[ 61.846751] audit: type=1800 audit(1543591830.898:25): pid=6548 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 61.865939] audit: type=1800 audit(1543591830.918:26): pid=6548 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 61.885340] audit: type=1800 audit(1543591830.928:27): pid=6548 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 63.244679] sshd (6615) used greatest stack depth: 54112 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.196' (ECDSA) to the list of known hosts. 2018/11/30 15:30:44 fuzzer started 2018/11/30 15:30:49 dialing manager at 10.128.0.26:36989 2018/11/30 15:30:49 syscalls: 1 2018/11/30 15:30:49 code coverage: enabled 2018/11/30 15:30:49 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/11/30 15:30:49 setuid sandbox: enabled 2018/11/30 15:30:49 namespace sandbox: enabled 2018/11/30 15:30:49 Android sandbox: /sys/fs/selinux/policy does not exist 2018/11/30 15:30:49 fault injection: enabled 2018/11/30 15:30:49 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/11/30 15:30:49 net packet injection: enabled 2018/11/30 15:30:49 net device setup: enabled 15:33:44 executing program 0: mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) seccomp(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0xfffffffffffffffb}]}) lstat(&(0x7f0000000300)='./file1\x00', &(0x7f0000000340)) syzkaller login: [ 256.363479] IPVS: ftp: loaded support on port[0] = 21 [ 258.683846] bridge0: port 1(bridge_slave_0) entered blocking state [ 258.690343] bridge0: port 1(bridge_slave_0) entered disabled state [ 258.699224] device bridge_slave_0 entered promiscuous mode [ 258.856207] bridge0: port 2(bridge_slave_1) entered blocking state [ 258.862775] bridge0: port 2(bridge_slave_1) entered disabled state [ 258.871336] device bridge_slave_1 entered promiscuous mode [ 259.008080] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 259.146379] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 259.560436] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 259.701592] bond0: Enslaving bond_slave_1 as an active interface with an up link 15:33:48 executing program 1: seccomp(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0xfffffffffffffffb}]}) rt_sigprocmask(0x0, &(0x7f0000000040), 0x0, 0x8) [ 260.451913] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 260.460004] team0: Port device team_slave_0 added [ 260.674089] IPVS: ftp: loaded support on port[0] = 21 [ 260.828991] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 260.837378] team0: Port device team_slave_1 added [ 261.106028] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 261.295802] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 261.303052] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 261.312158] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 261.513547] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 261.521130] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 261.530375] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 261.785971] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 261.793671] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 261.803119] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 263.440210] ip (6824) used greatest stack depth: 54016 bytes left [ 264.170417] bridge0: port 1(bridge_slave_0) entered blocking state [ 264.177043] bridge0: port 1(bridge_slave_0) entered disabled state [ 264.185618] device bridge_slave_0 entered promiscuous mode [ 264.233439] bridge0: port 2(bridge_slave_1) entered blocking state [ 264.239946] bridge0: port 2(bridge_slave_1) entered forwarding state [ 264.247017] bridge0: port 1(bridge_slave_0) entered blocking state [ 264.253908] bridge0: port 1(bridge_slave_0) entered forwarding state [ 264.262830] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 264.312366] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 264.453597] bridge0: port 2(bridge_slave_1) entered blocking state [ 264.460056] bridge0: port 2(bridge_slave_1) entered disabled state [ 264.468679] device bridge_slave_1 entered promiscuous mode [ 264.635800] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 264.771204] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 265.470236] bond0: Enslaving bond_slave_0 as an active interface with an up link 15:33:54 executing program 2: mkdir(&(0x7f0000000440)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) preadv(r1, &(0x7f00000009c0)=[{0x0}, {&(0x7f00000005c0)=""/214, 0xd6}], 0x2, 0x0) [ 265.623737] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 265.794233] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 265.801307] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 266.052428] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 266.059473] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 266.559699] IPVS: ftp: loaded support on port[0] = 21 [ 266.781922] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 266.790012] team0: Port device team_slave_0 added [ 267.018334] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 267.026654] team0: Port device team_slave_1 added [ 267.263972] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 267.278545] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 267.287555] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 267.496044] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 267.503199] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 267.512191] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 267.796819] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 267.804705] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 267.814073] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 268.056899] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 268.064734] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 268.073791] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 271.059642] bridge0: port 1(bridge_slave_0) entered blocking state [ 271.066404] bridge0: port 1(bridge_slave_0) entered disabled state [ 271.075053] device bridge_slave_0 entered promiscuous mode [ 271.129229] bridge0: port 2(bridge_slave_1) entered blocking state [ 271.135779] bridge0: port 2(bridge_slave_1) entered forwarding state [ 271.142816] bridge0: port 1(bridge_slave_0) entered blocking state [ 271.149327] bridge0: port 1(bridge_slave_0) entered forwarding state [ 271.158238] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 271.350609] bridge0: port 2(bridge_slave_1) entered blocking state [ 271.357331] bridge0: port 2(bridge_slave_1) entered disabled state [ 271.365921] device bridge_slave_1 entered promiscuous mode [ 271.525499] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 271.702900] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 271.805960] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 272.487516] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 272.782856] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 273.050061] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 273.057330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 273.390661] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 273.397888] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 274.123176] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 274.131332] team0: Port device team_slave_0 added [ 274.480500] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 274.488898] team0: Port device team_slave_1 added 15:34:03 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) getsockopt$inet_int(r0, 0x0, 0x21, 0x0, &(0x7f0000000080)) [ 274.759628] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 274.768380] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 274.777553] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 275.076293] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 275.083536] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 275.092424] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 275.459606] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 275.469167] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 275.478246] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 275.792130] IPVS: ftp: loaded support on port[0] = 21 [ 275.820465] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 275.828380] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 275.838315] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 276.249443] 8021q: adding VLAN 0 to HW filter on device bond0 [ 277.068280] ip (7118) used greatest stack depth: 53728 bytes left [ 277.636949] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 278.805298] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 278.811848] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 278.819852] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 279.427778] bridge0: port 2(bridge_slave_1) entered blocking state [ 279.434376] bridge0: port 2(bridge_slave_1) entered forwarding state [ 279.441298] bridge0: port 1(bridge_slave_0) entered blocking state [ 279.447928] bridge0: port 1(bridge_slave_0) entered forwarding state [ 279.456792] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 279.813566] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 280.076917] 8021q: adding VLAN 0 to HW filter on device team0 [ 281.529435] bridge0: port 1(bridge_slave_0) entered blocking state [ 281.536149] bridge0: port 1(bridge_slave_0) entered disabled state [ 281.545318] device bridge_slave_0 entered promiscuous mode [ 281.875949] bridge0: port 2(bridge_slave_1) entered blocking state [ 281.882558] bridge0: port 2(bridge_slave_1) entered disabled state [ 281.891203] device bridge_slave_1 entered promiscuous mode [ 282.176699] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 282.496098] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 283.516974] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 283.912181] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 284.255303] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 284.262661] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 284.286370] 8021q: adding VLAN 0 to HW filter on device bond0 [ 284.571508] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 284.578663] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 285.459672] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 285.685745] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 285.694284] team0: Port device team_slave_0 added 15:34:15 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={&(0x7f000034c000), 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="000000000000000000000000000000010000000033000000ac14ffbb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000004c001400636d61632861657329000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000269285fb19d0a1e191ccf4fe226b509812229eafd1cdd8d07d32ecdaa355145d90ccb3c591fde3b395461d3e46d5297908b9362221a3f69713ada75898eb9b1ba8f1e454a83772e72652810aabbfdd32b38d682d2175b07dbde71ee401841fb47bbc35288a04ff93ef3b2414ae6317cde5fb7614d2b9322c0cd2d819a12f3a1ac67be9cfa8f56a9a15fcb5b23eeb23e02efbce3f137af1e3fe33f933e05dd0a21fc02fd427942e11536005c13a9ba962a308457e8a44958a7634b69657ca49d312a3c16f88f34009a645d9574235a220b462"], 0x1}}, 0x0) [ 286.082299] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 286.090467] team0: Port device team_slave_1 added [ 286.508243] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 286.515637] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 286.524796] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 286.969194] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 286.976552] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 286.985643] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 287.006093] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 287.013162] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 287.014687] ip (7370) used greatest stack depth: 53584 bytes left [ 287.021243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 287.386335] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 287.394281] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 287.403525] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 287.443355] IPVS: ftp: loaded support on port[0] = 21 [ 287.748377] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 287.756196] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 287.765521] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 288.126868] kauditd_printk_skb: 3 callbacks suppressed [ 288.126936] audit: type=1326 audit(1543592057.178:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7394 comm="syz-executor0" exe="/root/syz-executor0" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a3ca code=0xffff0000 [ 288.563695] 8021q: adding VLAN 0 to HW filter on device team0 [ 288.866159] audit: type=1326 audit(1543592057.918:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7394 comm="syz-executor0" exe="/root/syz-executor0" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a3ca code=0xffff0000 15:34:18 executing program 0: mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f0000000080)='tracefs\x00', 0x0, 0x0) 15:34:18 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl(r0, 0x20000000008912, &(0x7f00000000c0)="0a5c2d0240316285717070") r1 = socket(0x1e, 0x2, 0x0) bind(r1, &(0x7f0000d80f80)=@generic={0x1e, "0101000000000000000000000000000009a979f321b30c7bc8790405c7bad62e0a43a632ed4938d36d73fb8f8401a3ff59829a2b0afe7ce43a4b2470a0c5216669ca021f6f65dcf160e7e58f358c0002f0000158d19bcb31f1314a8ef151622ca5bdb9c8ead2000077aeb81c90001d6d7c980ee590c8b9f70dc136cd184a"}, 0x80) r2 = syz_open_dev$midi(&(0x7f0000000040)='/dev/midi#\x00', 0x100000001, 0x200) ioctl$SNDRV_TIMER_IOCTL_INFO(r2, 0x80e85411, &(0x7f0000000200)=""/126) ioctl$sock_inet_tcp_SIOCOUTQ(r2, 0x5411, &(0x7f00000001c0)) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffff9c, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000080)={0xffffffffffffffff}, 0x2, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000140)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x81, @dev={0xfe, 0x80, [], 0x18}, 0x6}, {0xa, 0x4e24, 0xc113, @dev={0xfe, 0x80, [], 0xd}, 0x8}, r3, 0x1f}}, 0x48) r4 = socket(0x1e, 0x5, 0x0) r5 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x20000, 0x0) ioctl$PERF_EVENT_IOC_REFRESH(r5, 0x2402, 0x6) sendmsg(r4, &(0x7f0000316000)={&(0x7f0000dd7000)=@generic={0x10000000001e, "010000000000000000000001e526cc573c5bf86c483724c71e14dd6a739effea1b48006be61ffe06d79f00000000000000076c3f010039d8f986ff03000000000000af50d5fe32c419d67bcbc7e3ad316a198356ed0008341c1fd45624281e27800ece70b076cf979ac40000bd767e2e78a1dfd300981a1565b3b16d7436"}, 0x80, &(0x7f0000002480), 0x0, &(0x7f00002d4000)}, 0x0) close(r1) 15:34:19 executing program 0: socketpair$inet6(0xa, 0xa, 0xcdf, &(0x7f0000000000)={0xffffffffffffffff}) timer_create(0xfffffffffffffff7, 0x0, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000001300)={{}, {0x77359400}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000200), 0x0) r1 = getgid() fcntl$addseals(r0, 0x409, 0x6) setgid(r1) 15:34:19 executing program 0: r0 = memfd_create(&(0x7f00000000c0)="c0873a2a18c16ba7875ba06f38aa4ba5d30b86ca3c7ffd368d7dd8f247b8ea936147d4fd1e42dc6062cebb4865299086e39608e0fab1d84eb257cb8d7d336c6d38a537c900484f41c86d4352fccb247533ecde25d05dd8eb448253173fd64173e3b19a46e6ba5bc7258820ee51529f818bdcc7dcde6dbe7f321129fbe0096d17d8da4034bd6a2a541e5ef76feedf0db8771de75fde87ddc1f0911a219cd30bc99564e32aa9fa999db8893ec9f216137b1a526f3a16002b24ed58b74b56715518e26bbd0e561614671bb0cf93", 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x11, r0, 0x0) mremap(&(0x7f0000e6b000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) madvise(&(0x7f00000d9000/0x600000)=nil, 0x600000, 0x8) epoll_wait(r0, &(0x7f0000000040)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x8, 0x3) syz_open_dev$media(&(0x7f0000000200)='/dev/media#\x00', 0x500000047, 0x0) 15:34:20 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f0000000080)={0x7b, 0x0, [0x8000000000000048, 0xfffffffffffffffa]}) [ 291.354261] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 15:34:20 executing program 0: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000640)="0a5c2d023c126285718070") setsockopt$inet6_opts(r0, 0x29, 0x3b, &(0x7f0000000200)=@dstopts={0x5e, 0x27, [], [@generic={0x100000001, 0xc2, "c1ed2090194665b7de348eae7f50262d4c2e6515b39553173e7df3356ae092b12fa30138519852509a0f2d081c5ddd2cc282e835a418169faa8503706326ad9885fad3a8e2e809d889926336920de8d4f295c8c973c231ae61b9ba94ee2aa448cedd979139e3dd780c637b77be729d939dcdd1eb2edf3769b6c5bd9452937f3d00d316949554a9c34a2b5d740553531b00a02ba13eac408c2b56ea2feb32c7c0bd48d1963155ffad195e756126f3ba02793a43ee1d669701373f669394e5c4858eb8"}, @hao={0xc9, 0x10, @mcast2}, @generic={0x8001, 0xa, "54fb6541dd9aded2162b"}, @hao={0xc9, 0x10, @ipv4={[], [], @multicast2}}, @padn={0x1, 0xa, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @calipso={0x7, 0x38, {0xe99, 0xc, 0x8000, 0x8, [0x0, 0x1000, 0x6, 0xdc, 0xb4c3, 0xe0]}}]}, 0x148) r1 = socket$packet(0x11, 0x3, 0x300) fchmod(r0, 0x0) sendto$inet6(r1, &(0x7f00000001c0)="040400000700000000000000fff5", 0xe, 0x0, &(0x7f0000000080)={0xa, 0x8906, 0x20000000005, @local}, 0x1c) r2 = semget$private(0x0, 0x2, 0x0) semctl$SETVAL(r2, 0x7, 0x10, &(0x7f0000000100)=0x9) r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000380)='/dev/full\x00', 0x100, 0x0) ioctl$SG_GET_ACCESS_COUNT(r3, 0x2289, &(0x7f0000000040)) ioctl$VIDIOC_SUBDEV_S_EDID(r3, 0xc0285629, &(0x7f0000000000)={0x8, 0xfffffffffffff001, 0x4, [], &(0x7f00000000c0)=0x800}) 15:34:21 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000040)={'bridge0\x00', &(0x7f0000000000)=@ethtool_ringparam={0xb}}) ioctl$sock_SIOCSIFBR(r0, 0x8941, &(0x7f0000000080)=@generic={0x0, 0x7, 0x5}) [ 292.399596] bridge0: port 2(bridge_slave_1) entered blocking state [ 292.406158] bridge0: port 2(bridge_slave_1) entered forwarding state [ 292.413390] bridge0: port 1(bridge_slave_0) entered blocking state [ 292.419911] bridge0: port 1(bridge_slave_0) entered forwarding state [ 292.428513] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready 15:34:21 executing program 0: r0 = socket$kcm(0xa, 0x6, 0x0) unshare(0x400) setsockopt$sock_attach_bpf(r0, 0x10d, 0x2, &(0x7f0000000000), 0x2) r1 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x2, 0x2) ioctl$KDSKBLED(r1, 0x4b65, 0x7) [ 293.221978] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 294.029112] bridge0: port 1(bridge_slave_0) entered blocking state [ 294.035734] bridge0: port 1(bridge_slave_0) entered disabled state [ 294.044308] device bridge_slave_0 entered promiscuous mode [ 294.393937] bridge0: port 2(bridge_slave_1) entered blocking state [ 294.400412] bridge0: port 2(bridge_slave_1) entered disabled state [ 294.409037] device bridge_slave_1 entered promiscuous mode [ 294.436538] 8021q: adding VLAN 0 to HW filter on device bond0 [ 294.726384] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 295.078507] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 295.579868] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 296.178231] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 296.578542] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 296.857734] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 296.865098] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 296.932120] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 296.938461] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 296.946471] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 297.043917] audit: type=1326 audit(1543592066.098:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7632 comm="syz-executor1" exe="/root/syz-executor1" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a3ca code=0xffff0000 [ 297.299184] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 297.306435] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 297.813533] audit: type=1326 audit(1543592066.868:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7632 comm="syz-executor1" exe="/root/syz-executor1" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a3ca code=0xffff0000 15:34:27 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCBRADDBR(r0, 0x89a0, &(0x7f0000000080)='team0\x00') socketpair(0x9, 0x2, 0x143ed1eb, &(0x7f0000000000)={0xffffffffffffffff}) write$P9_RCREATE(r1, &(0x7f0000000040)={0x18, 0x73, 0x1, {{0x80, 0x1, 0x1}}}, 0x18) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=@dellink={0x34, 0x11, 0x201, 0x0, 0x0, {}, [@IFLA_IFNAME={0x14, 0x3, 'team0\x00\x00\x00\x00\x00\x00\x00?\x00'}]}, 0x34}}, 0x0) [ 298.059913] 8021q: adding VLAN 0 to HW filter on device team0 [ 298.231039] team0 (unregistering): Port device team_slave_0 removed [ 298.263458] team0 (unregistering): Port device team_slave_1 removed [ 298.386598] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 298.394874] team0: Port device team_slave_0 added [ 298.688655] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 298.696940] team0: Port device team_slave_1 added [ 298.943658] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 298.950714] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 298.959554] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 299.156736] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 299.163998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 299.172924] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 299.390900] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 299.398737] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 299.408095] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 299.587059] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 299.594913] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 299.604278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 301.767148] bridge0: port 2(bridge_slave_1) entered blocking state [ 301.773731] bridge0: port 2(bridge_slave_1) entered forwarding state [ 301.780722] bridge0: port 1(bridge_slave_0) entered blocking state [ 301.787391] bridge0: port 1(bridge_slave_0) entered forwarding state [ 301.796404] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 301.803203] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 15:34:32 executing program 2: r0 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x2) r1 = syz_open_procfs(0x0, &(0x7f0000000700)="2f6578650000c10000010000e9ff0700000000000054fa07424adee916d2e975afe70b35a0fd6a1f0200f5ab26d7a071fb3532fbe39c5a6568641006d7c0206a74e333265300000000000000000000005b2ddf465e7cface7e5f8bb56349a13264fc125270544f3d5924e81dc0e23aefab7d219c661130a0bec32efd0e2a129c75b6c758762e84ebaeac1b8f9b5fcf0739a2df9cc939ac896c3da91f8f8941b3e078092d20c6e7011be31191ea439296df7e30a306a51a38489686f5e436039a60b420591d4be17a25d18e287c377dd2dd76aded0afe9503d9c57c08aa80880e0180c243ea063a1736923473f190b9be29e96bfc5c34accdda0b5d9e304e") sendfile(r0, r1, 0x0, 0x7fff) [ 303.521240] 8021q: adding VLAN 0 to HW filter on device bond0 [ 304.175552] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 304.732416] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 304.738821] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 304.746838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 305.250410] 8021q: adding VLAN 0 to HW filter on device team0 [ 308.163890] 8021q: adding VLAN 0 to HW filter on device bond0 15:34:37 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) getsockopt$inet_int(r0, 0x0, 0x21, 0x0, &(0x7f0000000080)) [ 308.640803] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 308.918321] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 308.924633] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 308.932417] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 309.212151] 8021q: adding VLAN 0 to HW filter on device team0 15:34:40 executing program 4: r0 = socket$kcm(0xa, 0x2, 0x11) sendmsg$kcm(r0, &(0x7f0000000480)={&(0x7f0000000080)=@in6={0xa, 0x4e20, 0x0, @mcast2={0xff, 0x2, [0x300, 0x0, 0x2a0]}, 0xa}, 0x80, 0x0}, 0x0) 15:34:40 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000540)="2f6578650000000000e808004bddd9de9166be10eebf000ee9a90f798058439ed554fa07424ac1e901d2da75af300200f5abfb9845f9e19859c9693206f2c60b0000000719e1d66e970123d893d974e5b9c3285677b2139823d393a8b8e5500c92ab5b94da3a7de19f063bb765b02bd5b660fb7fa898c6f5c6369c3f363068d10af833f6475bbe8b7967255b17760784edb0b44654718232dbda64aa1f69cf9ab5b3ea3ed63452b7ebd37c9dae664e320200ada83e4f8b85131808bc5cfb4cc24e1901769c084c082712b470666b6dddf74ced693973489219a924e2d637e0aeb6ec0e17ccba1dedbcc4a28b00000000000000000000002eba2bbcf51a042ad9fd923d568797") fchown(r0, 0x0, 0x0) fdatasync(r0) syncfs(0xffffffffffffffff) 15:34:40 executing program 5: r0 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x28dc800000000000, 0x28000) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000040)={0x0, 0xf7}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f00000000c0)={r1}, 0x8) ioctl$NBD_DO_IT(r0, 0xab03) getsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000100)=@assoc_id=r1, &(0x7f0000000140)=0x4) ioctl$KVM_SET_DEVICE_ATTR(r0, 0x4018aee1, &(0x7f00000001c0)={0x0, 0x4, 0x9, &(0x7f0000000180)=0x1}) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000200)={0x5d, 0x0, 0x0, "d15d153b74d00dad35129709a5e30f28c00c3a48ec5cbb657c7aa8a842f784cb385dbd7f3c6af43306409fb132a98452685978a261766b6334aab6caab58dcaebaf52353e42b1997409f553476f55c24d833892fb19307cfbbeb9b9e3e"}) modify_ldt$write(0x1, &(0x7f0000000280)={0x7f, 0xffffffffffffffff, 0x1400, 0xfffffffffffffa0f, 0x0, 0x101, 0x7f, 0x616, 0x5, 0x80000001}, 0x10) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000002c0)={0x0}, &(0x7f0000000300)=0xc) waitid(0x0, r3, 0x0, 0x2, 0x0) connect$vsock_dgram(r0, &(0x7f0000000340)={0x28, 0x0, 0xffffffff, @hyper}, 0x10) socket$netlink(0x10, 0x3, 0x1a) sendto$inet6(r0, &(0x7f0000000380)="8973e8738d7e6580f98604eac5e244e3a5092823ea8af59a", 0x18, 0x4000010, &(0x7f00000003c0)={0xa, 0x4e21, 0x8, @local, 0x2}, 0x1c) r4 = memfd_create(&(0x7f0000000400)="2776626f786e657430017b5c5c00", 0x1) setsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f0000000440), 0x4) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r4, 0x84, 0x6, &(0x7f0000000480)={r2, @in={{0x2, 0x4e24, @multicast1}}}, &(0x7f0000000540)=0x84) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000580)={0x0, r0, 0x3, 0x3}, 0x14) r5 = syz_open_dev$midi(&(0x7f00000005c0)='/dev/midi#\x00', 0xf39, 0x8000) openat$uinput(0xffffffffffffff9c, &(0x7f0000000600)='/dev/uinput\x00', 0x802, 0x0) arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000640)) ioctl$UI_SET_RELBIT(r4, 0x40045566, 0xf) fcntl$setpipe(r5, 0x407, 0x4) ioctl$UI_SET_RELBIT(r4, 0x40045566, 0xa) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000680)={0x3b6c, 0x1, 0xffff, 0x1f, r2}, 0x10) ioctl$IOC_PR_RESERVE(r0, 0x401070c9, &(0x7f00000006c0)={0xeab, 0x318, 0x1}) setsockopt$inet_group_source_req(r0, 0x0, 0x0, &(0x7f0000000700)={0x1ff, {{0x2, 0x4e23, @rand_addr=0x9}}, {{0x2, 0x4e24, @multicast2}}}, 0x108) setsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r4, 0x84, 0x6, &(0x7f0000000840)={r1, @in={{0x2, 0x4e22}}}, 0x84) setsockopt$inet_sctp6_SCTP_AUTH_DELETE_KEY(r0, 0x84, 0x19, &(0x7f0000000900)={r1, 0x80000001}, 0x8) setsockopt$RDS_GET_MR(r5, 0x114, 0x2, &(0x7f0000000a40)={{&(0x7f0000000940)=""/180, 0xb4}, &(0x7f0000000a00), 0x1f}, 0x20) writev(r5, &(0x7f00000020c0)=[{&(0x7f0000000a80)="36df88632b76dbfc6615604c40c3d5b28a1aa55123a1f92fcf986f46a1e9da53e2073fb831a7e580241a901fd88a2e687be5180e19181e7944a59af10576ec3a21884c8277e66d341986053f5b0ea897e36922cf3c2ebdc950809dd0cbe46226f2de0e4ab386a6335770b7d56e3dc3bacbc5a31f41d90edb6e259b0a3ab097af62b0ebd0828aff688a9820b8c5dbc4766000b34f1a64b4000f8d6f103dbe7cb012d9d88bf9027a3d5f933f37554cf03faa7482762ba33f127a7755853e4ec67e6363a82335d4238310b891bdb679e5846f7cae59d700754dfcd28fa76d49682013be3b7a592670fdfc1fd3ac809984433f5e6deb4bfdc330dcda", 0xfa}, {&(0x7f0000000b80)="035ba189d39511496671290250ab51a73ad3a2f40830e9f3ce789756701d2817b550addc423b46db7137607564c47e3e90", 0x31}, {&(0x7f0000000bc0)="41ff3565f2daa4bf4b7629db91be725f3bf9809129af33ea3a14a05e850423818d2ef72516900358fcd195", 0x2b}, {&(0x7f0000000c00)="10098b0770611286b4d620b523767510a0ba533306753e876de04b2faac43763745ce5819765879585c4cc22433b8a3680bdf6d6280e23b562b287f0e4ac729f6c15b108ad6d7b81d9db119606e16c07e342aba9ac3fa273655a6747a77c67e603b2bb20d1bb7201381c98fe109519aadf9b9c96222d014aea75ae83d64be066caa48649b96296c9c611783f2838f504d857145caa4cc0c478ab560911dcc7ede03b43a09e9ede12bb8cdc14d11ccd22dba4a4e0454942818f8bf11137c50a4bbfd1db08464dd1593b80bb2d7a5ef09ded6fcbe8bd38594154a8fdf444be213fd8cfdf26fb88e211239f7343e06fcc5d89c0fbde1d10d34580", 0xf9}, {&(0x7f0000000d00)="3d0a467f3a0209f05a6d0013f718b8491258e381832baedd2a125a42554d4666560c51c9f2a8f90c65ad5abfac87706b0735f29fde5974f49ab08301da2b5fbe27b928c557080a794d0f7b58cee8b7c64cf3540a83d6378145dc2b44d15a78e262ea4493fac150f55c32e6d6cbd5123db5e43f22b2c855da62aaca4e705db7a239c02cc90d8f866d18ac2d", 0x8b}, {&(0x7f0000000dc0)="966648b21056c6cb57d5641e1697d95381887ce6b4a617b12f9f56acc7fe230cea8e5e5ecc079755bdbacb41ddf18c33e1625220e24b863e4dc8151a6cc691481caec8b1aa8ebb3b8034df46c31e560d10639bc3c711b0abaa4542e4a8573d747caa75de43647f363dcb71f84c13eefe0c8e75e3cb6de75c550c278481fd48d13d99", 0x82}, {&(0x7f0000000e80)="e9734232f2e428e697696736e060c7a9905ec666f5b99b49bbb7ba11c4a5e7fe14f434a72f715788fe7ef7fe994699f365ff1952f485c360b7ec143fff1cacbe4c46e537019e63a07eb0cbba4dd51aed65130fdea8e25862df1af2109b58d7fae44d4df5576b9bba53b61604bc01ec47b37f974aed3fe9404f123d80fadec3f7ac860365af7b3c61901c5d727b13ba527c6b78d40543df9ff072ebe9876ae9ee97e9c25adbdff8202c588b53920ac644d0b952768e753e42160d2532f2f76ccbc1e623d46ff51764573c40cbf3faa81775334185399676108930ce4c389b", 0xde}, {&(0x7f0000000f80)="68c507559202a82003947d8e873ccb23a0c2d7db69500a079fca12deaa4206a6128c3c9b566a05118839e3745f3dc39ebb4f4b7940b58222182495b13f516496ff29ae242d13dc9e63b5af5683c627d6e3d45ba2b75369ac9ef13bde0913f77d26faf770055909e14934a07d0a632cf94e50d6926f9f7797976915cda5b89c7191c2ec09ba3d9ab82c605867a8aaa0ed8c47595a05c55a66db27820cf2f48c250df48be49ec3ea1a7b72fba7b407884eb5907db3bff7943079d424be6e68c4d653a3fa19e26e23714aeacd4b72ae7ce8593ab8b70ec5cfeb016ac8087649e9f6990f2cd8393f8cb374c5c86bb32335d8516d90ec1c23813ad9d2a713a50afede408a17e957ad0deadcb157c91f4f37df5198645d015901cc2ded22dbec534462795d7da31d4741973a812c65fe8d8d8ce45f5451b5c3309659a5e8ab2609cc7fd93b832ac003d3d82f2888307406621541aa6ef108d56a1a12e0602435c62aa60c219fcc9b036657aaab80b1c2d480deda7c071ff4875652b287ced3f5e94ca03c8143baba5637e0fecd4a75944f49fa37f7b7a6a503f852723e25fe4ea6be95223476cbb28dc4d95edac0c9a6e5598b3f60e911a8fe7bd62ebb7218547353ce34ed921c165f7545fc3321f9d95cced8e5324bdc72444e3e635a8626236d93c9364e922453c91985010627caf4befd688ee3fd6cc1798f9ff0f4bfa72eaad0bcdcb71d0b287eb39d974c4ebacef8876a5714905bc9f79d7fd5c639c1b20ee721a2ab74445622865957807f2da23024fdb5efecf2e25f5e4ebd6c7323d2c94f74b0b9cf4a681a1a6cd72499e2533d7fffc15f751aa0d18d03a67c6123c13ca5cada49ff01f4b1f66dae8f6ee76001eaca69e3fd091da60b0622bd892bf3c97b926b16175e89f998df8b95fc2d11b98707ef87fb836f3c784f05937e89c6f9e54923e61be5b982a25c082194a8c4757ca2697dd62d1e1c3963ca9ab9cadc9d637f8636d0ee6bb2dfc50bce387d7b816ca21f0a7f01bb8ef60dae1101c7b175cd5f9bd23b051a0dfd7a9fbcc12ed0c35a201190a997e9ad2ff5ad841319be80e40a5c1ac79b30ac930b12ec9c74aeb7f9854c596add03bdaf2c72bb0bbc2293ceda0d512e72c9ec69e76aa312ab702ef7405b5a63820a250d88c41f88f6768b27bd0ce2c826326e13d21385d8264607a2a0e240a5eb6dea55f43f7e383fec521cc089d848cdc7aebb69b5fe468173f91bf6633fa7015bf57d235bd16b5a3ba4636328e6871a505e3d46874e2288b881565ff2bf68cd21ba90f28474412237dd38614373b1bc874314a8788dc4f38f290f27f492d724ba239cb43c6845c96fef1c88c4084a71318574e40e4b4b7b9f5c7c3dfc8d56c476c104924cd9a22e66c821a82462c53958f26ff5dbf9879616fb7004565378e109126070b8c5ba10d48e587d54875b5b25ad868ecf6d4db9ff180c236a462b709aab83c2c68404f1e702862d72de76813d7902ab6094b5e519f06bb40d582ea1b7172bcc42f1c9351804f82d8fed7eb64b23ab0f8eecea7db473f4b5a00a4e8aa0c20e03c7d32d06d016c37f58004cce692188ec418d38063774bd73d51a3311c4642d9130eebff88f5a1abda2d784fd23e14ed4a4dbfe0e8b5fa2195315d9697aaeadfbb3fa72f55207f50618c10ad1e73b2767171e56955fb7ddf9c0b88d528d1447bb24dab1853035f4ea70f493cbd6b1914b44aa4fa6ca59b9856cc11168173c8b96a198763e451aefe75413ecdfbe0fa190274807b4e7edd0112f1fe53475d04275895a824e8ffc4594ea72383263ab6e68914d6e7e865131c2fb2bb57a775e115128883829566398925a3a3497227a708e91fe01807353a4a538f2e0310f3486b1bd615b675be64f0787485e48afb492ca89041f99f9732409bd388568647b195893a106a9fe997e50cf67a57e3634cd20f06448dcbdc99c10d9c2dd4f8c184dfaa84c4a5a9a064fcac4038cfdfe2e4c983542993027869b761806598e23316a13f42dd17599b21caffb1b3b0cd78d81c1808b21b9fcf4a8d846bead78bb3d3067e54f5d43e77c7767d209865400497efcb96a5b247e4b2c572917f5eec053d5ec1db0058a4b2ebde26bf3db62c6558313e5c4202ec09b79e2a7bce10d9a4f012604686b3e921f4f1384e0dc6d778a78ba024d4d12779f233926c197f2550060abd1d717dd6da2d9f5ca459ce7ffec421f9c7304d786d3a09420b0ffab58260cbd68342c684894fcc907fd2c38247e2961aa44f77262cbeba65a0029675b0f244b8f4314f42851f079911994aa16eb09e9c6e05b06c10abce897fbd8402ab9f694a5f5562fde43f70fef4f441ac88ec4ad8e5d32634b06ba5c23f2a5431529fa8f89fe77b2341fb42a6497bca5b2ce40f8ffdeaa86e98d67bdb94aa5dbcfe6914895ae92f1d0c07300d8938d1699432971f41e5694b7a4ef4c81061b4bb92edbaeea7963ea7f9909cf2eae1519d00f2879c71bbe90eaed4810f7455c56117451360d57b97236b5a192a4b18ec949c2b618445afecbf56f180fcc12336981be469d94b4d37d486b89942db98d6da4e74ca455207ee237272846b6dcadb4248b82e4b713b24af175baf4a80c90bebafab734066fe8145619a62be9ed31a20966f4b3bb2d93876ea75fd61992328d12c978b698fdc29a455914eca446930c09273c3172fe0ab1695a9c1723cb92faba9a488893a775c98383e92f01d080534e4f40810eeac48d4a9b0d41a5813b54f7a7f48493a998702559297163e9002121cb27d39a0687a91f67de37255fc8dc0f9d0781addd8a50bb6cd14cc2b5e2192fe63ed2be3f78f09a066fb4500d03197906c610f084aa8a711a0f21d5883c384a3a221ca699915842079d432c335134e39236d2c12e11b667de8ee851512a4a0679299c68a19ee5476dd6eb19526733b2ffbbff08efd852c974c2b3ac23a84dc179d369555aabc910f40a943a923f740aa79e67a8d84272e56b5862b1891a2b0dbb20bb9d71ae7a33a52c2b0cc55aa92c8221f701093f0a2692e08698b085888d7275498eb0db303d1f4fde32402e93f84c46d9a576d6908509eebdc72377eb21c657b1bcbf10be5e7f4cf02c2e08a4d278b0ebc6065c275935416741cfe896641cf383c8a89dc1c216d2ba8bf893160c2ab4eeb4f50c49b3db4f7532fd9ff3960631ac77030d6893b27cc09b06d0aba8f394cd30f0a2c4f6556392a7f550184374954f0e6836dfaa254573b9922dee078a3322fb511f7ae6aac4568dd10e201b75dbcb805320e177dbde667bde67c38e2feb1dbabe35558a36b958f1349d21628daea5796cda58ebd244f161c13c785ce9f39b8513eb96b7580501d996e850e95bddacbf624a782887fefc133f5263edc3d464169b3ca4ea4cb5f93d3f2edc68721fb5abd4878776b0260e3f251e2a6fd917ca6a0c921258656605bbdff5521f7a30feed57c1c8063ffe96c958e131e5d8fa5e21a5d366d704ab36de5dd0120bc62b6c18598dcbcfb80b5bfa745cfb60dcd38c818a42e31bd60276011e049c3d495c26edbfa775a350f37341c5f7598dde8ec454eccd91ec7de17e901c5a1efae874a3b7f57ded5f04960813e24948c037f829f9a7d95c38d497a95db9b44eba2f5ecd2883fa3ee1c5e2e9b556ae1ebd22f788a80aa3db4e4827a11b5ef797aacc02a95d33afd05cf9eb0965f54e1727299d9f2923f74b72fbf41a799efa87b27f069a34166c2e9d559c31342bcbcce21f2d9fdbd018b256b66f4f4d3e8a58dd16603c05b4818311c137ce4ca473e1dc237228a5842750fc3963d231e872dfa343436c2516d6a30662f9a098fb5400f9bde2d9d62fcaa6335ea1b020e383eeed059397cfcf1f070c0330b7fb3907fc942cbd2c765763b45db03ea40c80fcea6ed525613c5cbb80036ab534b72fb2fce88423029dc34f2c7f920dba96b9b01920e5904b8464aa2b10386e0dac99c12d96abd33ba9131cd622a06cd8d7fc79ae65b3bbc0d197689b720a8e22a1f0cfc0796e1d13c334cdae1a313b14e655494425efcf6e8cb672378dca09c3a8eb09a08a3f993299fff7a625bf8c92ffb60e928bbd79ac076002a171b86faeaca68c0212e6a102ec549153d961ab2903434be642beebadf2fbb18f8d351ceb2db5011888c8331afb3b0a0bbacb192903eac6d66f8ac9ec9480dc1222412ac5946d60cfc997dec88010ac8efb0c63d237804b3e5bd76aa13b21a7f22e315ab5f0724770b2c269a9330b730a53c2fd6df72a15706fb4e26901fddfda6484be7ec92aaa6bc486a08f6dce6f13e56a707114ad81d1771983105a5e8b566c7e29d71378ea95f11b43b1f058cb812fbc6f4c6b7cabccf3c218ec9437dfec8f2efc664d34f7d98a38403d4b147a837275819041a58d0d0ad6950ad36baa70fe0da57dd9deafd723b4b3245b59475eb46e4899e0020a0489ffe2502716ec56aabcc89f7549fececa83e67254e1bc3b750861cc6760f5473171b3ca85e6937218bb4b6180b1620908394693b796d6ffd8b5d63849254cace58a71904eab0b6605a5d47e1e5201edff0d2af3108bcc4f0e175ba3638ef5134ecf3113dfed3f49e3983d98fd024d2e5d8976457253d4fea99e80a7f37acb258613fe6e5eb48e85cb8b9149126b0bf193e2dc87ed284ddc13c756ef663c0a4eae07f2c5a544717675de0a086c69ad7b8f5af259402405bfb40e2e49ba9667d89b85b21280105fd88560736a85727940f8b1ef8e43f8eb3c9ccdd308e7491e66afaf997c9a06947eee27aa38bff3a276922dd832ce229729020bc83c368af7cfbcb3ff378805845897227cf533a12fa1b05d3a8c6444ed0ff716959f9ceef764828644b709bc7c2f46042a03bd37216eb54f8477ff5394aea453cf31b7c9f587f9d8a8d34a2ace64cae1787f2453c5d7eb7ebd0b90455131269138d4352ce48cab78b93253132d3d087dc50849f09007f9f0d21d68704018ab8fc141db49e98fed4837694123e36134c589ae5cf59253edba2dfaa968bf4950e4b49433d8417a7c5dce7008c93b701d3d8dea5dc70bd3e58dd073d652d26d82d9b14289b8a70852fafb2d7be71733f10fc41ebc0206199a042ee61ef41ab39a83cd6a949be3e8f4da1af08b23d24fc05a4c9c3291b5e3ec4f3f074b091a79e95e99bfe541c51a8f153e3291597904a72ce2dcb4211fe9ea0064f08f5487b414066fe771df6e2363c949cfc344307c3ef37ce2d494c8819cc2c38fcb8440efa5c7956ca84b452b444a5957e2a9c393bc49d1a91066a0193cacfc032c918983d3137b58812e584ed6cdcfe5217d9cfbeeee31ae1d34fbae1091ea0d13104ea3466a4a2d693f37c278adba5804fbe358d3f6f141f23e53f2c934dceeff1723bb160bfed3d3a9a177de5f4b7ca6b5cfc5ef2563d2e634c64087a750dffcd419498778e0f17853db5aa317a1b060159bb605c072af45d6e70592c93f6e814fe6c0d272b6b79887278d2d99738c9aad7ae53f2bcce0d5a08d76cbd0620819d9ffe517174ab3d93ddf64ebdf15e54cbc809058f466062893bd5574826f7e5796192d12d6759d721bf9ba6e9d13e400ef2c0d148771f45aea1f67d552578dc7ae80cd4a11fc632cf2fa7831363f5e9660022e174f0054604bc2d7591d7d277a7ad3c69e8485073307365dcc3ce48509b1e921a54f08aefab1cf08ac1159342a0f8d9411838ecd9c14987e355549f3ca903f94a8716d08648aaded11fd25baab99aa88aca328a80be8c64cca72072719cd7cee9c8f8a22", 0x1000}, {&(0x7f0000001f80)="8df69b6bdcc1f7e7f55728f998ffcbc171b841d9a3f2291221c74d802ae1095ad54b75340a21a12d4745c7014ef92e66d44ec932809164b11a865b2013ad2bda15475a941df55af6cacaf3c0ffb8171a09d49a416ad155491d23a502a87be410c5f2bb52ec371f2a02690936efbed09b104f70afeb666eca0a3cd6f431a07935", 0x80}, {&(0x7f0000002000)="8331d91ba2c790e2f206903dd31341ef43e3b099fe412797ae2ef5e1d5e6c8713e8a68b0d9eb8cb00fe696266551ed974f0e81f37f7bf281613a2953f0205e302c74d99166fe2815367a8e68d533d1f5e01d785a8bcb888e66626165953440f8e515770a7fe55c3ddd1653a9b6f2376a5507636f2c66d17e4c380fac0102f9c77634b8a3504f0217e70b517ee7575bc5808d595ef3d5e488d617ccfa7a", 0x9d}], 0xa) 15:34:40 executing program 2: setsockopt(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$ASHMEM_GET_PIN_STATUS(0xffffffffffffffff, 0x7709, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='devtmpfs\x00', 0x0, &(0x7f0000001040)="9351952fd98babf673adba94726ab556a60b5b1d989461443dac9fbc61250a2e2e1ad84b637eb00b11d85c17f3c91e1010baa2b8cf76111cb568f766e221b1f1a116d1c743cf10373bfefe6740cbce2eeecfefdaaaa86bd09e4084101a5103a1d85122a207d8aae860c4687bd9ecdff911148b10186c82c180ec6f7ca9c97a2671e9ee1ac806ca97e2a6017ee2b885db71e653930e3c4b424f40c626b539e9acd9f9fbd109f911d6a039462f2669da8b1f2f92e180a0f13958184dd33272a0205139a9aa4dd8122d5f55eb47bef7feb48998fe3c8a7d9fd7b5a3d4c847986f3c31be15f3848041dba89232c38129c00bc0b848c0a91493dbf635a99f8191925b2fe5a179827807675e29b31dffc3f416e1a7c4b0bc168385780fce6741eeae6847c3fe28023fdad3bdd0116533e93215414e7238524ae1181d6bc54bdd153b78c6db5eca6b3cfd3b962e6a78f5311d571178a539b1aa402578882c39") setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, 0x0, 0x0) 15:34:40 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) getsockopt$inet_int(r0, 0x0, 0x21, 0x0, &(0x7f0000000080)) 15:34:40 executing program 1: mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000003fe8)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000001fe2)={{&(0x7f0000011000/0x4000)=nil, 0x4000}, 0x1}) r1 = memfd_create(&(0x7f0000000000)='&vmnet1cpuset$\x00', 0x4) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000040), 0x13f, 0x3}}, 0x20) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000000200), 0x4) getsockopt$inet_sctp6_SCTP_STATUS(r2, 0x84, 0xe, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, @in6={{0xa, 0x0, 0x0, @mcast2}}}}, &(0x7f00000001c0)=0xb0) write$FUSE_NOTIFY_DELETE(r1, &(0x7f0000000240)=ANY=[@ANYBLOB="38000000060000000000000000fc057593f7fc8bf3fb6822bcf0d824780000000000000001000000000000000f0000000000000026766d6e657431637075736574240008"], 0x38) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x0, 0x32, 0xffffffffffffffff, 0x0) close(r0) sendto$inet6(r1, &(0x7f00000002c0)="313a64e8904eb3598c1e8ddc3f14c8f76c1cd33538f50c30a946e1b504cfc309504b7d96d3533ac8f5f47d1dab095bb455fe6199342bec4affe4aca45fc6125c820514efa319901666c665ea985ebf6d3ab068f20fe56db746122d290618bd", 0x5f, 0x4000004, 0x0, 0x0) [ 311.215206] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 15:34:40 executing program 1: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f000086c000)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000240)={&(0x7f00003a2000/0x1000)=nil, 0x1000}) 15:34:40 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000540)="2f6578650000000000e808004bddd9de9166be10eebf000ee9a90f798058439ed554fa07424ac1e901d2da75af300200f5abfb9845f9e19859c9693206f2c60b0000000719e1d66e970123d893d974e5b9c3285677b2139823d393a8b8e5500c92ab5b94da3a7de19f063bb765b02bd5b660fb7fa898c6f5c6369c3f363068d10af833f6475bbe8b7967255b17760784edb0b44654718232dbda64aa1f69cf9ab5b3ea3ed63452b7ebd37c9dae664e320200ada83e4f8b85131808bc5cfb4cc24e1901769c084c082712b470666b6dddf74ced693973489219a924e2d637e0aeb6ec0e17ccba1dedbcc4a28b00000000000000000000002eba2bbcf51a042ad9fd923d568797") fchown(r0, 0x0, 0x0) fdatasync(r0) syncfs(0xffffffffffffffff) 15:34:40 executing program 2: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x8) clock_gettime(0x7, &(0x7f0000000280)={0x0, 0x0}) setsockopt$sock_timeval(r1, 0x1, 0x15, &(0x7f0000000080)={0x0, r2/1000+30000}, 0x10) sendmmsg$unix(r1, &(0x7f00000bd000), 0x523, 0x0) connect$unix(r1, &(0x7f00000001c0)=@file={0x0, './file0\x00'}, 0x6e) 15:34:40 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) recvmsg$kcm(0xffffffffffffff9c, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x6, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x8, 0x25}}, &(0x7f0000000000)="504c20004cf7d12af11ce92537b5e3191e66de5d4ec18e4c2df01484a86d77842f624946eae310794c8c96ff1466232e25951139bda5d2990e523f8ec3080ffc1224d8dc4c84a9c8e8ab31576806715523fa749e8615c61049b8b1be6aa7740702cc5add", 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="4d8d8fe636f6cac49c53c4e73fff", 0x0, 0x8d18}, 0x28) 15:34:40 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) getsockopt$inet_int(r0, 0x0, 0x21, 0x0, &(0x7f0000000080)) 15:34:40 executing program 1: [ 312.340802] IPVS: ftp: loaded support on port[0] = 21 [ 313.637211] bridge0: port 1(bridge_slave_0) entered blocking state [ 313.643759] bridge0: port 1(bridge_slave_0) entered disabled state [ 313.651405] device bridge_slave_0 entered promiscuous mode [ 313.727442] bridge0: port 2(bridge_slave_1) entered blocking state [ 313.733979] bridge0: port 2(bridge_slave_1) entered disabled state [ 313.741598] device bridge_slave_1 entered promiscuous mode [ 313.818837] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 313.893874] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 314.118753] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 314.196068] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 314.339093] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 314.346448] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 314.570209] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 314.577922] team0: Port device team_slave_0 added [ 314.651328] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 314.659097] team0: Port device team_slave_1 added [ 314.736340] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 314.813141] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 314.887831] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 314.895296] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 314.904373] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 314.978002] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 314.985373] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 314.994619] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 315.822154] bridge0: port 2(bridge_slave_1) entered blocking state [ 315.828576] bridge0: port 2(bridge_slave_1) entered forwarding state [ 315.835534] bridge0: port 1(bridge_slave_0) entered blocking state [ 315.842096] bridge0: port 1(bridge_slave_0) entered forwarding state [ 315.849806] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 316.312198] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 318.855717] 8021q: adding VLAN 0 to HW filter on device bond0 [ 319.144007] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 319.421590] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 319.427961] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 319.436112] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 319.708115] 8021q: adding VLAN 0 to HW filter on device team0 15:34:50 executing program 5: 15:34:50 executing program 3: getsockopt$inet_int(0xffffffffffffffff, 0x0, 0x21, 0x0, &(0x7f0000000080)) 15:34:50 executing program 0: 15:34:50 executing program 4: 15:34:50 executing program 1: 15:34:50 executing program 2: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x8) clock_gettime(0x7, &(0x7f0000000280)={0x0, 0x0}) setsockopt$sock_timeval(r1, 0x1, 0x15, &(0x7f0000000080)={0x0, r2/1000+30000}, 0x10) sendmmsg$unix(r1, &(0x7f00000bd000), 0x523, 0x0) connect$unix(r1, &(0x7f00000001c0)=@file={0x0, './file0\x00'}, 0x6e) 15:34:50 executing program 1: 15:34:51 executing program 3: r0 = socket$inet(0x2, 0x0, 0x0) getsockopt$inet_int(r0, 0x0, 0x21, 0x0, &(0x7f0000000080)) 15:34:51 executing program 5: 15:34:51 executing program 4: 15:34:51 executing program 0: 15:34:51 executing program 5: 15:34:51 executing program 1: 15:34:51 executing program 0: 15:34:51 executing program 4: 15:34:51 executing program 2: 15:34:51 executing program 5: 15:34:51 executing program 3: socket$inet(0x2, 0x4000000000000001, 0x0) getsockopt$inet_int(0xffffffffffffffff, 0x0, 0x21, 0x0, &(0x7f0000000080)) 15:34:51 executing program 1: 15:34:52 executing program 0: 15:34:52 executing program 4: 15:34:52 executing program 2: 15:34:52 executing program 5: 15:34:52 executing program 1: 15:34:52 executing program 0: 15:34:52 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) getsockopt$inet_int(r0, 0x0, 0x0, 0x0, &(0x7f0000000080)) 15:34:52 executing program 4: 15:34:52 executing program 2: 15:34:52 executing program 4: 15:34:52 executing program 0: 15:34:52 executing program 5: 15:34:52 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) getsockopt$inet_int(r0, 0x0, 0x21, 0x0, 0x0) 15:34:52 executing program 1: 15:34:52 executing program 2: 15:34:53 executing program 0: 15:34:53 executing program 2: r0 = socket(0x10, 0x2, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_tables_targets\x00') socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0x8) 15:34:53 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/rt6_stats\x00') socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendfile(r1, r0, 0x0, 0xc6) 15:34:53 executing program 1: r0 = socket(0x10, 0x2, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='maps\x00') socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0xc6) 15:34:53 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/rfkill\x00', 0x0, 0x0) 15:34:53 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = getpid() getpgid(r1) 15:34:53 executing program 0: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x41, 0x0) fsync(r0) 15:34:53 executing program 2: r0 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x1, 0x2) ioctl$VIDIOC_ENUMAUDOUT(r0, 0xc0345642, &(0x7f0000000040)={0x0, "2ad378ae79d00ea6639fb55a0b25764f62dd1a564d7e0bfcd6e346f7d1b28d73"}) 15:34:53 executing program 3: r0 = syz_open_dev$usb(&(0x7f00000004c0)='/dev/bus/usb/00#/00#\x00', 0x203, 0x800000000009) ioctl$FS_IOC_FSGETXATTR(r0, 0x80045519, &(0x7f0000000000)) 15:34:53 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCFLSH(r0, 0x80045430, 0x0) 15:34:53 executing program 1: r0 = syz_open_dev$usb(&(0x7f00000004c0)='/dev/bus/usb/00#/00#\x00', 0x203, 0x800000000009) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185502, 0x0) 15:34:54 executing program 4: r0 = syz_open_dev$usb(&(0x7f00000004c0)='/dev/bus/usb/00#/00#\x00', 0x203, 0x800000000009) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0105512, &(0x7f0000000000)) 15:34:54 executing program 2: r0 = syz_open_dev$dmmidi(&(0x7f0000000340)='/dev/dmmidi#\x00', 0x32d3, 0x1fffd) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x800000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = getpgid(0xffffffffffffffff) r4 = syz_open_procfs(r3, 0x0) mprotect(&(0x7f0000104000/0x3000)=nil, 0x3000, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000280)={@loopback, 0x0, 0x0, 0x0, 0x4, 0x2}, 0x20) pread64(r4, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) getsockopt$XDP_MMAP_OFFSETS(0xffffffffffffffff, 0x11b, 0x1, &(0x7f0000000200), &(0x7f0000000480)=0x60) socketpair$inet_sctp(0x2, 0x1, 0x84, &(0x7f00000007c0)={0xffffffffffffffff}) syz_open_procfs(r3, &(0x7f00000004c0)='attr\x00') ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000100)) write$P9_RVERSION(r4, &(0x7f0000000000)={0x15, 0x65, 0xffff, 0x0, 0x8, '9P2000.L'}, 0x15) ioctl$VIDIOC_G_OUTPUT(r0, 0x8004562e, &(0x7f0000000140)) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000000)=ANY=[], &(0x7f00000000c0)) fsetxattr$security_ima(r2, 0x0, 0x0, 0x0, 0x0) dup2(r1, 0xffffffffffffffff) openat$rtc(0xffffffffffffff9c, 0x0, 0x8000, 0x0) syz_open_dev$vcsn(&(0x7f00000001c0)='/dev/vcs#\x00', 0x1, 0x8000) ioctl$EVIOCGABS3F(r5, 0x8018457f, &(0x7f0000000080)=""/62) mlockall(0x1) mmap(&(0x7f0000428000/0x2000)=nil, 0x2000, 0xfffffffffffffffd, 0x8032, 0xffffffffffffffff, 0x0) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='numa_maps\x00') readv(r6, &(0x7f0000000300)=[{&(0x7f0000001400)=""/4096, 0x1000}], 0x1) 15:34:54 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCFLSH(r0, 0x402c542c, 0x710000) [ 325.283966] hrtimer: interrupt took 90478 ns 15:34:54 executing program 3: r0 = syz_open_dev$usb(&(0x7f00000004c0)='/dev/bus/usb/00#/00#\x00', 0x203, 0x800000000009) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0105512, 0x0) 15:34:54 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCFLSH(r0, 0x80045430, 0x0) 15:34:54 executing program 1: r0 = syz_open_dev$usb(&(0x7f00000004c0)='/dev/bus/usb/00#/00#\x00', 0x203, 0x800000000009) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185502, 0x0) 15:34:54 executing program 4: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x0, &(0x7f0000000240)="0a5c2d023c126285718070") r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(camellia-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000100)="d3abc7990d535c9e70bc111c8eff7f0000000000004e0000", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x0) sendto$inet(r2, &(0x7f0000000040), 0x353a9c, 0x0, 0x0, 0x300) 15:34:55 executing program 0: r0 = syz_open_dev$usb(&(0x7f00000004c0)='/dev/bus/usb/00#/00#\x00', 0x203, 0x800000000009) ioctl$FS_IOC_FSGETXATTR(r0, 0x41045508, &(0x7f0000000000)) 15:34:55 executing program 1: bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x21a0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8545, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x820000, 0x0}, 0x2c) 15:34:55 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000004c0)='/dev/bus/usb/00#/00#\x00', 0x203, 0x800000000009) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x800000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f00000002c0)={0x0, 0x100000001, 0x0, 0x0, 0x0, 0x5}, &(0x7f0000000300)=0x14) r2 = getpgid(0xffffffffffffffff) syz_open_procfs$namespace(r2, &(0x7f0000000180)='ns/pid_for_children\x00') r3 = syz_open_procfs(0x0, &(0x7f0000000080)="2f6578650000000000000f1ce300000d0000000000ebffffff") openat$vimc1(0xffffffffffffff9c, &(0x7f0000000580)='/dev/video1\x00', 0x2, 0x0) mprotect(&(0x7f0000104000/0x3000)=nil, 0x3000, 0x0) getsockopt$inet_sctp_SCTP_RECVRCVINFO(r3, 0x84, 0x20, &(0x7f00000001c0), &(0x7f0000000540)=0x4) setsockopt$inet_sctp_SCTP_NODELAY(r3, 0x84, 0x3, &(0x7f0000000240), 0x4) pread64(r3, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) perf_event_open(&(0x7f0000001000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fgetxattr(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], &(0x7f0000000340)=""/144, 0x90) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, &(0x7f0000000600), 0x0, &(0x7f0000001080)}], 0x1, 0x4010) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(0xffffffffffffffff, 0xc0305710, &(0x7f0000000200)={0x0, 0x800, 0xfffffffffffff503, 0x9}) socketpair$inet_sctp(0x2, 0x1, 0x84, &(0x7f00000007c0)) r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r3, 0xc008551c, &(0x7f0000000400)=ANY=[@ANYBLOB="010400000c0000000000010007000000070000001587647ef4f8fe5fa5e572a79d3c5691be113fe445ab97fde1090e1f1e89f73d667a32d67d4f0654d662854be7e89eb8c595b511ae94b66e3549f2ef35c748a3af6790de9e5fc6c4520ad75893381f65f519edda1cb51ff93ed4ee6273e2602bbb1ae911fbc49f9abe7fff8bf86f9f67650a847b13cb53713796ffc3638a7b0845a34141c0966e27e540979a9445f7e67ebb8d808a9ba7fde65e040280b5c367469215808b428ddfb677d63c0efc2ae315ff730cc660caf49aa73c0f7718ec2437adca6d17c10316e646e3ccbbf64d4bc4ebc5b19a452d"]) sched_setattr(r2, &(0x7f00000000c0)={0x30, 0x7, 0x1, 0x2, 0x797, 0x22, 0x4, 0x1f}, 0x0) ioctl$KVM_CREATE_PIT2(r4, 0x4040ae77, &(0x7f0000000100)) r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x0, 0x0) setsockopt$inet6_icmp_ICMP_FILTER(r5, 0x1, 0x1, &(0x7f0000000140)={0x40}, 0x4) ioctl$PERF_EVENT_IOC_REFRESH(r3, 0x2402, 0x5) dup2(r1, r4) ioctl$EXT4_IOC_RESIZE_FS(r0, 0x40086610, &(0x7f0000000040)=0xffff) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x20323, 0x2}) 15:34:55 executing program 3: r0 = syz_open_dev$usb(&(0x7f00000004c0)='/dev/bus/usb/00#/00#\x00', 0x203, 0x800000000009) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0105512, 0x0) 15:34:55 executing program 0: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)="2e2f6367726f7570000c239fd085acc49b812db3d73d43ea", 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000000)='./file1\x00', 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) write$P9_RSTATu(r1, &(0x7f00000003c0)=ANY=[@ANYPTR64=&(0x7f0000000400)=ANY=[@ANYRES32]], 0x4451417f) ioctl$EXT4_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000440)=0x80040) 15:34:55 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000100)="2f65786500000000000409004bddd9de91be10ee9ed554fa07424adee9cbc699ec2ca576e50000bcd7a071fb35331ce39c5ad0cf73770bd4246847a1914e4fb0aa9b15eaa94bcd0e700ed63b44338e84ad4ec2f11f6f2adb8dc2fdb18231446f43142ebe700b2231e8fceed6b22a373c9409675ac8d0b53033123fb3037d66241aafe0f880e7a51d1b036ade315a544d2581fe8653d0cff54369df8c2fce21dcb1cb965669f9a75345ac3479cd51dc7de364c9c272c83ed9e666ca25aad2e7a26e3d6c62d0f8b9065cfca311c06d0744db265aa0e486707c51fd108c0c6ccae6ff42274af94d30fce8836ff9d00bdd") lseek(r0, 0x0, 0x4) 15:34:56 executing program 2: r0 = syz_open_dev$dmmidi(&(0x7f0000000340)='/dev/dmmidi#\x00', 0x32d3, 0x1fffd) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x800000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = getpgid(0xffffffffffffffff) r4 = syz_open_procfs(r3, 0x0) mprotect(&(0x7f0000104000/0x3000)=nil, 0x3000, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000280)={@loopback, 0x0, 0x0, 0x0, 0x4, 0x2}, 0x20) pread64(r4, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) getsockopt$XDP_MMAP_OFFSETS(0xffffffffffffffff, 0x11b, 0x1, &(0x7f0000000200), &(0x7f0000000480)=0x60) socketpair$inet_sctp(0x2, 0x1, 0x84, &(0x7f00000007c0)={0xffffffffffffffff}) syz_open_procfs(r3, &(0x7f00000004c0)='attr\x00') ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000100)) write$P9_RVERSION(r4, &(0x7f0000000000)={0x15, 0x65, 0xffff, 0x0, 0x8, '9P2000.L'}, 0x15) ioctl$VIDIOC_G_OUTPUT(r0, 0x8004562e, &(0x7f0000000140)) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000000)=ANY=[], &(0x7f00000000c0)) fsetxattr$security_ima(r2, 0x0, 0x0, 0x0, 0x0) dup2(r1, 0xffffffffffffffff) openat$rtc(0xffffffffffffff9c, 0x0, 0x8000, 0x0) syz_open_dev$vcsn(&(0x7f00000001c0)='/dev/vcs#\x00', 0x1, 0x8000) ioctl$EVIOCGABS3F(r5, 0x8018457f, &(0x7f0000000080)=""/62) mlockall(0x1) mmap(&(0x7f0000428000/0x2000)=nil, 0x2000, 0xfffffffffffffffd, 0x8032, 0xffffffffffffffff, 0x0) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='numa_maps\x00') readv(r6, &(0x7f0000000300)=[{&(0x7f0000001400)=""/4096, 0x1000}], 0x1) 15:34:56 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)="2e2f6367726f75702e6370752f008ff9bf809e961d36f4c738142db50b39ca1bc4c067901336f2225a69b44ba5937e519d0c840ec9b0476223e56d2316121e319d", 0x200002, 0x0) openat$cgroup_ro(r0, &(0x7f00000003c0)='cpuset.effective_cpus\x00', 0x2761, 0x0) 15:34:56 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@rand_addr}, {@in6=@ipv4={[0xfffffff0], [], @broadcast}, 0x0, 0x32}, @in6=@ipv4, {}, {}, {}, 0x0, 0x0, 0x2, 0x4}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x138}}, 0x0) 15:34:56 executing program 3: r0 = syz_open_dev$dmmidi(&(0x7f0000000340)='/dev/dmmidi#\x00', 0x32d3, 0x1fffd) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x800000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = getpgid(0xffffffffffffffff) r4 = syz_open_procfs(r3, 0x0) mprotect(&(0x7f0000104000/0x3000)=nil, 0x3000, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000280)={@loopback, 0x0, 0x0, 0x0, 0x4, 0x2}, 0x20) pread64(r4, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) getsockopt$XDP_MMAP_OFFSETS(0xffffffffffffffff, 0x11b, 0x1, &(0x7f0000000200), &(0x7f0000000480)=0x60) socketpair$inet_sctp(0x2, 0x1, 0x84, &(0x7f00000007c0)={0xffffffffffffffff}) syz_open_procfs(r3, &(0x7f00000004c0)='attr\x00') ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000100)) write$P9_RVERSION(r4, &(0x7f0000000000)={0x15, 0x65, 0xffff, 0x0, 0x8, '9P2000.L'}, 0x15) ioctl$VIDIOC_G_OUTPUT(r0, 0x8004562e, &(0x7f0000000140)) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000000)=ANY=[], &(0x7f00000000c0)) fsetxattr$security_ima(r2, 0x0, 0x0, 0x0, 0x0) dup2(r1, 0xffffffffffffffff) openat$rtc(0xffffffffffffff9c, 0x0, 0x8000, 0x0) syz_open_dev$vcsn(&(0x7f00000001c0)='/dev/vcs#\x00', 0x1, 0x8000) ioctl$EVIOCGABS3F(r5, 0x8018457f, &(0x7f0000000080)=""/62) mlockall(0x1) mmap(&(0x7f0000428000/0x2000)=nil, 0x2000, 0xfffffffffffffffd, 0x8032, 0xffffffffffffffff, 0x0) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='numa_maps\x00') readv(r6, &(0x7f0000000300)=[{&(0x7f0000001400)=""/4096, 0x1000}], 0x1) 15:34:56 executing program 0: r0 = syz_open_dev$dmmidi(&(0x7f0000000340)='/dev/dmmidi#\x00', 0x32d3, 0x1fffd) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x800000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = getpgid(0xffffffffffffffff) r4 = syz_open_procfs(r3, 0x0) mprotect(&(0x7f0000104000/0x3000)=nil, 0x3000, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000280)={@loopback, 0x0, 0x0, 0x0, 0x4, 0x2}, 0x20) pread64(r4, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) getsockopt$XDP_MMAP_OFFSETS(0xffffffffffffffff, 0x11b, 0x1, &(0x7f0000000200), &(0x7f0000000480)=0x60) socketpair$inet_sctp(0x2, 0x1, 0x84, &(0x7f00000007c0)={0xffffffffffffffff}) syz_open_procfs(r3, &(0x7f00000004c0)='attr\x00') ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000100)) write$P9_RVERSION(r4, &(0x7f0000000000)={0x15, 0x65, 0xffff, 0x0, 0x8, '9P2000.L'}, 0x15) ioctl$VIDIOC_G_OUTPUT(r0, 0x8004562e, &(0x7f0000000140)) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000000)=ANY=[], &(0x7f00000000c0)) fsetxattr$security_ima(r2, 0x0, 0x0, 0x0, 0x0) dup2(r1, 0xffffffffffffffff) openat$rtc(0xffffffffffffff9c, 0x0, 0x8000, 0x0) syz_open_dev$vcsn(&(0x7f00000001c0)='/dev/vcs#\x00', 0x1, 0x8000) ioctl$EVIOCGABS3F(r5, 0x8018457f, &(0x7f0000000080)=""/62) mlockall(0x1) mmap(&(0x7f0000428000/0x2000)=nil, 0x2000, 0xfffffffffffffffd, 0x8032, 0xffffffffffffffff, 0x0) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='numa_maps\x00') readv(r6, &(0x7f0000000300)=[{&(0x7f0000001400)=""/4096, 0x1000}], 0x1) 15:34:57 executing program 5: r0 = syz_open_dev$usb(&(0x7f00000004c0)='/dev/bus/usb/00#/00#\x00', 0x203, 0x800000000009) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x800000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f00000002c0)={0x0, 0x100000001, 0x0, 0x0, 0x0, 0x5}, &(0x7f0000000300)=0x14) r2 = getpgid(0xffffffffffffffff) syz_open_procfs$namespace(r2, &(0x7f0000000180)='ns/pid_for_children\x00') r3 = syz_open_procfs(0x0, &(0x7f0000000080)="2f6578650000000000000f1ce300000d0000000000ebffffff") openat$vimc1(0xffffffffffffff9c, &(0x7f0000000580)='/dev/video1\x00', 0x2, 0x0) mprotect(&(0x7f0000104000/0x3000)=nil, 0x3000, 0x0) getsockopt$inet_sctp_SCTP_RECVRCVINFO(r3, 0x84, 0x20, &(0x7f00000001c0), &(0x7f0000000540)=0x4) setsockopt$inet_sctp_SCTP_NODELAY(r3, 0x84, 0x3, &(0x7f0000000240), 0x4) pread64(r3, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) perf_event_open(&(0x7f0000001000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x1000000000c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fgetxattr(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], &(0x7f0000000340)=""/144, 0x90) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000640)=[{0x0, 0x0, &(0x7f0000000600), 0x0, &(0x7f0000001080)}], 0x1, 0x4010) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(0xffffffffffffffff, 0xc0305710, &(0x7f0000000200)={0x0, 0x800, 0xfffffffffffff503, 0x9}) socketpair$inet_sctp(0x2, 0x1, 0x84, &(0x7f00000007c0)) r4 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r3, 0xc008551c, &(0x7f0000000400)=ANY=[@ANYBLOB="010400000c0000000000010007000000070000001587647ef4f8fe5fa5e572a79d3c5691be113fe445ab97fde1090e1f1e89f73d667a32d67d4f0654d662854be7e89eb8c595b511ae94b66e3549f2ef35c748a3af6790de9e5fc6c4520ad75893381f65f519edda1cb51ff93ed4ee6273e2602bbb1ae911fbc49f9abe7fff8bf86f9f67650a847b13cb53713796ffc3638a7b0845a34141c0966e27e540979a9445f7e67ebb8d808a9ba7fde65e040280b5c367469215808b428ddfb677d63c0efc2ae315ff730cc660caf49aa73c0f7718ec2437adca6d17c10316e646e3ccbbf64d4bc4ebc5b19a452d"]) sched_setattr(r2, &(0x7f00000000c0)={0x30, 0x7, 0x1, 0x2, 0x797, 0x22, 0x4, 0x1f}, 0x0) ioctl$KVM_CREATE_PIT2(r4, 0x4040ae77, &(0x7f0000000100)) r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080)='/dev/zero\x00', 0x0, 0x0) setsockopt$inet6_icmp_ICMP_FILTER(r5, 0x1, 0x1, &(0x7f0000000140)={0x40}, 0x4) ioctl$PERF_EVENT_IOC_REFRESH(r3, 0x2402, 0x5) dup2(r1, r4) ioctl$EXT4_IOC_RESIZE_FS(r0, 0x40086610, &(0x7f0000000040)=0xffff) ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x20323, 0x2}) 15:34:57 executing program 1: r0 = syz_open_dev$dmmidi(&(0x7f0000000340)='/dev/dmmidi#\x00', 0x32d3, 0x1fffd) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x800000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = getpgid(0xffffffffffffffff) r4 = syz_open_procfs(r3, 0x0) mprotect(&(0x7f0000104000/0x3000)=nil, 0x3000, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000280)={@loopback, 0x0, 0x0, 0x0, 0x4, 0x2}, 0x20) pread64(r4, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) getsockopt$XDP_MMAP_OFFSETS(0xffffffffffffffff, 0x11b, 0x1, &(0x7f0000000200), &(0x7f0000000480)=0x60) socketpair$inet_sctp(0x2, 0x1, 0x84, &(0x7f00000007c0)={0xffffffffffffffff}) syz_open_procfs(r3, &(0x7f00000004c0)='attr\x00') ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000100)) write$P9_RVERSION(r4, &(0x7f0000000000)={0x15, 0x65, 0xffff, 0x0, 0x8, '9P2000.L'}, 0x15) ioctl$VIDIOC_G_OUTPUT(r0, 0x8004562e, &(0x7f0000000140)) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000000)=ANY=[], &(0x7f00000000c0)) fsetxattr$security_ima(r2, 0x0, 0x0, 0x0, 0x0) dup2(r1, 0xffffffffffffffff) openat$rtc(0xffffffffffffff9c, 0x0, 0x8000, 0x0) syz_open_dev$vcsn(&(0x7f00000001c0)='/dev/vcs#\x00', 0x1, 0x8000) ioctl$EVIOCGABS3F(r5, 0x8018457f, &(0x7f0000000080)=""/62) mlockall(0x1) mmap(&(0x7f0000428000/0x2000)=nil, 0x2000, 0xfffffffffffffffd, 0x8032, 0xffffffffffffffff, 0x0) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='numa_maps\x00') readv(r6, &(0x7f0000000300)=[{&(0x7f0000001400)=""/4096, 0x1000}], 0x1) 15:34:57 executing program 3: r0 = syz_open_dev$dmmidi(&(0x7f0000000340)='/dev/dmmidi#\x00', 0x32d3, 0x1fffd) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x800000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = getpgid(0xffffffffffffffff) r4 = syz_open_procfs(r3, 0x0) mprotect(&(0x7f0000104000/0x3000)=nil, 0x3000, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000280)={@loopback, 0x0, 0x0, 0x0, 0x4, 0x2}, 0x20) pread64(r4, &(0x7f0000003c00)=""/4096, 0xffffff72, 0x0) getsockopt$XDP_MMAP_OFFSETS(0xffffffffffffffff, 0x11b, 0x1, &(0x7f0000000200), &(0x7f0000000480)=0x60) socketpair$inet_sctp(0x2, 0x1, 0x84, &(0x7f00000007c0)={0xffffffffffffffff}) syz_open_procfs(r3, &(0x7f00000004c0)='attr\x00') ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000100)) write$P9_RVERSION(r4, &(0x7f0000000000)={0x15, 0x65, 0xffff, 0x0, 0x8, '9P2000.L'}, 0x15) ioctl$VIDIOC_G_OUTPUT(r0, 0x8004562e, &(0x7f0000000140)) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000000)=ANY=[], &(0x7f00000000c0)) fsetxattr$security_ima(r2, 0x0, 0x0, 0x0, 0x0) dup2(r1, 0xffffffffffffffff) openat$rtc(0xffffffffffffff9c, 0x0, 0x8000, 0x0) syz_open_dev$vcsn(&(0x7f00000001c0)='/dev/vcs#\x00', 0x1, 0x8000) ioctl$EVIOCGABS3F(r5, 0x8018457f, &(0x7f0000000080)=""/62) mlockall(0x1) mmap(&(0x7f0000428000/0x2000)=nil, 0x2000, 0xfffffffffffffffd, 0x8032, 0xffffffffffffffff, 0x0) r6 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='numa_maps\x00') readv(r6, &(0x7f0000000300)=[{&(0x7f0000001400)=""/4096, 0x1000}], 0x1) 15:34:57 executing program 2: pipe(&(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000040)=ANY=[], 0x7c774aac) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x300000a, 0x2011, r2, 0x0) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000f44000/0x4000)=nil, 0x507000, 0x1000007, 0x2013, r2, 0x0) ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x4044880) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r3 = socket$inet6(0xa, 0x803, 0x3) ioctl(r3, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") 15:34:57 executing program 4: ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000001c0)={0x0, {0x2, 0x0, @dev}, {}, {0x2, 0x0, @broadcast}}) r0 = socket$inet6(0xa, 0x3, 0x2) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)={0x1, 0x14, 0x249e21, 0x100000001}, 0x2c) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000000180)={r1, &(0x7f0000000000), 0x0}, 0x18) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000000)={r1, &(0x7f00000001c0), 0x0}, 0x20) 15:34:58 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000008ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000007000)={0x4, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05630440"], 0x0, 0x0, 0x0}) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0xc, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="046304400000100007630440"], 0x0, 0x0, 0x0}) 15:34:58 executing program 4: r0 = socket$kcm(0xa, 0x122000000003, 0x11) setsockopt$sock_attach_bpf(r0, 0x29, 0x24, &(0x7f00000002c0), 0x4) sendmsg$kcm(r0, &(0x7f0000000140)={&(0x7f0000003840)=@nl=@unspec={0x40000000, 0x0, 0x0, 0x80fe}, 0x80, &(0x7f0000000040)=[{&(0x7f0000003900)="d90d0000768606681d012f629c75adfa4208d5febf524a024aface6a6ac7d846ed2fa163e15ffb5033e9ad60d7a8a295b90bf9cc85a2b1496c0c48830103080a2f858ad2c4aa412d", 0x48}], 0x1}, 0x0) 15:34:58 executing program 5: r0 = socket$inet6(0xa, 0x400000000000803, 0x3) ioctl(r0, 0x400001000008912, &(0x7f0000000200)="0a5c2d023c126285718070") r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x1, 0x6, 0x209e21, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000b40)={r1, &(0x7f0000000040)="85", 0x0}, 0x20) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f00000000c0)={r1, &(0x7f0000000100), 0x0}, 0x18) [ 329.377042] binder: 8583:8585 Acquire 1 refcount change on invalid ref 0 ret -22 15:34:58 executing program 1: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @dev={0xac, 0x14, 0x14, 0x13}}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x12, 0xbe, 0x4, 0x400000000078}, 0x1c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r1, &(0x7f0000000040), 0x0}, 0x20) [ 329.494917] binder: 8583:8585 IncRefs 0 refcount change on invalid ref 1048576 ret -22 [ 329.503401] binder: 8583:8585 DecRefs 0 refcount change on invalid ref 0 ret -22 [ 329.534481] binder: 8583:8591 Acquire 1 refcount change on invalid ref 0 ret -22 [ 329.613154] binder: 8583:8593 IncRefs 0 refcount change on invalid ref 1048576 ret -22 [ 329.621305] binder: 8583:8593 DecRefs 0 refcount change on invalid ref 0 ret -22 15:34:58 executing program 3: socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, &(0x7f0000a88f88), 0x0, 0x20000000, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x12, 0xbe, 0x4, 0x400000000078, 0x10}, 0x1c) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r1, &(0x7f0000000040), 0x0}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000280)={r1, &(0x7f0000000040), 0x0}, 0x18) 15:34:58 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f0000000080)={{0x2, 0x0, @remote}, {0x0, @broadcast}, 0x1c, {0x2, 0x0, @rand_addr}, 'bond0\x00'}) 15:34:58 executing program 4: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) r2 = dup2(r1, r0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x8, 0x0, &(0x7f0000000900)=[@increfs], 0x0, 0x0, 0x0}) 15:34:59 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x5, 0x0) ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000000)={0x434, 0x0, 0x0, 0x15b874b9}) write$binfmt_aout(r0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0000063fc98c01000004000000000060350ef0a37ada97825e45a90f3d09876e700cd4e191a1f99937702d8f9523b12ed90920477333bb937deefa86a91c8275dd4b26916a0dc38b518c7df02d2aed24a7c271ec5f003b2cbdae69c72000000000000000710e13"], 0x67) ioctl$TCSETS(r0, 0x5402, &(0x7f0000000200)={0x0, 0x401}) [ 330.041666] binder: 8612:8613 IncRefs 0 refcount change on invalid ref 0 ret -22 15:34:59 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x8004, 0x0, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={"0000000000000000000000000200", 0x20000004fdd}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) sendmmsg(r1, &(0x7f00000092c0), 0x4000000000003fb, 0x0) 15:34:59 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x5, 0x0) write$binfmt_aout(r1, &(0x7f00000004c0)=ANY=[@ANYBLOB="0000063fc98c01000004000000000060350ef0a37ada97825e45a90f3d09876e700cd4e191a1f99937702d8f9523b12ed90920477333bb937deefa86a91c8275dd4b26916a0dc38b518c7df02d2aed24a7c271ec5f003b2cbdae69c72000000000000000710e13"], 0x67) ioctl$TCSETS(r1, 0x5402, &(0x7f0000000200)) 15:34:59 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) recvmsg(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000003ac0)=""/4096, 0x7ffff000}], 0x1}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 15:34:59 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x5, 0x0) write$binfmt_aout(r1, &(0x7f00000004c0)=ANY=[@ANYBLOB="0000063fc98c01000004000000000060350ef0a37ada97825e45a90f3d09876e700cd4e191a1f99937702d8f9523b12ed90920477333bb937deefa86a91c8275dd4b26916a0dc38b518c7df02d2aed24a7c271ec5f003b2cbdae69c72000000000000000710e13"], 0x67) ioctl$TCSETS(r1, 0x5402, &(0x7f0000000200)={0x0, 0x401}) [ 330.435568] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 330.442578] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 330.468660] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 330.477993] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready 15:34:59 executing program 5: 15:34:59 executing program 3: [ 330.699911] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 330.709521] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 15:34:59 executing program 3: 15:34:59 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/anycast6\x00') preadv(r0, &(0x7f0000000500)=[{&(0x7f0000000240)=""/28, 0x1c}], 0x1, 0x0) 15:35:00 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0x5, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000001c0)='syz_tun\x00', 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f000057bff0)={0x2, 0x4e20, @multicast1=0xe0000901}, 0x10) 15:35:00 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f0000e95fe0)={@remote={0xfe, 0x80, [], 0xffffffffffffffff}}, 0x20) [ 331.156910] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 15:35:00 executing program 3: [ 331.347994] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 15:35:00 executing program 5: 15:35:01 executing program 0: 15:35:01 executing program 3: 15:35:01 executing program 1: 15:35:01 executing program 4: 15:35:01 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) recvmsg(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000003ac0)=""/4096, 0x7ffff000}], 0x1}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 15:35:01 executing program 5: 15:35:01 executing program 1: 15:35:01 executing program 5: 15:35:01 executing program 4: 15:35:01 executing program 3: 15:35:01 executing program 0: 15:35:02 executing program 5: 15:35:02 executing program 1: 15:35:02 executing program 0: 15:35:02 executing program 4: 15:35:02 executing program 3: 15:35:02 executing program 2: 15:35:02 executing program 5: 15:35:02 executing program 1: 15:35:02 executing program 0: 15:35:02 executing program 3: 15:35:02 executing program 4: 15:35:03 executing program 1: 15:35:03 executing program 3: 15:35:03 executing program 4: 15:35:03 executing program 0: 15:35:03 executing program 5: 15:35:03 executing program 2: 15:35:03 executing program 1: 15:35:03 executing program 4: 15:35:03 executing program 0: 15:35:03 executing program 3: 15:35:03 executing program 2: 15:35:03 executing program 5: 15:35:03 executing program 1: 15:35:04 executing program 0: 15:35:04 executing program 3: 15:35:04 executing program 2: 15:35:04 executing program 4: 15:35:04 executing program 5: 15:35:04 executing program 1: 15:35:04 executing program 5: 15:35:04 executing program 3: 15:35:04 executing program 4: 15:35:04 executing program 2: 15:35:04 executing program 0: 15:35:05 executing program 3: 15:35:05 executing program 1: 15:35:05 executing program 5: 15:35:05 executing program 0: 15:35:05 executing program 2: 15:35:05 executing program 4: 15:35:05 executing program 3: 15:35:05 executing program 1: 15:35:05 executing program 5: 15:35:05 executing program 2: 15:35:05 executing program 4: 15:35:05 executing program 0: 15:35:05 executing program 1: 15:35:06 executing program 5: 15:35:06 executing program 2: 15:35:06 executing program 3: 15:35:06 executing program 4: 15:35:06 executing program 1: 15:35:06 executing program 0: 15:35:06 executing program 2: 15:35:06 executing program 5: 15:35:06 executing program 1: 15:35:06 executing program 3: 15:35:06 executing program 4: 15:35:06 executing program 2: 15:35:06 executing program 0: creat(&(0x7f00000000c0)='./file1\x00', 0x0) syz_execute_func(&(0x7f0000000240)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e00c42221b888010000003e0f1110c442019dccd3196f") lsetxattr$trusted_overlay_upper(&(0x7f0000000040)='./file1\x00', &(0x7f0000000100)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0) 15:35:07 executing program 1: r0 = socket$nl_crypto(0x10, 0x3, 0x15) r1 = dup(r0) ioctl$BLKROTATIONAL(r1, 0x127e, 0x0) 15:35:07 executing program 5: clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$packet(0x11, 0x4000000002, 0x300, &(0x7f0000000100)={0xffffffffffffffff}) stat(0x0, 0x0) stat(&(0x7f0000000980)='./file0\x00', 0x0) gettid() fstat(0xffffffffffffffff, 0x0) fcntl$getown(r0, 0x9) fstat(r0, &(0x7f0000004d40)) getresgid(0x0, 0x0, 0x0) getpid() 15:35:07 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x131f64) setsockopt$inet6_MRT6_ADD_MFC_PROXY(r0, 0x29, 0xd2, 0x0, 0x0) 15:35:07 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = dup(r0) ioctl$BLKGETSIZE(r1, 0x1260, 0x0) 15:35:07 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = dup(r0) ioctl$EVIOCGSW(r1, 0x8040451b, 0x0) 15:35:07 executing program 1: seccomp(0x1, 0x0, 0x0) shutdown(0xffffffffffffffff, 0x1) 15:35:07 executing program 0: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_ALM_SET(r0, 0x40247007, &(0x7f00000002c0)) 15:35:07 executing program 5: clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$packet(0x11, 0x4000000002, 0x300, &(0x7f0000000100)={0xffffffffffffffff}) stat(0x0, 0x0) stat(&(0x7f0000000980)='./file0\x00', 0x0) gettid() fstat(0xffffffffffffffff, 0x0) fcntl$getown(r0, 0x9) fstat(r0, &(0x7f0000004d40)) getresgid(0x0, 0x0, 0x0) getpid() 15:35:07 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) sched_getparam(0x0, &(0x7f0000000300)) 15:35:07 executing program 2: seccomp(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0xfffffffffffffffb}]}) shmat(0xffffffffffffffff, &(0x7f0000ffa000/0x4000)=nil, 0x0) 15:35:07 executing program 0: seccomp(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0xfffffffffffffffb}]}) mlockall(0x1) 15:35:07 executing program 4: seccomp(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0xfffffffffffffffb}]}) set_robust_list(&(0x7f0000000080), 0x18) 15:35:07 executing program 1: seccomp(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0xfffffffffffffffb}]}) clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000040), 0x0, 0x0, 0x8) [ 338.994814] audit: type=1326 audit(1543592108.048:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8851 comm="syz-executor2" exe="/root/syz-executor2" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a3ca code=0xffff0000 15:35:08 executing program 5: seccomp(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0xfffffffffffffffb}]}) clock_adjtime(0x0, &(0x7f0000000100)) [ 339.065707] audit: type=1326 audit(1543592108.088:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8857 comm="syz-executor4" exe="/root/syz-executor4" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a3ca code=0xffff0000 15:35:08 executing program 3: dup(0xffffffffffffff9c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mlockall(0x2) [ 339.141638] audit: type=1326 audit(1543592108.168:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8861 comm="syz-executor1" exe="/root/syz-executor1" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a3ca code=0xffff0000 [ 339.163683] audit: type=1326 audit(1543592108.198:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8852 comm="syz-executor0" exe="/root/syz-executor0" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a3ca code=0xffff0000 [ 339.275705] audit: type=1326 audit(1543592108.278:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8865 comm="syz-executor5" exe="/root/syz-executor5" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a3ca code=0xffff0000 15:35:08 executing program 3: mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) seccomp(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0xfffffffffffffffb}]}) rmdir(&(0x7f0000000000)='./file1\x00') [ 339.433530] audit: type=1326 audit(1543592108.488:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8874 comm="syz-executor3" exe="/root/syz-executor3" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a3ca code=0xffff0000 [ 339.687687] audit: type=1326 audit(1543592108.738:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8852 comm="syz-executor0" exe="/root/syz-executor0" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a3ca code=0xffff0000 [ 339.712182] audit: type=1326 audit(1543592108.758:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8851 comm="syz-executor2" exe="/root/syz-executor2" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a3ca code=0xffff0000 [ 339.772785] audit: type=1326 audit(1543592108.818:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8857 comm="syz-executor4" exe="/root/syz-executor4" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a3ca code=0xffff0000 15:35:08 executing program 2: seccomp(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0xfffffffffffffffb}]}) remap_file_pages(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0) 15:35:08 executing program 0: mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) seccomp(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0xfffffffffffffffb}]}) lsetxattr$trusted_overlay_origin(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000280)='trusted.overlay.origin\x00', 0x0, 0x0, 0x0) [ 339.873840] audit: type=1326 audit(1543592108.928:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8867 comm="syz-executor1" exe="/root/syz-executor1" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a3ca code=0xffff0000 15:35:09 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000f59ffc)=0x4, 0x4) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000d1c000)=0x6, 0x4) bind$inet6(r1, &(0x7f0000f67fe4)={0xa, 0x4e20}, 0x1c) 15:35:09 executing program 4: syz_emit_ethernet(0x3e, &(0x7f0000000000)={@local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, @remote, @dev}, @icmp=@parameter_prob={0x8, 0x8, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local={0xac, 0x70}, @dev}}}}}}, 0x0) [ 340.111294] mmap: syz-executor2 (8888) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. 15:35:09 executing program 5: r0 = socket(0x10, 0x2, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_tables_targets\x00') socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendfile(r0, r1, 0x0, 0xc6) 15:35:09 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x805, 0x0) write$uinput_user_dev(r0, &(0x7f0000000100)={'syz1\x00'}, 0x45c) ioctl$UI_SET_ABSBIT(0xffffffffffffffff, 0x40045567, 0x0) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) 15:35:09 executing program 1: memfd_create(0x0, 0x0) syz_open_dev$sndseq(&(0x7f0000000480)='/dev/snd/seq\x00', 0x0, 0x4080) 15:35:09 executing program 5: memfd_create(&(0x7f0000000400)="e83779d80efa45bb7f48bebc95870bd0cd39bd2830ee47afe7b33fc778bde252c50d2e", 0x0) syz_open_dev$sndseq(&(0x7f0000000480)='/dev/snd/seq\x00', 0x0, 0x4080) 15:35:09 executing program 3: socket$vsock_stream(0x28, 0x1, 0x0) syz_open_dev$dspn(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x8c) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x13}}}, 0x1c) bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$inet_sctp_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000001000)={0x10000, 0x4, 0x100, 0x400}, 0x6) r2 = socket(0x11, 0x80002, 0x0) signalfd4(0xffffffffffffffff, &(0x7f0000000300)={0x3ff}, 0x8, 0x80000) setsockopt$packet_int(r2, 0x107, 0xa, &(0x7f0000788000)=0x2, 0x4) setsockopt(r2, 0x107, 0x5, &(0x7f0000001000), 0xc5) r3 = accept4(r0, &(0x7f00004d4000)=@nl=@proc, &(0x7f0000047ffc)=0x80, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) statfs(&(0x7f0000000180)='./file0\x00', &(0x7f0000002380)=""/4096) sendmmsg(r3, &(0x7f0000003d40)=[{{&(0x7f0000001b00)=@l2={0xc9}, 0x80, &(0x7f0000001d00), 0x0, &(0x7f0000001d40)}}, {{&(0x7f0000002300)=@nl, 0x80, &(0x7f0000003740), 0x0, &(0x7f00000037c0)}}], 0x4000000000001eb, 0x0) [ 340.706237] input: syz1 as /devices/virtual/input/input5 15:35:09 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCFLSH(r0, 0x402c542c, 0x0) [ 340.795471] input: syz1 as /devices/virtual/input/input6 15:35:10 executing program 1: memfd_create(0x0, 0x0) syz_open_dev$sndseq(&(0x7f0000000480)='/dev/snd/seq\x00', 0x0, 0x4080) 15:35:10 executing program 2: seccomp(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0xfffffffffffffffb}]}) remap_file_pages(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0) 15:35:10 executing program 0: socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETQUEUE(0xffffffffffffffff, 0x400454d9, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, 0x0) 15:35:10 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0xfffffffffffffffe) 15:35:10 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCFLSH(r0, 0x5401, 0x0) 15:35:10 executing program 5: socketpair(0x0, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x20, 0x0, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000180)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) 15:35:10 executing program 3: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="020a040007000000000013002d54036205001a0084edbafc22000000000000001ac600b20000000000fb0000000000f20700000002000020ff11a7a94c3543d625a60264b70841e489407ba4702abaccbf4819429888415d419065b3e0dc5d0c1d582177c22b93a866e7fa05414d71fb07728853e87282baaff1d7afad35b5ae4948210d328eb35603399b5c85b6c9a103492a6e87caeda9baa9c3787b737446bedefad85a819c5d76f40ea870e3f0e790b482f5b40b119520823e67c41eb0ae10ff13da4487e6a1f8fc932227253074f0f9d11536a6e37aee99baf0d4c51e56374b5f3b6a11fdcdd809eb197cc636956e6e891e5c7bfb936987826a8065e9fb207074830af77af4dcb577d2844111564546e9c602508dd7e97ea2c73393d23a42153078c5e059ea770d98871240b0c1b0aaa215d20f573955113195d2ebffbaf043b051225bb2fe4e3e1b7d5c0bb150fe1cd95c74441b147df0e5558a58d88cfd107285903cb15ffad2295fbfc3a3f5207fef9f4c1ae2461f71d8193881949b63d0c90bf6872322b78c56c85498509257fca2c6464855c9bc57e34ceb7a70673ec2b636cf81d37333"], 0x1a9}}, 0x0) sendmmsg(r0, &(0x7f0000000180), 0x20, 0x0) 15:35:10 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x1}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 15:35:10 executing program 4: mknod(&(0x7f0000000040)='./file0\x00', 0x1044, 0x0) creat(&(0x7f0000000800)='./file0\x00', 0x0) execve(&(0x7f0000f8aff8)='./file0\x00', 0x0, 0x0) 15:35:11 executing program 1: shmat(0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000) mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4001, &(0x7f0000000080)=0x1, 0x401, 0x0) 15:35:11 executing program 2: seccomp(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0xfffffffffffffffb}]}) remap_file_pages(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0) 15:35:11 executing program 3: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket(0x10, 0x80002, 0x0) connect$netlink(r1, &(0x7f0000000100)=@proc={0x10, 0x0, 0x1}, 0xc) sendto(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 15:35:11 executing program 4: mknod(&(0x7f0000000040)='./file0\x00', 0x1044, 0x0) creat(&(0x7f0000000800)='./file0\x00', 0x0) execve(&(0x7f0000f8aff8)='./file0\x00', 0x0, 0x0) 15:35:11 executing program 0: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket(0x10, 0x80002, 0x0) connect$netlink(r1, &(0x7f0000000100)=@proc={0x10, 0x0, 0x1}, 0xc) sendto(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 15:35:11 executing program 5: socketpair(0x0, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x20, 0x0, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000180)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) 15:35:11 executing program 1: socketpair(0x0, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x20, 0x0, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000180)=0x3) ioctl$KVM_RUN(r2, 0xae80, 0x0) 15:35:11 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xfff3, &(0x7f0000000040)={&(0x7f0000000540)=@newsa={0x138, 0x10, 0x713, 0x0, 0x0, {{@in=@multicast2, @in=@rand_addr}, {@in6=@ipv4={[0xfffffff0], [], @broadcast}, 0x0, 0x32}, @in6=@ipv4, {}, {}, {}, 0x0, 0x0, 0x2, 0x4}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}]}, 0x176}}, 0x0) 15:35:11 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$int_in(r0, 0x0, &(0x7f0000000080)=0x7) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x4e20, @loopback}}, 0xffffffffffffffff, 0x2, 0x0, "a77760f5a7645bc43c241d69912dda0c63c2a66702000000000000007ba44947a79015f0fe57917c7c2a93987a938fdedfce7bbba4fec2d8a09c41fb233245f2604b9e07b8ab79ec15ef3818a17900"}, 0xd8) bind$inet(r0, &(0x7f0000000440)={0x2, 0x100000004e23, @multicast1}, 0x10) socket$inet6_sctp(0xa, 0x0, 0x84) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(0xffffffffffffffff, 0x84, 0x79, 0x0, 0x0) setsockopt(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) ioctl(0xffffffffffffffff, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000040)={0x80000001, 0x917}, 0x8) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) ioctl$FICLONERANGE(0xffffffffffffffff, 0x4020940d, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0) clock_gettime(0x0, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, 0x0, 0x0) setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(0xffffffffffffffff, 0x84, 0x19, 0x0, 0x0) sendto$inet(r0, 0x0, 0xb4, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback}, 0x10) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, 0x0) ioctl$sock_SIOCINQ(0xffffffffffffffff, 0x541b, 0x0) getsockopt$inet_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x1f3) getsockopt$inet_sctp6_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, 0x0, 0x0) ioctl$FS_IOC_SETFSLABEL(0xffffffffffffffff, 0x41009432, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendto$inet(r0, &(0x7f0000000380)="1b", 0x1, 0x8000, 0x0, 0x0) close(r0) 15:35:11 executing program 3: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0a5c2d023c126285718070") r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000003c0)=@newlink={0x28, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_OPERSTATE={0x8}]}, 0x28}}, 0x0) 15:35:12 executing program 0: bpf$MAP_CREATE(0x0, &(0x7f0000011fd4)={0x40000000003, 0x4, 0x4, 0x7cb, 0x0, 0xffffffffffffff9c}, 0x2c) r0 = bpf$MAP_CREATE(0x4, &(0x7f0000000880)={0x3, 0x0, 0x0, 0x0, 0x20000000, 0x0}, 0x2c) r1 = socket$kcm(0x2, 0x1, 0x0) sendmsg$kcm(r1, &(0x7f0000000200)={&(0x7f0000000040)=@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}, 0x80, 0x0}, 0x2004000c) setsockopt$sock_attach_bpf(r1, 0x6, 0x17, &(0x7f0000000140)=r0, 0xe0) [ 343.045937] netlink: 'syz-executor3': attribute type 16 has an invalid length. 15:35:12 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, &(0x7f00000001c0), 0x4) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000008000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000"], 0x0}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x180000000000000a, 0xe, 0x0, &(0x7f0000000000)="b90703e69ebf08bb64879e1088a8", 0x0, 0x69}, 0x28) close(r0) 15:35:12 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x29, 0x24, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz1\x00', 0x200002, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000008000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000"], 0x0}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x180000000000000a, 0xe, 0x0, &(0x7f0000000000)="b90703e69ebf08bb64879e1088a8", 0x0, 0x69}, 0x28) close(r0) 15:35:12 executing program 2: seccomp(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0xfffffffffffffffb}]}) remap_file_pages(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0) 15:35:12 executing program 3: socket(0x3, 0x3, 0x0) r0 = socket(0x200000000000011, 0x802, 0x4000000dd86) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'sit0\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @dev}, 0x14) bind$alg(0xffffffffffffffff, 0x0, 0x0) write$binfmt_elf32(r0, 0x0, 0x0) 15:35:12 executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000"], 0x0}, 0x48) r1 = perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x7, 0x70, 0x1ff, 0x9, 0x6, 0x7f, 0x0, 0x7, 0x4400, 0xa, 0x8001, 0x1, 0x0, 0x4, 0x0, 0xfffffffffffffff9, 0x7, 0x1, 0x4, 0x100000001, 0x7, 0xbe7, 0x3ff, 0x7fff, 0x1, 0x4, 0x3, 0x0, 0x20, 0x1f, 0x3, 0x10000, 0x0, 0x7, 0x7f, 0x90, 0x4, 0x7, 0x0, 0x400, 0x2, @perf_config_ext={0x0, 0x100000001}, 0x40, 0x6, 0x4, 0x0, 0x4, 0x4, 0xf5}, 0x0, 0x10, r1, 0xa) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r0, 0x1800000000006000, 0x2f, 0x0, &(0x7f0000000000)="b90703e6680d698cb89e40f00800d5dc57ee41dea43e63a377fb8a977c3f1d1756be5143d84648a27f11c72be00000", 0x0, 0x100, 0x3b8a}, 0x28) [ 343.703580] ================================================================== [ 343.711051] BUG: KMSAN: uninit-value in sit_tunnel_xmit+0x1b7e/0x3d40 [ 343.717665] CPU: 1 PID: 9019 Comm: syz-executor3 Not tainted 4.20.0-rc3+ #97 [ 343.724876] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 343.734280] Call Trace: [ 343.736925] dump_stack+0x32d/0x480 [ 343.740573] ? sit_tunnel_xmit+0x1b7e/0x3d40 [ 343.745043] kmsan_report+0x12c/0x290 [ 343.748897] __msan_warning+0x76/0xc0 [ 343.752744] sit_tunnel_xmit+0x1b7e/0x3d40 [ 343.757074] ? __dev_queue_xmit+0x2d9e/0x3e00 [ 343.761613] ? ipip6_tunnel_uninit+0x800/0x800 [ 343.766230] dev_hard_start_xmit+0x6dc/0xde0 [ 343.770754] __dev_queue_xmit+0x2d9e/0x3e00 [ 343.775155] dev_queue_xmit+0x4b/0x60 [ 343.778998] ? __netdev_pick_tx+0x14d0/0x14d0 [ 343.783567] packet_sendmsg+0x797f/0x9180 [ 343.787756] ? kmsan_memcpy_memmove_metadata+0x1a9/0xf70 [ 343.793262] ? kmsan_memcpy_metadata+0xb/0x10 [ 343.797784] ? sock_write_iter+0x102/0x4f0 [ 343.802049] ? __se_sys_write+0x17a/0x370 [ 343.806264] ? do_syscall_64+0xcf/0x110 [ 343.810279] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 343.815674] ? drop_futex_key_refs+0x232/0x330 [ 343.820308] ? futex_wait+0x942/0xc50 [ 343.824150] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 343.829551] ? aa_sk_perm+0x7ab/0x9e0 [ 343.833445] ? compat_packet_setsockopt+0x360/0x360 [ 343.838991] sock_write_iter+0x3f4/0x4f0 [ 343.843135] ? sock_read_iter+0x4e0/0x4e0 [ 343.847319] __vfs_write+0x888/0xb80 15:35:12 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x2b, 0x1, 0x0) setsockopt$sock_attach_bpf(r0, 0x6, 0xd, &(0x7f0000000140), 0x4) [ 343.851100] vfs_write+0x4a3/0x8f0 [ 343.854702] __se_sys_write+0x17a/0x370 [ 343.858732] __x64_sys_write+0x4a/0x70 [ 343.862659] do_syscall_64+0xcf/0x110 [ 343.866500] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 343.871721] RIP: 0033:0x457569 [ 343.874946] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 343.893898] RSP: 002b:00007f1b44503c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 343.901643] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 343.908939] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 343.916230] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 343.923533] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1b445046d4 [ 343.930895] R13: 00000000004c5cde R14: 00000000004da090 R15: 00000000ffffffff [ 343.938259] [ 343.939942] Uninit was created at: [ 343.943515] kmsan_internal_poison_shadow+0x6d/0x130 [ 343.948651] kmsan_kmalloc+0xa1/0x100 [ 343.952483] kmsan_slab_alloc+0xe/0x10 [ 343.956406] __kmalloc_node_track_caller+0xf62/0x14e0 [ 343.961626] __alloc_skb+0x42b/0xeb0 [ 343.965370] alloc_skb_with_frags+0x1c9/0xa80 [ 343.969908] sock_alloc_send_pskb+0xeb3/0x14c0 [ 343.974517] packet_sendmsg+0x6719/0x9180 [ 343.978708] sock_write_iter+0x3f4/0x4f0 [ 343.982793] __vfs_write+0x888/0xb80 [ 343.986601] vfs_write+0x4a3/0x8f0 [ 343.990177] __se_sys_write+0x17a/0x370 [ 343.994174] __x64_sys_write+0x4a/0x70 [ 343.998134] do_syscall_64+0xcf/0x110 [ 344.001968] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 344.007179] ================================================================== [ 344.014590] Disabling lock debugging due to kernel taint [ 344.020056] Kernel panic - not syncing: panic_on_warn set ... [ 344.025971] CPU: 1 PID: 9019 Comm: syz-executor3 Tainted: G B 4.20.0-rc3+ #97 [ 344.034567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 344.043933] Call Trace: [ 344.046551] dump_stack+0x32d/0x480 [ 344.050224] panic+0x624/0xc08 [ 344.053542] kmsan_report+0x28a/0x290 [ 344.057392] __msan_warning+0x76/0xc0 [ 344.061259] sit_tunnel_xmit+0x1b7e/0x3d40 [ 344.065579] ? __dev_queue_xmit+0x2d9e/0x3e00 [ 344.070124] ? ipip6_tunnel_uninit+0x800/0x800 [ 344.074745] dev_hard_start_xmit+0x6dc/0xde0 [ 344.079223] __dev_queue_xmit+0x2d9e/0x3e00 [ 344.083629] dev_queue_xmit+0x4b/0x60 [ 344.087463] ? __netdev_pick_tx+0x14d0/0x14d0 [ 344.092049] packet_sendmsg+0x797f/0x9180 [ 344.096226] ? kmsan_memcpy_memmove_metadata+0x1a9/0xf70 [ 344.101734] ? kmsan_memcpy_metadata+0xb/0x10 [ 344.106286] ? sock_write_iter+0x102/0x4f0 [ 344.110549] ? __se_sys_write+0x17a/0x370 [ 344.114745] ? do_syscall_64+0xcf/0x110 [ 344.118753] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 344.124166] ? drop_futex_key_refs+0x232/0x330 [ 344.128821] ? futex_wait+0x942/0xc50 [ 344.132676] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 344.138077] ? aa_sk_perm+0x7ab/0x9e0 [ 344.141966] ? compat_packet_setsockopt+0x360/0x360 [ 344.147021] sock_write_iter+0x3f4/0x4f0 [ 344.151131] ? sock_read_iter+0x4e0/0x4e0 [ 344.155304] __vfs_write+0x888/0xb80 [ 344.159086] vfs_write+0x4a3/0x8f0 [ 344.162712] __se_sys_write+0x17a/0x370 [ 344.166733] __x64_sys_write+0x4a/0x70 [ 344.170650] do_syscall_64+0xcf/0x110 [ 344.174493] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 344.179703] RIP: 0033:0x457569 [ 344.182923] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 344.201847] RSP: 002b:00007f1b44503c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 344.209584] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 344.216869] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 344.224158] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 344.231448] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f1b445046d4 [ 344.238736] R13: 00000000004c5cde R14: 00000000004da090 R15: 00000000ffffffff [ 344.247400] Kernel Offset: disabled [ 344.251043] Rebooting in 86400 seconds..