [ 197.781466][ T9212] 128-byte region [ffff8880a2166c00, ffff8880a2166c80) [ 197.794547][ T9212] The buggy address belongs to the page: [ 197.800169][ T9212] page:ffffea0002885980 refcount:1 mapcount:0 mapping:ffff8880aa400700 index:0x0 [ 197.809303][ T9212] flags: 0x1fffc0000000200(slab) [ 197.814335][ T9212] raw: 01fffc0000000200 ffffea00025587c8 ffff8880aa401548 ffff8880aa400700 [ 197.822910][ T9212] raw: 0000000000000000 ffff8880a2166000 0000000100000010 0000000000000000 [ 197.831494][ T9212] page dumped because: kasan: bad access detected [ 197.837887][ T9212] [ 197.840196][ T9212] Memory state around the buggy address: [ 197.845823][ T9212] ffff8880a2166b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 197.853871][ T9212] ffff8880a2166b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 197.861938][ T9212] >ffff8880a2166c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 197.869990][ T9212] ^ [ 197.874056][ T9212] ffff8880a2166c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc 10:40:41 executing program 0: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r0) close(r1) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000040)) write$cgroup_type(0xffffffffffffffff, 0x0, 0x0) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0xfffffc61) close(r1) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmsg(r0, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x2000012e}], 0x1, 0x0, 0xd01}, 0x3f00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8916, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='/\x02roup.stap\x00', 0x2761, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000080)={0x0, 0x3fff80000, 0x8}, 0xc) bpf$MAP_CREATE(0x0, &(0x7f00000002c0)={0x12, 0x4, 0x4, 0x6, 0x41, 0xffffffffffffffff, 0x5, [], 0x0, 0xffffffffffffffff, 0x2, 0x5}, 0x3c) 10:40:41 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x1b, 0x0}}], 0x400000000000398, 0x0, 0x0) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/dev\x00') preadv(r0, &(0x7f00000017c0), 0x315, 0x0) [ 197.882105][ T9212] ffff8880a2166d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 197.890320][ T9212] ================================================================== [ 197.898383][ T9212] Disabling lock debugging due to kernel taint [ 197.907039][ T9212] Kernel panic - not syncing: panic_on_warn set ... [ 197.910763][ T3887] kobject: 'loop0' (0000000084f711b2): kobject_uevent_env [ 197.913691][ T9212] CPU: 1 PID: 9212 Comm: syz-executor.3 Tainted: G B 5.4.0-rc4-next-20191024 #0 [ 197.935808][ T9212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.946045][ T9212] Call Trace: [ 197.949350][ T9212] dump_stack+0x172/0x1f0 [ 197.953690][ T9212] panic+0x2e3/0x75c [ 197.957589][ T9212] ? add_taint.cold+0x16/0x16 [ 197.962309][ T9212] ? nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 197.967407][ T3887] kobject: 'loop0' (0000000084f711b2): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 197.968300][ T9212] ? preempt_schedule+0x4b/0x60 [ 197.983556][ T9212] ? ___preempt_schedule+0x16/0x18 [ 197.990009][ T9212] ? trace_hardirqs_on+0x5e/0x240 [ 197.995053][ T9212] ? nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 198.001059][ T9212] end_report+0x47/0x4f [ 198.005260][ T9212] ? nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 198.011255][ T9212] __kasan_report.cold+0xe/0x41 [ 198.016125][ T9212] ? nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 198.022124][ T9212] kasan_report+0x12/0x20 [ 198.026569][ T9212] __asan_report_load1_noabort+0x14/0x20 [ 198.032230][ T9212] nf_ct_deliver_cached_events+0x5c3/0x6d0 [ 198.036172][ T3887] kobject: 'loop1' (00000000975a862a): kobject_uevent_env [ 198.038263][ T9212] ? nf_ct_expect_unregister_notifier+0x140/0x140 [ 198.051905][ T9212] nf_confirm+0x3d8/0x4d0 [ 198.056258][ T9212] ipv4_confirm+0x14c/0x240 [ 198.060812][ T9212] nf_hook_slow+0xbc/0x1e0 [ 198.065268][ T9212] ip_output+0x40d/0x670 [ 198.069534][ T9212] ? ip_mc_output+0xf60/0xf60 [ 198.069601][ T3887] kobject: 'loop1' (00000000975a862a): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 198.074206][ T9212] ? retint_kernel+0x2b/0x2b [ 198.074228][ T9212] ? __ip_finish_output+0xbd0/0xbd0 [ 198.074246][ T9212] ip_local_out+0xbb/0x1b0 [ 198.098593][ T9212] ip_send_skb+0x42/0xf0 [ 198.102848][ T9212] udp_send_skb.isra.0+0x6d5/0x11b0 [ 198.108066][ T9212] ? xfrm_lookup_route+0x5b/0x1e0 [ 198.113112][ T9212] udp_sendmsg+0x1e8f/0x2810 [ 198.117717][ T9212] ? ip_reply_glue_bits+0xc0/0xc0 [ 198.122763][ T9212] ? udp_unicast_rcv_skb.isra.0+0x360/0x360 [ 198.128671][ T9212] ? tomoyo_unix_entry+0x5d0/0x5d0 [ 198.133807][ T9212] ? ___might_sleep+0x163/0x2c0 10:40:41 executing program 2: r0 = syz_open_dev$sndctrl(&(0x7f0000000240)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000000)=0x8) read$FUSE(r0, &(0x7f0000001080), 0x1000) [ 198.138688][ T9212] ? debug_lockdep_rcu_enabled+0x71/0xa0 [ 198.144353][ T9212] ? aa_sk_perm+0x288/0x870 [ 198.148876][ T9212] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 198.154436][ T9212] inet_sendmsg+0x9e/0xe0 [ 198.158779][ T9212] ? inet_sendmsg+0x9e/0xe0 [ 198.163312][ T9212] ? inet_send_prepare+0x4e0/0x4e0 [ 198.168431][ T9212] sock_sendmsg+0xd7/0x130 [ 198.171973][ T3887] kobject: 'loop2' (000000009e136fed): kobject_uevent_env [ 198.172853][ T9212] kernel_sendmsg+0x44/0x50 [ 198.184436][ T9212] rxrpc_send_data_packet+0x10cb/0x36b0 [ 198.189998][ T9212] ? rxrpc_send_abort_packet+0xe70/0xe70 [ 198.190302][ T3887] kobject: 'loop2' (000000009e136fed): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 198.195633][ T9212] ? rcu_lockdep_current_cpu_online+0xe3/0x130 [ 198.195656][ T9212] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 198.217479][ T9212] ? rxrpc_get_connection+0xa3/0x380 [ 198.222790][ T9212] rxrpc_send_data+0x1097/0x4130 [ 198.227742][ T9212] ? rxrpc_send_data+0x1097/0x4130 [ 198.232870][ T9212] ? rxrpc_kernel_abort_call+0x8b0/0x8b0 [ 198.238517][ T9212] ? __this_cpu_preempt_check+0x35/0x190 [ 198.244268][ T9212] ? retint_kernel+0x2b/0x2b [ 198.248872][ T9212] ? rxrpc_do_sendmsg+0x1009/0x1d5f [ 198.254084][ T9212] ? rxrpc_put_peer+0x19/0x760 [ 198.258856][ T9212] ? rxrpc_put_peer+0x101/0x760 [ 198.263716][ T9212] ? rxrpc_put_peer+0x106/0x760 [ 198.268664][ T9212] rxrpc_do_sendmsg+0xb8e/0x1d5f [ 198.273638][ T9212] ? rxrpc_kernel_send_data+0x4e0/0x4e0 [ 198.279207][ T9212] ? mutex_unlock+0xd/0x10 [ 198.283644][ T9212] ? __local_bh_enable_ip+0x15a/0x270 [ 198.289127][ T9212] rxrpc_sendmsg+0x4d6/0x5f0 [ 198.293732][ T9212] ? rxrpc_kernel_probe_life+0x40/0x40 [ 198.299207][ T9212] sock_sendmsg+0xd7/0x130 [ 198.303638][ T9212] ___sys_sendmsg+0x3e2/0x920 [ 198.308334][ T9212] ? copy_msghdr_from_user+0x440/0x440 [ 198.313801][ T9212] ? lock_downgrade+0x920/0x920 [ 198.318667][ T9212] ? rcu_read_lock_held+0x9c/0xb0 [ 198.323729][ T9212] ? __kasan_check_read+0x11/0x20 [ 198.329109][ T9212] ? __fget+0x37f/0x550 [ 198.333276][ T9212] ? ksys_dup3+0x3e0/0x3e0 [ 198.337731][ T9212] ? __this_cpu_preempt_check+0x35/0x190 [ 198.343368][ T9212] ? __fget_light+0x1a9/0x230 [ 198.348062][ T9212] ? __fdget+0x1b/0x20 [ 198.352157][ T9212] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 198.358448][ T9212] ? sockfd_lookup_light+0xcb/0x180 [ 198.363760][ T9212] __sys_sendmmsg+0x1bf/0x4d0 [ 198.368459][ T9212] ? __ia32_sys_sendmsg+0xb0/0xb0 [ 198.373497][ T9212] ? _copy_to_user+0x118/0x160 [ 198.378281][ T9212] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 198.384539][ T9212] ? put_timespec64+0xda/0x140 10:40:42 executing program 0: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cpuacct.usage_sys\x00\xc7\xec\xac\xd9&{\x0f\x96\xad\xd1\x8fl![\x8f\xb9\f\xca\x1d\xc2{\xee\xb7\x03K\x0f\xa6\xaa;\xf6\x89\xf7b^\xa5\xafI\r\xc4\x9f\v\xf2\x1c\xdc\xddp2\xb7\xbb\x1b\xfev\xea\xed\xe0\xaa\xe8\xceR`\xbb\xf2\xed;pC\x19\xbfn\x16\xaa\x199\xfe.Q\xebvB\xd2\x19&l?\x87\x17H\x1f.\xdbA\x1b\xafz\xe3\xdc};*\xec\xfe\xfa\xfb/\x18g\x80y\xfe\x89', 0x26e1, 0x0) close(r0) close(r1) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000040)) write$cgroup_type(0xffffffffffffffff, 0x0, 0x0) write$cgroup_type(r1, &(0x7f0000000080)='threaded\x00', 0xfffffc61) close(r1) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmsg(r0, &(0x7f0000000140)={0x0, 0x1d, &(0x7f0000000000)=[{&(0x7f00000000c0)=""/110, 0x2000012e}], 0x1, 0x0, 0xd01}, 0x3f00) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8916, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000100)='/\x02roup.stap\x00', 0x2761, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000080)={0x0, 0x3fff80000, 0x8}, 0xc) bpf$MAP_CREATE(0x0, &(0x7f00000002c0)={0x12, 0x4, 0x4, 0x6, 0x41, 0xffffffffffffffff, 0x5, [], 0x0, 0xffffffffffffffff, 0x2, 0x5}, 0x3c) [ 198.389411][ T9212] ? nsecs_to_jiffies+0x30/0x30 [ 198.394369][ T9212] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 198.399848][ T9212] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 198.405328][ T9212] ? do_syscall_64+0x26/0x760 [ 198.410718][ T9212] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 198.416803][ T9212] ? do_syscall_64+0x26/0x760 [ 198.421499][ T9212] __x64_sys_sendmmsg+0x9d/0x100 [ 198.426464][ T9212] do_syscall_64+0xfa/0x760 [ 198.430992][ T9212] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 198.436896][ T9212] RIP: 0033:0x459ef9 [ 198.440805][ T9212] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 198.446224][ T3887] kobject: 'loop0' (0000000084f711b2): kobject_uevent_env [ 198.460424][ T9212] RSP: 002b:00007f7539aa2c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 198.460436][ T9212] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000459ef9 [ 198.460443][ T9212] RDX: 0000000000000001 RSI: 0000000020005c00 RDI: 0000000000000004 [ 198.460457][ T9212] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 198.482198][ T3887] kobject: 'loop0' (0000000084f711b2): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 198.484011][ T9212] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7539aa36d4 [ 198.484020][ T9212] R13: 00000000004c7ab9 R14: 00000000004dd908 R15: 00000000ffffffff [ 198.493709][ T9212] Kernel Offset: disabled [ 198.532101][ T9212] Rebooting in 86400 seconds..