[ 37.238254][ T26] audit: type=1800 audit(1550722160.080:26): pid=7685 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 37.295903][ T26] audit: type=1800 audit(1550722160.080:27): pid=7685 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 37.330963][ T26] audit: type=1800 audit(1550722160.090:28): pid=7685 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 37.825145][ T26] audit: type=1800 audit(1550722160.680:29): pid=7685 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.10.24' (ECDSA) to the list of known hosts. 2019/02/21 04:09:31 fuzzer started 2019/02/21 04:09:34 dialing manager at 10.128.0.26:33245 2019/02/21 04:09:34 syscalls: 1 2019/02/21 04:09:34 code coverage: enabled 2019/02/21 04:09:34 comparison tracing: enabled 2019/02/21 04:09:34 extra coverage: extra coverage is not supported by the kernel 2019/02/21 04:09:34 setuid sandbox: enabled 2019/02/21 04:09:34 namespace sandbox: enabled 2019/02/21 04:09:34 Android sandbox: /sys/fs/selinux/policy does not exist 2019/02/21 04:09:34 fault injection: enabled 2019/02/21 04:09:34 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/02/21 04:09:34 net packet injection: enabled 2019/02/21 04:09:34 net device setup: enabled 04:12:37 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058560f, &(0x7f00000000c0)={0x3, 0x0, 0x4, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "aed249ba"}, 0x0, 0x0, @fd, 0x4}) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000002c0)=ANY=[@ANYBLOB="7ec767d0110a648acaac898c352fb416d0c19943c794995f7fe310c06d85e905000000000000e905c69d198471a5701aec609ce622177ebacf2c2cee1d82382e4ecbaceb0104ca7a00b878f9c9b62f4a6eeb46ac20ec2790"], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x1000000003c) fcntl$setstatus(r1, 0x4, 0x42803) syzkaller login: [ 234.903696][ T7850] IPVS: ftp: loaded support on port[0] = 21 04:12:37 executing program 1: r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz'}, 0x0, 0x0, 0xfffffffffffffffc) r1 = add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$link(0x8, r0, r1) [ 235.039819][ T7850] chnl_net:caif_netlink_parms(): no params data found [ 235.099050][ T7850] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.106623][ T7850] bridge0: port 1(bridge_slave_0) entered disabled state [ 235.116159][ T7850] device bridge_slave_0 entered promiscuous mode [ 235.127403][ T7850] bridge0: port 2(bridge_slave_1) entered blocking state [ 235.148676][ T7850] bridge0: port 2(bridge_slave_1) entered disabled state [ 235.163819][ T7850] device bridge_slave_1 entered promiscuous mode [ 235.191072][ T7850] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 235.206973][ T7854] IPVS: ftp: loaded support on port[0] = 21 [ 235.215960][ T7850] bond0: Enslaving bond_slave_1 as an active interface with an up link 04:12:38 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000140)={0xa, 0xffffffffffffffff, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x18}}}, 0x1c) sendmmsg(r0, &(0x7f0000000240), 0x5c3, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0) [ 235.272167][ T7850] team0: Port device team_slave_0 added [ 235.279395][ T7850] team0: Port device team_slave_1 added [ 235.360749][ T7850] device hsr_slave_0 entered promiscuous mode [ 235.397982][ T7850] device hsr_slave_1 entered promiscuous mode 04:12:38 executing program 3: shmget$private(0x0, 0x1000, 0x54001800, &(0x7f0000fff000/0x1000)=nil) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) inotify_init() shmat(0x0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffffff) [ 235.518235][ T7850] bridge0: port 2(bridge_slave_1) entered blocking state [ 235.525415][ T7850] bridge0: port 2(bridge_slave_1) entered forwarding state [ 235.533089][ T7850] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.540177][ T7850] bridge0: port 1(bridge_slave_0) entered forwarding state [ 235.585169][ T7856] IPVS: ftp: loaded support on port[0] = 21 [ 235.595594][ T7858] IPVS: ftp: loaded support on port[0] = 21 [ 235.761680][ T7854] chnl_net:caif_netlink_parms(): no params data found [ 235.782904][ T7850] 8021q: adding VLAN 0 to HW filter on device bond0 04:12:38 executing program 4: r0 = socket$packet(0x11, 0x40800000000003, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000002180)=0x100, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000500)={'lo\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @local}, 0x14) sendto$inet6(r0, &(0x7f00000002c0)="020400000300600000000000fff55b4202938207d9fb3780398d537500000600791f301ee616d5c01843e0650053c0e385472da7222a2bb70100af5ba514d40000ef00000000000000a96fa9a1e8d1843e770afd6e9ef5837dbd0000ce08467a2c4436f15778013f", 0x68, 0x0, 0x0, 0x0) [ 235.867237][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 235.881362][ T17] bridge0: port 1(bridge_slave_0) entered disabled state [ 235.901048][ T17] bridge0: port 2(bridge_slave_1) entered disabled state [ 235.921399][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 235.948570][ T7850] 8021q: adding VLAN 0 to HW filter on device team0 [ 236.041393][ T2890] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 236.052782][ T2890] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.060301][ T2890] bridge0: port 1(bridge_slave_0) entered forwarding state 04:12:39 executing program 5: clone(0x2002001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) unshare(0x20000000) unshare(0x24020400) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) pipe(&(0x7f0000000040)={0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(0xffffffffffffffff) socket$inet_tcp(0x2, 0x1, 0x0) splice(r1, 0x0, r2, 0x0, 0x10005, 0x0) [ 236.111781][ T7860] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 236.122591][ T7860] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 236.133773][ T7860] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.140873][ T7860] bridge0: port 2(bridge_slave_1) entered forwarding state [ 236.150963][ T7860] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 236.159778][ T7860] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 236.192611][ T7858] chnl_net:caif_netlink_parms(): no params data found [ 236.193410][ T7866] IPVS: ftp: loaded support on port[0] = 21 [ 236.215839][ T7850] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 236.226720][ T7850] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 236.240384][ T7856] chnl_net:caif_netlink_parms(): no params data found [ 236.251810][ T2890] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 236.263299][ T2890] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 236.271844][ T2890] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 236.280999][ T2890] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 236.289369][ T2890] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 236.297499][ T2890] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 236.306033][ T2890] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 236.314266][ T2890] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 236.322813][ T7854] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.330824][ T7854] bridge0: port 1(bridge_slave_0) entered disabled state [ 236.338656][ T7854] device bridge_slave_0 entered promiscuous mode [ 236.350274][ T7854] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.357322][ T7854] bridge0: port 2(bridge_slave_1) entered disabled state [ 236.365291][ T7854] device bridge_slave_1 entered promiscuous mode [ 236.397564][ T2890] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 236.405771][ T2890] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 236.430706][ T7854] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 236.441360][ T7854] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 236.482181][ T7858] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.489847][ T7858] bridge0: port 1(bridge_slave_0) entered disabled state [ 236.497436][ T7858] device bridge_slave_0 entered promiscuous mode [ 236.513406][ T7868] IPVS: ftp: loaded support on port[0] = 21 [ 236.542831][ T7858] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.550063][ T7858] bridge0: port 2(bridge_slave_1) entered disabled state [ 236.558005][ T7858] device bridge_slave_1 entered promiscuous mode [ 236.578597][ T7856] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.585664][ T7856] bridge0: port 1(bridge_slave_0) entered disabled state [ 236.593977][ T7856] device bridge_slave_0 entered promiscuous mode [ 236.603739][ T7854] team0: Port device team_slave_0 added [ 236.622109][ T7850] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 236.632089][ T7856] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.640129][ T7856] bridge0: port 2(bridge_slave_1) entered disabled state [ 236.650384][ T7856] device bridge_slave_1 entered promiscuous mode [ 236.658588][ T7854] team0: Port device team_slave_1 added [ 236.675522][ T7858] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 236.689704][ T7858] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 236.714416][ T7856] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 236.724383][ T7856] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 236.777335][ T7858] team0: Port device team_slave_0 added [ 236.793611][ T7858] team0: Port device team_slave_1 added [ 236.859812][ T7854] device hsr_slave_0 entered promiscuous mode [ 236.897908][ T7854] device hsr_slave_1 entered promiscuous mode [ 237.003926][ T7854] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.011112][ T7854] bridge0: port 2(bridge_slave_1) entered forwarding state [ 237.018507][ T7854] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.025579][ T7854] bridge0: port 1(bridge_slave_0) entered forwarding state [ 237.035943][ T7856] team0: Port device team_slave_0 added 04:12:39 executing program 0: openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm_plock\x00', 0x0, 0x0) syz_open_dev$binder(&(0x7f0000000340)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x100000443) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(0xffffffffffffffff, 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) openat$uhid(0xffffffffffffff9c, &(0x7f0000000100)='/dev/uhid\x00', 0x0, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, 0x0, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) [ 237.100670][ T7858] device hsr_slave_0 entered promiscuous mode [ 237.158124][ T7858] device hsr_slave_1 entered promiscuous mode [ 237.199823][ T7856] team0: Port device team_slave_1 added [ 237.206302][ T17] bridge0: port 1(bridge_slave_0) entered disabled state [ 237.214136][ T17] bridge0: port 2(bridge_slave_1) entered disabled state [ 237.312228][ T7856] device hsr_slave_0 entered promiscuous mode [ 237.353371][ C1] hrtimer: interrupt took 36071 ns [ 237.368045][ T7856] device hsr_slave_1 entered promiscuous mode 04:12:40 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$EVIOCGKEYCODE(r0, 0x80084504, 0x0) [ 237.491499][ T7866] chnl_net:caif_netlink_parms(): no params data found [ 237.515975][ T7868] chnl_net:caif_netlink_parms(): no params data found 04:12:40 executing program 0: r0 = gettid() times(0x0) ioctl$RNDADDTOENTCNT(0xffffffffffffffff, 0x40045201, 0x0) chmod(0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) getresuid(0x0, 0x0, 0x0) dup(0xffffffffffffffff) mkdirat(0xffffffffffffffff, 0x0, 0x10) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) stat(0x0, 0x0) getresgid(0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x0, 0x0) tkill(r0, 0x1000000000016) [ 237.625523][ T7866] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.633889][ T7866] bridge0: port 1(bridge_slave_0) entered disabled state [ 237.642371][ T7866] device bridge_slave_0 entered promiscuous mode [ 237.652342][ T7866] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.660072][ T7866] bridge0: port 2(bridge_slave_1) entered disabled state [ 237.676190][ T7866] device bridge_slave_1 entered promiscuous mode [ 237.715281][ T7866] bond0: Enslaving bond_slave_0 as an active interface with an up link 04:12:40 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000140)='ic\x00', 0x3) [ 237.748675][ T7868] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.755787][ T7868] bridge0: port 1(bridge_slave_0) entered disabled state [ 237.764156][ T7868] device bridge_slave_0 entered promiscuous mode [ 237.773512][ T7866] bond0: Enslaving bond_slave_1 as an active interface with an up link 04:12:40 executing program 0: socket$netlink(0x10, 0x3, 0x4000000000002) r0 = eventfd2(0x0, 0x0) r1 = open(&(0x7f0000000080)='./file0\x00', 0x101042, 0x0) ioctl$EVIOCGUNIQ(r1, 0x80404508, &(0x7f00000000c0)=""/44) read$eventfd(r0, &(0x7f0000000000), 0x8) r2 = creat(0x0, 0x2) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)=0x9) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r2, 0x6, 0x16, &(0x7f0000000300)=[@mss={0x2, 0x5968}], 0x1) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/netlink\x00m\x10\x1bDv\xe5j@\xca\x98\"X\xc7k\xb9u\x17w\xed*\xb23\xa9#\xcb\x12\x97\xe9U\x18\xd4\x8d\b\xfc\x845j\x18z\r\xd6\xea\xacE\xd3G\xa9Ki(\xf3\xa3\xfa\xf1\x11(b\am\xd21\x91Q\xbe}\xa3\x8b\r\xc2TR\xa9\tm\x1f\x12hf\xc6\xfa!\x8eK\xd9\x90K\xfa\xc1\x1d\xa9i\x17\a\xdb+\x95Z /\xc9\xafk\xb3!\x05\x17\xcb\x05\tX\x9c~\x85O\x97\x8f\xcc\xcc\xe4\xcb=\xdb\xdf\x1a\x81N\x01>\xdb7\xe3\xe3\xae;3\x8fF\x18\xa4Y `nu\xab!\x9dG\xea\x06\xa7\x83\t\x9b<\x10\xad\a\xb5Ia\xb4f\x97\xb7a4!\xe5h\xabk\x7f\xc4\x9d8\xdb>') preadv(r3, &(0x7f0000000940)=[{&(0x7f0000000500)=""/112, 0x70}], 0x1, 0x4c000000) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) accept4$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r4, 0x0, 0x0) sendmmsg(r4, &(0x7f0000000480), 0x2e9, 0xffd8) ioctl$RTC_SET_TIME(r3, 0x4024700a, &(0x7f00000003c0)={0x0, 0x5, 0x0, 0x0, 0x0, 0x546ed81b, 0x4}) ioctl$VT_GETSTATE(0xffffffffffffffff, 0x5603, 0x0) ioctl$ASHMEM_PURGE_ALL_CACHES(0xffffffffffffffff, 0x770a, 0x0) r5 = accept$packet(r2, 0x0, &(0x7f0000000140)) ioctl$sock_inet_SIOCGIFPFLAGS(r5, 0x8935, &(0x7f0000000180)={'vlan0\x00', 0xfffffffffffffffb}) ioctl$VT_OPENQRY(0xffffffffffffffff, 0x5600, 0x0) sendmsg$TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, 0x0, 0x0) io_setup(0x6, &(0x7f0000000100)) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x2, 0x0) [ 237.833581][ T7868] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.840764][ T7868] bridge0: port 2(bridge_slave_1) entered disabled state [ 237.849293][ T7868] device bridge_slave_1 entered promiscuous mode [ 237.871446][ T7854] 8021q: adding VLAN 0 to HW filter on device bond0 [ 237.889696][ T7866] team0: Port device team_slave_0 added [ 237.912072][ T7868] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 237.930302][ T7858] 8021q: adding VLAN 0 to HW filter on device bond0 [ 237.938691][ T7866] team0: Port device team_slave_1 added [ 237.947182][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 237.956250][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 237.973065][ T7868] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 238.034690][ T7860] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 238.045298][ T7860] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 238.055247][ T7854] 8021q: adding VLAN 0 to HW filter on device team0 [ 238.110513][ T7866] device hsr_slave_0 entered promiscuous mode [ 238.148065][ T7866] device hsr_slave_1 entered promiscuous mode [ 238.210575][ T7858] 8021q: adding VLAN 0 to HW filter on device team0 [ 238.219973][ T7868] team0: Port device team_slave_0 added [ 238.228473][ T7856] 8021q: adding VLAN 0 to HW filter on device bond0 [ 238.237445][ T7868] team0: Port device team_slave_1 added [ 238.261334][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 238.270190][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 238.279147][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.286235][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 238.293857][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 238.303120][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 238.311487][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.318565][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 238.326005][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 238.334961][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 238.343308][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 238.350347][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 238.378217][ T7856] 8021q: adding VLAN 0 to HW filter on device team0 [ 238.403185][ T7853] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 238.412176][ T7853] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 238.421146][ T7853] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 238.429502][ T7853] bridge0: port 2(bridge_slave_1) entered blocking state [ 238.436547][ T7853] bridge0: port 2(bridge_slave_1) entered forwarding state [ 238.444817][ T7853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 238.453871][ T7853] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 238.462386][ T7853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 238.471066][ T7853] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 238.479472][ T7853] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 238.488185][ T7853] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 238.496386][ T7853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 238.505136][ T7853] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 238.513296][ T7853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 238.520966][ T7853] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 238.529630][ T7853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 238.538228][ T7853] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 238.546478][ T7853] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.553614][ T7853] bridge0: port 1(bridge_slave_0) entered forwarding state [ 238.562454][ T7853] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 238.570456][ T7853] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 238.578808][ T7853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 238.587152][ T7853] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 238.660261][ T7868] device hsr_slave_0 entered promiscuous mode [ 238.697890][ T7868] device hsr_slave_1 entered promiscuous mode [ 238.738689][ T7860] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 238.747154][ T7860] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 238.761448][ T7860] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 238.772746][ T7860] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 238.785497][ T7860] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 238.795989][ T7860] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 238.810213][ T7860] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 238.822368][ T7860] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 238.834075][ T7860] bridge0: port 2(bridge_slave_1) entered blocking state [ 238.841182][ T7860] bridge0: port 2(bridge_slave_1) entered forwarding state [ 238.852302][ T7860] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 238.860900][ T7860] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 238.869686][ T7860] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 238.878417][ T7860] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 238.888072][ T7860] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 238.895876][ T7860] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 238.907530][ T7854] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 238.919266][ T7854] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 238.930518][ T7858] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 238.941605][ T7858] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 238.957152][ T2890] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 238.965594][ T2890] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 238.973806][ T2890] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 238.982211][ T2890] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 239.005387][ T7858] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 239.034581][ T7856] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 239.045200][ T7856] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network 04:12:41 executing program 0: write$P9_RWALK(0xffffffffffffffff, 0x0, 0x0) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x2e) clone(0x210007fa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) tkill(r0, 0xc) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x3a}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) exit_group(0x0) [ 239.079224][ T7854] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 239.087110][ T2890] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 239.095832][ T2890] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 239.105493][ T2890] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 239.114134][ T2890] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 239.123452][ T2890] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 239.132345][ T2890] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 239.151548][ T7866] 8021q: adding VLAN 0 to HW filter on device bond0 [ 239.182568][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 239.206252][ T7856] 8021q: adding VLAN 0 to HW filter on device batadv0 04:12:42 executing program 0: syz_emit_ethernet(0x3e, &(0x7f0000000000)={@local, @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @remote={0xac, 0x223}, @dev={0xac, 0x14, 0x14, 0x11}}, @icmp=@parameter_prob={0x3, 0x8, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4029, 0x0, @local={0xac, 0x223}, @dev}}}}}}, 0x0) [ 239.253301][ T26] kauditd_printk_skb: 1 callbacks suppressed [ 239.253313][ T26] audit: type=1800 audit(1550722362.110:31): pid=7914 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.3" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 04:12:42 executing program 1: ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) r0 = syz_open_procfs$namespace(0x0, 0xffffffffffffffff) ptrace$peek(0xffffffffffffffff, 0x0, 0x0) fchdir(r0) [ 239.345737][ T7866] 8021q: adding VLAN 0 to HW filter on device team0 [ 239.372098][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 239.391047][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 239.428123][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 239.436656][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 239.481070][ T7899] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.488221][ T7899] bridge0: port 1(bridge_slave_0) entered forwarding state [ 239.510925][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 239.548906][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 239.557441][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 239.569224][ T7899] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.576289][ T7899] bridge0: port 2(bridge_slave_1) entered forwarding state [ 239.593325][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 239.607491][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 239.633828][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 239.649238][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 239.674303][ T7868] 8021q: adding VLAN 0 to HW filter on device bond0 [ 239.695381][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 239.703712][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 239.719157][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 239.727571][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 239.742259][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 239.751891][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 239.765104][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 239.785716][ T7866] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 239.811672][ T7868] 8021q: adding VLAN 0 to HW filter on device team0 [ 239.824838][ T7853] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 239.833334][ T7853] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 239.856313][ T7866] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 239.879666][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 239.894776][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 239.904135][ T7859] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.911245][ T7859] bridge0: port 1(bridge_slave_0) entered forwarding state [ 239.924692][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 239.933506][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 239.949341][ T7859] bridge0: port 2(bridge_slave_1) entered blocking state 04:12:42 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f023c123f3188a070") r1 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x3b, 0x0, 0x0) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) sendmmsg(r1, &(0x7f0000005fc0), 0x8000000000000fc, 0x8000000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) ioctl$FIGETBSZ(r2, 0x2, &(0x7f0000000280)) ioctl$sock_inet_udp_SIOCINQ(r0, 0x541b, &(0x7f0000000180)) write$binfmt_misc(r2, &(0x7f0000000440)={'syz1'}, 0x1200e) 04:12:42 executing program 0: r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0x3f553e5) clone(0x2100001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) link(&(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='./file1\x00') setxattr$security_smack_entry(&(0x7f0000000080)='./file2\x00', 0x0, 0x0, 0xfffffffffffffeae, 0x0) [ 239.956406][ T7859] bridge0: port 2(bridge_slave_1) entered forwarding state [ 239.989385][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 240.026607][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 240.051823][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 240.069692][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 240.085817][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 240.094542][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 240.112423][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 240.121599][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 240.133807][ T7899] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 240.145974][ T7868] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 240.161569][ T7868] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 240.178639][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 240.219833][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 240.269680][ T7859] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 240.277843][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 240.283739][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 240.320292][ T7868] 8021q: adding VLAN 0 to HW filter on device batadv0 04:12:43 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000680)='projid_map\x00') recvmmsg(0xffffffffffffffff, &(0x7f0000002740)=[{{0x0, 0x0, &(0x7f0000000500)=[{0x0}], 0x1}, 0x80000001}], 0x1, 0x0, 0x0) preadv(r0, &(0x7f00000017c0), 0x1fe, 0x0) 04:12:43 executing program 1: openat$uhid(0xffffffffffffff9c, &(0x7f0000000280)='/dev/uhid\x00', 0x802, 0x0) r0 = socket$inet6(0xa, 0x3, 0x6) r1 = syz_open_procfs(0x0, &(0x7f0000000980)='net/ip6_flowlabel\x00n\xc01\x14\x894X\xed\xc1\xc9\xd8\xdcK\x00\x00\xae\x98&@\xd0\xe6\xbbQ\xff\a\x00\x00\x00\x00\x00\x00\xaa1\x91\x98\xe9\x1f\nMCi|+\xcd\xf9N\xdc\xc5\xa2*\x13\x8f\xf3;\xd6d2\xeb\xe5\x14\x0e\x8b\xda\xb7\xfc9h(mf\'\xa19q\x93\"}G3\xc1E\xe6e6\xc6\xc2u\x11%`\xe7+0\x97\x84;\\\xda\xc4\x80\xc3\xa8\x14Ts\xcb\xde\x84\x1d\xc7\xcc;\xb18') sendfile(r0, r1, &(0x7f00000000c0)=0x209, 0x5a) 04:12:43 executing program 3: shmget$private(0x0, 0x2000, 0x7fe, &(0x7f00006f5000/0x2000)=nil) getegid() r0 = syz_open_dev$usb(0x0, 0x4, 0x2001) ioctl$KVM_ASSIGN_PCI_DEVICE(r0, 0x8040ae69, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000840)='/dev/kvm\x00', 0x0, 0x0) r2 = syz_open_dev$usb(&(0x7f0000000540)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) accept4$tipc(r2, 0x0, 0x0, 0x800) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000005c0)="660fd88e05000f01dfc7f80800baf80c66b8228c428b66efbafc0cb03aeebaf80c66b8145b478366efbafc0ced66b9800000c00f326635000100000f300f08660f380306f2000ff696006066b9250a00000f32", 0x53}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = openat$vsock(0xffffffffffffff9c, 0x0, 0x30400, 0x0) write$P9_RFLUSH(r5, &(0x7f0000000180)={0x7}, 0x7) ioctl$KVM_RUN(r4, 0xae80, 0x0) getsockopt$inet_buf(r0, 0x0, 0x0, 0x0, &(0x7f0000000380)) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f0000000040), 0x4) ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, 0x0) ioctl$SIOCGIFMTU(0xffffffffffffffff, 0x8921, 0x0) ioctl$EVIOCGKEY(r0, 0x80404518, &(0x7f0000000280)=""/243) 04:12:43 executing program 5: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) ioctl$INOTIFY_IOC_SETNEXTWD(0xffffffffffffffff, 0x40044900, 0x5) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x100020, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) [ 240.482533][ T7953] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 04:12:43 executing program 1: r0 = socket$inet_smc(0x2b, 0x1, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) r1 = accept(r0, &(0x7f0000000100)=@tipc=@name, &(0x7f0000000000)=0x80) setsockopt$inet6_opts(r1, 0x29, 0x0, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f0000005fc0), 0x8000000000000fc, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r2, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) write$P9_RGETLOCK(0xffffffffffffffff, 0x0, 0x0) write$binfmt_misc(r2, &(0x7f0000000440)={'syz1'}, 0x1200e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0xc0ffffff, 0x2c}, [@ldst={0x7}]}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195}, 0x185) 04:12:43 executing program 4: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_rfcomm(r0, &(0x7f0000000000)={0x1f, {0x0, 0x0, 0x0, 0x28}}, 0xa) 04:12:43 executing program 4: bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x3, 0x4, 0x4, 0x40, 0x0, 0xffffffffffffff9c}, 0x2c) r0 = bpf$MAP_CREATE(0x4, &(0x7f0000000880)={0x3, 0x0, 0x0, 0x0, 0x20000000, 0x0}, 0x2c) r1 = socket$kcm(0x2, 0x2000000000000001, 0x0) setsockopt$sock_attach_bpf(r1, 0x6, 0x1e, &(0x7f0000000140)=r0, 0x4) 04:12:43 executing program 3: r0 = creat(&(0x7f0000000400)='./file0\x00', 0x0) write$P9_RREMOVE(0xffffffffffffffff, &(0x7f0000000280)={0xff60}, 0xe3c7) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$ppp(r0, 0x0, 0x0) recvfrom$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f00000000c0), 0xffffffffffffffff) mount$9p_rdma(&(0x7f00000003c0)='127.0.0.1\x00', &(0x7f00000005c0)='./file0\x00', &(0x7f0000000600)='9p\x00', 0xc004, &(0x7f0000000640)={'trans=rdma,', {'port', 0x3d, 0x4e21}, 0x2c, {[{@timeout={'timeout', 0x3d, 0xdaf}}, {@sq={'sq', 0x3d, 0xc17f}}, {@sq={'sq', 0x3d, 0x8}}, {@sq={'sq'}}, {@rq={'rq', 0x3d, 0x4}}, {@rq={'rq'}}], [{@fowner_gt={'fowner>'}}, {@smackfsroot={'smackfsroot', 0x3d, '/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00'}}, {@subj_role={'subj_role'}}, {@fsname={'fsname', 0x3d, '\'-GPL'}}, {@defcontext={'defcontext', 0x3d, 'system_u'}}]}}) getsockname$llc(r0, 0x0, &(0x7f0000000380)) 04:12:43 executing program 2: r0 = socket$kcm(0x2, 0x1000000000000803, 0x84) sendmsg(0xffffffffffffffff, 0x0, 0x8000) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg(r0, &(0x7f0000000440)={&(0x7f0000000640)=@in={0x2, 0x0, @loopback}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000200), 0xfc99}], 0x1}, 0x0) [ 241.113837][ T7959] EXT4-fs (sda1): re-mounted. Opts: 04:12:44 executing program 4: 04:12:44 executing program 5: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) ioctl$INOTIFY_IOC_SETNEXTWD(0xffffffffffffffff, 0x40044900, 0x5) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x100020, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 04:12:44 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$EVIOCGPROP(r0, 0x80404509, &(0x7f0000000080)=""/90) 04:12:44 executing program 1: r0 = socket$inet_smc(0x2b, 0x1, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) r1 = accept(r0, &(0x7f0000000100)=@tipc=@name, &(0x7f0000000000)=0x80) setsockopt$inet6_opts(r1, 0x29, 0x0, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f0000005fc0), 0x8000000000000fc, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r2, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) write$P9_RGETLOCK(0xffffffffffffffff, 0x0, 0x0) write$binfmt_misc(r2, &(0x7f0000000440)={'syz1'}, 0x1200e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0xc0ffffff, 0x2c}, [@ldst={0x7}]}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195}, 0x185) 04:12:44 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0xc, &(0x7f0000000100)=0x40, 0x4) 04:12:44 executing program 2: r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000000080)) fcntl$lock(r0, 0x7, &(0x7f0000000240)={0x1, 0x7, 0xfffffffffffffff7, 0x1}) write$cgroup_type(0xffffffffffffffff, 0x0, 0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) mknod(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_mreqsrc(r0, 0x0, 0x2e, &(0x7f0000000180)={@dev={0xac, 0x14, 0x14, 0xe}, @rand_addr=0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0xc) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x0, 0x0) mknod(&(0x7f0000000000)='./file0\x00', 0xc000, 0x1ff) setxattr$trusted_overlay_nlink(&(0x7f0000000280)='./bus\x00', &(0x7f0000000080)='trusted.overlay.nlink\x00', &(0x7f00000002c0)={'L+', 0x5}, 0x28, 0x2) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r2 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) socketpair$unix(0x1, 0x5, 0x0, 0x0) ioctl$RTC_WIE_OFF(r0, 0x7010) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000380)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_misc(r3, &(0x7f0000000000)=ANY=[@ANYBLOB="73797a828d3cfcb3d2187ac5b80400000000000000ccb1ec0ae10c037fa5ee9e7cff33ae9c5fbc65c743bf1924c846c10d"], 0x31) bind$alg(0xffffffffffffffff, &(0x7f0000000200)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-generic\x00'}, 0x58) accept$alg(0xffffffffffffffff, 0x0, 0x0) rename(0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) unlinkat(r0, &(0x7f00000001c0)='./file0\x00', 0x0) 04:12:44 executing program 3: r0 = creat(&(0x7f0000000400)='./file0\x00', 0x0) write$P9_RREMOVE(0xffffffffffffffff, &(0x7f0000000280)={0xff60}, 0xe3c7) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$ppp(r0, 0x0, 0x0) recvfrom$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f00000000c0), 0xffffffffffffffff) mount$9p_rdma(&(0x7f00000003c0)='127.0.0.1\x00', &(0x7f00000005c0)='./file0\x00', &(0x7f0000000600)='9p\x00', 0xc004, &(0x7f0000000640)={'trans=rdma,', {'port', 0x3d, 0x4e21}, 0x2c, {[{@timeout={'timeout', 0x3d, 0xdaf}}, {@sq={'sq', 0x3d, 0xc17f}}, {@sq={'sq', 0x3d, 0x8}}, {@sq={'sq'}}, {@rq={'rq', 0x3d, 0x4}}, {@rq={'rq'}}], [{@fowner_gt={'fowner>'}}, {@smackfsroot={'smackfsroot', 0x3d, '/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00'}}, {@subj_role={'subj_role'}}, {@fsname={'fsname', 0x3d, '\'-GPL'}}, {@defcontext={'defcontext', 0x3d, 'system_u'}}]}}) getsockname$llc(r0, 0x0, &(0x7f0000000380)) 04:12:44 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0adc1f023c123f3188a070") r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x2) write$evdev(r1, &(0x7f0000057fa0)=[{}, {}], 0xfffffd24) clone(0x6102001dfc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$EVIOCRMFF(r1, 0x40044581, 0x0) ioctl$EVIOCSABS3F(r1, 0x401845ff, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$PPPIOCGFLAGS(0xffffffffffffffff, 0x8004745a, 0x0) 04:12:44 executing program 1: r0 = socket$inet_smc(0x2b, 0x1, 0x0) fcntl$setlease(0xffffffffffffffff, 0x400, 0x0) r1 = accept(r0, &(0x7f0000000100)=@tipc=@name, &(0x7f0000000000)=0x80) setsockopt$inet6_opts(r1, 0x29, 0x0, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) sendmmsg(0xffffffffffffffff, &(0x7f0000005fc0), 0x8000000000000fc, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r2, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, 0x0) write$P9_RGETLOCK(0xffffffffffffffff, 0x0, 0x0) write$binfmt_misc(r2, &(0x7f0000000440)={'syz1'}, 0x1200e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0xc0ffffff, 0x2c}, [@ldst={0x7}]}, &(0x7f0000003ff6)='GPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195}, 0x185) 04:12:44 executing program 5: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) ioctl$INOTIFY_IOC_SETNEXTWD(0xffffffffffffffff, 0x40044900, 0x5) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x100020, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 04:12:44 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000100)='cpuset.mems\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB='-'], 0x1) 04:12:44 executing program 3: r0 = creat(&(0x7f0000000400)='./file0\x00', 0x0) write$P9_RREMOVE(0xffffffffffffffff, &(0x7f0000000280)={0xff60}, 0xe3c7) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$ppp(r0, 0x0, 0x0) recvfrom$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f00000000c0), 0xffffffffffffffff) mount$9p_rdma(&(0x7f00000003c0)='127.0.0.1\x00', &(0x7f00000005c0)='./file0\x00', &(0x7f0000000600)='9p\x00', 0xc004, &(0x7f0000000640)={'trans=rdma,', {'port', 0x3d, 0x4e21}, 0x2c, {[{@timeout={'timeout', 0x3d, 0xdaf}}, {@sq={'sq', 0x3d, 0xc17f}}, {@sq={'sq', 0x3d, 0x8}}, {@sq={'sq'}}, {@rq={'rq', 0x3d, 0x4}}, {@rq={'rq'}}], [{@fowner_gt={'fowner>'}}, {@smackfsroot={'smackfsroot', 0x3d, '/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00'}}, {@subj_role={'subj_role'}}, {@fsname={'fsname', 0x3d, '\'-GPL'}}, {@defcontext={'defcontext', 0x3d, 'system_u'}}]}}) getsockname$llc(r0, 0x0, &(0x7f0000000380)) 04:12:44 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0adc1f023c123f3188a070") r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x2) write$evdev(r1, &(0x7f0000057fa0)=[{}, {}], 0xfffffd24) clone(0x6102001dfc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$EVIOCRMFF(r1, 0x40044581, 0x0) ioctl$EVIOCSABS3F(r1, 0x401845ff, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$PPPIOCGFLAGS(0xffffffffffffffff, 0x8004745a, 0x0) 04:12:44 executing program 4: 04:12:44 executing program 2: [ 242.147027][ T8051] EXT4-fs (sda1): re-mounted. Opts: 04:12:45 executing program 4: 04:12:45 executing program 1: 04:12:45 executing program 2: 04:12:45 executing program 5: 04:12:45 executing program 4: 04:12:45 executing program 5: 04:12:45 executing program 3: r0 = creat(&(0x7f0000000400)='./file0\x00', 0x0) write$P9_RREMOVE(0xffffffffffffffff, &(0x7f0000000280)={0xff60}, 0xe3c7) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$ppp(r0, 0x0, 0x0) recvfrom$packet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f00000000c0), 0xffffffffffffffff) mount$9p_rdma(&(0x7f00000003c0)='127.0.0.1\x00', &(0x7f00000005c0)='./file0\x00', &(0x7f0000000600)='9p\x00', 0xc004, &(0x7f0000000640)={'trans=rdma,', {'port', 0x3d, 0x4e21}, 0x2c, {[{@timeout={'timeout', 0x3d, 0xdaf}}, {@sq={'sq', 0x3d, 0xc17f}}, {@sq={'sq', 0x3d, 0x8}}, {@sq={'sq'}}, {@rq={'rq', 0x3d, 0x4}}, {@rq={'rq'}}], [{@fowner_gt={'fowner>'}}, {@smackfsroot={'smackfsroot', 0x3d, '/exe\x00\x00\xc1\x00\x00\x00\x00\x00\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10\x06\xd7\xc0 jt\xe33&S\x00'}}, {@subj_role={'subj_role'}}, {@fsname={'fsname', 0x3d, '\'-GPL'}}, {@defcontext={'defcontext', 0x3d, 'system_u'}}]}}) getsockname$llc(r0, 0x0, &(0x7f0000000380)) 04:12:45 executing program 2: 04:12:45 executing program 1: 04:12:45 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0adc1f023c123f3188a070") r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x2) write$evdev(r1, &(0x7f0000057fa0)=[{}, {}], 0xfffffd24) clone(0x6102001dfc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$EVIOCRMFF(r1, 0x40044581, 0x0) ioctl$EVIOCSABS3F(r1, 0x401845ff, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) ioctl$PPPIOCGFLAGS(0xffffffffffffffff, 0x8004745a, 0x0) 04:12:45 executing program 4: 04:12:45 executing program 3: 04:12:45 executing program 2: 04:12:45 executing program 5: 04:12:45 executing program 1: 04:12:45 executing program 4: 04:12:45 executing program 2: 04:12:45 executing program 4: 04:12:45 executing program 5: 04:12:45 executing program 2: 04:12:45 executing program 3: 04:12:45 executing program 0: 04:12:45 executing program 1: 04:12:45 executing program 5: 04:12:45 executing program 4: 04:12:45 executing program 2: 04:12:45 executing program 3: 04:12:45 executing program 2: 04:12:46 executing program 4: 04:12:46 executing program 5: 04:12:46 executing program 0: syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @link_local, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x0, 0x0, @local, @local, {[], @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 04:12:46 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6(0xa, 0x3, 0x6) r2 = syz_open_procfs(0x0, &(0x7f0000000980)='net/ip6_flowlabel\x00n\xc01\x14\x894X\xed\xc1\xc9\xd8\xdcK\x00\x00\xae\x98&@\xd0\xe6\xbbQ\xff\a\x00\x00\x00\x00\x00\x00\xaa1\x91\x98\xe9\x1f\nMCi|+\xcd\xf9N\xdc\xc5\xa2*\x13\x8f\xf3;\xd6d2\xeb\xe5\x14\x0e\x8b\xda\xb7\xfc9h(mf\'\xa19q\x93\"}G3\xc1E\xe6e6\xc6\xc2u\x11%`\xe7+0\x97\x84;\\\xda\xc4\x80\xc3\xa8\x14Ts\xcb\xde\x84\x1d\xc7\xcc;\xb18') sendfile(r1, r2, &(0x7f00000000c0)=0x209, 0x5a) 04:12:46 executing program 3: 04:12:46 executing program 5: 04:12:46 executing program 2: 04:12:46 executing program 4: 04:12:46 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='setgroups\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$IP_VS_SO_GET_SERVICE(0xffffffffffffffff, 0x0, 0x483, 0x0, 0x0) close(r0) 04:12:46 executing program 0: r0 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f000088c000)={@loopback, 0x0, 0x0, 0x2000ff, 0x41}, 0x20) 04:12:46 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, &(0x7f0000000000)=ANY=[@ANYBLOB="0f6fdc"]) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000028000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:12:46 executing program 1: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) ioctl$int_in(r0, 0x5452, &(0x7f0000000000)=0x7) connect$netlink(r1, &(0x7f00000002c0)=@unspec, 0xc) 04:12:46 executing program 2: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) inotify_init1(0x0) ioctl$INOTIFY_IOC_SETNEXTWD(0xffffffffffffffff, 0x40044900, 0x5) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x100020, &(0x7f0000000100)) socket$inet6_tcp(0xa, 0x1, 0x0) 04:12:46 executing program 4: r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0x3f553e5) clone(0x2100001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) link(&(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='./file1\x00') setxattr$security_smack_entry(&(0x7f0000000080)='./file2\x00', 0x0, 0x0, 0x0, 0x3) 04:12:46 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ifreq(r1, 0x8947, &(0x7f0000000040)={'gre0\x00', @ifru_settings={0x0, 0x0, @cisco=0x0}}) 04:12:46 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000001c0)=ANY=[@ANYBLOB="01000000000000000a00000000000000ff020000000000000000000000000001000000000000000000000000000000000000001e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000a00000000000000fe8000000000000000000000000000ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ff00000000004000000a00000000000000ff0200000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d164a66c948ec4567440b3a15e30c7cd99bae5074104a9e3e0fb588f6f00f9513f7cd7ccb628806404bb21b2a2b8379b5b813242634718617bec28c1d935a948d1814f932543c9c17ddcaf84aea96e55be185e821f34be9ccd3bea68f0404fc7e9a93f27ad83da80bfb0ddfdba1583a4"], 0x1) 04:12:46 executing program 1: gettid() getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCGIFPFLAGS(0xffffffffffffffff, 0x8935, 0x0) r1 = dup(r0) timer_settime(0x0, 0x0, 0x0, 0x0) write$P9_RLCREATE(r1, 0x0, 0x3b2) [ 243.684367][ T8162] EXT4-fs (sda1): re-mounted. Opts: 04:12:46 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="7f454c460000020000000000000000000000143afac6000000000000000000004dffffffffffffff000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x76) unshare(0x0) setsockopt$inet6_MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xc9, &(0x7f0000000180)={{0xa, 0x0, 0x0, @ipv4={[], [], @multicast1}}, {0xa, 0x0, 0x0, @remote}}, 0xb) 04:12:46 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, &(0x7f0000000000)=ANY=[@ANYBLOB="0f6fdc"]) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000028000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:12:46 executing program 0: r0 = socket$unix(0x1, 0x2, 0x0) semget$private(0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000000)=[{{&(0x7f00000000c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff}}, 0x80, 0x0, 0x0, 0x0, 0x323}}], 0x1, 0x0, 0x0) syncfs(0xffffffffffffffff) dup3(r0, r1, 0x0) getpgrp(0x0) ioctl$TIOCSLCKTRMIOS(0xffffffffffffffff, 0x5457, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$TIOCEXCL(0xffffffffffffffff, 0x540c) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) setxattr$trusted_overlay_origin(0x0, 0x0, 0x0, 0x0, 0x0) timer_create(0x0, 0x0, 0x0) setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x0, 0x0, 0x0) 04:12:46 executing program 1: recvmmsg(0xffffffffffffffff, &(0x7f0000003840)=[{{0x0, 0x0, &(0x7f0000002b80)=[{&(0x7f0000000280)=""/190, 0xbe}], 0x100000000000021c}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/psched\x00') preadv(r0, &(0x7f00000017c0), 0x1d0, 0x0) [ 243.825887][ T8190] EXT4-fs (sda1): re-mounted. Opts: [ 243.854094][ T8196] sg_write: data in/out 131036/72 bytes for SCSI command 0xff-- guessing data in; [ 243.854094][ T8196] program syz-executor.3 not setting count and/or reply_len properly 04:12:46 executing program 2: syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) inotify_init1(0x0) ioctl$INOTIFY_IOC_SETNEXTWD(0xffffffffffffffff, 0x40044900, 0x5) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x100020, &(0x7f0000000100)) socket$inet6_tcp(0xa, 0x1, 0x0) 04:12:46 executing program 1: r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[], 0xffdbc2ca) link(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file1/file0\x00') rename(&(0x7f0000000000)='./file1/file0\x00', &(0x7f00000000c0)='./file0\x00') 04:12:46 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x2) write$binfmt_elf64(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="7f454c460000020000000000000000000000143afac6000000000000000000004dffffffffffffff000000000000000000000000000038000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x76) unshare(0x0) setsockopt$inet6_MRT6_ADD_MFC(0xffffffffffffffff, 0x29, 0xc9, &(0x7f0000000180)={{0xa, 0x0, 0x0, @ipv4={[], [], @multicast1}}, {0xa, 0x0, 0x0, @remote}}, 0xb) 04:12:46 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, &(0x7f0000000000)=ANY=[@ANYBLOB="0f6fdc"]) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000028000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 244.114470][ T8208] EXT4-fs (sda1): re-mounted. Opts: [ 244.186951][ T8221] sg_write: data in/out 131036/72 bytes for SCSI command 0xff-- guessing data in; [ 244.186951][ T8221] program syz-executor.3 not setting count and/or reply_len properly 04:12:47 executing program 4: seccomp(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0xfffffffffffffff9}]}) open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) truncate(&(0x7f0000000080)='./bus\x00', 0x0) 04:12:47 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) bind$bt_l2cap(r0, &(0x7f00000000c0)={0x1f, 0x0, {}, 0x0, 0x1}, 0xe) getsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, &(0x7f0000000000), 0x0) 04:12:47 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) r1 = creat(&(0x7f0000000400)='./file0\x00', 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) renameat2(0xffffffffffffffff, &(0x7f0000000340)='./file0\x00', r1, 0x0, 0x5) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) chown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$9p_rdma(&(0x7f00000003c0)='127.0.0.1\x00', &(0x7f00000005c0)='./file0\x00', &(0x7f0000000600)='9p\x00', 0x0, 0x0) mount(&(0x7f0000000040)=@nullb='::,.:nullb:\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000140)='P\xf0selinuxcgroup\x00') clock_gettime(0x0, &(0x7f0000004300)) getsockname$llc(r1, &(0x7f0000000300)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000000380)=0x10) recvmmsg(r0, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCMSET(0xffffffffffffffff, 0x5418, &(0x7f0000000040)) fsetxattr$trusted_overlay_upper(r0, &(0x7f0000000800)='trusted.overlay.upper\x00', &(0x7f0000004400)=ANY=[@ANYBLOB="00fb3707ffc584ad7d4270834f074f79a88200b206559c6e434c99f167e2205510b16e586d55e8e0a77d3c2f27ca102156429c1cbd895a2b5c625e86f3ef3310f4ff00000000000000aed95e64e85d71f70434ca98c765699d13c46daa6674bdd2b818b4e48b997d436dc3dce363b148916cbc8afa4952319032efaf32f084a3a01587addd63377cb7059b5f93568e873062a5a4b22a411546daf72439f67ef7f0d7e246d1ffa1fa4f6c41372a2c4877d530c4426eaffb483a4afa6d05c3ebe5a6db979d5a89d796a90b062c68adc8e00edf59281a24dd7896adb482fcce72a06a6fa8b165b3b37f1db6d18fd1458552332e6b75b84b24c1c606e07aaef7ae1da3a8d389f67b30bd71297f99388f98862ec0a14b0cab8af988915b71b747685a89f8b518a647acc87aa075bf420797805bb2f162dc9ab7b619643658ed8076162843e8c4c1c83f29132a8a00cb6e2f8b5782ea377a30115baa50edee13e4baaa6f"], 0x1, 0x0) 04:12:47 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, &(0x7f0000000000)=ANY=[@ANYBLOB="0f6fdc"]) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000028000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:12:47 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$EVIOCSCLOCKID(r0, 0x400445a0, &(0x7f0000000040)) [ 244.670487][ T8240] 9pnet_virtio: no channels available for device 127.0.0.1 04:12:47 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x131f64) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000040), 0x130) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x8) fcntl$setstatus(r1, 0x4, 0x42803) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 04:12:47 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, &(0x7f0000000000)=ANY=[@ANYBLOB="0f6fdc"]) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000028000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 244.750129][ T8247] BUG: assuming atomic context at kernel/seccomp.c:271 [ 244.774537][ T8242] 9pnet_virtio: no channels available for device 127.0.0.1 04:12:47 executing program 3: [ 244.826200][ T8247] in_atomic(): 0, irqs_disabled(): 0, pid: 8247, name: syz-executor.4 [ 244.900484][ T8247] no locks held by syz-executor.4/8247. [ 244.923775][ T8247] CPU: 1 PID: 8247 Comm: syz-executor.4 Not tainted 5.0.0-rc7-next-20190220 #39 [ 244.932839][ T8247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 244.932845][ T8247] Call Trace: [ 244.932924][ T8247] dump_stack+0x172/0x1f0 [ 244.932988][ T8247] __cant_sleep.cold+0xa3/0xbb [ 244.955402][ T8247] __seccomp_filter+0x12b/0x12b0 [ 244.960403][ T8247] ? seccomp_notify_release+0x280/0x280 [ 244.960477][ T8247] ? kasan_check_write+0x14/0x20 [ 244.960513][ T8247] ? _raw_spin_unlock_irq+0x28/0x90 [ 244.976148][ T8247] ? do_seccomp+0xa5a/0x2250 [ 244.980740][ T8247] ? _raw_spin_unlock_irq+0x28/0x90 [ 244.986003][ T8247] ? lockdep_hardirqs_on+0x418/0x5d0 [ 244.991351][ T8247] ? trace_hardirqs_on+0x67/0x230 [ 244.996375][ T8247] ? kasan_check_read+0x11/0x20 [ 245.001237][ T8247] ? _raw_spin_unlock_irq+0x5e/0x90 [ 245.006436][ T8247] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 245.012670][ T8247] ? do_seccomp+0x389/0x2250 [ 245.017259][ T8247] __secure_computing+0x101/0x360 [ 245.022327][ T8247] syscall_trace_enter+0x5bf/0xe10 [ 245.027443][ T8247] ? trace_event_raw_event_sys_exit+0x290/0x290 [ 245.033686][ T8247] ? lockdep_hardirqs_on+0x418/0x5d0 [ 245.038971][ T8247] ? trace_hardirqs_on+0x67/0x230 [ 245.044021][ T8247] do_syscall_64+0x479/0x610 [ 245.048617][ T8247] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 245.054500][ T8247] RIP: 0033:0x45ac8a [ 245.058388][ T8247] Code: 25 18 00 00 00 00 74 01 f0 48 0f b1 3d df ba 5f 00 48 39 c2 75 da f3 c3 0f 1f 84 00 00 00 00 00 48 63 ff b8 e4 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 06 f3 c3 0f 1f 40 00 48 c7 c2 d4 ff ff ff f7 [ 245.077988][ T8247] RSP: 002b:00007f457e991c58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e4 [ 245.086401][ T8247] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045ac8a [ 245.094364][ T8247] RDX: 00000000000225ee RSI: 00007f457e991c60 RDI: 0000000000000001 [ 245.102326][ T8247] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 245.110292][ T8247] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 245.118259][ T8247] R13: 00000000004c4cd5 R14: 00000000004d8890 R15: 00000000ffffffff 04:12:48 executing program 0: [ 245.198391][ T26] audit: type=1326 audit(1550722368.060:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8245 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0xffff0000 04:12:48 executing program 1: 04:12:48 executing program 3: 04:12:48 executing program 0: 04:12:48 executing program 4: 04:12:48 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, &(0x7f0000000000)=ANY=[@ANYBLOB="0f6fdc"]) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000028000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:12:48 executing program 0: 04:12:48 executing program 1: 04:12:48 executing program 3: 04:12:48 executing program 2: [ 245.467537][ T26] audit: type=1326 audit(1550722368.320:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8245 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0xffff0000 04:12:48 executing program 1: 04:12:48 executing program 3: 04:12:48 executing program 2: 04:12:48 executing program 0: 04:12:48 executing program 4: 04:12:48 executing program 3: 04:12:48 executing program 2: 04:12:48 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, &(0x7f0000000000)=ANY=[@ANYBLOB="0f6fdc"]) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000028000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:12:48 executing program 1: 04:12:48 executing program 0: 04:12:48 executing program 4: 04:12:48 executing program 3: 04:12:48 executing program 1: 04:12:48 executing program 2: 04:12:48 executing program 4: 04:12:48 executing program 3: 04:12:48 executing program 1: 04:12:48 executing program 0: 04:12:48 executing program 2: 04:12:49 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, &(0x7f0000000000)=ANY=[@ANYBLOB="0f6fdc"]) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:12:49 executing program 4: 04:12:49 executing program 1: 04:12:49 executing program 4: 04:12:49 executing program 2: 04:12:49 executing program 3: 04:12:49 executing program 1: 04:12:49 executing program 0: 04:12:49 executing program 4: 04:12:49 executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000540)=ANY=[@ANYBLOB="01000000000000000a000000000000000000000001080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000f8ffffffff010000000a00000000000000fe8000000000000000000000000000ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000ff020000000000000000000000000001000000000000000000000000000000000000000000000000000000000000001c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c65c853b6bea81fbbc174f8d0214bf6a941a2197b323bad2bfa641637368301728a7fcdf9357f140031c88ce57ac69670a308c64316489b6a6e4071f813649058e33373a84a05ae401630764ca8975a2f0fccd1eddef8e642fa89adf9c75e22483c93e8a2323e17d78d805256d2a14a005384b1631299bccd99573411fb8f7b677200b3c35b955b894df5a12701088f35838ddf6dadb3d1839cadb280adf6c6382501a2d93dfa12e850a0b9a3f566501d383dcef54251248fd3afc40a86834575300f123927b362c32a1ec0392544618ea6c994f779c71c500bda5d60e"], 0x1) 04:12:49 executing program 0: 04:12:49 executing program 1: 04:12:49 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, &(0x7f0000000000)=ANY=[@ANYBLOB="0f6fdc"]) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:12:49 executing program 2: 04:12:49 executing program 4: 04:12:49 executing program 3: 04:12:49 executing program 0: 04:12:49 executing program 1: 04:12:49 executing program 2: 04:12:49 executing program 4: 04:12:49 executing program 0: 04:12:49 executing program 1: 04:12:49 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, &(0x7f0000000000)=ANY=[@ANYBLOB="0f6fdc"]) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:12:49 executing program 2: 04:12:49 executing program 3: 04:12:49 executing program 0: 04:12:49 executing program 4: 04:12:49 executing program 2: 04:12:49 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000680)='projid_map\x00') close(r0) 04:12:49 executing program 0: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0xffffffffa0018000, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0xf, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, [@sadb_x_sa2={0x2, 0x13, 0x2}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2}]}, 0x48}}, 0x10000) 04:12:49 executing program 3: r0 = creat(&(0x7f0000000040)='./file0\x00', 0x20005f) write$binfmt_elf32(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="7f454c460080000000000000000000000200060000000000000000003800000000001ceac7ddafbd63771f0002000000000000000000000001000000000000000000030066ff0000050000000000000400000000f3eec1b0000c085355be8847c22e30f56282c62c95723f068fe42d2796cc83dd56e87d98"], 0x78) close(r0) uselib(&(0x7f0000000000)='./file0\x00') 04:12:49 executing program 2: semop(0x0, &(0x7f00000000c0)=[{}, {0x3, 0xfffffffffffffffc}], 0x2) semop(0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_RESET(0xffffffffffffffff, 0x2403, 0x0) ioctl$GIO_FONT(0xffffffffffffffff, 0x4b60, 0x0) dup(0xffffffffffffffff) ioctl$VIDIOC_G_MODULATOR(0xffffffffffffffff, 0xc0445636, 0x0) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f0000000540)) 04:12:49 executing program 4: r0 = semget$private(0x0, 0x3, 0x0) r1 = syz_open_dev$dmmidi(&(0x7f0000000280)='/dev/dmmidi#\x00', 0x1, 0x2) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f00000002c0)='highspeed\x00', 0xa) semctl$GETNCNT(r0, 0x7, 0xe, &(0x7f0000000240)=""/25) r2 = getpid() process_vm_readv(r2, &(0x7f00000003c0)=[{&(0x7f0000000300)=""/176, 0xb0}], 0x1, &(0x7f0000000900)=[{&(0x7f0000000480)=""/94, 0x5e}], 0x1, 0x0) r3 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffff9) r4 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000200)='/proc/capi/capi20\x00', 0x2, 0x0) ioctl$KVM_GET_API_VERSION(r4, 0xae00, 0x0) add_key(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000080)="aef59947f33b33cbcdf7c4cf7441a9fce828270727fd4f557d923f8600473eeb5c4c6b225df708316dddad74942361137f5f2ad07d10a41e2860c163d923e9d18d735052b84039d51b8eb726e47edbd6a562c9264addf20afe79c1b4532832776560e5850e4a2d99e051a712cd0806b826f1c15b9c8ac14bbe804c72984cd421fb80375d38e4b6c312c68fff6fa4bc20110db62ecac212ed3ed086ab8511eb4ab53caada31e6b4552095a3667663a865bdd8a9c634f759bfe5fa5bd7d2dd5d84a89cb2ac06f87008bfa67099f027aba6a1314c7438bb8f2ffe985040000000000000000000", 0xe5, r3) 04:12:49 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000028000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:12:49 executing program 1: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$btrfs(&(0x7f0000000140)='btrfs\x00', &(0x7f0000000900)='./file0\x00', 0x0, 0x0, &(0x7f00000007c0), 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f0000000080)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl(0xffffffffffffffff, 0x0, 0x0) r1 = accept4$unix(r0, 0x0, &(0x7f0000000300), 0x800) recvmsg(r1, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000480)=""/73, 0x49}, {&(0x7f0000000540)=""/91, 0x5b}, {&(0x7f00000005c0)=""/154, 0x9a}, {&(0x7f0000000680)=""/111, 0x6f}, {0x0}, {&(0x7f0000000340)=""/37, 0x25}, {0x0}, {&(0x7f0000000800)=""/125, 0x7d}, {&(0x7f0000000880)=""/124, 0x7c}], 0x9, &(0x7f0000000a00)=""/158, 0x9e}, 0x10000) mount$overlay(0x404000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}]}) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x280, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(r2, 0x112, 0xa, &(0x7f0000000180)=0x6ee7, 0x4) ioctl$KIOCSOUND(0xffffffffffffffff, 0x4b2f, 0x0) ioctl$KDGKBMETA(0xffffffffffffffff, 0x4b62, 0x0) sendto(0xffffffffffffffff, &(0x7f0000000580), 0x0, 0x20000000, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) 04:12:49 executing program 0: openat$uinput(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/uinput\x00', 0x802, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x4000000000002, 0x4, 0x100000001, 0x7, 0x4, 0x1}, 0x2c) write$P9_RLOCK(0xffffffffffffffff, &(0x7f0000000040)={0x8, 0x35, 0x2}, 0x8) bpf$MAP_CREATE(0x2, &(0x7f0000000280)={0x3, 0x0, 0x77fffb, 0x0, 0x820005, 0x0, 0x1}, 0x2c) 04:12:49 executing program 2: r0 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x1, 0x2) timer_create(0x3, &(0x7f0000000040)={0x0, 0x2, 0x1, @tid=0xffffffffffffffff}, &(0x7f0000000080)=0x0) getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000180), &(0x7f00000001c0)=0x4) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) timer_settime(r1, 0x0, &(0x7f0000000100)={{r2, r3+30000000}}, &(0x7f0000000140)) ioctl$VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000240)={0x7}) 04:12:50 executing program 3: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x1, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000080)={0x1fd, 0x2, 0x7000, 0x1000, &(0x7f0000fff000/0x1000)=nil}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x10, 0x3, 0xc) sendmsg(r2, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="24000000020307031dfffd946ff20c0020200a0009000500021d85680c1baba20400ff7e28000000110affff82aba0aa1c0009b356da5a80918b06b20cd37ed01cc000000000000000000000", 0x4c}], 0x1}, 0x0) 04:12:50 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) r1 = userfaultfd(0x80000) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000000)={{&(0x7f0000ffc000/0x1000)=nil, 0x1000}, 0x1}) bind$alg(r0, &(0x7f0000000200)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-generic\x00'}, 0x58) setsockopt$ALG_SET_AEAD_AUTHSIZE(r0, 0x117, 0x5, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b005a62d14460c982f1d54dbb7", 0x10) r2 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f0000003e80)=[{0x0, 0x0, &(0x7f0000002a80), 0x390, &(0x7f0000000100)=[@op={0x18}], 0x18}], 0x1, 0x0) recvmsg(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001600)=[{&(0x7f0000000580)=""/4096, 0x1000}], 0x1, &(0x7f00000000c0)=""/50, 0x32}, 0x0) [ 247.237955][ T8413] netlink: 'syz-executor.3': attribute type 5 has an invalid length. 04:12:50 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000028000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:12:50 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x80002, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89a0, &(0x7f0000000040)='%d') perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xa, 0x3, &(0x7f0000008000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x22, 0x7}}, &(0x7f0000000000)='syzka\x00\x00\x00\x05\x00\xf3\x01\x8fB\a\xdf\x05\xb7\xd1\xb3\x95\xdf.\xa6\tc\x85\x0f\x18{\xf2\x13\xe57\x88E1\x82\x1a\x16bq\xf4\xd4u^', 0x2, 0x1000, &(0x7f0000014000)=""/4096, 0x0, 0x0, [], 0x0, 0x3}, 0x48) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x101000, 0x0) ioctl$SG_NEXT_CMD_LEN(r2, 0x2283, &(0x7f0000000100)=0xe0) ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, &(0x7f0000000200)) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) perf_event_open(&(0x7f000025c000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) splice(r2, &(0x7f0000000140), r1, &(0x7f0000000240), 0x8, 0x3) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0xed, &(0x7f00000005c0), 0x0, &(0x7f0000000200)}, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 04:12:50 executing program 2: r0 = syz_open_dev$sndpcmc(&(0x7f00000003c0)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x0, 0x0) ioctl$VIDIOC_SUBDEV_S_EDID(0xffffffffffffffff, 0xc0285629, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='trusted.overlay.nlink\x00', &(0x7f00000000c0)={'L+', 0x5}, 0x28, 0x2) ioctl(r0, 0xc1004110, &(0x7f0000000000)) [ 247.286137][ T8413] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. 04:12:50 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket(0x0, 0x5, 0xffffffffffffffdf) ioctl$KVM_GET_XCRS(r1, 0x8188aea6, &(0x7f0000000040)={0x7, 0x3, [{0xd7, 0x0, 0x4}, {0x64, 0x0, 0x5a2}, {0x1, 0x0, 0x8}, {0x1, 0x0, 0xfffffffffffffffe}, {0x8, 0x0, 0x2}, {0x0, 0x0, 0x8}, {0x6, 0x0, 0x10000}]}) setsockopt$EBT_SO_SET_ENTRIES(r3, 0x0, 0x80, &(0x7f0000000680)=@broute={'broute\x00', 0x20, 0x1, 0x3b0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000c0], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff01000000030000000000000000006970366772653000000000000000000073797a6b616c6c657231000000000000697036746e6c3000000000000000000001616d61000000004ab2cec800000000aaaaaaaaaabb000000000000aaaaaaaaaabb0000000000000000a8020000a8020000200300006270660000000000000000000000000000000000000000000000000000000000100200000000000003000000000000000000000000000000000000ed050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006e666c6f670000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000339ebc4bb0c0fba43162d5c302d891b307544d821a0dcb492ba4aa23baaca6e53f392b79c58e0581db804208237c3df1c60b6b34da2747cd3200fbb3845112260000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000fcffffff00000000"]}, 0x428) 04:12:50 executing program 3: r0 = syz_open_dev$sndtimer(&(0x7f0000000200)='/dev/snd/timer\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000029fcc)={{0x0, 0x2, 0x0, 0xffefffffffffffff}}) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x200480, 0xa) 04:12:50 executing program 2: r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@mcast2, 0x800, 0x0, 0xff, 0x100000000000001}, 0x20) r1 = socket$inet_udplite(0x2, 0x2, 0x88) accept4(r1, &(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, &(0x7f0000000100)=0x80, 0x80000) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000180)={0x6c3c, 0x1, 0xa000}, 0x4) ioctl(r1, 0x1000008912, &(0x7f0000000040)="0af51f023c123f3188a070") setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000140)={@local, 0x800, 0x0, 0xff, 0x0, 0xfc}, 0x20) 04:12:50 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000028000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 247.539261][ T8419] overlayfs: filesystem on './file0' not supported as upperdir 04:12:50 executing program 3: perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x2, 0x9, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x4000000, 0x0, @perf_config_ext, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x6, 0x209e1e, 0x3, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000b40)={r0, &(0x7f0000000040), 0x0, 0x1}, 0x20) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0) unlink(&(0x7f0000000940)='./file0\x00') r1 = syz_open_dev$binder(&(0x7f0000000400)='/dev/binder#\x00', 0xffffffffffffffff, 0xfffffffffffffffe) syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) 04:12:50 executing program 1: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$btrfs(&(0x7f0000000140)='btrfs\x00', &(0x7f0000000900)='./file0\x00', 0x0, 0x0, &(0x7f00000007c0), 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f0000000080)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl(0xffffffffffffffff, 0x0, 0x0) r1 = accept4$unix(r0, 0x0, &(0x7f0000000300), 0x800) recvmsg(r1, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000480)=""/73, 0x49}, {&(0x7f0000000540)=""/91, 0x5b}, {&(0x7f00000005c0)=""/154, 0x9a}, {&(0x7f0000000680)=""/111, 0x6f}, {0x0}, {&(0x7f0000000340)=""/37, 0x25}, {0x0}, {&(0x7f0000000800)=""/125, 0x7d}, {&(0x7f0000000880)=""/124, 0x7c}], 0x9, &(0x7f0000000a00)=""/158, 0x9e}, 0x10000) mount$overlay(0x404000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}]}) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x280, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(r2, 0x112, 0xa, &(0x7f0000000180)=0x6ee7, 0x4) ioctl$KIOCSOUND(0xffffffffffffffff, 0x4b2f, 0x0) ioctl$KDGKBMETA(0xffffffffffffffff, 0x4b62, 0x0) sendto(0xffffffffffffffff, &(0x7f0000000580), 0x0, 0x20000000, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) 04:12:50 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="180000003400290800000000000000000300000004000000695c9cf92ed310b7002fa6c7db7e3989c8b02cd704c75976e6088cfbf7b82c119f0b7bf49a2b6d9c68f0483f356e290426c12287130c144863321403f80ac3a8dedf9a1d7a429847b1f9d098f1f56ad160b3c2c8307708a60b7e566fe7f807ce91ee0c7b712f9d9d879041e460bf3ce6b6fdfa6771bfc07222867d19c45ddee08aa0f684fab5dcb0a8a874f98d42aad7368d5be3ccc4"], 0x18}}, 0x0) 04:12:50 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, &(0x7f0000000000)=ANY=[@ANYBLOB="0f6fdc"]) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000028000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:12:50 executing program 4: get_thread_area(&(0x7f0000000000)={0x1c9, 0xffffffffffffffff, 0x2000, 0x20, 0x9, 0x3, 0x100, 0x20000000000, 0x7, 0x6}) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f0000018ffa)='ramfs\x00', 0x0, 0x0) r0 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x0) fstat(r0, &(0x7f0000000140)) fcntl$getown(r0, 0x9) ioctl$SIOCRSGL2CALL(r0, 0x89e5, &(0x7f0000000080)=@default) 04:12:50 executing program 2: socket$unix(0x1, 0x1, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000140)=0x8000009) perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000100)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000340)='/dev/ptmx\x00', 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = getpgrp(0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000002c0)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) capget(&(0x7f00000001c0)={0x20080522, r2}, &(0x7f0000000200)={0x9, 0x81, 0xffffffff, 0x6, 0x3ff, 0x8001}) r4 = socket$inet6(0xa, 0x400000000001, 0x0) r5 = dup(r1) fsync(r0) ioctl$ASHMEM_SET_PROT_MASK(r5, 0x40087705, &(0x7f0000000280)={0x6}) ptrace$setregset(0x4205, r2, 0x201, &(0x7f00000003c0)={&(0x7f0000000740)="eee831c4c55ec237f036e607532e6be515e0ff59eb07ca967784d01655a33a563c297579808c05c2a32773aa52580871a379712644cd3fe309a095938a2699f285daf00f0c5072970a04d508e74dce8d091b9a0d946312e9543ffaf5c41d7507c95443fb0c4d26a2411c4684267a142a2db6dc35d80807e4b29643daa044b555ae0533296509e0fda89f", 0x8a}) ioctl$int_in(r4, 0x5452, &(0x7f0000000580)=0xe2e) fcntl$lock(r1, 0x7, &(0x7f0000000380)={0x802000001, 0x0, 0x5, 0xffffffff80000000, r2}) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f00000000c0)='syzkaller1\x00', 0x10) ptrace$setregset(0x4205, r2, 0x3, 0x0) io_setup(0x0, 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_cancel(0x0, 0x0, 0x0) write$UHID_GET_REPORT_REPLY(r3, &(0x7f0000000300)={0xa, 0x4, 0x30000000000000, 0x7ff}, 0xa) setsockopt$inet6_tcp_int(r5, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r4, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r4, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r4, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) r6 = open(&(0x7f0000000400)='./bus\x00', 0x141042, 0x0) ftruncate(r6, 0x2007fff) sendfile(r5, r6, &(0x7f0000d83ff8), 0x8000fffffffe) 04:12:50 executing program 3: listen(0xffffffffffffffff, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$inet(0x10, 0x3, 0x4) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r1, &(0x7f0000000200)={0xc, 0x8, 0xfa00, {&(0x7f0000000080)}}, 0x10) perf_event_open(&(0x7f000001d000)={0x800000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000008000)="4c0000001200ff095ffefd956fa283b724a6008c00000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 04:12:50 executing program 4: setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2e, &(0x7f0000000040)=0xfffffffffffffffe, 0x4) 04:12:50 executing program 0: bpf$MAP_CREATE(0x0, &(0x7f0000dec000)={0x6, 0x4, 0x338d, 0x7, 0x0, 0xffffffffffffff9c}, 0x24) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x820000, 0x0}, 0xca) [ 248.041498][ T8469] overlayfs: failed to resolve './file1': -2 [ 248.114481][ T8488] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 04:12:51 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, &(0x7f0000000000)=ANY=[@ANYBLOB="0f6fdc"]) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000028000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:12:51 executing program 1: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$btrfs(&(0x7f0000000140)='btrfs\x00', &(0x7f0000000900)='./file0\x00', 0x0, 0x0, &(0x7f00000007c0), 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f0000000080)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl(0xffffffffffffffff, 0x0, 0x0) r1 = accept4$unix(r0, 0x0, &(0x7f0000000300), 0x800) recvmsg(r1, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000480)=""/73, 0x49}, {&(0x7f0000000540)=""/91, 0x5b}, {&(0x7f00000005c0)=""/154, 0x9a}, {&(0x7f0000000680)=""/111, 0x6f}, {0x0}, {&(0x7f0000000340)=""/37, 0x25}, {0x0}, {&(0x7f0000000800)=""/125, 0x7d}, {&(0x7f0000000880)=""/124, 0x7c}], 0x9, &(0x7f0000000a00)=""/158, 0x9e}, 0x10000) mount$overlay(0x404000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}]}) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x280, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(r2, 0x112, 0xa, &(0x7f0000000180)=0x6ee7, 0x4) ioctl$KIOCSOUND(0xffffffffffffffff, 0x4b2f, 0x0) ioctl$KDGKBMETA(0xffffffffffffffff, 0x4b62, 0x0) sendto(0xffffffffffffffff, &(0x7f0000000580), 0x0, 0x20000000, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) 04:12:51 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008913, &(0x7f0000000880)="0af58b5f11d3f955f8acf8") r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000480)='/dev/hwrng\x00', 0x100, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f00000004c0)={0x0, @in={{0x2, 0x4e23, @loopback}}}, &(0x7f00000006c0)=0x84) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r1, 0x84, 0x1a, &(0x7f0000000700)={r2, 0xc8, "41d1acd3a2b3b261bd7503a103385a1cde57a0d094a261f22d940eb326a57f5f51296f7f2013db8c9022f07f1444084b132464e47ff512e70887c3e749e2acf4ccc8c5872ca8ef1b482c048e2002692380c909747cc0b066ae20ecc837f248a9d4f1aac760a2b4a611cc540748c66cb6c3aadf34e3a9d32755b77bdf19d9d5a68f944ea399c338cf4b2aa5f979b58c8d3eaf6f09d01cb48c9e7217d7fbc37ba69ea916cf76f4f748c0bb2f10fd043943bfa8be15c304adec71bacbf0725e765de089cd792b8e4b66"}, &(0x7f0000000800)=0xd0) r3 = socket$netlink(0x10, 0x3, 0x0) write$binfmt_elf64(r3, 0x0, 0x0) r4 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000440)='/dev/rtc0\x00', 0x200400, 0x0) ioctl$VIDIOC_S_FREQUENCY(r4, 0x402c5639, &(0x7f0000000580)={0x100000001, 0x3, 0xfffffffffffffffc}) sendmsg$nl_generic(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)=ANY=[@ANYBLOB="140000001e000100000000000000000007000000b8d8f59ca251126967feec9ba3d67c278ee321d32908c41e7a52b5a02a6385f2e10854cabb1a21084a10ae65de59e8fad4565939ba191f8474a6307a83856e0da1610b627e84683af98cbed16a25297fc436344abde2f3b355ece163a94a411394501e9515c86043a42b05ae671ef3a135abbce9a3808df95c6ed1715812a258ae94fa043b5841164350fc14449ff7f285ea6095e397d06a61672c270ccafaafe97ec165489ecf0651efedda442adf77f00431287effdab8c8258bf136bbfe5c4d21"], 0x1}}, 0x0) r5 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x48000, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(r5, 0xc06855c8, &(0x7f00000001c0)={0xc, 0x8, {0x57, 0x1, 0x1, {0xe3df, 0x8}, {0x0, 0xfe51}, @period={0x5f, 0x100, 0x100000000, 0xe28, 0x7f, {0x100, 0x2, 0x7, 0xd1}, 0x1, &(0x7f0000000180)=[0x8ef]}}, {0x53, 0x1, 0x8, {0x1, 0xffffffff00000001}, {0x1, 0x101}, @rumble={0x0, 0x5}}}) getsockopt$inet_sctp_SCTP_MAXSEG(r5, 0x84, 0xd, &(0x7f0000000240)=@assoc_value={0x0, 0x7}, &(0x7f0000000380)=0x8) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r5, 0x84, 0x13, &(0x7f00000003c0)={r6, 0x1ff}, &(0x7f0000000400)=0x8) getsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000280)={{{@in6=@dev, @in=@broadcast}}, {{@in6=@ipv4={[], [], @multicast2}}, 0x0, @in=@multicast1}}, &(0x7f00000000c0)=0xe8) r7 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ubi_ctrl\x00', 0x2000, 0x0) ioctl$TUNSETSTEERINGEBPF(r5, 0x800454e0, &(0x7f0000000080)=r7) 04:12:51 executing program 0: bpf$MAP_CREATE(0x0, &(0x7f0000dec000)={0x6, 0x4, 0x338d, 0x7, 0x0, 0xffffffffffffff9c}, 0x24) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x820000, 0x0}, 0xca) 04:12:51 executing program 3: listen(0xffffffffffffffff, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$inet(0x10, 0x3, 0x4) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r1, &(0x7f0000000200)={0xc, 0x8, 0xfa00, {&(0x7f0000000080)}}, 0x10) perf_event_open(&(0x7f000001d000)={0x800000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000008000)="4c0000001200ff095ffefd956fa283b724a6008c00000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 04:12:51 executing program 0: r0 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x0, 0x0) ioctl$KVM_GET_PIT2(r0, 0x8070ae9f, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000080)='./bus\x00', 0x0, 0x0, 0x0, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$rds(0x15, 0x5, 0x0) arch_prctl$ARCH_MAP_VDSO_64(0x2003, 0x4) bind$rds(r1, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) add_key$user(&(0x7f0000000640)='user\x00', 0x0, &(0x7f0000000940), 0xffffffd1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$rds(r1, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, &(0x7f0000000100), 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {&(0x7f0000000040)=""/156, 0x80305}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}, {&(0x7f00000001c0)=""/67, 0x43}, {&(0x7f0000000240)=""/198, 0xc6}, {&(0x7f0000000140)=""/15, 0xf}, {&(0x7f0000000340)=""/54, 0x7ffff}, {&(0x7f0000000380)=""/42, 0x2a}, {&(0x7f00000003c0)=""/77, 0x4d}, {&(0x7f0000000440)=""/244, 0xf4}, {&(0x7f0000000540)=""/219, 0xdb}], 0x7, 0x60}}], 0x48, 0x7}, 0x0) [ 248.413777][ T8514] overlayfs: failed to resolve './file1': -2 04:12:51 executing program 4: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) write$P9_RMKNOD(r0, &(0x7f0000000000)={0x14}, 0x14) r1 = open(&(0x7f00000004c0)='./bus\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000000c0)) ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000500)=ANY=[@ANYBLOB="000000000000ff0000ff00000100000000000000000000000000001800000000"]) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x10100, 0x0) 04:12:51 executing program 0: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f0000000040)=0x6) r1 = socket$inet(0x2, 0x2, 0x1) bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x20000802, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) setsockopt$inet_mtu(r1, 0x0, 0xa, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000000)='ip6_vti0\x00', 0x10) sendto$inet(r1, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x1f4, 0x0, 0x9000000) [ 248.493606][ T8519] rdma_op 0000000084f18dfa conn xmit_rdma (null) [ 248.598187][ T26] audit: type=1804 audit(1550722371.450:34): pid=8535 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir251819317/syzkaller.RNfEgI/34/bus" dev="sda1" ino=16585 res=1 [ 248.689367][ T26] audit: type=1804 audit(1550722371.500:35): pid=8535 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.4" name="/root/syzkaller-testdir251819317/syzkaller.RNfEgI/34/bus" dev="sda1" ino=16585 res=1 04:12:51 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'cbcmac(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000400)="de75e1fe7d087634b214a3765ba0017995103a08917fc2a1", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_GET_NETID(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)={0x1c}, 0x1c}}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000), 0x106}}, 0x20) 04:12:51 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, &(0x7f0000000000)=ANY=[@ANYBLOB="0f6fdc"]) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000028000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:12:51 executing program 1: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_mount_image$btrfs(&(0x7f0000000140)='btrfs\x00', &(0x7f0000000900)='./file0\x00', 0x0, 0x0, &(0x7f00000007c0), 0x0, 0x0) syz_mount_image$ntfs(0x0, &(0x7f0000000080)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl(0xffffffffffffffff, 0x0, 0x0) r1 = accept4$unix(r0, 0x0, &(0x7f0000000300), 0x800) recvmsg(r1, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000480)=""/73, 0x49}, {&(0x7f0000000540)=""/91, 0x5b}, {&(0x7f00000005c0)=""/154, 0x9a}, {&(0x7f0000000680)=""/111, 0x6f}, {0x0}, {&(0x7f0000000340)=""/37, 0x25}, {0x0}, {&(0x7f0000000800)=""/125, 0x7d}, {&(0x7f0000000880)=""/124, 0x7c}], 0x9, &(0x7f0000000a00)=""/158, 0x9e}, 0x10000) mount$overlay(0x404000, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}]}) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x280, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(r2, 0x112, 0xa, &(0x7f0000000180)=0x6ee7, 0x4) ioctl$KIOCSOUND(0xffffffffffffffff, 0x4b2f, 0x0) ioctl$KDGKBMETA(0xffffffffffffffff, 0x4b62, 0x0) sendto(0xffffffffffffffff, &(0x7f0000000580), 0x0, 0x20000000, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) 04:12:51 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f000082f000)='./control\x00', 0x0) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0xf0001, 0x0) accept4$vsock_stream(r1, &(0x7f0000000180)={0x28, 0x0, 0x2711, @hyper}, 0x10, 0x0) rmdir(&(0x7f0000000080)='./control\x00') 04:12:51 executing program 0: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000100), 0x10) getsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000140), &(0x7f00000001c0)=0x10) r1 = syz_open_dev$adsp(&(0x7f0000000000)='/dev/adsp#\x00', 0x3ff, 0x10000) bind$rose(r1, &(0x7f0000000040)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x4, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x40) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/attr/current\x00', 0x2, 0x0) io_setup(0x2, &(0x7f0000000180)=0x0) setxattr(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)=@known='system.posix_acl_default\x00', &(0x7f0000000280)='/dev/adsp#\x00', 0xb, 0x2) io_submit(r2, 0x1, &(0x7f0000000080)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, 0x0, 0x1a0}]) accept4$alg(r1, 0x0, 0x0, 0x80800) 04:12:51 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0af51f023c123f3188a070") r1 = socket$netlink(0x10, 0x3, 0x1d) signalfd(r0, &(0x7f0000000040)={0xca0}, 0x8) creat(&(0x7f0000000080)='./file0\x00', 0x10) writev(r1, &(0x7f0000fdbff8)=[{&(0x7f0000000000)="290000002000190000003fffffffda060200000000e80001040000040d00140000100000c45591b100", 0x29}], 0x1) [ 248.725981][ T26] audit: type=1804 audit(1550722371.500:36): pid=8537 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir251819317/syzkaller.RNfEgI/34/bus" dev="sda1" ino=16585 res=1 04:12:51 executing program 3: r0 = creat(&(0x7f0000000380)='./file0\x00', 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="0adc1f023c123f3188a070") r2 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r3 = getpgid(0x0) tgkill(r3, r2, 0x15) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, [], [{0x0, 0x0, 0x0, 0x0, 0x40}]}) 04:12:51 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, &(0x7f0000000000)=ANY=[@ANYBLOB="0f6fdc"]) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000028000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 04:12:51 executing program 2: syz_mount_image$msdos(&(0x7f0000000180)='msdos\x00', &(0x7f0000000100)='./file0\x00', 0xe802, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000800)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$ASHMEM_SET_SIZE(r1, 0x40087703, 0x2) write$UHID_INPUT(r1, &(0x7f0000000980)={0x8, "7c70ee3800d5ab5f2036f872e0ac57cbd592bca0d671633f50a3102066d6e765f5a64731e3fb8d90d250eda2cc33b60a7ff98074cdc3f1dd1a2df26a381d95974e0925d521c6b48c3dee0d430d398884316091aff6adb6153dc3c92549957d3488efc02d6f6fb172524b095c30c1bd35aae04236bdd42694d613eb54c0b65a338c48dc4c8bad70754fc81d9928e4a1b81f9c77075258a0805b4494867247966b24a023311fd91ef3754b98d3acde6f2ef0617f123c22fccb81c11389fdfa2e21c2365aabfc8916e02151d8643ae21cab7fcbec6142186d3bb57546c106484bc4c28a48da2b75dd82aabe99464558e60cd101f6b65856fabee614d271741a68dd550c8772f06a93cf8e5c0de549c3b75a72f8a590bd50b2af5f64009c969ed7596f0192b0f98b1afac0e8c5f4c653f611b4a71776400a9ae3f18e75f856788c97195749042510735880b9bb0ccb23210832a4f1c6f134d68f8e299837c426e0c9a45d5d2c959446cc363f370c67cd01a063c91254d692fe35abee92fabda4f66d93228c979ebe036c5c2e0028ec76562d67d0919ca28258fec0ed60603142b5c57c4cfb1ea1e892d0fd2f33970142b179c415d6bea344fbcc82d133052e848a885160737c69eb02ca9f544831c8e3ffcf40cb7b415d24795fc8aaeb8e76bec262aea5e28fe5d6495c4b5895a612b1cc2122286add66356f3ecd309f970634f1b09da1507964d35575167317f13c7fd9f11af27ceea86e9a5b3494a27ba98ba38dd1fb72ef2c6163664fd8f7c946935cd4833121f505ff277c03d959d9a12f3389e9eb6701a8b29f72c20c6abb7bd8349dd2e120bdd59dca9f1a2a877f1677b59d7920ddf29b9d94f7c6879b78e31cf1b65b60fe349ef9d4976f46609ee34e33f647aafbf64f6323d18598905f2e73af75661397595b8f9c1e9a4e993946820da5378ca5b363560e95edce316e99bac6e6250efcf1cb58fdcf94c7557c2d7f763a688543462d54b64e178c2e64c6ebba356894973051907fd8de8ba908e822168b171c1707efcd9ac827e64313721876e2ff26ac34e88557a4a0dfde08eda81cf0c1465a89b68429e48966044c767563e1121db48c9b619fd7362afd15ec6aa19b28759d7977be4fbcad0cf8dd5dc5362259bd5cb5089a9d18db969afe1192571f5fcc0c4d6be281d23b9c1f9f32873c058adfa1bf57a3718686957edfd6e4b58aa959541127696d59fb2810d042ced227961eb19a424e4cf45bc6243217bb7561b7ee11f8c0b8f39480343a26f2da5fe79d5e213c01ea47155ffa91e7d7ba0bc8ccb018bd69cfe71dd8565a645d678b404a295397e83ae69dbf8505f6947a836b44823a92861124330fccd4bc4a2e20d9047bd919d82c89623caa87eb09bd584d58f42b35ef55fddc06dfb3957f3f507e5ca9b8b98947cc5bb68846755527ddf32ffa444e1c7a5654d4d377e04a9f22e1069804fdcdb251acb6bd6b32d100feb44286991d779d2b3e2b7f5cc5f8eb3ae166a3b6fb9df11e1867989a6f9b2028e4c73b4d418b51f6e870713cadafddb47a48c9a97283da214f02db3326d42438d9a7db580693ad1887f99d86bb5fafd6d07c2647fc80c2c5a1ed9ea3b95be65ca422080ddefca5b49ccd538f6bc67390f892d9e416f7e835f76dd90edc56256348d20560caeea05c0922cab60dbf0b57ddaaed6ded5a336e01485fd571dc12050461271cee347c31ac245bfee9128630dfcc43b6d88b5ba9937a6f6ab70b7d256784ff72297cfcfd0ffacd09b55fb832bf60f04d87c48c74972b9f18fa178ce4880b025d1c1097ddb929e8f7e02f1c0e03012bec0fa61a49eb1c2a50a45fc0d98b6649de325184006938e421321e8b366649d9b6ebadf77509c9d48844e80f7752fd7daaa5c938b946feaaac0d871203270a747035c7e2f697c84e792a55cbce76c0a25360f7acbeaab60627aa9c37064af75b67f46732844eb2f6b37226004afe451a9fbfbbcf7e72ade67b017e9209b5627fbe16789abd90326751a1fd1d93efc59f2650f979ba71938d784064922bee2874c4b76d5f26e39ea0a98cf175950137feff9456c88c6a295830183fae3a9c2312c25f3d81708d73488d15a587e7e7cdde3b77917eef29c8b5965c916a65c3c5a53b7313c3115d0a8bb4e16f6b80ff6f78adb756aba94ced86047562a2cd2fb25e9a4656f6359c3f2fde8b5ab38852853cbd7221cb4d59b7f0e79bd37f9ade073f62b75edbe63c13c0d02bf076d88f5b750ea640aad47ce97d6a0783398dd3fbb63734ed969470cf45200235650532224fc28caf1e36ca6b402ec4c978add40fc59f2113485875682139f8aa9aeb48d09178de919370b0cd0ebcab5e60e1b0a2fc153db0dae8e50b48561622a677d0f1afc149676f832e016e14007fb298dcb96f11a92a1ac8bd4cc7b34d659d6cd2c9817b586585e72080255b083bc84512277ffb7f561c6a7a08cd128bfe9b525da531f0bf04f11d3de102b3538835807ac0b2f4325fc6765d02d692ec82f5b338c8257029136fcd3427c09874ecc7492becdd6608eac4adf1abc3f7e08868a72e57ce4dcfc288a25af73d19f1118a9254963c1548cdca5fc7c921a7f218f8e71edd7969dfb35beae1091d7530e32236397fa9fcd232b441ff1b0177829468c198d659d247ccca4fbd58c625501e4368075d0e5e69a6f90952f5bbe48e85a303131dedf7f1a513b291598a545784e1013521877c25d6069d3a855652a4bad5b2df2e4da2de756a20e790b756dd2925ce824561e5892b5e064c7c7b996acc4e29597e0cd00956e9c57ec374714f846be7632d3075e38bead499163498810886c78a2cc73fb64fd48e186083ce911e0751b4dc63476859c2824fa532a4b1711c244619e702eeab19380aeb7b17f67fade3dcad8ddddd893a526cd5d04d8ae982c88029ec71bdd0772fd74adbdb378fc204ca411a2d8a50331516a28552be78f9725f32d1b3a6c7bdf3277c5f7e385c7ebbacc419ec7ca3c5b8f46dbefee59b6422a6b22d60527edc012f852077d925619874f7709f283e01678fed36528003a696ee431a817f34f453c143dc56b70e1f810a5380a555cc8c4fc6522ab544ce5d715caa302ebdd0aa8286b7ef5dd6dd48a8ad9566818f7509daf02db0b98b432f57f1d107ee95a86228728cab4062e27922381e1e2ee351af5e2ea0fd6d1cea70b3b8f4a50f0776fc9aa2a7d2dff6e1ea3769864104f09137b99960b69af13895d842649eacaed8ddf183beba3323640af8deb52b902c0974d685d19fc87c93eb80ad5d28e54363705ad39231d989522e94f000256bc8d93af138a45d67dad3e21fa9fb31d9327c6e71f61956d9daf4f97333112704136d3d1bf6fe0e4c002e10b684d2344300ec70fae0b50532ebace58f0e8318354a172cceacf27d01ff41cc8fef42443f62b0e15b5fcc0728630b96fb2c2b59634f4993bb1ce2eace6fb0f53e5f84bc5f58b1b66d59e3c75a98670496f105a703607211aa9e882e72f13e9fe07f0767ad4e5ac5c732b65301d8ceab36b5ff2f71958fb1b51d2e703ac506e68d4026160fd3f60440b8b8f554f1feeba5d53f71cbe60d143620f8fa779acb94c965b729207a5ab11f4a51b694c31606171da44a28d80cde296dff5724ff718d6377eb8534e616cff39af943ee4ce87b4fadded30c702d370a71072ab3e20f19b8c1b73fdbbb9c675352bb73ee85e22597fc0c439a33f5febe1629bd084af7193f8d1a1415b02ca54706711505cbae11ec6411b012cc3a3eddcfb002901b6e7565b9fbf4d605c147031888ceb590c14697d00970ce9095c6f7fee41ec6a15d7ef52dfedfff2a0d3dbb387b61232aee6ca202787038021e6aabda18e2adf6fd89aa491e65f9813d73412fbfff089752d713d7efa690ec4fc254b56908d3057f65997acf81aea589e272f8fa852849e488f1e0c0cb6cdb5f46ca92e36d39224e704850056d2e9b91909aed0f55d054e274415ecc39b8958335a14cfb0a42d7f26ef8e82592dfd03b3550b5193fba077994c682951968869574fd94976760d9bd9b334353eeda836cc8dab244e72095cc46833f02bb2f6df35601b3085664261abb67fc9ab9f27210e6827cd15ce16c55f0f7f5b8ab401f24032b19a53a9299b62ebf4a8cf7f4753d95126f008a8ce349036666de66bcaf40b27fa875efa98873e1ef9302e2a24bfe07bd1054bdf9ba9ad1b1075402f26d682833b947c762513ba5f07537bb712473184a60e04ace5adb8d982d6153b011ae0b2034adc0ff4a64e2c6561c2e0840cdab2120bc916cde9b7a92c4d332d0f83945fe55e3c8f4d93f22e7759c20241d92cca0ae5a3d06a127e5614df708cea1ad3b2f231c81460ff4c3f349c67a87135a4b67589ffce311832923f71796276e81f0537e265404c0ee06d5ed98a5ec5f8ad62db589eb585fc4627173b51fd4e897a3e8d2acbb82ec2996ac3a6823368a1e12a0536a9d1a7b2d31d80c46c292ff51395481d4f65c53fab867e27bec9156ee189d245d94877a1405dc9e1e996822ad47071a9ab36c9bfd02c41ea5ba21591793053b1b64758bae0addfcd69d169849bc1ee6ce5c08f0d3da5ecc1b6ab31e13af2fa5ce4d921163270901264a88ac6350e8fb6371663dd04146932238597258b123a8036250c190fbb3cfc6ebbf9e06c4a9053e8332c95c91a890a3d35ddd35f47e7ab606f3e345e12560e6d52243883da7b8910834042ad12e7fb3f08a0b14ef6aee22251999e6079be2ef5666d7d5ae00d161720262761da3f378c63cb151f4e94d034e9de949dfe796b905804ca555691023c30ea7cf0cb276e1e3ba65793291f8287d1064606bf5787421b9b9bfc05e9c5eac750de92519fe9e2592cd34a2ef6ec18efed5e7c13bfcfce47327cbecac358bbe6d44164849308cf91cd5ea87fa4b02ba4939e28141c7dad42714b019470d91808a8f46150677b6c90f267ecb39ef42afc95de0cbd016775c89d8213ec9d4e061e6493f237296f91abfc64176c0e885ef54af4136a724fadfe89a25d7599998acebc4a27f8fb5b26936bda5c3d5fec3373dcd9a0e99fc939641c50669adc54119582e8835575d1c57fa955cd29d870360620f91c3ff90d264013816352317ae226f7d7bad5db711f8973382f6cebd63cd519ddd08e1772649be75f64f4acc15f828dc0b305584b6dd2213194603c44e2964358d305aa97fb08568a0a955ad7a6f8d042754b4bbf2fb3414052719fd9841bef8360d1d3195c69414be882115c2c64fecdcbdaed3a2e943fdfef9a13520e41d32a787bcfe4f61e2b378d35aa70784a772cf8ebcaaeb105e4627516db2ababfcb8c11f224c3a48c86160d34d0ee59f02c31648ae4b0309b378f0bf63266967dcfb4f1cc1902f613c6d0d48915a9cf28a52b106544cde1b38ff2e2a1275fd0d3899ce7f7c6653c9017f7ac4aaa35bcb2811a8f9dbb56746b45475350e7c13d42abb5692377da7a4045ee644ce00f8699e3251d75621c82cd659ea3add277affe3ff792f7d24a3d0979ef82cfc0d409697ae2e8598854a8327f46974c901d309dc6dbe31913c59d821aa50c0fe95cc822e8f07bbb00e9a09bc9a570b9778d29308740bc336a41258d209c206f87a709aa43415da0096f7d177e509a7d625645fb098ccc45367d82235e952670ac5f82f8ced3f59fd9ee20ac75be609cc832417e807ddc40630cba4c91e0785edcb5f20b9e6dedb1ec172cd16fc034f410e9ce375ea855144aa3076317f649cf4efe4d7abf244984c4e", 0xfffffffffffffd14}, 0x10a9) setsockopt$inet_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000040)=0x8, 0x4) truncate(&(0x7f0000000280)='./bus\x00', 0x0) 04:12:51 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x20000000000, 0x7, 0xb000}, 0x4) socket$nl_xfrm(0x10, 0x3, 0x6) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_route(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB="2800000020000100000000000000000007580000080403000000000004e9000008000100ac1414aa"], 0x28}}, 0x0) 04:12:51 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000140)="0adc30f25eb1032602c4a9") sendmsg$nl_route(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x34, 0x10, 0xc09, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, @ipip={{0xc, 0x1, 'ipip\x00'}, {0x4}}}]}, 0x34}}, 0x0) [ 249.202545][ T8594] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 249.217706][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 249.223502][ C1] protocol 88fb is buggy, dev hsr_slave_1 04:12:52 executing program 3: r0 = socket(0x40000000015, 0x805, 0x0) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000040)) r1 = syz_open_dev$video4linux(&(0x7f0000000000)='/dev/v4l-subdev#\x00', 0x2, 0x450000) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00') sendmsg$IPVS_CMD_SET_DEST(r0, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x220000}, 0xc, &(0x7f0000000340)={&(0x7f0000000240)={0xc4, r2, 0x102, 0x70bd26, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DAEMON={0x20, 0x3, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'yam0\x00'}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x8, 0x8, 0xed32}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x100}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, [@IPVS_DAEMON_ATTR_MCAST_PORT={0x8, 0x7, 0x4e23}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x7}, @IPVS_CMD_ATTR_SERVICE={0x64, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x2, 0x4}}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x1, 0x1}}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@local}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x87}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x7f}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0xffffffff00000000}, @IPVS_SVC_ATTR_PORT={0x8, 0x4, 0x4e24}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x2}}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2}]}, 0xc4}, 0x1, 0x0, 0x0, 0x40d0}, 0x8001) ioctl$sock_bt_cmtp_CMTPGETCONNLIST(r0, 0x800443d2, &(0x7f0000000180)={0x6, &(0x7f0000000100)=[{}, {}, {}, {}, {}, {}]}) ioctl$VIDIOC_TRY_DECODER_CMD(r1, 0xc0485661, &(0x7f0000000080)={0x6, 0x3, @start}) 04:12:52 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/schedule_icmp\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r2, 0x84, 0x73, &(0x7f0000000240)={0x0, 0xffffffff80000001, 0x20, 0x4, 0x95f}, &(0x7f0000000280)=0x18) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffff9c, 0x84, 0x6, &(0x7f0000000140)={r3, @in6={{0xa, 0x4e23, 0xffffffffffffff7e, @remote, 0x1}}}, &(0x7f0000000040)=0x84) getsockopt$inet_sctp6_SCTP_CONTEXT(r2, 0x84, 0x11, &(0x7f0000000080)={r4}, &(0x7f0000000200)=0x8) ioctl$KDADDIO(r1, 0x400455c8, 0x0) ioctl$TIOCSETD(r1, 0x5437, 0x0) 04:12:52 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, &(0x7f0000000000)=ANY=[@ANYBLOB="0f6fdc"]) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000028000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) [ 249.254458][ T8597] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. 04:12:52 executing program 1: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000180)="2e0000002e008183ad5de0713c444d000c00000010000340140000000000000837113e370000000000000000d1bd", 0x2e}], 0x1}, 0x0) ioctl$int_out(r0, 0x5462, &(0x7f0000000000)) r1 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x0, 0x0) write$P9_RWALK(r1, &(0x7f0000000100)={0x57, 0x6f, 0x1, {0x6, [{0x0, 0x2, 0x8}, {0x40, 0x4, 0x4}, {0x80, 0x1, 0x4}, {0x88, 0x3, 0x8}, {0x2, 0x1, 0x2}, {0x6, 0x1, 0x4}]}}, 0x57) 04:12:52 executing program 2: r0 = inotify_init() ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, &(0x7f0000000000)) inotify_add_watch(r0, &(0x7f0000000080)='.\x00', 0xfe) r1 = open(&(0x7f0000000040)='./file0\x00', 0x200c2, 0x0) write$binfmt_elf64(r1, &(0x7f0000001a40)=ANY=[@ANYRES64, @ANYRES64, @ANYRESHEX=r1], 0x22) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$DRM_IOCTL_AGP_BIND(r1, 0x40106436, &(0x7f0000000100)={0x0, 0x7}) getresuid(&(0x7f0000000280), &(0x7f00000002c0), &(0x7f0000001800)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lsetxattr$security_smack_transmute(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000180)='TRUE', 0x4, 0x2) sendfile(r1, r1, &(0x7f00000001c0), 0xa198) ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000200)={0x1, 0x0, 0x10002, 0x5}) 04:12:52 executing program 0: r0 = socket(0x22, 0x2, 0x4) accept4$nfc_llcp(r0, 0x0, 0x0, 0x0) 04:12:52 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001280)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) creat(&(0x7f0000000780)='./bus\x00', 0x0) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r0, 0x6612) mount(0x0, &(0x7f0000000640)='./bus\x00', &(0x7f0000000740)='cgroup\x00', 0x0, &(0x7f0000000840)='none\x00') 04:12:52 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, &(0x7f0000000000)=ANY=[@ANYBLOB="0f6fdc"]) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000028000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 04:12:52 executing program 1: r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video36\x00', 0x2, 0x0) ioctl$VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x0, 0x2, 0x0, "26494ab183a80a65a4c998de1a6e2fb7073f21d43417ce461ed47b82c9b47f9a"}) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x101000) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000300)={0x4, 0x0, [{0x112005, 0x51, &(0x7f00000000c0)=""/81}, {0x4, 0xc6, &(0x7f0000000140)=""/198}, {0x4001, 0x6d, &(0x7f0000000240)=""/109}, {0x5000, 0x4, &(0x7f00000002c0)=""/4}]}) [ 249.626825][ T8626] e cgroup1: Need name or subsystem set 04:12:52 executing program 0: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x10080, 0x0) ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000000)={0x0, 0x0, {0x0, 0x22, 0x13, 0x3, 0x0, 0x42f}}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000040)={r0, 0x50, &(0x7f00000000c0)={0x0, 0x0}}, 0x10) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000140)=r1, 0x4) [ 249.676372][ T8630] e cgroup1: Need name or subsystem set 04:12:52 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, &(0x7f0000000000)=ANY=[@ANYBLOB="0f6fdc"]) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000028000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(r0, 0xae80, 0x0) 04:12:52 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x16, 0x0, 0x40002, 0x2, 0x0, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={r0, 0x0}, 0x20) r1 = syz_open_dev$radio(&(0x7f0000000180)='/dev/radio#\x00', 0x2, 0x2) setsockopt$inet_sctp6_SCTP_NODELAY(r1, 0x84, 0x3, &(0x7f0000000140)=0x6, 0x4) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000000c0)={r0, 0x0, &(0x7f0000000080)=""/1}, 0x16) 04:12:52 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, &(0x7f0000000000)=ANY=[@ANYBLOB="0f6fdc"]) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r0, &(0x7f0000028000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r0, 0xae9a) ioctl$KVM_RUN(r0, 0xae80, 0x0) [ 251.538514][ T17] Bluetooth: hci0: command 0x1003 tx timeout [ 251.547296][ T8653] Bluetooth: hci0: sending frame failed (-49) [ 252.177745][ T17] Bluetooth: hci1: command 0x1003 tx timeout [ 252.183828][ T8653] Bluetooth: hci1: sending frame failed (-49) [ 253.627749][ T17] Bluetooth: hci0: command 0x1001 tx timeout [ 253.634061][ T8653] Bluetooth: hci0: sending frame failed (-49) [ 254.257721][ T17] Bluetooth: hci1: command 0x1001 tx timeout [ 254.263823][ T8653] Bluetooth: hci1: sending frame failed (-49)