[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 55.968743][ T26] audit: type=1800 audit(1570584056.889:25): pid=8437 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 56.013360][ T26] audit: type=1800 audit(1570584056.889:26): pid=8437 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 56.061532][ T26] audit: type=1800 audit(1570584056.889:27): pid=8437 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.79' (ECDSA) to the list of known hosts. 2019/10/09 01:21:05 fuzzer started 2019/10/09 01:21:07 dialing manager at 10.128.0.26:43739 2019/10/09 01:21:07 syscalls: 2523 2019/10/09 01:21:07 code coverage: enabled 2019/10/09 01:21:07 comparison tracing: enabled 2019/10/09 01:21:07 extra coverage: extra coverage is not supported by the kernel 2019/10/09 01:21:07 setuid sandbox: enabled 2019/10/09 01:21:07 namespace sandbox: enabled 2019/10/09 01:21:07 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/09 01:21:07 fault injection: enabled 2019/10/09 01:21:07 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/09 01:21:07 net packet injection: enabled 2019/10/09 01:21:07 net device setup: enabled 2019/10/09 01:21:07 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 01:24:02 executing program 0: ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f00000011c0)) socket$inet(0x2, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000140)=0x40000001) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x200000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) munmap(&(0x7f0000551000/0x3000)=nil, 0x3000) r0 = creat(&(0x7f00000000c0)='./file1\x00', 0x0) write$eventfd(r0, &(0x7f0000000080), 0xfffffe5e) fdatasync(r0) semop(0x0, &(0x7f0000000040), 0x5e) 01:24:03 executing program 1: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x8}, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000480)="b0a3cdef47f59ec515de0fcb5dfc761cf7120c4312b2054efdc0cf574f65329a05d03a24674b1d94d072b4bd702c576dc1d6e4fef97bdd899d359dadcfe32ba24fb1e152533e4df2c20324dda85d95c102000000d81d2b9bea7f9e468b3da19d62e9913b2f7cd488de25886811470818af91afd3bce1422670d6f2d054d8b16374e3617a22b1c70e7e3104b814e24e6e7b62256ae8faaae5f59f840c029418a34c", 0xffffff47) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) r4 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000003840)=[{0x0, 0x0, &(0x7f00000002c0)=[{0x0, 0x38}, {&(0x7f0000000280)="fa9c", 0x2}, {0x0}], 0x3, &(0x7f00000012c0)=ANY=[@ANYRESHEX=r4], 0xb6c, 0x1}], 0x1, 0x0) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r4, 0xc0406619, &(0x7f00000001c0)={{0x0, 0x0, @descriptor="176aa5b182cb85d3"}}) mkdir(&(0x7f0000002000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) symlink(&(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', &(0x7f00000002c0)='./file0\x00') r5 = openat$full(0xffffffffffffff9c, &(0x7f0000000080)='/dev/full\x00', 0x0, 0x0) fcntl$lock(r5, 0x0, &(0x7f0000001140)={0x0, 0x0, 0x0, 0xffffffffffffffc7}) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r6 = socket$packet(0x11, 0x3, 0x300) ioctl$FICLONE(r5, 0x40049409, r6) socket$alg(0x26, 0x5, 0x0) ioctl$LOOP_SET_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) truncate(&(0x7f0000000100)='./file0\x00', 0x0) unlink(&(0x7f0000000040)='./file0\x00') open(&(0x7f00000000c0)='./file0\x00', 0x3fd, 0x0) setresuid(0x0, 0x0, 0x0) syzkaller login: [ 242.216232][ T8604] IPVS: ftp: loaded support on port[0] = 21 [ 242.407213][ T8604] chnl_net:caif_netlink_parms(): no params data found [ 242.455663][ T8604] bridge0: port 1(bridge_slave_0) entered blocking state [ 242.463817][ T8604] bridge0: port 1(bridge_slave_0) entered disabled state [ 242.472227][ T8604] device bridge_slave_0 entered promiscuous mode [ 242.489763][ T8607] IPVS: ftp: loaded support on port[0] = 21 [ 242.496618][ T8604] bridge0: port 2(bridge_slave_1) entered blocking state 01:24:03 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000000140)={0x10, 0x0, 0x0, 0x48020100}, 0xc) [ 242.503847][ T8604] bridge0: port 2(bridge_slave_1) entered disabled state [ 242.519066][ T8604] device bridge_slave_1 entered promiscuous mode [ 242.585337][ T8604] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 242.626308][ T8604] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 242.674812][ T8604] team0: Port device team_slave_0 added [ 242.695700][ T8604] team0: Port device team_slave_1 added 01:24:03 executing program 3: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_sco_SCO_OPTIONS(r0, 0x11, 0x1, 0x0, &(0x7f0000000100)) [ 242.817299][ T8604] device hsr_slave_0 entered promiscuous mode [ 242.873639][ T8604] device hsr_slave_1 entered promiscuous mode [ 242.955689][ T8607] chnl_net:caif_netlink_parms(): no params data found [ 242.970959][ T8604] bridge0: port 2(bridge_slave_1) entered blocking state [ 242.973410][ T8612] IPVS: ftp: loaded support on port[0] = 21 [ 242.978230][ T8604] bridge0: port 2(bridge_slave_1) entered forwarding state [ 242.987177][ T8610] IPVS: ftp: loaded support on port[0] = 21 [ 242.992023][ T8604] bridge0: port 1(bridge_slave_0) entered blocking state [ 243.004306][ T8604] bridge0: port 1(bridge_slave_0) entered forwarding state 01:24:04 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f0000000300)='net/igmp6\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x0) [ 243.114400][ T8607] bridge0: port 1(bridge_slave_0) entered blocking state [ 243.121500][ T8607] bridge0: port 1(bridge_slave_0) entered disabled state [ 243.134310][ T8607] device bridge_slave_0 entered promiscuous mode [ 243.208060][ T8607] bridge0: port 2(bridge_slave_1) entered blocking state [ 243.217166][ T8607] bridge0: port 2(bridge_slave_1) entered disabled state [ 243.236403][ T8607] device bridge_slave_1 entered promiscuous mode [ 243.292810][ T8607] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 243.315300][ T8607] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 243.348954][ T8615] IPVS: ftp: loaded support on port[0] = 21 [ 243.380875][ T8607] team0: Port device team_slave_0 added [ 243.436959][ T8607] team0: Port device team_slave_1 added [ 243.452327][ T8604] 8021q: adding VLAN 0 to HW filter on device bond0 [ 243.468415][ T3741] bridge0: port 1(bridge_slave_0) entered disabled state 01:24:04 executing program 5: creat(&(0x7f00000000c0)='./file0\x00', 0x0) clone(0x82000500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='devpts\x00', 0x0, &(0x7f00000001c0)='/selinux/policy\x00') r0 = gettid() tkill(r0, 0x3c) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r1 = getpid() sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) socket$inet6(0xa, 0x0, 0x0) msgsnd(0x0, &(0x7f00000000c0)={0x2}, 0x8, 0x0) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000700)) sched_setattr(0x0, 0x0, 0x0) [ 243.487455][ T3741] bridge0: port 2(bridge_slave_1) entered disabled state [ 243.496757][ T3741] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 243.606346][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 243.615767][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 243.686325][ T8607] device hsr_slave_0 entered promiscuous mode [ 243.733756][ T8607] device hsr_slave_1 entered promiscuous mode [ 243.793382][ T8607] debugfs: Directory 'hsr0' with parent '/' already present! [ 243.802067][ T8612] chnl_net:caif_netlink_parms(): no params data found [ 243.815704][ T8604] 8021q: adding VLAN 0 to HW filter on device team0 [ 243.841302][ T8620] IPVS: ftp: loaded support on port[0] = 21 [ 243.877593][ T8610] chnl_net:caif_netlink_parms(): no params data found [ 243.903097][ T2498] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 243.911995][ T2498] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 243.920955][ T2498] bridge0: port 1(bridge_slave_0) entered blocking state [ 243.928024][ T2498] bridge0: port 1(bridge_slave_0) entered forwarding state [ 243.938977][ T8612] bridge0: port 1(bridge_slave_0) entered blocking state [ 243.947389][ T8612] bridge0: port 1(bridge_slave_0) entered disabled state [ 243.955845][ T8612] device bridge_slave_0 entered promiscuous mode [ 243.977959][ T8612] bridge0: port 2(bridge_slave_1) entered blocking state [ 243.986228][ T8612] bridge0: port 2(bridge_slave_1) entered disabled state [ 243.994980][ T8612] device bridge_slave_1 entered promiscuous mode [ 244.007784][ T3745] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 244.017390][ T3745] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 244.025807][ T3745] bridge0: port 2(bridge_slave_1) entered blocking state [ 244.032879][ T3745] bridge0: port 2(bridge_slave_1) entered forwarding state [ 244.078028][ T8614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 244.087295][ T8614] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 244.132627][ T8612] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 244.147625][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 244.156735][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 244.172275][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 244.189275][ T8610] bridge0: port 1(bridge_slave_0) entered blocking state [ 244.196754][ T8610] bridge0: port 1(bridge_slave_0) entered disabled state [ 244.205562][ T8610] device bridge_slave_0 entered promiscuous mode [ 244.221635][ T8610] bridge0: port 2(bridge_slave_1) entered blocking state [ 244.228931][ T8610] bridge0: port 2(bridge_slave_1) entered disabled state [ 244.236772][ T8610] device bridge_slave_1 entered promiscuous mode [ 244.246295][ T8612] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 244.275945][ T8612] team0: Port device team_slave_0 added [ 244.298540][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 244.307840][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 244.318818][ T3745] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 244.329535][ T3745] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 244.340999][ T8612] team0: Port device team_slave_1 added [ 244.351807][ T8610] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 244.370350][ T8604] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 244.381936][ T8604] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 244.390381][ T8615] chnl_net:caif_netlink_parms(): no params data found [ 244.407492][ T8614] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 244.416831][ T8614] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 244.427673][ T8610] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 244.525420][ T8612] device hsr_slave_0 entered promiscuous mode [ 244.593605][ T8612] device hsr_slave_1 entered promiscuous mode [ 244.643796][ T8612] debugfs: Directory 'hsr0' with parent '/' already present! [ 244.672690][ T8610] team0: Port device team_slave_0 added [ 244.681081][ T8610] team0: Port device team_slave_1 added [ 244.706268][ T8604] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 244.741038][ T8607] 8021q: adding VLAN 0 to HW filter on device bond0 [ 244.749285][ T8615] bridge0: port 1(bridge_slave_0) entered blocking state [ 244.756585][ T8615] bridge0: port 1(bridge_slave_0) entered disabled state [ 244.764852][ T8615] device bridge_slave_0 entered promiscuous mode [ 244.792199][ T8615] bridge0: port 2(bridge_slave_1) entered blocking state [ 244.800738][ T8615] bridge0: port 2(bridge_slave_1) entered disabled state [ 244.813016][ T8615] device bridge_slave_1 entered promiscuous mode [ 244.824629][ T8620] chnl_net:caif_netlink_parms(): no params data found [ 244.897097][ T8610] device hsr_slave_0 entered promiscuous mode [ 244.954788][ T8610] device hsr_slave_1 entered promiscuous mode [ 244.993377][ T8610] debugfs: Directory 'hsr0' with parent '/' already present! [ 245.011370][ T8607] 8021q: adding VLAN 0 to HW filter on device team0 [ 245.048055][ T3741] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 245.064892][ T3741] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 245.072751][ T3741] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 245.082701][ T3741] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 245.091384][ T3741] bridge0: port 1(bridge_slave_0) entered blocking state [ 245.098498][ T3741] bridge0: port 1(bridge_slave_0) entered forwarding state [ 245.107105][ T3741] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 245.115917][ T3741] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 245.125002][ T3741] bridge0: port 2(bridge_slave_1) entered blocking state [ 245.132031][ T3741] bridge0: port 2(bridge_slave_1) entered forwarding state [ 245.149895][ T8615] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 245.161102][ T8615] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 245.193701][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 245.204212][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 245.212844][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 245.290548][ T3741] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 245.299883][ T3741] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 245.310424][ T3741] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 245.319481][ T3741] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 245.320932][ C0] hrtimer: interrupt took 25792 ns [ 245.347678][ T8615] team0: Port device team_slave_0 added [ 245.356951][ T3745] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 245.391917][ T8615] team0: Port device team_slave_1 added [ 245.399671][ T8614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 245.408289][ T8614] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 245.421786][ T8607] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 245.434904][ T8607] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 245.457737][ T8620] bridge0: port 1(bridge_slave_0) entered blocking state [ 245.465638][ T8620] bridge0: port 1(bridge_slave_0) entered disabled state [ 245.474432][ T8620] device bridge_slave_0 entered promiscuous mode [ 245.511967][ T8614] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 245.533885][ T8614] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 245.565543][ T8610] 8021q: adding VLAN 0 to HW filter on device bond0 [ 245.581536][ T8612] 8021q: adding VLAN 0 to HW filter on device bond0 [ 245.590545][ T8620] bridge0: port 2(bridge_slave_1) entered blocking state [ 245.598354][ T8620] bridge0: port 2(bridge_slave_1) entered disabled state [ 245.606606][ T8620] device bridge_slave_1 entered promiscuous mode 01:24:06 executing program 0: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x2000000005, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x40000000002, 0x3, 0x2) setsockopt$inet_int(r0, 0x0, 0x22, &(0x7f0000000000), 0x4) [ 245.656317][ T8615] device hsr_slave_0 entered promiscuous mode [ 245.695906][ T8615] device hsr_slave_1 entered promiscuous mode [ 245.733837][ T8615] debugfs: Directory 'hsr0' with parent '/' already present! [ 245.762831][ T8620] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link 01:24:06 executing program 0: [ 245.778927][ T8607] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 245.791424][ T8620] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 245.808577][ T8612] 8021q: adding VLAN 0 to HW filter on device team0 [ 245.822729][ T8610] 8021q: adding VLAN 0 to HW filter on device team0 [ 245.840988][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 245.850396][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 245.865356][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 245.886334][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 01:24:06 executing program 0: [ 245.912744][ T3745] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 245.931800][ T3745] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 245.953858][ T3745] bridge0: port 1(bridge_slave_0) entered blocking state 01:24:06 executing program 0: [ 245.960956][ T3745] bridge0: port 1(bridge_slave_0) entered forwarding state [ 245.976178][ T3745] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 245.987610][ T3745] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 245.997921][ T3745] bridge0: port 2(bridge_slave_1) entered blocking state [ 246.005061][ T3745] bridge0: port 2(bridge_slave_1) entered forwarding state 01:24:06 executing program 0: [ 246.013048][ T3745] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 01:24:07 executing program 0: [ 246.083529][ T3741] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 246.093110][ T3741] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready 01:24:07 executing program 0: [ 246.129275][ T3741] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 246.139410][ T3741] bridge0: port 1(bridge_slave_0) entered blocking state [ 246.146547][ T3741] bridge0: port 1(bridge_slave_0) entered forwarding state [ 246.163636][ T3741] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 246.190423][ T3741] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 246.200119][ T3741] bridge0: port 2(bridge_slave_1) entered blocking state [ 246.207812][ T3741] bridge0: port 2(bridge_slave_1) entered forwarding state [ 246.215897][ T3741] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 246.224938][ T3741] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 246.233892][ T3741] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 246.242454][ T3741] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 246.251250][ T3741] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 246.262426][ T8620] team0: Port device team_slave_0 added [ 246.272068][ T8620] team0: Port device team_slave_1 added [ 246.290605][ T3741] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 246.300346][ T3741] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 246.308672][ T3741] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 246.374991][ T3745] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 246.386840][ T3745] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 246.401571][ T3745] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 246.410369][ T3745] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 246.419326][ T3745] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 246.428121][ T3745] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 246.436543][ T3745] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 246.445304][ T3745] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 246.454288][ T3745] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 246.462632][ T3745] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 246.471250][ T3745] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 246.502524][ T8612] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 246.518031][ T8610] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 246.536051][ T8610] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 246.555916][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 246.569585][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 246.582237][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 246.623668][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 246.629632][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 246.653781][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 246.659670][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 246.668064][ T8620] device hsr_slave_0 entered promiscuous mode [ 246.733926][ T8620] device hsr_slave_1 entered promiscuous mode [ 246.743644][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 246.749469][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 246.773384][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 246.779198][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 246.786599][ T8620] debugfs: Directory 'hsr0' with parent '/' already present! [ 246.807616][ T8615] 8021q: adding VLAN 0 to HW filter on device bond0 [ 246.868857][ T8612] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 246.899979][ T8610] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 246.910504][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 246.919654][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 246.940645][ T8615] 8021q: adding VLAN 0 to HW filter on device team0 01:24:07 executing program 1: [ 246.987765][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 246.999094][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 247.009300][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 247.016429][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 247.060487][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 247.087330][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 247.113126][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 247.135085][ T22] bridge0: port 2(bridge_slave_1) entered blocking state [ 247.142176][ T22] bridge0: port 2(bridge_slave_1) entered forwarding state [ 247.180908][ T3741] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 247.207874][ T3741] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 247.224330][ T3741] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 247.233139][ T3741] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 247.247501][ T3741] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 247.257083][ T3741] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 247.282065][ T8620] 8021q: adding VLAN 0 to HW filter on device bond0 [ 247.305429][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 247.314433][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 247.324951][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 247.333811][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 247.342253][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 247.354058][ T8615] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 247.390267][ T8620] 8021q: adding VLAN 0 to HW filter on device team0 [ 247.409854][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 247.424940][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 01:24:08 executing program 2: 01:24:08 executing program 0: [ 247.441854][ T8615] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 247.488264][ T8614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 247.501615][ T8614] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 247.539638][ T8614] bridge0: port 1(bridge_slave_0) entered blocking state [ 247.546803][ T8614] bridge0: port 1(bridge_slave_0) entered forwarding state [ 247.564941][ T8614] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 247.574967][ T8614] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 247.604039][ T8614] bridge0: port 2(bridge_slave_1) entered blocking state [ 247.611148][ T8614] bridge0: port 2(bridge_slave_1) entered forwarding state [ 247.619838][ T8614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 247.641061][ T8621] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 247.649941][ T8621] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 247.659784][ T8621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 247.670235][ T8621] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 247.679924][ T8621] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 247.689012][ T8621] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 247.704510][ T8620] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 247.715453][ T8620] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 247.728966][ T8621] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 247.737446][ T8621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 247.746091][ T8621] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 247.754952][ T8621] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 247.763334][ T8621] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 247.771772][ T8621] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 247.807554][ T8620] 8021q: adding VLAN 0 to HW filter on device batadv0 01:24:08 executing program 4: [ 247.929447][ T8704] devpts: called with bogus options [ 248.023135][ T8711] devpts: called with bogus options 01:24:09 executing program 5: 01:24:09 executing program 1: 01:24:09 executing program 3: 01:24:09 executing program 0: 01:24:09 executing program 2: 01:24:09 executing program 4: 01:24:09 executing program 3: 01:24:09 executing program 1: 01:24:09 executing program 2: 01:24:09 executing program 0: 01:24:09 executing program 4: 01:24:09 executing program 5: 01:24:09 executing program 4: 01:24:09 executing program 1: 01:24:09 executing program 3: 01:24:09 executing program 2: 01:24:09 executing program 0: 01:24:09 executing program 5: 01:24:09 executing program 1: 01:24:09 executing program 2: 01:24:09 executing program 3: 01:24:09 executing program 0: 01:24:09 executing program 4: 01:24:09 executing program 5: 01:24:09 executing program 0: 01:24:09 executing program 2: 01:24:09 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x2000001, 0x12, r0, 0x1) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000001c0)={@in6={{0xa, 0x4e24, 0xe7c, @loopback, 0xb92}}, 0x0, 0x5, 0x0, "9527eb1fe4a70061661dce40540ea584dc670e8a5b346583b4b9fd983552f8df14ee9ef7112f35b7d06988ac8f9131a1d971de8c44f8ab9d20c6894f2929496f17cef927115402414625e9abc4ebea00"}, 0xd8) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x2d5, 0x20000) clock_gettime(0x0, &(0x7f0000000600)={0x0, 0x0}) write$evdev(r1, &(0x7f0000000540)=[{{r2, r3/1000+10000}, 0x0, 0xfffe}], 0x18) ioctl$EVIOCGKEYCODE(r1, 0x80084504, &(0x7f0000000340)=""/240) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/pfkey\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x0) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000500)=0x5, 0x4) ioctl$EVIOCGKEYCODE(r1, 0x80084504, &(0x7f00000004c0)=""/53) openat$zero(0xffffffffffffff9c, &(0x7f0000000440)='/dev/zero\x00', 0x200000, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f0000000000)={@rand_addr="5fe2772d49127aa5d9d4d33badd74f43", 0x400000000000800, 0x0, 0x103, 0x1}, 0x20) setsockopt$inet6_int(r5, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) sendmsg$inet6(r5, &(0x7f0000000080)={&(0x7f0000000040)={0xa, 0x4e22, 0x80000, @loopback}, 0x1c, 0x0, 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="87838988bcc15f9815ca738583b2079884ffd0041b962b4c9d0f420248d30d361ba53d26fe23c9c800000000000000059bfb967f0000000000000091b59b4c87c168a6cc904a6f729dc0afa730dc3738e97d79d11ca6f532edcaa440d330703e7ceddb3f87a3f020faa983c6eafa1ea28fe7ed4fa18689a127f7b9417687ec0ff0e29baaadf559606f8acc6f13281bf2f2e98abb9f5ebd14fe88fd56e31d2bd7ef0d7c33a96dba0406bcea8be4982465757a90857cdbb0754653be04f1073330ce55aa1c5f48ac577eb08f3162bd24bf3e9cfb95cdac60682955f300081eb4455bade2d55b8bd5fa0eb9b5c458ca8fe8895bc7cf817cca6094d479560b2ab58e228b3c93585c178b11d4106329a15f90141c849dd1810d3c3a94a802600072ad7d3310b02b120025c2bfa902185d7f11a0b6b0ecff57e106ba20f62bac1ae931d7eeaae75d88e34d9ad402862fa96ba0d3428e9a2810cf12687b8ea9700c627000ab32a71bbb6ffc5f2dc7a32e201863bc520e50fd1fdf"]}, 0x0) socket$inet6(0xa, 0x0, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = dup2(r6, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r7, 0x29, 0x20, 0x0, 0xbf) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) sendmsg$inet6(0xffffffffffffffff, 0x0, 0x0) ioctl$RNDADDENTROPY(0xffffffffffffffff, 0x40085203, 0x0) r8 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, 0x0) ioctl$GIO_CMAP(0xffffffffffffffff, 0x4b70, 0x0) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) r10 = syz_open_procfs(0x0, &(0x7f0000000180)='uid_map\x00') sendfile(r9, r10, 0x0, 0xe0) ioctl$TUNSETPERSIST(r10, 0x400454cb, 0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$autofs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/autofs\x00', 0x4002, 0x0) r11 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) mkdirat(r11, &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) name_to_handle_at(r11, &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xffffffffffffffff, 0x0, 0x0) r12 = openat$cgroup(r11, &(0x7f0000000300)='syz1\x00', 0x200002, 0x0) openat$cgroup_subtree(r12, 0x0, 0x2, 0x0) sendto$inet(r0, 0x0, 0x0, 0x20000801, &(0x7f0000000100)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) r13 = perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbcf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x9d3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000003080)='/dev/ptmx\x00', 0x0, 0x0) r14 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs(r14, &(0x7f0000000140)) r15 = fcntl$dupfd(r0, 0x0, r13) shutdown(r15, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)) r16 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r16, 0x1000008914, &(0x7f00000002c0)="2fdca50d4603cf02000000eb494742d8fb096ee06f5e5e8aa92e22b2e549ed675a0306f58b") r17 = fcntl$dupfd(0xffffffffffffffff, 0x0, r16) ioctl$PERF_EVENT_IOC_ENABLE(r17, 0x8912, 0x400200) ioctl$TIOCGWINSZ(r8, 0x5413, &(0x7f00000000c0)) r18 = dup2(r0, r13) write$cgroup_type(r18, &(0x7f0000000080)='threaded\x00', 0xffeb) 01:24:09 executing program 4: 01:24:09 executing program 3: 01:24:10 executing program 2: 01:24:10 executing program 4: 01:24:10 executing program 0: 01:24:10 executing program 5: 01:24:10 executing program 3: 01:24:10 executing program 4: 01:24:10 executing program 2: 01:24:10 executing program 0: 01:24:10 executing program 3: 01:24:10 executing program 5: syz_open_dev$loop(0x0, 0x0, 0x100082) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) listen(0xffffffffffffffff, 0x0) r0 = syz_open_dev$cec(&(0x7f0000000180)='/dev/cec#\x00', 0x3, 0x2) setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f00000001c0)=0x4, 0x4) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x101000, 0x0) r2 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$UI_BEGIN_FF_ERASE(0xffffffffffffffff, 0xc00c55ca, &(0x7f0000000000)) ioctl$SCSI_IOCTL_TEST_UNIT_READY(0xffffffffffffffff, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x2, 0x0, 0x0, 0x3, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000003, 0x5c831, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) write$uinput_user_dev(r2, &(0x7f0000000600)={'syz\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1b\x00', {0x0, 0x1, 0x6a, 0x8f60}, 0x3f, [0x1, 0x3, 0x0, 0x5a, 0xc8, 0x0, 0x0, 0x0, 0x2, 0x8, 0x0, 0x0, 0x0, 0x5, 0x3, 0x9, 0x0, 0x2, 0x0, 0x4, 0x0, 0x6, 0x0, 0x5, 0x3f, 0x23, 0x0, 0x401, 0x25, 0x0, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x6, 0xb15, 0xfffffffffffffffe, 0x5, 0x800, 0x5, 0x101, 0x0, 0xfffffffffffffff7, 0x0, 0x9, 0x0, 0x1000, 0x0, 0x0, 0x5, 0xfffffffffffffff8, 0x9, 0x800, 0x0, 0x0, 0x0, 0xffffffffffff0001], [0x3, 0xfffffffffffffff9, 0x2, 0x0, 0x7, 0x8000, 0x1000, 0x1f, 0xbe, 0x100000000, 0x1, 0x1, 0x6, 0x0, 0x5, 0x0, 0x8ffe, 0x1, 0x0, 0xe27, 0xe3, 0x0, 0x100, 0x1, 0x8, 0x7, 0x10001, 0x0, 0x7ff, 0x6, 0x0, 0x7fff, 0x0, 0x80000000, 0x2, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x9, 0x0, 0x6, 0x9, 0x8, 0x0, 0x1, 0x0, 0x5, 0x3ae9, 0x0, 0x4, 0x4, 0x9, 0x2, 0x7, 0x0, 0x0, 0x8], [0x4, 0x0, 0xfff, 0x0, 0x5a, 0x7, 0xfffffff7, 0x0, 0x0, 0x0, 0x4, 0x3ff, 0xc5, 0x7f, 0x2, 0x0, 0xfffffffffffffff9, 0x0, 0x0, 0xff, 0x0, 0x400, 0x0, 0x7, 0x4, 0x8, 0x0, 0x0, 0x0, 0x3, 0x0, 0xd, 0x0, 0x6, 0x0, 0x0, 0x0, 0x3, 0x0, 0x2, 0x3, 0x0, 0x6, 0xfffffffffffffffb, 0x0, 0x7, 0x800, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x5, 0x0, 0x8000, 0x0, 0x0, 0x1, 0x9, 0x800, 0x2, 0x7, 0x2], [0x2, 0x5, 0xfffffffc, 0x1ff, 0x0, 0x0, 0x8de, 0x0, 0xffff, 0x3ff, 0x401, 0xe16, 0x0, 0x0, 0x2, 0x1, 0x0, 0x401, 0x0, 0x0, 0x9, 0x5, 0x1c8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x81, 0x56e4, 0x0, 0x3, 0x10000, 0xfffffffffffff000, 0x1, 0xfffffffe, 0x10000000, 0x1, 0x0, 0x6, 0x0, 0x6878000000000000, 0x9, 0x3ff, 0x2, 0x0, 0x2, 0x2, 0x0, 0x8, 0x60ef, 0x8, 0xffffffffafd63bfb, 0x0, 0x7fffffff, 0x0, 0x0, 0x2, 0x0, 0x2]}, 0x45c) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_DRAIN(r1, 0x40045731, &(0x7f00000000c0)=0x94d) r6 = getpid() socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) close(r7) r8 = getpid() fcntl$lock(r7, 0x0, &(0x7f0000000000)={0x1, 0x0, 0xd5, 0x1ff, r8}) r9 = getpgrp(r8) rt_tgsigqueueinfo(0x0, r9, 0x26, &(0x7f0000000100)={0x0, 0x80000000}) ptrace(0x10, r6) r10 = socket(0x10, 0x80002, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(r10, 0x29, 0x41, &(0x7f0000000200)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000007b000000644cd19aeb1e4959584fe6fb5356f7855dc5efa3092669cfffbad39dc40b772f8ab627dfcab6d9edfe400000003bb4eb2f7f6446e700cd7989577516cc6d704c1153e1e582bd2b212c74b8ecf2719698fa47a0163b9fe58944a29f0af20100e4adffcc9e29deb5666ac1b9c3ac5e7b7b142b4bb7fe000000000000"], &(0x7f00000002c0)=0x9f) ptrace$pokeuser(0x6, r6, 0x388, 0xffffffffffffffff) ptrace$pokeuser(0x6, r6, 0x388, 0x81) wait4(r6, 0x0, 0x5d6be6634f90cd7d, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f00001da000/0x18000)=nil, 0x0, 0xfffffe72, 0x0, 0x0, 0xa00000000000000) close(0xffffffffffffffff) 01:24:10 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) sendto$unix(r1, &(0x7f0000000200)="005cf44540795fc893962ffdc11794740a6675d01709685cb2dca4fde7d492fa9a", 0x21, 0xfffffffffffeffee, 0x0, 0x0) recvfrom(r1, &(0x7f0000001240)=""/4096, 0xffffff7e, 0x0, 0x0, 0x0) 01:24:10 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) semop(0x0, &(0x7f0000001200)=[{0x0, 0xfdaa}], 0x1) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r1, 0x1000000000016) 01:24:10 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="ad56b6c5820fae9d6dcd3292ea54c7beef", 0x11) 01:24:10 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x2000001, 0x12, r0, 0x1) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000001c0)={@in6={{0xa, 0x4e24, 0xe7c, @loopback, 0xb92}}, 0x0, 0x5, 0x0, "9527eb1fe4a70061661dce40540ea584dc670e8a5b346583b4b9fd983552f8df14ee9ef7112f35b7d06988ac8f9131a1d971de8c44f8ab9d20c6894f2929496f17cef927115402414625e9abc4ebea00"}, 0xd8) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x2d5, 0x20000) clock_gettime(0x0, &(0x7f0000000600)={0x0, 0x0}) write$evdev(r1, &(0x7f0000000540)=[{{r2, r3/1000+10000}, 0x0, 0xfffe}], 0x18) ioctl$EVIOCGKEYCODE(r1, 0x80084504, &(0x7f0000000340)=""/240) r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/pfkey\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x0) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000500)=0x5, 0x4) ioctl$EVIOCGKEYCODE(r1, 0x80084504, &(0x7f00000004c0)=""/53) openat$zero(0xffffffffffffff9c, &(0x7f0000000440)='/dev/zero\x00', 0x200000, 0x0) r5 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f0000000000)={@rand_addr="5fe2772d49127aa5d9d4d33badd74f43", 0x400000000000800, 0x0, 0x103, 0x1}, 0x20) setsockopt$inet6_int(r5, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) sendmsg$inet6(r5, &(0x7f0000000080)={&(0x7f0000000040)={0xa, 0x4e22, 0x80000, @loopback}, 0x1c, 0x0, 0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="87838988bcc15f9815ca738583b2079884ffd0041b962b4c9d0f420248d30d361ba53d26fe23c9c800000000000000059bfb967f0000000000000091b59b4c87c168a6cc904a6f729dc0afa730dc3738e97d79d11ca6f532edcaa440d330703e7ceddb3f87a3f020faa983c6eafa1ea28fe7ed4fa18689a127f7b9417687ec0ff0e29baaadf559606f8acc6f13281bf2f2e98abb9f5ebd14fe88fd56e31d2bd7ef0d7c33a96dba0406bcea8be4982465757a90857cdbb0754653be04f1073330ce55aa1c5f48ac577eb08f3162bd24bf3e9cfb95cdac60682955f300081eb4455bade2d55b8bd5fa0eb9b5c458ca8fe8895bc7cf817cca6094d479560b2ab58e228b3c93585c178b11d4106329a15f90141c849dd1810d3c3a94a802600072ad7d3310b02b120025c2bfa902185d7f11a0b6b0ecff57e106ba20f62bac1ae931d7eeaae75d88e34d9ad402862fa96ba0d3428e9a2810cf12687b8ea9700c627000ab32a71bbb6ffc5f2dc7a32e201863bc520e50fd1fdf"]}, 0x0) socket$inet6(0xa, 0x0, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = dup2(r6, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r7, 0x29, 0x20, 0x0, 0xbf) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) sendmsg$inet6(0xffffffffffffffff, 0x0, 0x0) ioctl$RNDADDENTROPY(0xffffffffffffffff, 0x40085203, 0x0) r8 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNGETVNETHDRSZ(0xffffffffffffffff, 0x800454d7, 0x0) ioctl$GIO_CMAP(0xffffffffffffffff, 0x4b70, 0x0) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) r10 = syz_open_procfs(0x0, &(0x7f0000000180)='uid_map\x00') sendfile(r9, r10, 0x0, 0xe0) ioctl$TUNSETPERSIST(r10, 0x400454cb, 0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$autofs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/autofs\x00', 0x4002, 0x0) r11 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) mkdirat(r11, &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) name_to_handle_at(r11, &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xffffffffffffffff, 0x0, 0x0) r12 = openat$cgroup(r11, &(0x7f0000000300)='syz1\x00', 0x200002, 0x0) openat$cgroup_subtree(r12, 0x0, 0x2, 0x0) sendto$inet(r0, 0x0, 0x0, 0x20000801, &(0x7f0000000100)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) r13 = perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbcf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x9d3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000003080)='/dev/ptmx\x00', 0x0, 0x0) r14 = fcntl$getown(0xffffffffffffffff, 0x9) syz_open_procfs(r14, &(0x7f0000000140)) r15 = fcntl$dupfd(r0, 0x0, r13) shutdown(r15, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)) r16 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r16, 0x1000008914, &(0x7f00000002c0)="2fdca50d4603cf02000000eb494742d8fb096ee06f5e5e8aa92e22b2e549ed675a0306f58b") r17 = fcntl$dupfd(0xffffffffffffffff, 0x0, r16) ioctl$PERF_EVENT_IOC_ENABLE(r17, 0x8912, 0x400200) ioctl$TIOCGWINSZ(r8, 0x5413, &(0x7f00000000c0)) r18 = dup2(r0, r13) write$cgroup_type(r18, &(0x7f0000000080)='threaded\x00', 0xffeb) 01:24:10 executing program 3: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x22001, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, &(0x7f0000000080)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x1) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) pread64(r1, 0x0, 0x0, 0x0) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey\x00', 0x4000, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r2, 0x2401, 0x0) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r3, 0x800000c0045002, &(0x7f0000000940)) write$USERIO_CMD_REGISTER(r0, &(0x7f00000001c0), 0x2) 01:24:10 executing program 4: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r0, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @netrom, @netrom, @rose, @rose]}, 0x48) listen(r0, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0) ioctl$sock_SIOCBRADDBR(r1, 0x89a0, &(0x7f0000000740)='bcsf0\x00') r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r2, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") syz_genetlink_get_family_id$nbd(0x0) r3 = socket$inet6(0xa, 0x100000003, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg(r4, &(0x7f0000004b80)=[{{0x0, 0x0, 0x0}}], 0x400000000000270, 0x0) write$binfmt_elf64(r0, &(0x7f0000000b40)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [{}], "", [[]]}, 0x178) 01:24:10 executing program 0: write(0xffffffffffffffff, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000540)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x4) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) write$P9_RATTACH(0xffffffffffffffff, &(0x7f0000000400)={0x14, 0x69, 0x1, {0xb1, 0x2, 0x3}}, 0x14) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, &(0x7f0000000480)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @dev}}, &(0x7f0000000000)=0x80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x40000004, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:24:10 executing program 2: mkdir(&(0x7f0000632000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f00000000c0)='proc\x00', 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='schedstat\x00') r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = memfd_create(&(0x7f0000000440)='\xb3\x17MS\xdb\xe0\x91~\xd8\x10\xb3\xd4\x9b\xfa\xdc\x1c\xb2\xc7\xdcp<\xefB\x05J\xe4cE\xbe\xd1C\xb5J\x16\'\xfb~\xfa\xfd\xbd\xdb\xc5\'\x8dmm\x9d\x9d\x1cv\x91y\xca\xec\xc7\xa5\xfa\xdf\xdc\xa7&!^\xac\x89a\x8c4\xa6\x85~e< \xc8d\xc4\xce\x7f\xb80\xd3\x03\x97\xea\x98\xfb.x\x1a3\x17\r\x00\xc8\xd0G\x1dq\x9c\x90g7$S8Sw:(+\xd6x$\xd4\xb2L\xf8\xf0<\n-\xe6\xb1\x0e&f\xec{YP%f\x02,M@a{\xe1\xeb*\x93\t', 0x0) write$FUSE_DIRENT(r1, &(0x7f0000000080)=ANY=[], 0x29) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x81, 0x11, r1, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='\xff\x00\x01\x00\x0e\x00', 0x0, 0x0) pread64(r2, 0x0, 0x385, 0x300) [ 249.893779][ T8823] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 250.085135][ T8815] Unknown ioctl 1074026289 01:24:11 executing program 3: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000)='/dev/hwrng\x00', 0x22001, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, 0x0, &(0x7f0000000080)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x1) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x0, 0x0) pread64(r1, 0x0, 0x0, 0x0) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/pfkey\x00', 0x4000, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r2, 0x2401, 0x0) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r3, 0x800000c0045002, &(0x7f0000000940)) write$USERIO_CMD_REGISTER(r0, &(0x7f00000001c0), 0x2) 01:24:11 executing program 2: r0 = perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x669, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000700)='\"\xc4\'\v\xec\xe4\t\xc5r\x12-\x90\xda\x9a\x94\x02\xec\xea\x10\x90\x03\xcb\xf8\x1b6\xa5t\xd6\xd3\x93\xd3\xdf\x85P\x19G7Q\v\xdcHv\x03Qa\xf3\xd4\xfc(\x83\xfb\xf8C\xf6\x8a$\xb1\x90\xeb\'~\xa0\xd8\xc8\xe8\x94#\xcd\xd5Kp\xbf\xc0\x8d7\x1b?A(\xe8^\x9c\xff\x0f\x1ck\xbc\x95\x05\xcd\x17\xf7\x15o\xd4\xdc4\x84uw\xa6w\x0f\xea`1\xec\xb4\x04\xd5\r\x8d\xde\x1f]\x15\xe5\xe8\xd00\xe5\x8d\x9c\x9ec+\x02\x1d\xffa5\x94\xab\xddNe\xfe\x8c\xc4q\xbb#f\xc1\xb9\x81W\xa4$)!\v\x9b\xa7\b\x91\xe5\xeb\x88\x1c\x0f\xb2.Tr\xe4\x99\x9e\x03\xb4\xd2\xf9KW\xce\xd1cC\xd5\xcf\x97\xa9\xeab\xda\xd6:\xa91q\xf7\xc5\xc0C\xd1\'\x89\xee\x84T:\x88x\xe2\x83\xf2r\xf4&t@\x9e\xa4qf\xdf\xf4\xb5\x01\\a\x85\xd3\xe0\xb7\n\xe7\xed\x84Q\xd7s\xcd4B\xcbQ\xa4\x9f[\x99\xdfJ%\xa8\xfc\xe3`\xc1JA\xc9\xbc\xd4~}\xce\xe8\xfejH\x8fb\xdd\xbcJ\vk\'\xe7Q\xfd\xaaA`\xb5\xa1\xe4\xf8\x9eG\xcfb\xe8@\x04\xe1\xf8\xacU)(S\xed\xffA\xfaqt\xb6-\x9b5\xf6\x1e\x13$e\n\xc7\x9b\xb0X\xb6\xd4\t\x99^^\xc2>J\x16\xd0\x8c\xecy*\xa0\a\xe9Ar\xa6\xb4n9j\xe5\xba\x8a\n\xce2\xcf_\x1b.t)\x8d09A[-\xf6\xe7\xe8\x1f\x92>\xb8\xd4>-\xacY\x9e\x88\x96\xa7\xfa\xdaoL\xa6\xec\xe8\xd5\xbfaf\xd7\xfc\x03\x91w)\xcd\x1f\xbe\xc9R\xcfz\x03\xec\br\x83\x8bM-\xf8X\xfd\"\xb4RV\x7f\xda\xd3\xd4h\x1c\xdb\xbe\xa4U\xec\xcd\'\xbc\xd22\x85{,\xe6-,6\x9d\x85\xb4fL\b\x98\xe9@\xee\xc2.\xb3\xd6w\x10\x94\xb5%D\xe8\r\xfe\x98G\x82\fx,\xa2J\x12\x03ec\xd5e-\x1f6\xe7\xb6\xd9\xcf0J\xed\xb7\x9b\xfd\xfc\x00EQ\x1f\x00D\xc95\xdeG +\x1bp\xf4\t\x94\x87\xf1ZbO\xa6\xe9\f`u\xda\xb3\x1d\xf9\x94\x80\xc1\x17\xde(_\xa7\xe7\x11\x9a\xac\x8c\xb1\xd71\xc5\xe9\xd3n\xc2\xa4\x98P\x9aF\xc2\x93\xad@\xa9h\x96\x1b]2\x88\xf3\xd8\xc798\x8c\x9f\xd4W4\xf1}\aD\xa0\xd8\xda\xf4\x1bEx(t|\xf4Y\xfaJ\xc2GS\xc9R\xb5\xda\xa8\x9b\xaa\x01\xe2~\xd8f.#\x94\xbf\x85z\xbf\xa0x62L\x1f\x91\xd2\x1e%\x88\x1f\f\xabb\x8ds\x93\x9e\xed\xd2\xdb\x02\x0e\xcf\xf5\xaf\xc8>+\x03e\xb7\xba\xb9}\xca\xfc\xe8\xed\x9b\xa2\x9ey\bMv\x8f\x8a8\xfd;\x9a5J\xee\x9a\xae\x83>$\x8a6\x05P\x8c\x05\xb8\r\xcf\xdd\x15/\xa9\xa1\xd4\x87{\xc9I4\xe3 i\xa4\xc5\xe5l\x03?\xfdM&\xc0a9}h\x8ef\x10!\xf0\x99\x80\xb72\xcc\x06\'+\xf0\xa1\a\xeeSGH\x12\x068S7s\xd3\xdaT\"\xa9jk\xed\xa2IyM\xa3&t\xfeA\xa9\"\xb4\xec\xdex\x00\x80`p\x91\x84\xbfK\xb6\x00\xa7\xa2\x06\xce\xc8X\x7f\xd1@\xf1\xcf\xdf\xae\xdb\r\xf6h\xdf\xc6+\xac\r\x9f\xc2D\xdf\xd6\xde`\xa4\xd1=\x1b\x8d\xf4\xbe#\tH\x06;a(`\xdcw\x1dc_\v\x046j\xf9`\r\xc0\a\x8d\x12:l\xc7j3E\xd7\xcaX\x97\xad\x93\xea\x99\xca\xd7m\xb8\x1e1\xb6Nz\"U/\x0eP\b=\x01W\xcd\xf1x\x85\xf4&\xe7\xf9W\x06\xa4\xf8&\xbc\xf4\xd0\xd2\xd1W\xee\x9a\xdd\xdbu\x0e\x9aV\xe2\xc5\x84`Bu\x12\xa8/=\x17\xc4F\x11\xdfm-)\xd9hc\xba\xb7\x91\xd9\x11\x9a,\x19\xf4]\xa7Y@B\x1f') 01:24:11 executing program 1: mkdir(&(0x7f0000632000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f00000000c0)='proc\x00', 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000080)='schedstat\x00') r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = memfd_create(&(0x7f0000000440)='\xb3\x17MS\xdb\xe0\x91~\xd8\x10\xb3\xd4\x9b\xfa\xdc\x1c\xb2\xc7\xdcp<\xefB\x05J\xe4cE\xbe\xd1C\xb5J\x16\'\xfb~\xfa\xfd\xbd\xdb\xc5\'\x8dmm\x9d\x9d\x1cv\x91y\xca\xec\xc7\xa5\xfa\xdf\xdc\xa7&!^\xac\x89a\x8c4\xa6\x85~e< \xc8d\xc4\xce\x7f\xb80\xd3\x03\x97\xea\x98\xfb.x\x1a3\x17\r\x00\xc8\xd0G\x1dq\x9c\x90g7$S8Sw:(+\xd6x$\xd4\xb2L\xf8\xf0<\n-\xe6\xb1\x0e&f\xec{YP%f\x02,M@a{\xe1\xeb*\x93\t', 0x0) write$FUSE_DIRENT(r1, &(0x7f0000000080)=ANY=[], 0x29) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x81, 0x11, r1, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='\xff\x00\x01\x00\x0e\x00', 0x0, 0x0) pread64(r2, 0x0, 0x385, 0x48) 01:24:11 executing program 5: syz_open_dev$loop(0x0, 0x0, 0x100082) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) listen(0xffffffffffffffff, 0x0) r0 = syz_open_dev$cec(&(0x7f0000000180)='/dev/cec#\x00', 0x3, 0x2) setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f00000001c0)=0x4, 0x4) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vsock\x00', 0x101000, 0x0) r2 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$UI_BEGIN_FF_ERASE(0xffffffffffffffff, 0xc00c55ca, &(0x7f0000000000)) ioctl$SCSI_IOCTL_TEST_UNIT_READY(0xffffffffffffffff, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x2, 0x0, 0x0, 0x3, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000003, 0x5c831, 0xffffffffffffffff, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) write$uinput_user_dev(r2, &(0x7f0000000600)={'syz\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1b\x00', {0x0, 0x1, 0x6a, 0x8f60}, 0x3f, [0x1, 0x3, 0x0, 0x5a, 0xc8, 0x0, 0x0, 0x0, 0x2, 0x8, 0x0, 0x0, 0x0, 0x5, 0x3, 0x9, 0x0, 0x2, 0x0, 0x4, 0x0, 0x6, 0x0, 0x5, 0x3f, 0x23, 0x0, 0x401, 0x25, 0x0, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x0, 0x0, 0x4, 0x0, 0x8, 0x6, 0xb15, 0xfffffffffffffffe, 0x5, 0x800, 0x5, 0x101, 0x0, 0xfffffffffffffff7, 0x0, 0x9, 0x0, 0x1000, 0x0, 0x0, 0x5, 0xfffffffffffffff8, 0x9, 0x800, 0x0, 0x0, 0x0, 0xffffffffffff0001], [0x3, 0xfffffffffffffff9, 0x2, 0x0, 0x7, 0x8000, 0x1000, 0x1f, 0xbe, 0x100000000, 0x1, 0x1, 0x6, 0x0, 0x5, 0x0, 0x8ffe, 0x1, 0x0, 0xe27, 0xe3, 0x0, 0x100, 0x1, 0x8, 0x7, 0x10001, 0x0, 0x7ff, 0x6, 0x0, 0x7fff, 0x0, 0x80000000, 0x2, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x9, 0x0, 0x6, 0x9, 0x8, 0x0, 0x1, 0x0, 0x5, 0x3ae9, 0x0, 0x4, 0x4, 0x9, 0x2, 0x7, 0x0, 0x0, 0x8], [0x4, 0x0, 0xfff, 0x0, 0x5a, 0x7, 0xfffffff7, 0x0, 0x0, 0x0, 0x4, 0x3ff, 0xc5, 0x7f, 0x2, 0x0, 0xfffffffffffffff9, 0x0, 0x0, 0xff, 0x0, 0x400, 0x0, 0x7, 0x4, 0x8, 0x0, 0x0, 0x0, 0x3, 0x0, 0xd, 0x0, 0x6, 0x0, 0x0, 0x0, 0x3, 0x0, 0x2, 0x3, 0x0, 0x6, 0xfffffffffffffffb, 0x0, 0x7, 0x800, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x5, 0x0, 0x8000, 0x0, 0x0, 0x1, 0x9, 0x800, 0x2, 0x7, 0x2], [0x2, 0x5, 0xfffffffc, 0x1ff, 0x0, 0x0, 0x8de, 0x0, 0xffff, 0x3ff, 0x401, 0xe16, 0x0, 0x0, 0x2, 0x1, 0x0, 0x401, 0x0, 0x0, 0x9, 0x5, 0x1c8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x81, 0x56e4, 0x0, 0x3, 0x10000, 0xfffffffffffff000, 0x1, 0xfffffffe, 0x10000000, 0x1, 0x0, 0x6, 0x0, 0x6878000000000000, 0x9, 0x3ff, 0x2, 0x0, 0x2, 0x2, 0x0, 0x8, 0x60ef, 0x8, 0xffffffffafd63bfb, 0x0, 0x7fffffff, 0x0, 0x0, 0x2, 0x0, 0x2]}, 0x45c) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_DRAIN(r1, 0x40045731, &(0x7f00000000c0)=0x94d) r6 = getpid() socketpair(0x1e, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0}) close(r7) r8 = getpid() fcntl$lock(r7, 0x0, &(0x7f0000000000)={0x1, 0x0, 0xd5, 0x1ff, r8}) r9 = getpgrp(r8) rt_tgsigqueueinfo(0x0, r9, 0x26, &(0x7f0000000100)={0x0, 0x80000000}) ptrace(0x10, r6) r10 = socket(0x10, 0x80002, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(r10, 0x29, 0x41, &(0x7f0000000200)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000007b000000644cd19aeb1e4959584fe6fb5356f7855dc5efa3092669cfffbad39dc40b772f8ab627dfcab6d9edfe400000003bb4eb2f7f6446e700cd7989577516cc6d704c1153e1e582bd2b212c74b8ecf2719698fa47a0163b9fe58944a29f0af20100e4adffcc9e29deb5666ac1b9c3ac5e7b7b142b4bb7fe000000000000"], &(0x7f00000002c0)=0x9f) ptrace$pokeuser(0x6, r6, 0x388, 0xffffffffffffffff) ptrace$pokeuser(0x6, r6, 0x388, 0x81) wait4(r6, 0x0, 0x5d6be6634f90cd7d, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f00001da000/0x18000)=nil, 0x0, 0xfffffe72, 0x0, 0x0, 0xa00000000000000) close(0xffffffffffffffff) 01:24:11 executing program 3: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c00000007060501ff0000fffdffff2ef6ff04610c000100060000f77d0a01010c"], 0x21}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 01:24:11 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x80001, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_GROUP={0x8}, @IFLA_PROTO_DOWN={0x8, 0xa}]}, 0x30}}, 0x0) 01:24:11 executing program 2: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) semop(0x0, &(0x7f0000000240)=[{0x1, 0x6}, {0x0, 0x44}, {0x0, 0x3}, {0x0, 0x7}, {0x0, 0x68}, {0x0, 0xffffffffffffffff}, {0x1, 0xfffffffffffffff8}], 0x7) semop(0x0, &(0x7f0000000240), 0x6) [ 250.599772][ T8866] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 250.644421][ T8866] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 250.731658][ T8873] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 250.767718][ T8873] device bridge_slave_0 left promiscuous mode [ 250.821052][ T8873] bridge0: port 1(bridge_slave_0) entered disabled state [ 250.829595][ T8871] Unknown ioctl 1074026289 01:24:11 executing program 0: r0 = semget$private(0x0, 0x4, 0x0) semop(r0, &(0x7f0000000240)=[{0x1}, {0x0, 0x44}, {0x0, 0x3}, {0x0, 0x7}, {0x0, 0x68}, {0x0, 0xffffffffffffffff}, {0x1, 0xfffffffffffffff8}], 0x7) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) semop(r0, &(0x7f0000000240), 0x6) 01:24:11 executing program 2: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0x13, &(0x7f00000002c0), 0x4) [ 250.892363][ T8873] device bridge_slave_1 left promiscuous mode [ 250.917918][ T8873] bridge0: port 2(bridge_slave_1) entered disabled state [ 251.000106][ T8873] bond0: (slave bond_slave_0): Releasing backup interface 01:24:12 executing program 2: r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x80000000008936, 0x0) 01:24:12 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)="0900000000003639408fa3a3ba276601", 0x10}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 01:24:12 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f67fe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) syz_emit_ethernet(0xf2, &(0x7f0000000000)={@local, @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "50a09c", 0x8, 0xffffff11, 0x0, @remote, @local, {[], @udp={0x0, 0x4e20, 0x8}}}}}}, 0x0) 01:24:12 executing program 4: 01:24:12 executing program 4: 01:24:12 executing program 3: pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00008a7000)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c00000007060501ff0000fffdffff2ef6ff04610c000100060000f77d0a01010c"], 0x21}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) [ 251.250214][ T8873] bond0: (slave bond_slave_1): Releasing backup interface 01:24:12 executing program 4: 01:24:12 executing program 4: [ 251.466508][ T8911] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 251.492458][ T8911] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 251.709303][ T8873] team0: Port device team_slave_0 removed [ 251.842330][ T8873] team0: Port device team_slave_1 removed 01:24:12 executing program 1: 01:24:12 executing program 4: [ 251.932730][ T8913] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 01:24:12 executing program 0: 01:24:12 executing program 2: 01:24:13 executing program 2: 01:24:15 executing program 5: 01:24:15 executing program 4: 01:24:15 executing program 2: 01:24:15 executing program 1: 01:24:15 executing program 0: 01:24:15 executing program 3: 01:24:15 executing program 1: 01:24:15 executing program 4: 01:24:15 executing program 2: 01:24:15 executing program 3: 01:24:15 executing program 5: 01:24:15 executing program 0: 01:24:15 executing program 5: 01:24:15 executing program 2: 01:24:15 executing program 4: 01:24:15 executing program 3: 01:24:15 executing program 0: 01:24:15 executing program 1: 01:24:15 executing program 2: 01:24:15 executing program 1: 01:24:15 executing program 3: 01:24:15 executing program 4: 01:24:15 executing program 2: 01:24:15 executing program 5: 01:24:15 executing program 0: 01:24:15 executing program 3: 01:24:15 executing program 1: 01:24:15 executing program 4: 01:24:15 executing program 0: 01:24:15 executing program 5: 01:24:15 executing program 2: 01:24:16 executing program 1: 01:24:16 executing program 2: 01:24:16 executing program 4: 01:24:16 executing program 3: 01:24:16 executing program 1: 01:24:16 executing program 0: 01:24:16 executing program 5: 01:24:16 executing program 2: 01:24:16 executing program 3: 01:24:16 executing program 4: 01:24:16 executing program 0: 01:24:16 executing program 4: 01:24:16 executing program 3: 01:24:16 executing program 1: 01:24:16 executing program 2: 01:24:16 executing program 5: 01:24:16 executing program 0: 01:24:16 executing program 1: 01:24:16 executing program 3: 01:24:16 executing program 4: 01:24:16 executing program 2: 01:24:16 executing program 5: 01:24:16 executing program 3: 01:24:16 executing program 1: 01:24:16 executing program 2: 01:24:16 executing program 4: 01:24:16 executing program 0: 01:24:17 executing program 5: 01:24:17 executing program 3: 01:24:17 executing program 0: 01:24:17 executing program 4: 01:24:17 executing program 1: 01:24:17 executing program 2: 01:24:17 executing program 3: 01:24:17 executing program 5: 01:24:17 executing program 1: 01:24:17 executing program 4: 01:24:17 executing program 2: 01:24:17 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0800b5055e0bcfe87b0071") r1 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) 01:24:17 executing program 5: r0 = socket$inet(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000100)="24000000100207031dff22946fa2830020200a0009000300001d85687f0000000400ff7e28000000160a43ba5d806055b6fdd80b40000000140001000029ec2400020cd37e99d69cda45a95e", 0x4c}], 0x1}, 0x0) 01:24:17 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r0, 0x800000c0045002, &(0x7f0000000940)=0x7b) read$char_usb(r0, &(0x7f00000003c0)=""/100, 0x64) 01:24:17 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/ets\x00') 01:24:17 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r0, 0x800000c0045002, &(0x7f0000000940)) read$char_usb(r0, &(0x7f00000003c0)=""/100, 0x64) 01:24:17 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x133, 0x0, 0x0, 0xff7d) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0xfefd, 0x40, 0x0, 0xfffffffffffffdd4) fsetxattr(0xffffffffffffffff, &(0x7f0000000000)=@known='trusted.overlay.nlink\x00', 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 01:24:17 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='pids\xff\x91ventq\x00\x8c+d..\xb1\x88[\x87\xb8\x8e\x80\xf9\x1cV\xcb\x7f\x96\xfd\xbd\x06\xf1\xc5\x8ap\x00\x9ays7\n\xbc\xb7\\\x16\xedk\xdf\rS>UC\xb0Z\xa7\xd5\xc3\xab\xef\xb6n\x9e\x86\x9c\x1f\xa2\xd6r\x12\xa0\xb4\xb5!\xedA\x81\xa7\xccV\x03\xd1<\x92m\b\xcb\xe8\xa4D p\xf7\x99E\xb8\xbc\x06\x7f1N\xff\x96\x00\xe6rS\xf1\xae\xa0\x03\xa4~\xaf\xae\xbc\\\"?7\xca3Qd\xdd\x1a\xe5\xff\x80\xfe\xd9o\x8f\xd1\xd2\xb8%+\xcb\x12KT\x8d\x9f\x82\xbas\x15\x83\x9e\xf8\xac\x8d\xf4*g\x0efu\xba\xd2;\xdb\xbe\xd3{k\xf8Z\x03>\x8cB\xda\xd4\xe8\x91\x02\xfc\x0ep\x05W\x15\x980E\x16\xfe\xa5\xac8R\x96\xc1\x11\xbf\x81\xed\x8eM\xa8', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10012, r2, 0x0) syz_emit_ethernet(0x300b00, &(0x7f0000000000)={@local, @empty, [], {@ipv6={0x86dd, {0x0, 0x6, "b40900", 0x300030, 0x0, 0x0, @ipv4={[0x2, 0x2, 0x543, 0x0, 0x60], [], @multicast2}, @mcast2, {[], @icmpv6=@time_exceed={0x21, 0x0, 0x0, 0x0, [0x7, 0x4], {0x0, 0x6, "b680fa", 0x0, 0x0, 0x0, @ipv4={[], [], @broadcast}, @ipv4={[], [], @remote={0xac, 0x14, 0xffffffffffffffff}}}}}}}}}, 0x0) 01:24:17 executing program 2: r0 = socket$inet(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000100)="24000000100a07031dff22946fa2830020200a0009000300001d85687f0000000400ff7e", 0x24}], 0x1}, 0x0) 01:24:17 executing program 5: eventfd(0x0) writev(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='comm\x00') syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={0xffffffffffffffff, 0xc0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=0xd99, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x2}, 0x0, 0x0, &(0x7f00000002c0)={0x3, 0x8}, &(0x7f0000000300)=0xc7, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=0xffffffffffffff80}}, 0x10) syz_open_pts(0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) pread64(0xffffffffffffffff, 0x0, 0x360, 0x0) syz_open_procfs(0x0, 0x0) ioctl$TIOCSTI(0xffffffffffffffff, 0x5412, 0x1) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, 0x0) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) connect$ax25(0xffffffffffffffff, 0x0, 0x0) ioctl$TCGETX(0xffffffffffffffff, 0x5432, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000500}) lsetxattr$security_smack_entry(&(0x7f0000000200)='\x00', &(0x7f0000000280)='security.SMACK64IPIN\x00', &(0x7f0000000380)='cgroup@))posix_acl_accesssystem\x00', 0x147, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) 01:24:17 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b0f, &(0x7f00000000c0)='wlan1\x00\xa2\xb8y\xe1\x04\xbe\x00\x00\t\x00\x00\x00\x00\x00!\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\xbfjOc\xcd\x15\xc1K\xab\xe9\xe3\xe8\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19EI\x952\x12,\xec\x02\xffa\xad\xef,\xbc (\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1x\\\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\x98T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa \x91d\xff9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb30\xe8\xdb[\xc8\xe5\xae\x98\xdc\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cyg-\x97\xa1\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xa9O\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99') 01:24:17 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r0, 0x800000c0045002, &(0x7f0000000940)) read$char_usb(r0, &(0x7f00000003c0)=""/100, 0x64) 01:24:17 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) r3 = dup(r2) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8b1b, &(0x7f00000000c0)='wlan1\x00\xa2\xb8y\xe1\x04\xbe\x00\x00\t\x00\x00\x00\x00\x00!\x00\xff\x8d\x00\x00\xf6\xe7\xf9\x01\x06\x8c\xe2K\x04\xd9\xfd\xbd\x00\x1d})\xa0\xb1\xd2\xe4\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00s\x18\x9f \xfa\x91\x1b\x01U\xbe\x01\x01X\xbdh\xbfjOc\xcd\x15\xc1K\xab\xe9\xe3\xe8\x05\xda\xce\xed\xa5\xb8<\x9d\xd1\x19EI\x952\x12,\xec\x02\xffa\xad\xef,\xbc (\x02B-mF\xfa\x92\xdc\x13\x06\x1fk6=z\x8eni)\xb5i\x0f\xc7\v\x9d\x81\xb3r\xb1x\\\xdb\xcbzE\xfeO\xe7\xdf\x96\xa2\xf8EX\xe3\xbcf\x02\x98T\x1a\x1f\x16\xb9\b\xa2\xb0\xb1\xc4vCh>\xa3\xd7\xc70\x92C5\x9d\x17\xd1\x96g\x8d\xd1\x06i\xde<\xf3\xd9\x93M/\x1eQ\xba\xe7[\xe3\x00\x00\x00\x00\x00\x00t\xeeKr\xb3\"\xa9\xef\xa2\xd8\x03_\xee=[o\xaa \x91d\xff9\xfa\r\xbe\x16%\xde\xa2o\xa9\\%\xc8\xfa\xd9t\xe5t\x9d\aj\x16\xc4}-\xf6\xd3\x02\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\xd0\xab.\x13L8V\x1d\xa0\x02#\xb4\xea@\x1b\xd0{\x02iE\xb30\xe8\xdb[\xc8\xe5\xae\x98\xdc\xe4Tr\xb4w\xba\xa9\xfe\x0f\xdcFc\xd0\x9f\x82\x9d\xae\x9cyg-\x97\xa1\xdc\x86\x82Q\xe0\xab\xc1w\x03;-^(\x02=\xf39\xe9yT\xc4\xf0\xef\xe0\xd8\b#\x9a\xcd\xe0\xf8q\x9a\xcd\xdeAF,\x04\"\x84\xa9O\x97\xf7\xfb\xa2N>\xcb\x9d\xc0\xcc\x13\x12\xcc@\x89\xf8F\x82OO\x99') 01:24:18 executing program 0: 01:24:18 executing program 4: 01:24:18 executing program 1: [ 257.292276][ T9096] overlayfs: workdir and upperdir must reside under the same mount 01:24:18 executing program 0: 01:24:18 executing program 3: 01:24:18 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6(0xa, 0x3, 0x100000000000ff) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c) setsockopt$inet6_MRT6_DEL_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd3, &(0x7f0000000000)={{0xa, 0x0, 0x0, @rand_addr="01b5ef85910252e6c4efa9bca4e63135"}, {0xa, 0x0, 0x0, @rand_addr="d9ae84d566afd5258cac14436b02c484"}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10006]}, 0x5c) sendmsg$key(r1, &(0x7f00000001c0)={0x20480, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x2, 0x0, 0x0, 0x0, 0x0, 0x2b}, 0x2a}, 0x2}, 0x0) 01:24:18 executing program 4: 01:24:18 executing program 2: 01:24:18 executing program 1: 01:24:18 executing program 3: 01:24:18 executing program 1: 01:24:18 executing program 0: 01:24:18 executing program 2: 01:24:18 executing program 4: 01:24:18 executing program 3: 01:24:18 executing program 5: 01:24:18 executing program 1: 01:24:18 executing program 2: 01:24:18 executing program 4: 01:24:18 executing program 0: 01:24:18 executing program 5: 01:24:18 executing program 3: 01:24:19 executing program 1: 01:24:19 executing program 2: 01:24:19 executing program 4: 01:24:19 executing program 0: 01:24:19 executing program 5: 01:24:19 executing program 1: 01:24:19 executing program 0: 01:24:19 executing program 3: 01:24:19 executing program 5: 01:24:19 executing program 4: 01:24:19 executing program 2: 01:24:19 executing program 1: 01:24:19 executing program 5: 01:24:19 executing program 3: 01:24:19 executing program 4: 01:24:19 executing program 0: 01:24:19 executing program 2: 01:24:19 executing program 1: 01:24:19 executing program 4: 01:24:19 executing program 5: 01:24:19 executing program 2: 01:24:19 executing program 3: 01:24:19 executing program 0: 01:24:19 executing program 4: r0 = socket$key(0xf, 0x3, 0x2) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) accept(r0, 0x0, &(0x7f0000000040)) 01:24:19 executing program 1: syz_emit_ethernet(0x7e, &(0x7f0000000200)={@random="7066c5db3421", @random="b7f7d4d3a74a", [{}], {@ipv6={0x86dd, {0x0, 0x6, 'Xpw', 0x44, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, @rand_addr="a74dd7a86778a7a53697c03eed5f0b83", {[], @gre}}}}}, &(0x7f0000000080)={0x0, 0x4, [0x0, 0x56b]}) 01:24:19 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x280000000000002, &(0x7f0000000140)=0x78, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000001040)={0x2, 0x4e23, @loopback}, 0x10) write$binfmt_aout(r0, &(0x7f00000006c0)=ANY=[@ANYBLOB="01000009810100000d01000000000000000000000000000000000000000000008b15b25419b1f9e057198c1b94921e6eea5e6c012de335c6e3dc404862240695492d9f4d0b9ac90ca92d9f99d88e7bc70cdb7cb78d1a5cb5811ac651119650c94fc3251dbbffc093422c4d16797ee70ddd43798de1b9b36b15f6607d38576e39e6918b50828ad435381af64a6461e6a002d59ae8fcb882d0bae037a30a77394a6db4431a886088548395d0aa0007698953e41f7aff2a68df9581b509cef609b32fe878c1f352d739ef7db93f31918b0a07000000000000003edecc7b349113a9752fddeca6be4b70b26997a5e08fb3b177452b391c4aef204d22af8e37a29317a9837171646a8cb80448990ca2abe128c630a3fa35fe6df3ef90bd2f1ec892ba09000000d8d27f14dd63e96eb048290a7123b2fc0aa0ad5bc9083b35cae992a7a51230e81b78942d3a80d805c6fe676aab99aaea8fe93b7bd2589800a12914bccce30610fc1a3fac49276f81dddc7895eb85756ff5864c0aea4a141fbb54dd15fecc0684770ece5132c64087820c75db0e867b80af0ef93b6c639b77b23b3a7f1fff65c88985afdd64025a88fc02008be0bf0f6cc1cf980a77b570312713ce9672bd867013679ff9c5cea632140e885663d515e6d57105801d9c19504c25dbba53f452045627131c0a92d743123639715e9940ae6f03388ab5f6ee888ff9262a9e514611bb39a51d888f997d58"], 0x20d) recvmsg(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000003ac0)=""/4096, 0x1000}], 0x1}, 0x100) shutdown(r0, 0x1) 01:24:19 executing program 5: r0 = socket$inet6(0xa, 0x80002, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x6}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000001e00)=[{{&(0x7f0000000100)={0xa, 0x4e24, 0x0, @remote}, 0x1c, 0x0}}], 0x4ed, 0x0) 01:24:20 executing program 0: r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r0, 0x400100040044145, 0x0) 01:24:20 executing program 2: openat$audio(0xffffffffffffff9c, 0x0, 0x0, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0xfe38, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) unshare(0x40000000) 01:24:20 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_S390_UCAS_MAP(0xffffffffffffffff, 0x4018ae50, &(0x7f0000000700)={0x0, 0x3, 0x1ff}) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000180)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0xa67, 0x0, 0xfef, 0x14a}]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) getsockopt$netlink(0xffffffffffffffff, 0x10e, 0x0, &(0x7f0000000580)=""/85, &(0x7f0000000600)=0x55) select(0x40, &(0x7f0000000780)={0x40000000, 0x9, 0x0, 0x1, 0x6, 0x8, 0x7a}, &(0x7f00000007c0)={0x7, 0xfffffffffffff1ab}, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200)='/dev/zero\x00', 0x0, 0x0) fcntl$addseals(r4, 0x409, 0x0) ioctl$PPPIOCSMRRU(r4, 0x4004743b, &(0x7f0000000240)=0x5) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) perf_event_open(&(0x7f0000000440)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) fcntl$getownex(r0, 0x10, &(0x7f0000000080)={0x0, 0x0}) perf_event_open(&(0x7f00000001c0)={0x7, 0x70, 0x0, 0x9, 0x81, 0x1f, 0x0, 0x1, 0x24040, 0x15, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x8001, 0x4, @perf_config_ext={0x8000, 0x4}, 0x80c, 0x0, 0x1f8, 0x6, 0x6, 0x4, 0x6}, r5, 0x2, 0xffffffffffffffff, 0x1) 01:24:20 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x101002, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4005}) openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) r1 = socket$kcm(0x29, 0x5, 0x0) ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000080)=0x82) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&') write$cgroup_subtree(r0, &(0x7f00000000c0)={[{0x2b, 'c\x86\xdd'}]}, 0x5) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$FS_IOC_GETVERSION(r2, 0x80087601, &(0x7f0000000040)) [ 259.273332][ T9223] IPVS: ftp: loaded support on port[0] = 21 01:24:20 executing program 4: mkdir(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$adsp(0x0, 0x1, 0x0) r1 = syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x1, 0x2) ioctl$int_in(r1, 0x800000c004500a, 0x0) write$UHID_INPUT(r1, &(0x7f00000002c0)={0x8, "b13e1c20d1764d052a4289a71186ca1abfa7f39eb694f4602948f6585c3542ac42cb2f94b098e98f2bcd6128dab4a71d544e96e01e3a9a3548ee5f554c06d963346edb9d133e86fdd31c21e9aaffeb52f7cd63297b1fd0db1845e12bda3ce00f0cca0e6ac9c42a61e687c24c0553b408359c86c7bfd7a30944ac327f982b011258e85ee00f050c38e73199d07b72b225a96ab0fb5a9ea944a233e46cd4c25aaa0fe04bd9b3203f61a06c8f094563ffa0078e50248ce1acebc03c75069eb1cb20ebbe30ec063f9ebc45290dc4f8b56ebb08d32e4df04785fd385029f766a0b96db6a1b6615de63393fe97082c076a7170d2b1c06ce0627d6acae850c2b95f38b079a352f27bf6f5460078b8e597c1d3bdb5cf9e73f42eec5aea224ab44b94e18e812864faeaf770ba7471f99b07d41d573d1d4c3833fb4410ea36d710bfa66ccdb14a1927a678f873b023e82c341a43704adb37242a67b2a46d02ab7aee23cf3030a2f3dd58eece667b6e9393ee8d36649e37e83b1c73c0ef65b4df6173c1c25324fbb9afa1361dc4275f152deb03d7138a688eb9dc66e7845ce1be5647bf740b0e1dd038120ef1e3e1cf420cf8b723bef771376e433935e4f9096a10c4a969aceaac4791c41f365b274dab49bddf51b22a24c05ceaedcbf45febc927e98f410d38247d7679cee7b0d3041eaebd7821924ad31e7c5137bf87ce1ec537a981779f0a4c57bbbb5c641cfd02e1e3904f48b0be96fc9851b6bc8c4260168eea9d9d111e2777f78a9021d5eb0166e39410bf279656770263ca2fb7ac0e30d5e168f8cf4bc5665d057da939b770568e41d0fcec5d6aac0bf4ae66fb099b786cdce7f6a9bc00b83d8ed72440a9724d4ef8af71c7efbc31397930cdcb99d30502ecbcc7ddb9161ade16a1badbd7ea3c6c65b387b46234c4660c816506a2f76264bba07ecb685532116bd971464b58e3ea0a29c2fa1d49d9c6308806db01326e9a1b6bbb556f6479b29f48718e211d75f08d0fb477ad8dae5aeaad7e176b2c5ae331ef78212e9dd7e506549dc74ffd940dc91d74aee2fa7f28855919c163f443804e2a072ad8add2be84df87e414afcab0f8e6f67d3ebb1778a6798d50233da09d29b95c0da97304b7a025e50a7c89e614c63bc69477bfe0e5ae2c468332d134f9e22b19eb2f01c8e8d5148b9b980f8b9aa0cab9ba89aafe16d6a8cf9cb5ae659d8fba88e2841f3d6ac0c44dd9f03787d357fe31a4f551e247bfb73b1f2aa1e208c36aa90dcfc4da8877967c05fe951716ec2293d79c6083e79061bbe18150e2af1d889bb4e87c7735b0e7b88a3109a906d1bd4bf9b98c2462420ecc4e9f3a274a6678bc56e9aa7f3d64677141f874f35d00d04a1dc83126ccd69a0221305a3a5418ec24e163b165c1e4533c38f3d213de4012aece68ed11e2f42325d6da5eef78ee985f81a7991e3d1ff69188059c292779579418ef81177fa94b43cdd0fbf92d31f0fb592a864ddc98ddd5b49ece865e7c7a6c873169d0eea46c1a44f645b1cfa40849ffb9f5355ab396dc1a875180f17103be63be4e7d1920949c59ba5d47341c176ac307e165b9733ac5cd9e9691f5ecd76b467881b78f217d50903a06c57270f4104fd26d496dd7e08c27209185761882923f6447c73d53a74e28132e6bf97ee4f2df9d03be88653a9a7251d8df247f1a75f91f95886ce317e3c125aa7686eec86708fa72c9b33a664e76c0ed891ff9d840ac121ae3f96d32330a14fd76df19c7ae0434e2103d6e9175da0b6cc7a007a0a18615271771434959de305636cf7fbfdd16239bff7dbc656a702ebd48f9a2b1937cca80604ec525d292bb7337459235ad047c6933b6c81bd966ea60ec863de568a9e6d8e0378916f441e0f8b2b74df49b9b24094fd643413469428a537aed19b72bf9381ebab4cd57400ecad1cf1b792e9610910d02f9a779b009840e3f1a1395a87f1e590c33018be80a3f34bbaf49e415ba7d3858b40788cd19211b8cad3789870fb252f8991d64bff9558a67a2316ec2402c2f9c52de42e6389fc90bc4379f7b899b1a943035d64f20b7766edf08fdfa185d00493031f0d3f9ad7dce841f725c5adcba896a76857918a2f54c8aa2e50f71eda35b8fea3732a02c146201ad9f4b65b7caa09e2a73f72aee1ce428a35489038d5cc859fbd48be8da5d088ccab897a248fe418b89b409ab5507af725f077d264abec5b53667ca06aed03815dd537535a3360a50ca3d09c025b5057362c7cb5a4b99c58ac64fe813f4d7f2cafbc3048835ec43fa68170ec7310342134c9b5ec417763db145555cdd37f24b27b0911d172710b74d3c754aac02b24030166cbf2eccfaf1e909b629b7919db1351cd0167e8b6bddc5ce4b7e13cbf0c095f636427d440d058e7637eb117947fc6a60942d10bd455030ee38fc447fd3e6232efba65def558dcff60274e6b2ad62464b4f767bcfec22c681c12bdabf1fedc3946f45c9a34a9169f79ea60a9d190dcf1ce14957382af602dd134b610b269247f38c3d4e233f2fda399dc4cf09139cff9e9c731f8bf940df3cbdf9355f604bd0f3d3b20a6cfc39a7d9ff74f734750187b30c1a970a432bf7e9417cc87d8dea00c4e1885845e1a59bc6a5487687c5bca514e9dcf372bcdc0fe4a47f3e4ac456b1a812e69f88b2a8a964d946cc102ba6f3a7c965df24653c6384d810cf157c8581d4b40e874aded8d227a25fab9889f02698bf52980f048408de4a96226949eba5d1b7f41fce61ae1ff9388e096646ddda4c222f7b9bffc1d3e5b645b6e248637698f6a5be1dc03ff7aa9f418153beeef9b9d67ac5b6fc888e5adf0db41a6d5cac2b600af3b428a1294f4fdb4cf64ccc254c1c7ef71b9be3afceb797fc9504bc3f3dde217687d47cd445c44bea2b16eacae76f16d868b77065b189bd7c4678f3a5fc99b4d020d42972d010b7a6b22de46b434f2d8ec4f567af2d531817ec81ffa36cc27d073a66d2152f1be2a8dce08e98a00f473f22e680cf0ebdcf37936cee60f99eec69503a15d8e36f8d599b535021693fb52f9dc93e315d6e849bd4bf9d05fb25f0b09de91b73ca4edfbfa04d9262d449eab2be542ea30f316384609efc52ed641a9e32d48e4a57c65e8bfa5c13e769d5402a0b125c17360800bf0da8592a75abe647f1d9b1072942947da82e701308b60ecdcfd40d7b6cf44b443493ef0466790547c0a8e5914484969e52cba3787c41df965f91ed7074cd62a63db7e1c35b8f9ac30521295ae7b9c81143926f1dd36aefdfbcd7056b0d4209cabe113a18c58ecc062df687666725707029a8be3ef5721484bd429bab33fceb76c6a0f079da8819d0d9565f5e4ed45eb531f9501b85b619b5323169b0297b7cedcf6f288225dd5e6a7f52c1b96cd38dd94b2f6b8cfc6dbd7862901a5295dca5ecbae72344f41c4a222bd6711831d265b910d547501116bcfbf3c9e104b446175c4c8a4e56445ca22f9363f0f54858a8eb4a1c43103bca578c5b0ee372efd705a950510dbbfa4f74c8ddb4bbc1f07dd410ebb39c01f4da8a0bad2d3d35df3a12a9fa2daf44c8163d59aba8a7351ecc9fe4cd25b987dba700e73d7174307161adf70db0e7a802d7c9ec1b912ee58b0a35c2c6f40f112d70ab5aa708071379280c9ffbceaf0a4ec45c89ac0bf3ef40538302b685e24574da8bde8654e99eff66c9ad5e6beafa0e48e1c293c53d955980346cbc052d15e5d1f3baed388dfaa72ca089af06ae757466a704b93a0ff13cb5c722f0b872432a4fd4513ed56825b13ddd4d8c02eb624c8358199f52679421ab0e1792869f6b4aea523a1079b3138f1ef761c6df102096eff43ddb23ee668b9cc5161433feb318903b58387c3dae2833a8c770e7c6e27c31a1fca07377fbb07f11911be6192f7518a8d089b89826e48b28f5c8a00784bef9b2f68c90838eb2c9fcaeda4bb76782510082c977a7ecdd5743e9da8f088a3b67a25cfb25db4a709b6cbf5425e7efa8c2e472464606d9ccd2fc0f73cd1d51a5aa19d9caba10be2147f8e1ad763ba45693f9f078b0716cf588142be847ca67dc132c5782fed12b7d95c55a9bcfdfb85cb48698a45621cc2f1c85559617ece7def71486290b0cf8e987e8788e1a13f17e3f24b93ed2009ebe42e3bea9571f98b39b787c107dcada3a36fa1fe93736e74ec34af80a182cf0adf2846577f1d474c9ff1b4b8a2cfe6a2d445029ca77088b9c84be63655d48cbc5f61b18d7cda0d141f2db6bc3c479aa6ca19638e2c37da38768eb8820e5679345d2abe8033318eb952e297e17dacaaee3df7ef1d6cd554e9b1b453c44e3d4e030e25c5f9ed094100f6d9b1dc5dab371436ab252cc4d7fdf8fe4b7f36ab71f2bbe3878217b151664c3b9ae970e473ae164d77f294ca8ad58634ea446880e8327fc7af2a088e39508443a601eaa00742a7d0ad459dcac24a60edcfa6ac9f72f428c2b8dd30b8278e28f25a1a129d23cacd765de4c4aa52819578951bb8e311e8621f627e3463e2562b6dbc8d1c431c240f1424599438b9c94723f79ffd1fa1bc94104e4598bd43244302f86ddbe47ad8671e25f406aa507ba45bdba09841827a697cece002f79ec7cf14488789d754f84818d180bd04a11cb2115441a402bea2be749ef233bcd26ca27df828ada877a893e54ea3e6ea29e62d6e7693af7cbee59ccdb4045d0e6eeec3d8f59205f324a5f7cf5f871929c83ada04bc5d3990288dca5eb312339933ffb1031e05866e1b2d0aad0ca940795458b7d6c8a3750a76e1e6c8ccd48ca542d6c51164431d70c9d35f0f828cdec404a175a44bc2a9651ec5281c0f3aee9e4375f0eb139f58fa4419fddf9ebe2f8f37121a57397e7e830ac097ed375521a68f7cdc471621b769fef40cd19d8d55a82e27bf5b0cc4182359db7c9066e2ee10df279a89e96fcfea225995f065f7f286b8c8ef9b6c82a34df14dda2f737f557578ce5b15944e3149110102d80465c1b436b6bbb16fdc64a9d130ec7644bc162f0e2c5669a9254970a062561e269d85b72b4748d71d88ca20778287bc3b9613043166862f133f366f6361b9e1d040bbcd9728a70fcf3be7ea8fe0f55980ed03f336ec49f7cb6899813acf47d3b2413e7b637b764fcb9003ece75f8a255b9cdc71f80dbbaa7eaa2111b5551feeb7ea31620a2c88897538915abedcd184d57c79d81505985f561820449c330bc3412bffb68c4c743c5a5a3acafcf00d7561a66f70e5835da530ba62f221211e1fefdc1fbc8c05b1b68b7eb2afac6ebbbc0b961b8ef8b27b555ce7641f6601ac19d5f4adb06b40155a2085ff32de5b2c5edd96a01a14d1bb49b58f1fd718bec428043819b8070e46f0215d2153318320754638d9b40a5214784e7c1f80dde05500cfe8e4dff855504e099634fb3d44829453cf4ac8db7e5a4144f96d4508de90ada04240637fd5b261cfbb80c8d9ccdea6c1d3485a85663cff9749133002c7f9c6ea4de1b50fe90dae397f6b5833e943e6c5f60e10d805e97e6869488b857b44d8c94276f668257c223e2e26dff75222d3f304f8a040ce058e1b7b3bc5f0b69c310beea64212ef0a54bc9fb858c25681cee574c532b64d4f8241e0b855f7f79d0a1ea22fc3d9ad5a1658b5c4d9d417e9eae47c81628341172609a8ef8c72fb6e4e48da6a10207e56b727f65c82d49e2dbb44b492e1265c2b28f98980334ccc3abb0cfd15d73c2f38f4c824022aa7a0ac0b7d35eea934d3455d21e8c710474e54bdf29be107ebc00", 0xa943708f26830065}, 0x1006) r2 = socket$nl_generic(0x10, 0x3, 0x10) write$FUSE_INIT(r0, &(0x7f0000000000)={0x50, 0x0, 0x2, {0x7, 0x1f, 0x200, 0x18028, 0x11be, 0x2, 0xce, 0x3ff}}, 0x50) dup3(r2, r1, 0x0) [ 259.481457][ T9234] device nr0 entered promiscuous mode 01:24:20 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0xffffffffffffff5b, 0x0, 0x80, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) setuid(0x0) r0 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @remote, 0x6}, 0x1c) write$binfmt_script(r0, &(0x7f0000000400)=ANY=[@ANYBLOB="6dae718600f0fff8a70a7a005c0ef3e0997f84cd15c0010082919b615206f488458998e192b1870b85c9e8a554ef30d4dd35d51cf34dd9d3d80e556fdb00f0ffffffffbfff6116bf1ca0bdf7a45c12734fb3e731f3760349355e2f2f13ab700066312b887aaeb6657e158fb9897f55fe245cb6e8ebf2a49bd830c06a1b2ecb8706613dfa53a08cc0ab550a2b47b490af76634e71a0000000040000f36ccc5efa00daad51c66bfeee411a5acc07cfc05d477498346cd57ec6d95925fce71c098fcb8871b42fe8790e16b72d8f59df8d6b6fd9de718b7721293e02723f961267733741028fff23cc3d8b7cd53ded54302313c3c3286c7f687cba19355714a2904a33ef7a9a00"/276], 0xfdef) 01:24:20 executing program 3: r0 = socket$inet(0x2, 0x2000080001, 0x84) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f00000000c0)=@assoc_value={0x0, 0x1ff}, 0x8) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200)='/dev/zero\x00', 0x0, 0x0) fcntl$addseals(r1, 0x409, 0x0) ioctl$TUNGETVNETHDRSZ(r1, 0x800454d7, &(0x7f0000000000)) sendmsg(r0, &(0x7f000001afc8)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)='*', 0x1a000}], 0x1}, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) readv(r0, &(0x7f0000000140)=[{&(0x7f0000000200)=""/195, 0x8a20}, {&(0x7f0000000300)=""/204, 0xcc}], 0x2) 01:24:20 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x201, 0x0) write$binfmt_aout(r0, &(0x7f0000000040)=ANY=[@ANYRES16], 0x2) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$TUNSETNOCSUM(r2, 0x400454c8, 0x1) r3 = syz_open_pts(r0, 0x0) ioctl$TCSETS2(r0, 0x402c542b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x10001, 0x0, "9423b1dccf2294ded049e31386b42315556edf"}) read(r3, &(0x7f00000000c0)=""/71, 0x47) dup3(r3, r0, 0x0) 01:24:20 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f00000ba000)={0x16, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x201a7fa6, 0x0, 0x1, 0x50}]}, &(0x7f0000f6bffb)='GPL\x00', 0x1, 0xfb, &(0x7f00001a7f05)=""/251}, 0x48) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000040)='/dev/full\x00', 0x0, 0x0) ioctl$KDGETLED(r0, 0x4b31, &(0x7f0000000080)) ioctl$EVIOCGEFFECTS(r0, 0x80044584, &(0x7f00000000c0)=""/84) 01:24:21 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$SNDRV_SEQ_IOCTL_PVERSION(r1, 0x80045300, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x2182800ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$netlink(0x10, 0x3, 0x3) 01:24:21 executing program 5: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)="2e00000019000503ed0080647e6394f20100d2000500fc3711407f480f000300270000000200009ef88000f01700", 0x2e}], 0x1}, 0x0) ioctl$SIOCGSTAMPNS(r0, 0x8907, &(0x7f0000000040)) bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0xd, 0x4, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x2, 0x1, 0x44}]}, &(0x7f0000f6bffb)='GPL\x00', 0x1, 0x1fe, &(0x7f00001a7f05)=""/251}, 0x48) 01:24:21 executing program 1: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200)='/dev/zero\x00', 0x0, 0x0) fcntl$addseals(r0, 0x409, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200)='/dev/zero\x00', 0x0, 0x0) fcntl$addseals(r1, 0x409, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000380)={0xffffffffffffffff}, 0x13f, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_DESTROY_ID(r0, &(0x7f0000000400)={0x1, 0x10, 0xfa00, {&(0x7f0000000340), r2}}, 0x18) r3 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x4e24, 0x0, @ipv4={[], [], @local}}, 0x1c) r4 = socket$inet6(0xa, 0x100800000000002, 0x0) connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e24, 0x0, @ipv4={[], [], @local}}, 0x1c) sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYRESHEX=r3, @ANYRES32=0x0], 0x16}, 0x0) r5 = socket$inet6(0xa, 0x100800000000002, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c) sendmsg$inet6(r5, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYRES32=0x0], 0x4}, 0x0) r6 = socket$inet6(0xa, 0x100800000000002, 0x0) r7 = syz_open_procfs(0x0, 0x0) read$FUSE(r7, &(0x7f0000001780), 0x1000) ioctl$GIO_CMAP(0xffffffffffffffff, 0x4b70, &(0x7f0000000100)) sendmsg$inet6(r6, 0x0, 0x0) r8 = socket$inet6(0xa, 0x100800000000002, 0x0) sendmsg$inet6(r8, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="2400000000000000290000003200000000000000000000000000ffffac1414bb", @ANYRES32=0x0], 0x24}, 0x0) sendmsg$inet6(r6, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)=ANY=[@ANYRESOCT, @ANYRES64, @ANYBLOB="98a56c1f986f7793072648944e2b70e3df1d345b00c261733855524ad1609510cf2852bb66640b31cc6c75ec838c5b6c204409fd08f6ce97e61b5115b2aaebe360b1e19ad187328a06fa934d441f22cdeacd175378bb65c364230ed95495032cf0e71c19a4df2050d0f54b5c896457f9cca250ccc58bef46b81afb246b45e607f0d1e42153a2eba8d9547ae29ad7b8c120ed3eb6571eecc7a181852d83db09e7fa395c6deeff2cf4c8b109aca16ee9bcbd5d15c3ff120fb4c3ddb0fa7a4bec897bfe54688e07cf254bb2", @ANYRES32=r3, @ANYRESOCT], 0x104}, 0x4a4ab06223a0ef46) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$fou(&(0x7f00000001c0)='fou\x00') sendmsg$FOU_CMD_ADD(r9, &(0x7f0000000100)={0x0, 0xff00000000000000, &(0x7f0000000000)={&(0x7f0000000080)={0xfffffee9, r10, 0x403}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0) sendmsg$FOU_CMD_GET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x802004}, 0xc, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="000126bd7047c3000025576b97cde608691dcd76699e03000000e9000900fe8000000000000000000000000000aa524299b28bfc7b3ba3cd8caec60ee1f4f50c0b98bdffff000000000000c020570e67abbac1fa6b08a3b8a8f3bca5f04f1a5d23fe813aa5a6828e7afb4a74949c21f3d104c152c655d35b13d7dba53047d3b40306c938e77666162fe01e51cd23206d09ac3a42a7103a91223a6954b7cfbd61808481f1e9eb15acfd6e4b8da0f089f2c5f7c3653512e1f6069a69d27103b79b9db6f443951bd8091b4933b7fd22f5e7a9ec1b87217b9139620cbe0acb73d22e4900007e0f442eed0cf8ae79b6625973db3e34e45b50f18d7fcfef565a92e569a02131dcfa38e30834ef64065937a1b58a61d781f017c1b2bee01d9f11dda7c4959ca79f0fbe5e989623acb0f423664d1c22055d56cffe8bc5dcbfc6a54de7fd65609b3fd7e083fb62b798478b66ac5b1a7941dec178f3f5887d1d701a85988d58b2b0"], 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x4000001) r11 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ptmx\x00', 0x8000000000000802, 0x0) ioctl$TIOCSETD(r11, 0x5423, &(0x7f0000000000)=0xd) write(r11, &(0x7f0000000040)="e0", 0xfffffe00) ioctl$TIOCSETD(r11, 0x5437, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xc8, &(0x7f00000000c0)=0x2, 0x4) [ 260.231819][ T9234] device nr0 entered promiscuous mode [ 260.365420][ T9270] netlink: 'syz-executor.5': attribute type 3 has an invalid length. 01:24:21 executing program 4: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000140)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @remote, 0x4}, r1, 0xa0010000}}, 0x48) 01:24:21 executing program 3: r0 = socket(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00') sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={0x58, r2, 0x101, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x44, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc}, @IPVS_SVC_ATTR_SCHED_NAME={0xc, 0x6, 'lblcr\x00'}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, '\nip\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8}, @IPVS_SVC_ATTR_NETMASK={0x8}, @IPVS_SVC_ATTR_AF={0x8, 0x1, 0xa}, @IPVS_SVC_ATTR_FWMARK={0x8}]}]}, 0x58}}, 0x0) sendmsg$IPVS_CMD_DEL_DAEMON(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x40, r2, 0x300, 0x70bd27, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x121}, @IPVS_CMD_ATTR_SERVICE={0x20, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x39}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x0, 0x2}}]}, @IPVS_CMD_ATTR_DEST={0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x6008094}, 0x40000) write(r0, &(0x7f000018efdc)="2400000052001f0014f9f407000904000a00071008000700fe0500ff0800010003000000", 0x24) [ 260.453524][ T9270] netlink: 2 bytes leftover after parsing attributes in process `syz-executor.5'. 01:24:21 executing program 3: socketpair$unix(0x1, 0xc, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) write$P9_RVERSION(r2, &(0x7f0000000340)={0x15, 0x65, 0xffff, 0x8001, 0x8, '9P2000.L'}, 0x15) r3 = dup(r2) write$FUSE_BMAP(r3, &(0x7f0000000000)={0x18}, 0x18) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@fscache='fscache'}]}}) 01:24:22 executing program 4: openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$KDDISABIO(0xffffffffffffffff, 0x4b37) r0 = socket(0x10, 0x80002, 0x0) close(r0) connect$tipc(0xffffffffffffffff, &(0x7f0000000740)=@nameseq={0x1e, 0x1, 0x0, {0x0, 0x0, 0x4}}, 0x10) sendmmsg$alg(r0, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) r1 = socket(0x10, 0x0, 0x0) sendto(r1, 0x0, 0x0, 0x81, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000740)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000780)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r2 = socket(0x10, 0x2, 0x0) sendto(r2, 0x0, 0x0, 0x0, 0x0, 0x0) getsockname$packet(r2, &(0x7f0000000740)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x0) r3 = socket(0x10, 0x0, 0x0) sendto(r3, 0x0, 0x0, 0x81, 0x0, 0x0) sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) socket(0x0, 0x2, 0x0) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r4, 0x0) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000280)='/dev/nullb0\x00', 0x0, 0x0) preadv(r5, &(0x7f0000000040)=[{&(0x7f0000000400)=""/4096, 0x3ffc00}], 0x1, 0x0) mbind(&(0x7f0000410000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x91, 0x865bc26ba2a810eb) 01:24:22 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x5, &(0x7f0000000080)="fcb969aede70737e4acc75373707b2e041e69f7a3776544dc0f8b1ce07d72cb03c7abf721e39946a23d697d351ba8ecb88eca4780149ea7d245668") r1 = socket$inet(0x10, 0x3, 0x0) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200)='/dev/zero\x00', 0x0, 0x0) fcntl$addseals(r2, 0x409, 0x0) ioctl$UI_SET_LEDBIT(r2, 0x40045569, 0xa) sendmsg(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000003c0)="24000000180007041dfffd946f6105000af0000a1f000007002808000800080004000300280000001100ffffba16a0aa1c0900000000000012000000000000eff24d8238cfa47e23f7efbf54", 0x4c}], 0x1}, 0x0) 01:24:22 executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x3, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x0, 0x1, 0xaf}]}, &(0x7f0000f6bffb)='GPL\x00'}, 0x48) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e21, 0x2c7, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x1}, 0x1c) 01:24:22 executing program 5: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)="2e00000019000503ed0080647e6394f20100d2000500fc3711407f480f000300270000000200009ef88000f01700", 0x2e}], 0x1}, 0x0) ioctl$SIOCGSTAMPNS(r0, 0x8907, &(0x7f0000000040)) bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0xd, 0x4, &(0x7f0000346fc8)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x2, 0x1, 0x44}]}, &(0x7f0000f6bffb)='GPL\x00', 0x1, 0x1fe, &(0x7f00001a7f05)=""/251}, 0x48) [ 261.176014][ T9299] mmap: syz-executor.4 (9299) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 261.208606][ T9297] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. 01:24:22 executing program 3: socket$kcm(0x2, 0x1, 0x84) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r2 = gettid() ioctl$TUNSETVNETBE(r1, 0x400454de, &(0x7f00000002c0)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffe}, 0x0, 0x10, 0xffffffffffffffff, 0x0) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r3) socket$kcm(0x2, 0x3, 0x2) r4 = perf_event_open(&(0x7f00000003c0)={0x0, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x29, 0x6, 0x0) close(r4) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x89a1, &(0x7f0000000680)='&@[\x00') ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x89a0, &(0x7f0000000440)='\xaf\x06\b\xb9\x18\x91--J;,\xadIy\x95c\x96[\xab8uY\xe2\x81o\xc2q\x87\x8dw\x80\xb6\xd0(\xe8\x13\aF\\\x82\x19S\xed\x8c\xe3\x82^\x91\x0f\xb3\xb5\a\xa6\xa2E)\xe0\x01\x12vw\x19,^\xb6\x1b\'J\x1f\xa5:\x84\xb6\x9a\x94b}#\x9cGH\xed\a\xd9\ax&:g\b\xdb\x11D\xa9\xb1\xe9>\x8c\xd0\x88\xcc\xc7Ji\xb1+~\xdba\xa7\xa0\xe95\xb6\xd84\xf9x\xcb8-C\xd5\xdf\xcf\x15\xe6\xe1)\v-)ku\xcb\x1f\xc2\xc2\xb8S\x9f,\x00!\xe3Pm*cR\xfb\xab\xf9e\x14\x10\x9fN\xe4\x99\x119\xbe\x85*\xc0|a>\xce\x1cB\xe1\x01\x06\x80\v!\xc7\t\x9e\xe5\x03\x86b+\xcc\xf8\x92/\xdc\xbaE6\xb7\xd1p\x1c\xc8\x90\xaa_\xfcr\xa6&\x1c\xb5\x8bb\xa3HXj\x99\xf0p\xbaNT\x80`D\xba\xa8\x84c\xa9\xe8\x1a@\x0es\xe8\xc6\x85\xb3-B8e\x88\xeb\xc3\xdb!\'\'\xe8\x8b\x107Xj\xbf\neq6\x7fr;W\x7f\x9692\xbc\xe7:\x1e\xb7\x14\xca\x95\xe9\x87\xa5\x83\x8b\x16\x15\x99\xb82q a\x17\xdc\x18\xb4\xd0a\xb5*V\x832\x9b`\f\xb5\xa3\xb2\x12\xba\xcfm\"\xd8\xfe5\xa6s\xa5m\xab\xe6l\x14\xf8\x17V\xd1\x89\xb5\x8b\xbd4\xa8\xf57\xa8\xaaZ`\xd5\xec\xb5\xab\xf9\xb8@\x1f\xcf\xdf\xbap\xce') perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.events\x00', 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz0\x00', 0x1ff) sendmsg$kcm(r5, &(0x7f0000000800)={&(0x7f0000000200)=@tipc=@id={0x1e, 0x3, 0x3, {0x4e23, 0x2}}, 0x80, &(0x7f0000000600)=[{&(0x7f00000005c0)="f6ea0e3c", 0x4}], 0x1}, 0xc0) openat$cgroup(r5, &(0x7f0000000080)='syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000240)={0x3, 0x70, 0x400, 0x5, 0x22d, 0x3, 0x0, 0x10000, 0x40, 0xc, 0x8001, 0x1f, 0x80, 0x80, 0x3721, 0x6, 0x6, 0x4, 0x47, 0x3, 0x85, 0x607, 0x0, 0x80, 0x0, 0x7, 0x5, 0x0, 0x1, 0x487, 0x7674e033, 0x80000000, 0x7, 0x800, 0x2, 0x3, 0x3f, 0x10001, 0x0, 0x1, 0x0, @perf_config_ext={0x5, 0x8}, 0x2200, 0x82a6, 0x1ff, 0x0, 0x200, 0x0, 0x7fff80000}, r2, 0x4, r0, 0x8) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x29, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000200), 0x43400) write$cgroup_subtree(r0, &(0x7f0000000300)=ANY=[], 0x0) 01:24:22 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f00000002c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r2 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x2, 0x2) write$P9_RVERSION(r2, &(0x7f0000000040)={0x13, 0x65, 0xffff, 0x4, 0x6, '9P2000'}, 0x13) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$radio(&(0x7f0000000080)='/dev/radio#\x00', 0x3, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000d000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f00000001c0)="bad004ecb828018ee00f20c06635100000000f22c066b9800000c00f326635010000000f3026262e2e0f381d9cac000f797e3826660f3a0d882ba7fc660f2206f0fe8d0800f20f01f9", 0x49}], 0x1, 0x0, 0x0, 0xfffffffffffffdc5) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000004cb]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_open_dev$swradio(&(0x7f0000000280)='/dev/swradio#\x00', 0xffffffffffffffff, 0x2) [ 261.266508][ T9304] netlink: 'syz-executor.5': attribute type 3 has an invalid length. 01:24:22 executing program 0: ioctl$VIDIOC_CREATE_BUFS(0xffffffffffffffff, 0xc100565c, &(0x7f0000000100)={0x0, 0x80004605, 0x0, {0x0, @pix_mp={0x2, 0x0, 0x0, 0x5, 0x1, [{0x4, 0xffffffff}, {0x4}], 0x0, 0xff}}}) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)='hugetlb.2MB.max_usage_in_bytes\x00', 0x2, 0x0) r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snapshot\x00', 0x34043, 0x0) write$P9_RWALK(r0, &(0x7f0000000080)={0x16, 0x6f, 0x1, {0x1, [{0x1, 0x0, 0x6}]}}, 0x16) [ 261.324485][ T9304] netlink: 2 bytes leftover after parsing attributes in process `syz-executor.5'. [ 261.574260][ T9319] FAT-fs (loop0): bread failed, FSINFO block (sector = 65535) 01:24:22 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x490101, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/pid_for_children\x00') 01:24:22 executing program 5: r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)="2e00000019000503ed0080647e6394f20100d2000500fc3711407f480f000300270000000200009ef88000f01700", 0x2e}], 0x1}, 0x0) r1 = dup(r0) getsockopt$IPT_SO_GET_REVISION_MATCH(r1, 0x0, 0x42, &(0x7f0000000000)={'icmp\x00'}, &(0x7f0000000040)=0x1e) socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000)={0xffffffffffffffff}) sendmmsg(r2, &(0x7f0000004dc0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)=[{0x18, 0x1, 0x1, "85d583db"}], 0x18}}], 0x2, 0x0) [ 262.096959][ T9333] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 262.120870][ T9338] netlink: 'syz-executor.5': attribute type 3 has an invalid length. 01:24:23 executing program 0: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200)='/dev/zero\x00', 0x0, 0x0) fcntl$addseals(r0, 0x409, 0x0) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r0, 0x110, 0x4, &(0x7f0000000000), 0x4) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_CPUID(r3, 0x4008ae8a, &(0x7f0000000280)=ANY=[@ANYBLOB="1f00000000000000000000400500010000e4e6fc4be790f80a00000000b7871001000000002300002560b700eff0ffff0403ff03000001000a000000060348fd32df7e65c0389d9e66"]) ioctl$KVM_SET_MSRS(r0, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000020000008f2aef5c03"]) [ 262.150937][ T9338] netlink: 2 bytes leftover after parsing attributes in process `syz-executor.5'. 01:24:23 executing program 1: sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x370, &(0x7f0000000080)={&(0x7f0000004400)=ANY=[@ANYBLOB="640000001900050200000044790000201d01090050000f000000000000004b272c00000000ebf266f27ea1508113c371afe7a457d3802a76ec3abaa16a155cee9c13d300606b05e8cbc697f7b90e526b08d282cf39fd497dc8aa6bfc5d1290406b356e4705883c9d70064270c251c808b8c5d2602a038a84fb498c6e8857cd50cf9fffa95796ab35a593ea9fa7f1451c63bbfacc444134df20db3c9efaccbfe357fa646e8eb613a74e7c53ed8c78b369cf3558260210a9a673cea14bd217d6fcc09d5a70dd1f91baa79ce52c09d460e6b5e2bebc82a220a336d3e204e3f29b3c4cfbead4ea4e84e9b8fb5ef8e13caae021b85978a0d9be60170a198040cfac8d3e49a839bf79b0344facc86166b95053603256fe66c9b20ff3ee0f5c815757680a0b701021bc1abd721fcea063b90bc5c2f808fc38e8f5bddf72ccd1c2db1af5934be8e07d6478b8b8"], 0x64}}, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000000)='tls\x00', 0x4) r1 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x2f6, 0x0) [ 262.199914][ T9338] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 262.222357][ T9338] netlink: 2 bytes leftover after parsing attributes in process `syz-executor.5'. 01:24:23 executing program 1: bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x0, 0x7}, 0x20) r0 = socket$kcm(0xa, 0x522000000003, 0x11) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000040)=@pptp={0x18, 0x2, {0x0, @remote}}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000100)="6e23cbf69fcbb906b322895ca3062df746fafd49108cef8d7a810b3ad1b8ae9af23d382cc572794179fa56dba455a05ba5f8810629da45c66b72c8749559f748c5a2a0b429ea4c0497b80aafea456743055ea93138c2de61d6365ec20b762bdd922fef402ee00a2cef20834b977e425548115ae007bedccd006c003cfc29afe87eba8cb93dbd5adc9150c4458f7b099350aa103a91c631fe816bc68ff8f0da9ff6f88f107a06069a60f3adcdea8946569d607982b260"}, {&(0x7f00000001c0)="70b7d28ff18bf34d845d05ed89cb023dd6d3cd7c136fe94b6185fe78c10a5bebaff58ec2981f685d66f246a6be6a451cd96f32594b3b9fa0f070d7e63d4512162a494d692f80ed7dab58468df3b563e2990c"}, {&(0x7f0000000240)="2fc2875cf87d68447c81d2896600c6b5"}, {&(0x7f0000000280)="24e1d5bd43b27b0fcaf310881798882a0296f17b52bbf2153d772c0e68d2d180d5ce073f36caf551a6f1d24a38ee57a8edc25daeb3a4194c3fa1a61efd73ee8c33dd43e12a5bf7317caac8604f130291a544ff1627cc3037e854b98ad4dbe3f378588d83f9cca66ae99948fa146255f0ba7e86db0f4673984fa1786aa99dab196e7e8e5f0f08f90b6eb68d8bb15abae1dd980947f15b78b99adf5146ecd230d3c2b6dfa949b3b71f2a2d0c79d8bd8a5818417c58e8e8f65e642493c62efd76c07812c278388c7703051a8af8e56fb73baf2080122f0d47432e"}], 0xfffffffffffff9f, 0x0, 0xffffffffffffff66}, 0x0) 01:24:23 executing program 4: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x9f) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f0000000180)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0x100) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000001c0)='veno\x00', 0x5) r1 = socket$can_bcm(0x1d, 0x2, 0x2) accept4(0xffffffffffffffff, &(0x7f0000000300)=@hci={0x1f, 0x0}, &(0x7f0000000140)=0x80, 0x1c4ce535adb15cb4) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000380)={'vcan0\x00', r2}) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 01:24:23 executing program 2: r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1, 0x3}, 0x1c) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000100)=0x2e4, 0x4) accept4$inet6(r0, 0x0, &(0x7f0000000040), 0x80800) setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0x3c, &(0x7f0000000080)={0x0, 0xfffffffe}, 0x8) connect$inet6(r0, &(0x7f0000004540)={0xa, 0x4e28, 0x0, @ipv4={[], [], @multicast2}}, 0x1c) sendmmsg(r0, &(0x7f0000003b00)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000900)="b15e4246e73f295371db3dd1bb31b1acd702897d7a905239f9c52eb9e0d900ba9aff6d8cd71feace766064b41ea7e1664152274c83b2b5ac1bf1982594dc3d995b505e9a3859a437afdc93b5e538df5550423009e6b4c60ae6b469fb8344cd94e7dc0ced5217e30edaefbfe72d235deb5261888b7969f9f669eaa45cc7f5c387e705cc14fdf91c9052a5da7d136b9e0a98009754ac8847e7a38ac6b791dfab524c96ad3867808d98f7ba3038f261313e99a991770223027a7922ced3ff80b20025550283625761036977f6a3d6013868d2f7fe4577bbd73a5536fbd5a5a81a8806aec66b51feea3a6dbb5a00093a19359dae9e9078131fbdcd24d7bf4e6d69eb34bc1607ad8617491d16f6042dbb472a68b94c104527986e8dabd996ffba687848b363d61d7011f52cd45582bae7298c6a964ea74b8caebbeb1510183009e369a6c79d59896972d52ca8f08972e036d17f51953cd22f11bddc00ae82b78647a11fe0c6b1edd6b502632b877d8a9b16fc7cde90690304f68c9c06489b2f9f6d11481860830a8ab408abddc4b66ab946b8b680b9d061946db39deef2374de9496804e4991fb9f46d027fec6f92549b98ddbdfea5313e9886a1525e3f6f55002db9a24fbed48fac965e06d3bdaaf240e0388a5d8ba916e8fe50c53649b925723bd0b851894b6cdc2f2b78a743068831df37524498d4d7e057e4fdf4cc11bb6c0d74fa3061990b160778272bb56489e0e52aac3ccf5abb17b7ba9ff750aaaf7d54b6b7a46a705f1f8c7c53d091213f3b810174a518d0f9ab5e7fda26ff447cfadce9f8239427d62678abc85178e493e04b4282ea3fb651aaa8314aa9b97b48bfdbe830c2987d7cfc8282981ad169b369321ea3a95e41413f10aec892e567568a56b0fce96a6888eed36dec01ba67431105af646f65e335bf37cff944025993a753a108141bf22906cc1c9030a4d8702d3e99ab34ee7fd380fe54b7e8e8f2d6212f7fb9caebf84822a6609012456c93b2eb7f1a2adb373d88a3ff49aa3085a0b5c8c83e577288a2", 0x2e5}], 0x1, 0x0, 0x0, 0xfdffffff00000000}}], 0x1, 0x4000000) 01:24:23 executing program 3: socket$kcm(0x2, 0x1, 0x84) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r2 = gettid() ioctl$TUNSETVNETBE(r1, 0x400454de, &(0x7f00000002c0)) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffe}, 0x0, 0x10, 0xffffffffffffffff, 0x0) r3 = perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r3) socket$kcm(0x2, 0x3, 0x2) r4 = perf_event_open(&(0x7f00000003c0)={0x0, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$kcm(0x29, 0x6, 0x0) close(r4) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x89a1, &(0x7f0000000680)='&@[\x00') ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x89a0, &(0x7f0000000440)='\xaf\x06\b\xb9\x18\x91--J;,\xadIy\x95c\x96[\xab8uY\xe2\x81o\xc2q\x87\x8dw\x80\xb6\xd0(\xe8\x13\aF\\\x82\x19S\xed\x8c\xe3\x82^\x91\x0f\xb3\xb5\a\xa6\xa2E)\xe0\x01\x12vw\x19,^\xb6\x1b\'J\x1f\xa5:\x84\xb6\x9a\x94b}#\x9cGH\xed\a\xd9\ax&:g\b\xdb\x11D\xa9\xb1\xe9>\x8c\xd0\x88\xcc\xc7Ji\xb1+~\xdba\xa7\xa0\xe95\xb6\xd84\xf9x\xcb8-C\xd5\xdf\xcf\x15\xe6\xe1)\v-)ku\xcb\x1f\xc2\xc2\xb8S\x9f,\x00!\xe3Pm*cR\xfb\xab\xf9e\x14\x10\x9fN\xe4\x99\x119\xbe\x85*\xc0|a>\xce\x1cB\xe1\x01\x06\x80\v!\xc7\t\x9e\xe5\x03\x86b+\xcc\xf8\x92/\xdc\xbaE6\xb7\xd1p\x1c\xc8\x90\xaa_\xfcr\xa6&\x1c\xb5\x8bb\xa3HXj\x99\xf0p\xbaNT\x80`D\xba\xa8\x84c\xa9\xe8\x1a@\x0es\xe8\xc6\x85\xb3-B8e\x88\xeb\xc3\xdb!\'\'\xe8\x8b\x107Xj\xbf\neq6\x7fr;W\x7f\x9692\xbc\xe7:\x1e\xb7\x14\xca\x95\xe9\x87\xa5\x83\x8b\x16\x15\x99\xb82q a\x17\xdc\x18\xb4\xd0a\xb5*V\x832\x9b`\f\xb5\xa3\xb2\x12\xba\xcfm\"\xd8\xfe5\xa6s\xa5m\xab\xe6l\x14\xf8\x17V\xd1\x89\xb5\x8b\xbd4\xa8\xf57\xa8\xaaZ`\xd5\xec\xb5\xab\xf9\xb8@\x1f\xcf\xdf\xbap\xce') perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.events\x00', 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.net/syz0\x00', 0x1ff) sendmsg$kcm(r5, &(0x7f0000000800)={&(0x7f0000000200)=@tipc=@id={0x1e, 0x3, 0x3, {0x4e23, 0x2}}, 0x80, &(0x7f0000000600)=[{&(0x7f00000005c0)="f6ea0e3c", 0x4}], 0x1}, 0xc0) openat$cgroup(r5, &(0x7f0000000080)='syz1\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000240)={0x3, 0x70, 0x400, 0x5, 0x22d, 0x3, 0x0, 0x10000, 0x40, 0xc, 0x8001, 0x1f, 0x80, 0x80, 0x3721, 0x6, 0x6, 0x4, 0x47, 0x3, 0x85, 0x607, 0x0, 0x80, 0x0, 0x7, 0x5, 0x0, 0x1, 0x487, 0x7674e033, 0x80000000, 0x7, 0x800, 0x2, 0x3, 0x3f, 0x10001, 0x0, 0x1, 0x0, @perf_config_ext={0x5, 0x8}, 0x2200, 0x82a6, 0x1ff, 0x0, 0x200, 0x0, 0x7fff80000}, r2, 0x4, r0, 0x8) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x29, 0x0, 0x0) write$cgroup_int(r1, &(0x7f0000000200), 0x43400) write$cgroup_subtree(r0, &(0x7f0000000300)=ANY=[], 0x0) 01:24:23 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f0000000040)={@empty}, 0x20) r1 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r1, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)="2e00000019000503ed0080647e6394f20100d2000500fc3711407f480f000300270000000200009ef88000f01700", 0x2e}], 0x1}, 0x0) r2 = dup2(r0, r1) getsockopt$bt_l2cap_L2CAP_OPTIONS(r2, 0x6, 0x1, &(0x7f00000002c0), &(0x7f0000001380)=0xc) syz_mount_image$msdos(&(0x7f0000000000)='msdos\x00', &(0x7f0000000080)='.\x00', 0x7fff, 0x3, &(0x7f00000001c0)=[{&(0x7f0000000380)="8d104ea8827a46fed5d26433b49751ad564473f68abe9c22aabb11eee0b5067e8dc2b3f60b3283fafa282603f5ec79527f57e15606033b27d66f1acac52a9476be94bbfb67dda1de35acba88c8aaca31e83fdc414786d92381ab0ea2c44f031881fc55c1c5e084900ef139dca851e9b4b2f0d03d0cbcaab30f209a81e4531defbc17d96024aee684743e9378ab5d2ae183c5de606b18ef6cee8c0462975dfd6396e3b6dd35b3b91aade83e007d11195610e99f335b52c0cf2f9b5a39a0799e4dbc637e403c312d10427dad2aa763de138c3d0c11b3990d6284017bbf446426edc86d0e86c107d708898315aeb04f94ee42f91ea23a05bc8fe4148ff13feda6fc1c9e58cd6f1915b23d07a6ccda207387d48582a87d83650ece5bf2adf5caf9cb1d70559f49bfd7c7035905c7a065e2b2f36e0cf9ab3a01527dbc3f2fac32c4dc50310c3afb24c91ab67562a72f00992d2008e6b681b33deafc480f26ddddf2358a0b860cab296e1842f60e36c7fdf57b7ac942f37c1b2bcb5e32a8670118ca9fa151e066bdc44cee4505acb18401a90308b2129f1da777574658038a2954292bf0258bf755a4f4388676bf85c6bda4ef387fd9e042bff58e64013d4a15dc120abb42a22138836bbbeba96786c150cc010fc9cd6cb60a38c502a64371f598c7c80e451b47c4f8d1bb86bdab27ddc975a0d88b4e92c70e299bd5e56bcc6897fcab714d792d24e743a54c1b1b9a35984c9129a95891b38d8475ededd44656b27b1bf6f3699530a872c27f5f48c50db18436e1f43658d43305cf8f24759f78e6d8d269e60c62c4cb3ce76281d0eccd3689177623f6a7a854ab11f6734576e46e1b263e6eb06831c7b212bd607bc4bd2e8b487afd0211cb474c19d354e4efecce7b833d2dc04d25ff1626f384359d537b6a4af783a8e769f8eb225e5fcf71db18776897c3ae797cbe86ac0401e1cc35f486126bcd67d37d2fc775e4941983d5c9d625eb8e419fc0c650047f9ddde69bfe90c4fa8b7fafdde3367adc852b4cdadf408919e929f11b9d8fac03951feece20794a8deda6875fb464bf488b204284db2c0c848e6984458129d78314e6e9de81ee0d951080d480e5b67341a654bb13d3e608f4a8e994c3e09ec6f39a177baa35c5075803041d2e3d0af7c3fb1f8d29349e4ca3f07af860ab3c8f53a4d326ef0cd51acc87894668805a20fbf2720fda7432a5b6cef165c0be07e8199c401f9757f5efacc1172eec96d5816db00e718eb7f9a9b9cf9d4cd1a20f4f72d81b8554cf806ff14a276b88275293e233b4e1cf1857bb7b03bea30c3313a197c007ff72754598707e7a2f2db9a982f51428beaa272a111df2d913fcec480a6bf2cae181ca4450ef2e81bdbbec92ae362805dffe659e3216dbf23d7329d17c7f8836af4d83e3483b2b88479892f5d50507204843f84c6a7019e4fc2b53edea360711e6ff29ca648c5d6eab443b108dd8c15ffbc5f08ca9503732b857eba0a11da92c160cdfd5f6d2c114a09ffca5a06d360b0d1372fdd44d744ac915fff991b46e22fd569fd577d8f18342078a471274be713cbeebb7466845b5ad2eac26a73c168ca8a826055c4e0e60a4f34533f4d6ede396d11272ece3165647d65e5855e0b6751c2213eddb9def287180d7719f74e878946b2da2e955fdadeb36c40eb515b22081185930cedf71ab67f8b7450914dd37eb6d8e9b840721e7abf7e0cc67e370d8e6ed3570a40f2004a55a49051b5e50e1b7b0fc4e827eaf7ca7bdd11386336cc5585b69b096b6bec35c365e4b2fdc4ffa12c8c5eb7b0be9a504061e3ff9d7e6d3553dca0ab738d7ec622bf3c9d17f4f8be6b0d54eb5f2cefd2f7295408f2bb6a7fafa55b58735d0e70f9b8d667d2648f506f64c69efdffcb3303d2ea9a8368d25d92d8dbc8bc1f4fba97e7abf411cd4b0a7d882ac59054176c9c33061ca275aa750bdacf94c57e8193592e41f684d91d29f7c8f2ffa0438a32485910c268eee698dcb971acbf0e8338585e1551b5000449f50c15f90cc18e8881dbc66c444470e67a040486e71df44166b91e50aa788c2faf64bfee69cd1d76c25ffa05ea655fdce43637e48451e4fd341cc613a17f1e2679de6de2973ac6cd5476a9978f47ad53587306c40cda51b04ce1065f5bae74d9571b3252b997461cf904900e3f0e34e6d870e5d5bf98519d3beafa1340effa57d7d67db28aa12eae94e73fd34c34a310cb1f5253ee3748bb81c044376b73096a6609988cb63280d5a396d0ae6055df8438ad994a41a67434cc33204aeaf57d669d279f82da4a5f126fc6b65f6482dbbb0d0a2e738b774ecba04d3bd3a8b86566d404a56498489a0712133863c117aa8de7f518501bc19d843202b327a5d9afb7cffc86b683f3ab149857e720a8a73fd9a3e253838824f5aef1364cfda83b583cd535887b0b3278c72c29238212134306a20fba74df5fd76cab159f4764b89ebcfe0b550615e9b6526329a2242f08d0e047a8ac27c199c1decacb9090d606c0e4163291ac23d7a9051c9ddc57aa8da6965eea181059d44dc5a87d55315c127cebcfb2392647ce13110b38a1684a5e6e592b3ee0bea49aeb74532548f5b85a501e109ff78a4ee5f1b498a2f8b77e37d89f10f102f3e89268544b9859de636006fc0097554a08ec06c496a022cdb9583ad1333dd31300490081c1ac63de445d3136b861f58da07b4a45f4f4563e8f1328150c3f6d28c196b993cff88b0ad8507819e2ae94164fd6f491572c9d368078374290abc542d5d3ae430c444bf8fdf3b1ad61deb7f3e79f9181e1f742ff7352a06417a4ca4df98cd5c1e57e1fa86b3f3d4acf94ff6ac859821fb5cbe7f8265b517b766fb8040499220ea0788b67342352c5ec6da1b8e9401253ba9137d4d556fd4ae82ab978ca18291fce3aee76d026ad45fb0ed871dd675b101592734f96abef5111f796cd782ccb473dd15c42e76884e837892177f97b584feafcccc84d55adb8812753f45490964e959ef24455e3012faa4353cc9b3ebf6158db9698ec9846df7ce66d14e26a7932af90c373adb3a012a7b0f05db42ef79569017fa002f76e0c461ab5d3c4e936dc06493bb1b1987d8e2e94bc135b527c5d2aa096eb60a7d4b0b78bf8d5bcc41bb0c48767883c0ddec46a302e9f8d34e61e19c2a3a07bc9aebeb79052436b366b41df2ddafba7e8b97478cd0952968393f7e51de1e0c005bd154fe7f50b3c55ddb41268e38dd1d61311780d263c07afbdca5687a9240e740d06b84fe139eddeef038a079ee0003d93c2706095b4bb32df5538e1cd009a233d5f45b583a7d1b4c40625b4d9e8082568ed6c76fdacb73e8f2e60dff57b5bc848cc80e3a0e301bb5a231b7b9d92cf1e39b3eb22c377dc0d95b2dc61f6acd20c896009b253ada0e8f457eebe0ce2ab59741681b61cb4e2f57b846b51091dd20c1ccb41986fa4f8af935acaa20737fa63058e9c4d94f4c9c69dcf7f0ef0a9e99a278e8f319894b5c3a6b7e5848efa4b67a3e5481cd601c1c388a260f74520d076df12023d432ee89db6b7ba7d90f80dbcf06710ad1df2bea57c5036256c6a0ed00dc5a3d5f5daf9402753e06018ba31382fafc3d3fe34e230f734d0bfaf73f60918a3bd3d4ffc0fa5e2ba0ea2809727b0116ee56033c8c97f60d10adcf70232b091bb673abe8f319104c4d3589a283fc76dfce445204c0153c479c20dad003359a0df5d148af235d94d3fa6ec37399ebe8e352a32ac9a23240f04b4435062f9cc5921ee949b9d8ff51d53fdbae8d6c37f42747ed23431050bf919fa51fda39e9aba960e288394d1ae3cb955b7a3e07656e444546300691040ef8e57877a549da81b96a5e031f9955005236e6153569cfab9d1d1e30e23d365350f938c1d6b82923720dba521b86c4af63833347ae2e4808976c2f29b075de0232fc92a2da3ef7bb94681d680d2dbe58182a971e71e027c6e2c6a6fe9412d75ad5204774b896215e8d72bccb9bb08fde1cbbc4837eb71d4dd82d3ebdccd30e5b40c7ca252fc50d67ed8ff37b39f0f34b13ffee5c8aefafc350a78709d5512c588f9d2b5395a3dfcecbde4d9405ca1ef17e6e2a59b8ee6467b18dc835082a1e393a3c7501045adabb546751b6c8a791237891c532360908d9ed992744956d06f5a5645bacb730a00ce9839f28a05e5d9021ecec44a05c8f778171d0bc53ac360dcad895b330fa8cf237528054612146a740af9e52a4962d76c06b979681df72b02d195650e2553166ab3842580bf0cd7bd13bda07eb8c506a8c8e6f85a14bde7cf61893c424cfef15bcb0f329783a6e13afdc1c0622806e4fa458416db4aa969a4f0819a2bd0a82a0aed6df2f49f14d43d92d6837196e115fb30f3f1ce8b7e819052c30179085240f6dfb0270ac55ae79d7e7a0d9a50b9514d8f861d2a62447b94f7655b5fc77ef8b1d8d06e4b96954a296959fb6f6a925d9ca081d31e328da913f89682299197fefa28561c7f503894ad925647e74805cf0a9ab6a8e43609d9e33256035566113238f61441038ae7e5242daeefe2fb4a780db2dd5a4e8b69ba42c42c7bd48d5f69c6d52b980e0b0410908399c084d1be36f45db7c49f7936237f385e4a581405cbf94aab5506e813148ef09c8e4bd194959ad995c86695baf5e1a775bb440d537facb6e16a8d3bb2fa9115292d2cb8a3e345a03e1f9ba7d4966f92753c24ffc0228b9035c60060aaae9d1351e4f0c8cb61fbdcd06c16d80449d3d11ee3fef4292846d6d615ba3ac664b9d3873df45d88dbc7b9c25b3e58a58e0766a897a179cc62a7cf6606f00647c60e3e794c795243dd251c38c9bf791c429c2de0a574d1708b34b86d4b9e17207f74d040ce6d9b766581de0422e9b045ec911a44a944481e7497f9c26a47e36acb19d2282eb25052463cb176b196265070def6d2d83a10f82725e29c2db6f07a81912579c80abad3ca8293587c2abffea7c457d3ba06327d737d6979245f188b7dbc8b8b71aaf8a194a58bbee4bbe7476d6ad4bb57f145d2633dd4dc1fce5c6ebd14b07bbfb11cf4db86b9c2b6a550ac9fa82a705c2cd577c7687db57431b01248a16987af7597c72c2945099dd4079bbd803288600a43df26258002512b23afc16d81718dacb40ad1e12dcf302a781295c6431fc98ae35ee4a6d6fc69dee549e07bd9270abfb86ec6b83be64151996ffcb69fd8952d218c5eca830f3d68d44d59e572b1524c65f77bbc28ba3bc70ca8b0d237d1b9d6bfec6d3541f51ef83497e36b0b27eef9fda95c041e16fccc9c6f0fc28f3d77f62149042f1d2fc2483b6079da28f24242dc7e84c7b7c5aa5044998e7a27b7935992b9cdf2d8bfd7dc53449c4a1aafcaf21bf1780e34125d5a58f26ea0129ee0e7cc2aea9ab9dcc27f93cc6b8b09b49e533bbdd0160b3f1aab2806b181413c504d0076bba0b241c0b1b9613d2331eaf52deb0c7c25104254fd77e38170ffb3dfc38b63c066c49a1085f71c1abe1cb0c431aee97a0fbb4878f6d6199178d34cb59af023a798d2984c7bed62b3baff603c822ed69484d4f68811b37bb972f1154c0a7fdafa56fe01e6a20c380d101874c95df883882b9aff26057d2e112b0466a056658e3e52824e74669d7162946965c6176f9ba427079d33779dc2af4a03a2d968c660511b6a2506f314626d3e3bdba6ca3a0e6e2057e6ef3b648e0ca7cade7723c357a34d34f353c170b40e6ecaf6153ecff83bac06fb9988124fe5b68eb3e41310808971d0ae6a30c5241c40d83141313a0267ac016b72e8c00", 0x1000}, {&(0x7f00000000c0)="3b2a238e60b15a9a7e6fb09371b10daf95ef92e6c80b0512594f6fbf1279b5e89d59e44916d78e5900d0c715ec86", 0x2e, 0x44341b41}, {&(0x7f0000000140)="f6974b20a1402175edbdb16c565933e51f492fdc28fcbaa515b894d9d188d1ade2b4b9d0209f63f024a592848240c2d230aa09ae3d1ac043f609be5fe4db9b83f98787f1d3d2eb9083dfc1a49b53e8ba29c92035451477f6c11c278fc892347a5a422e0b96644428b13617c18c18e4", 0x6f, 0x9}], 0x28094, &(0x7f0000000240)={[{@dots='dots'}, {@dots='dots'}], [{@obj_role={'obj_role'}}, {@smackfstransmute={'smackfstransmute', 0x3d, 'bdevnodev('}}, {@dont_measure='dont_measure'}, {@hash='hash'}, {@dont_appraise='dont_appraise'}, {@defcontext={'defcontext', 0x3d, 'system_u'}}]}) shmget$private(0x0, 0x400000, 0x4, &(0x7f0000bff000/0x400000)=nil) r3 = request_key(&(0x7f0000000340)='asymmetric\x00', &(0x7f0000000480)={'syz', 0x0}, &(0x7f0000001c40)='#\x00', 0xfffffffffffffffc) add_key$keyring(0x0, &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, r3) keyctl$setperm(0x5, r3, 0x2200000) r4 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYBLOB="146fefde6274cad208e94e"], 0x14}}, 0x0) 01:24:23 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000300)) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) r1 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r1, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)="2e00000019000503ed0080647e6394f20100d2000500fc3711407f480f000300270000000200009ef88000f01700", 0x2e}], 0x1}, 0x0) r2 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r2, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)="2e00000019000503ed0080647e6394f20100d2000500fc3711407f480f000300270000000200009ef88000f01700", 0x2e}], 0x1}, 0x0) r3 = dup3(r2, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x400000, 0x0) r5 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r5, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) r6 = openat$audio(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x88000, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f0000000240)={0x1, [0x0]}, &(0x7f000095dffc)=0xfffffffffffffe67) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r5, 0x84, 0x66, &(0x7f0000000040)={r7}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r4, 0x84, 0x76, &(0x7f0000000100)={r7, 0x3}, &(0x7f0000000180)=0x8) r8 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x6a0c60, 0x0) ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000040)=0x7) [ 262.809948][ T9370] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 262.833477][ T9370] netlink: 2 bytes leftover after parsing attributes in process `syz-executor.0'. 01:24:23 executing program 1: syz_open_dev$evdev(0x0, 0x6, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x6}, 0x4) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x4, 0x8, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, @perf_bp={&(0x7f0000000000), 0x4}, 0x0, 0x0, 0x0, 0xe, 0x7, 0x1fe, 0x2}, 0x0, 0xffffbfffffffffff, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000740)=0x200, 0x4) bind$inet(r1, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x24e23, @local}, 0x10) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000100), 0x4) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r3) mount$9p_unix(&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000280)='9p\x00', 0x30, &(0x7f00000002c0)={'trans=unix,', {[{@dfltuid={'dfltuid', 0x3d, r3}}, {@privport='privport'}], [{@obj_user={'obj_user', 0x3d, 'self'}}, {@func={'func', 0x3d, 'BPRM_CHECK'}}, {@smackfshat={'smackfshat', 0x3d, '@+'}}, {@dont_hash='dont_hash'}, {@dont_measure='dont_measure'}, {@appraise='appraise'}, {@smackfsroot={'smackfsroot', 0x3d, '(cgroupcpuset'}}]}}) recvmsg(r1, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0xf012, &(0x7f0000000180)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0x14}, 0xd10c) write$binfmt_elf64(r1, &(0x7f00000000c0)=ANY=[@ANYRES64], 0xc63b9e35) [ 262.859451][ T9373] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 262.876219][ T9373] netlink: 2 bytes leftover after parsing attributes in process `syz-executor.5'. [ 262.962387][ T9373] netlink: 'syz-executor.5': attribute type 3 has an invalid length. 01:24:23 executing program 2: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(r1, 0x29, 0x24, &(0x7f00000000c0), 0x4) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r2, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r2, 0x84, 0x66, &(0x7f0000000040)={r3}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000000)={r3, 0x1ff, 0xff, 0xa9f3, 0x2, 0x4}, &(0x7f0000000100)=0x14) sendmsg$kcm(r1, &(0x7f0000000140)={&(0x7f0000000040)=@nl=@unspec={0x0, 0x0, 0x0, 0x80fe}, 0x80, &(0x7f0000003800)=[{&(0x7f00000018c0)="f4001100002b2c25e994efd18498d66205baa68754a3000000000200000000000000000000ffffff8400000000000000c0", 0x31}], 0x1}, 0x0) dup3(0xffffffffffffffff, r1, 0x0) [ 263.105350][ T9373] netlink: 2 bytes leftover after parsing attributes in process `syz-executor.5'. [ 263.160473][ T9370] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 263.173452][ T9370] netlink: 2 bytes leftover after parsing attributes in process `syz-executor.0'. 01:24:24 executing program 3: socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x0, &(0x7f0000000040)="11dca50d5e0bcfe47bf070bd78fb096a99ee69c65f8618e4") fanotify_init(0x4, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/rt_acct\x00') perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x301040, 0x0) unshare(0x2040400) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000040)={'team0\x00\x00\x01\x00', 0x9843}) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8922, &(0x7f0000000240)={'team0\x00\x030\xff\xfd\x00%`\xc3\xff\xff', 0xb5}) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000140), &(0x7f0000000180)=0x14) setsockopt$inet_sctp_SCTP_RESET_ASSOC(0xffffffffffffffff, 0x84, 0x78, 0x0, 0xffffff15) rt_sigaction(0x0, 0x0, 0x0, 0x6, &(0x7f0000000000)) r0 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='ip6_vti0\x00 \x00', 0x10) r1 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, 0x0, 0x0) shmctl$SHM_STAT(0x0, 0xd, &(0x7f0000000480)=""/212) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000080)='ip6_vti0\x00 \x00', 0x10) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f00000005c0)=ANY=[@ANYRES32=0x0], &(0x7f0000000340)=0x1) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200)='/dev/zero\x00', 0x0, 0x0) fcntl$addseals(r2, 0x409, 0x0) ioctl$VIDIOC_QBUF(r2, 0xc058560f, &(0x7f0000000280)={0xfff, 0x8, 0x4, 0x2, {0x0, 0x7530}, {0x2, 0x8, 0x2, 0x6, 0xf8, 0x2, "76eca9a6"}, 0x6, 0x3, @planes=&(0x7f0000000200)={0x6a62, 0x1, @userptr=0x4}, 0x4}) r3 = request_key(&(0x7f0000000340)='asymmetric\x00', &(0x7f0000000480)={'syz', 0x0}, &(0x7f0000001c40)='#\x00', 0xfffffffffffffffc) add_key$keyring(0x0, &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, r3) r4 = request_key(&(0x7f0000000340)='asymmetric\x00', &(0x7f0000000480)={'syz', 0x0}, &(0x7f0000001c40)='#\x00', 0xfffffffffffffffc) add_key$keyring(0x0, &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, r4) keyctl$reject(0x13, r3, 0x100000001, 0xbe16, r4) ioctl$sock_ifreq(0xffffffffffffffff, 0x8990, 0x0) [ 263.535574][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 263.542607][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 263.613309][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 263.619314][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 263.625224][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 263.631005][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 263.652559][ T9373] netlink: 'syz-executor.5': attribute type 3 has an invalid length. 01:24:24 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x8000, 0x40080) ioctl$TCSETS(r1, 0x5402, &(0x7f0000000040)={0x2, 0x20, 0x294, 0x401, 0x0, 0x0, 0x79, 0x7, 0x8, 0x1, 0x1, 0xffffffff}) r2 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_tcp(0x2, 0x1, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet(r4, &(0x7f00000000c0)={0x2, 0x4e03, @rand_addr=0x8d1}, 0x2e7) sendto$inet(r3, 0x0, 0x0, 0x20000000, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) [ 263.704674][ T9392] netlink: 'syz-executor.5': attribute type 3 has an invalid length. [ 263.734094][ T9373] ================================================================== [ 263.742625][ T9373] BUG: KASAN: use-after-free in nl802154_dump_wpan_phy+0xa66/0xac0 [ 263.750530][ T9373] Read of size 4 at addr ffff88809180d820 by task syz-executor.5/9373 [ 263.758678][ T9373] [ 263.761022][ T9373] CPU: 0 PID: 9373 Comm: syz-executor.5 Not tainted 5.4.0-rc2-next-20191008 #0 [ 263.769953][ T9373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 263.780029][ T9373] Call Trace: [ 263.783393][ T9373] dump_stack+0x172/0x1f0 [ 263.787729][ T9373] ? nl802154_dump_wpan_phy+0xa66/0xac0 [ 263.793282][ T9373] print_address_description.constprop.0.cold+0xd4/0x30b [ 263.800423][ T9373] ? nl802154_dump_wpan_phy+0xa66/0xac0 [ 263.805972][ T9373] ? nl802154_dump_wpan_phy+0xa66/0xac0 [ 263.811524][ T9373] __kasan_report.cold+0x1b/0x41 [ 263.816471][ T9373] ? nl802154_dump_wpan_phy+0xa66/0xac0 [ 263.822024][ T9373] kasan_report+0x12/0x20 [ 263.826449][ T9373] __asan_report_load4_noabort+0x14/0x20 [ 263.832097][ T9373] nl802154_dump_wpan_phy+0xa66/0xac0 [ 263.837472][ T9373] ? __phys_addr+0xa4/0x120 [ 263.841985][ T9373] ? nl802154_dump_llsec_dev+0xba0/0xba0 [ 263.847792][ T9373] genl_lock_dumpit+0x86/0xc0 [ 263.852512][ T9373] netlink_dump+0x558/0xfb0 [ 263.857039][ T9373] ? netlink_broadcast+0x50/0x50 [ 263.862000][ T9373] __netlink_dump_start+0x5b1/0x7d0 [ 263.867198][ T9373] ? genl_lock_dumpit+0xc0/0xc0 [ 263.872060][ T9373] genl_rcv_msg+0xc9b/0x1000 [ 263.876677][ T9373] ? genl_family_rcv_msg_attrs_parse.isra.0+0x3a0/0x3a0 [ 263.883615][ T9373] ? genl_lock_dumpit+0xc0/0xc0 [ 263.888469][ T9373] ? genl_unlock+0x20/0x20 [ 263.892887][ T9373] ? genl_parallel_done+0x1c0/0x1c0 [ 263.898114][ T9373] ? mark_held_locks+0xf0/0xf0 [ 263.903495][ T9373] ? find_held_lock+0x35/0x130 [ 263.908284][ T9373] netlink_rcv_skb+0x177/0x450 [ 263.913054][ T9373] ? genl_family_rcv_msg_attrs_parse.isra.0+0x3a0/0x3a0 [ 263.919989][ T9373] ? netlink_ack+0xb50/0xb50 [ 263.924580][ T9373] ? __kasan_check_write+0x14/0x20 [ 263.929706][ T9373] ? netlink_deliver_tap+0x254/0xbf0 [ 263.935012][ T9373] genl_rcv+0x29/0x40 [ 263.939004][ T9373] netlink_unicast+0x531/0x710 [ 263.943783][ T9373] ? netlink_attachskb+0x7c0/0x7c0 [ 263.948912][ T9373] ? _copy_from_iter_full+0x25d/0x8c0 [ 263.954298][ T9373] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 263.960026][ T9373] ? __check_object_size+0x3d/0x437 [ 263.965233][ T9373] netlink_sendmsg+0x8cf/0xd90 [ 263.970277][ T9373] ? netlink_unicast+0x710/0x710 [ 263.975219][ T9373] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 263.980805][ T9373] ? apparmor_socket_sendmsg+0x2a/0x30 [ 263.986271][ T9373] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 263.992613][ T9373] ? security_socket_sendmsg+0x8d/0xc0 [ 263.998105][ T9373] ? netlink_unicast+0x710/0x710 [ 264.003143][ T9373] sock_sendmsg+0xd7/0x130 [ 264.007571][ T9373] ___sys_sendmsg+0x803/0x920 [ 264.012259][ T9373] ? copy_msghdr_from_user+0x440/0x440 [ 264.017749][ T9373] ? __kasan_check_read+0x11/0x20 [ 264.022793][ T9373] ? __fget+0x384/0x560 [ 264.026992][ T9373] ? ksys_dup3+0x3e0/0x3e0 [ 264.031426][ T9373] ? __fget_light+0x1a9/0x230 [ 264.036111][ T9373] ? __fdget+0x1b/0x20 [ 264.040192][ T9373] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 264.046449][ T9373] __sys_sendmsg+0x105/0x1d0 [ 264.051053][ T9373] ? __sys_sendmsg_sock+0xd0/0xd0 [ 264.056097][ T9373] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 264.061572][ T9373] ? do_syscall_64+0x26/0x760 [ 264.066332][ T9373] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 264.072403][ T9373] ? do_syscall_64+0x26/0x760 [ 264.077098][ T9373] __x64_sys_sendmsg+0x78/0xb0 [ 264.081875][ T9373] do_syscall_64+0xfa/0x760 [ 264.086396][ T9373] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 264.092289][ T9373] RIP: 0033:0x459a59 [ 264.096187][ T9373] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 264.115802][ T9373] RSP: 002b:00007f39049b4c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 264.124247][ T9373] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 264.132227][ T9373] RDX: 0000000000000000 RSI: 0000000020000d40 RDI: 0000000000000006 [ 264.140206][ T9373] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 264.148183][ T9373] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f39049b56d4 [ 264.156159][ T9373] R13: 00000000004c7b64 R14: 00000000004dd8c0 R15: 00000000ffffffff [ 264.164156][ T9373] [ 264.166487][ T9373] Allocated by task 9392: [ 264.170829][ T9373] save_stack+0x23/0x90 [ 264.174994][ T9373] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 264.180632][ T9373] kasan_kmalloc+0x9/0x10 [ 264.184957][ T9373] __kmalloc_node_track_caller+0x4e/0x70 [ 264.190594][ T9373] __kmalloc_reserve.isra.0+0x40/0xf0 [ 264.195970][ T9373] __alloc_skb+0x10b/0x5e0 [ 264.200399][ T9373] netlink_sendmsg+0x99c/0xd90 [ 264.205170][ T9373] sock_sendmsg+0xd7/0x130 [ 264.209590][ T9373] ___sys_sendmsg+0x803/0x920 [ 264.214280][ T9373] __sys_sendmsg+0x105/0x1d0 [ 264.218872][ T9373] __x64_sys_sendmsg+0x78/0xb0 [ 264.223810][ T9373] do_syscall_64+0xfa/0x760 [ 264.228321][ T9373] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 264.234202][ T9373] [ 264.236531][ T9373] Freed by task 9392: [ 264.240522][ T9373] save_stack+0x23/0x90 [ 264.244683][ T9373] __kasan_slab_free+0x102/0x150 [ 264.249622][ T9373] kasan_slab_free+0xe/0x10 [ 264.254126][ T9373] kfree+0x10a/0x2c0 [ 264.258025][ T9373] skb_free_head+0x93/0xb0 [ 264.262471][ T9373] skb_release_data+0x42d/0x7c0 [ 264.267324][ T9373] skb_release_all+0x4d/0x60 [ 264.271915][ T9373] consume_skb+0xfb/0x3b0 [ 264.276253][ T9373] netlink_unicast+0x539/0x710 [ 264.281023][ T9373] netlink_sendmsg+0x8cf/0xd90 [ 264.285879][ T9373] sock_sendmsg+0xd7/0x130 [ 264.290302][ T9373] ___sys_sendmsg+0x803/0x920 [ 264.294982][ T9373] __sys_sendmsg+0x105/0x1d0 [ 264.299575][ T9373] __x64_sys_sendmsg+0x78/0xb0 [ 264.304349][ T9373] do_syscall_64+0xfa/0x760 [ 264.308859][ T9373] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 264.314745][ T9373] [ 264.317091][ T9373] The buggy address belongs to the object at ffff88809180d800 [ 264.317091][ T9373] which belongs to the cache kmalloc-512 of size 512 [ 264.331144][ T9373] The buggy address is located 32 bytes inside of [ 264.331144][ T9373] 512-byte region [ffff88809180d800, ffff88809180da00) [ 264.344409][ T9373] The buggy address belongs to the page: [ 264.350052][ T9373] page:ffffea0002460340 refcount:1 mapcount:0 mapping:ffff8880aa400a80 index:0xffff88809180d000 [ 264.360469][ T9373] flags: 0x1fffc0000000200(slab) [ 264.365421][ T9373] raw: 01fffc0000000200 ffffea000269a588 ffffea00027b4788 ffff8880aa400a80 [ 264.374018][ T9373] raw: ffff88809180d000 ffff88809180d000 0000000100000003 0000000000000000 [ 264.382709][ T9373] page dumped because: kasan: bad access detected [ 264.389127][ T9373] [ 264.391453][ T9373] Memory state around the buggy address: [ 264.397095][ T9373] ffff88809180d700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 264.405177][ T9373] ffff88809180d780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 264.413239][ T9373] >ffff88809180d800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 264.421300][ T9373] ^ [ 264.426416][ T9373] ffff88809180d880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 264.434481][ T9373] ffff88809180d900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 264.442896][ T9373] ================================================================== [ 264.450960][ T9373] Disabling lock debugging due to kernel taint [ 264.463580][ C1] protocol 88fb is buggy, dev hsr_slave_0 01:24:25 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x8e}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x10, 0x3, 0xc) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) r3 = socket$inet6(0xa, 0x2, 0x0) memfd_create(&(0x7f0000000400)='/dev/null\x00', 0x0) setsockopt$inet6_int(r3, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) sendmsg$inet6(r3, &(0x7f0000000180)={&(0x7f0000000080)={0xa, 0x4e22, 0x1000000080000, @local}, 0x1c, 0x0}, 0x0) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r4, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x2, @dev={0xac, 0x14, 0x14, 0xff}}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, &(0x7f0000000040)={r5}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r3, 0x84, 0x1, &(0x7f0000000200)={r5, 0x4, 0xfa4a, 0xf6, 0x4, 0xa5}, &(0x7f0000000240)=0x14) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000280)={r6, 0x8}, 0x10) r7 = openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x101000, 0x0) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r8, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) openat$vimc2(0xffffffffffffff9c, &(0x7f0000000440)='/dev/video2\x00', 0x2, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f000095dff8)=ANY=[@ANYBLOB="010000b6", @ANYRES32=0x0], &(0x7f000095dffc)=0x8) r10 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r10, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r10, 0x84, 0x1d, &(0x7f0000000500)=ANY=[@ANYBLOB="010000000f311ecfe5", @ANYRES32=0x0], &(0x7f000095dffc)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r10, 0x84, 0x66, &(0x7f0000000040)={r11}, &(0x7f0000000140)=0x8) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000340)={r11, 0x58, &(0x7f00000002c0)=[@in={0x2, 0x4e23, @remote}, @in={0x2, 0x4e22, @multicast1}, @in6={0xa, 0x4e24, 0x1, @ipv4={[], [], @loopback}, 0x2}, @in6={0xa, 0x4e23, 0x3, @mcast2, 0x9}]}, &(0x7f0000000380)=0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r7, 0x84, 0x66, &(0x7f00000003c0)={r12}, &(0x7f0000000140)=0x18d) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000540)=ANY=[@ANYRES32=r9, @ANYBLOB="1f080000000000e21497799697ac6f773bc425e6dd4f703820eebfe7104c849c558d7c3d05be00000000"], &(0x7f0000000100)=0xe) connect$inet(r7, &(0x7f00000001c0)={0x2, 0x4e24, @multicast2}, 0x10) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r7, 0x84, 0x7b, &(0x7f0000000140)={r13, 0xffffffff}, 0x8) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x2c7, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="5400000010ff050700"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000003c001200100001006970366772657461700000002000020014000600fe8000000000000000000000000000aa08000100", @ANYRES32=0x0], 0x54}}, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000001340)={{{@in6=@remote}}, {{@in6=@dev}, 0x0, @in=@multicast1}}, &(0x7f0000000180)=0xe8) [ 264.506946][ T9373] Kernel panic - not syncing: panic_on_warn set ... [ 264.513610][ T9373] CPU: 0 PID: 9373 Comm: syz-executor.5 Tainted: G B 5.4.0-rc2-next-20191008 #0 [ 264.520308][ T3863] kobject: 'loop1' (0000000091042afa): kobject_uevent_env [ 264.524010][ T9373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 264.524015][ T9373] Call Trace: [ 264.524035][ T9373] dump_stack+0x172/0x1f0 [ 264.524053][ T9373] panic+0x2e3/0x75c [ 264.553094][ T9373] ? add_taint.cold+0x16/0x16 [ 264.556516][ T3863] kobject: 'loop1' (0000000091042afa): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 264.557776][ T9373] ? nl802154_dump_wpan_phy+0xa66/0xac0 [ 264.557798][ T9373] ? preempt_schedule+0x4b/0x60 [ 264.578298][ T9373] ? ___preempt_schedule+0x16/0x20 [ 264.583415][ T9373] ? trace_hardirqs_on+0x5e/0x240 [ 264.588448][ T9373] ? nl802154_dump_wpan_phy+0xa66/0xac0 [ 264.593990][ T9373] end_report+0x47/0x4f [ 264.599104][ T9373] ? nl802154_dump_wpan_phy+0xa66/0xac0 [ 264.604653][ T9373] __kasan_report.cold+0xe/0x41 [ 264.609513][ T9373] ? nl802154_dump_wpan_phy+0xa66/0xac0 [ 264.615060][ T9373] kasan_report+0x12/0x20 [ 264.619392][ T9373] __asan_report_load4_noabort+0x14/0x20 [ 264.625033][ T9373] nl802154_dump_wpan_phy+0xa66/0xac0 [ 264.630426][ T9373] ? __phys_addr+0xa4/0x120 [ 264.634940][ T9373] ? nl802154_dump_llsec_dev+0xba0/0xba0 [ 264.640580][ T9373] genl_lock_dumpit+0x86/0xc0 [ 264.645439][ T9373] netlink_dump+0x558/0xfb0 [ 264.649962][ T9373] ? netlink_broadcast+0x50/0x50 [ 264.654941][ T9373] __netlink_dump_start+0x5b1/0x7d0 [ 264.660147][ T9373] ? genl_lock_dumpit+0xc0/0xc0 [ 264.664996][ T9373] genl_rcv_msg+0xc9b/0x1000 [ 264.669588][ T9373] ? genl_family_rcv_msg_attrs_parse.isra.0+0x3a0/0x3a0 [ 264.676519][ T9373] ? genl_lock_dumpit+0xc0/0xc0 [ 264.681365][ T9373] ? genl_unlock+0x20/0x20 [ 264.685779][ T9373] ? genl_parallel_done+0x1c0/0x1c0 [ 264.691000][ T9373] ? mark_held_locks+0xf0/0xf0 [ 264.695766][ T9373] ? find_held_lock+0x35/0x130 [ 264.700702][ T9373] netlink_rcv_skb+0x177/0x450 [ 264.705463][ T9373] ? genl_family_rcv_msg_attrs_parse.isra.0+0x3a0/0x3a0 [ 264.712395][ T9373] ? netlink_ack+0xb50/0xb50 [ 264.716991][ T9373] ? __kasan_check_write+0x14/0x20 [ 264.722105][ T9373] ? netlink_deliver_tap+0x254/0xbf0 [ 264.727387][ T9373] genl_rcv+0x29/0x40 [ 264.731385][ T9373] netlink_unicast+0x531/0x710 [ 264.736149][ T9373] ? netlink_attachskb+0x7c0/0x7c0 [ 264.741275][ T9373] ? _copy_from_iter_full+0x25d/0x8c0 [ 264.746647][ T9373] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 264.752369][ T9373] ? __check_object_size+0x3d/0x437 [ 264.757576][ T9373] netlink_sendmsg+0x8cf/0xd90 [ 264.762341][ T9373] ? netlink_unicast+0x710/0x710 [ 264.767625][ T9373] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 264.773179][ T9373] ? apparmor_socket_sendmsg+0x2a/0x30 [ 264.778648][ T9373] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 264.784893][ T9373] ? security_socket_sendmsg+0x8d/0xc0 [ 264.790355][ T9373] ? netlink_unicast+0x710/0x710 [ 264.795291][ T9373] sock_sendmsg+0xd7/0x130 [ 264.799708][ T9373] ___sys_sendmsg+0x803/0x920 [ 264.804390][ T9373] ? copy_msghdr_from_user+0x440/0x440 [ 264.809854][ T9373] ? __kasan_check_read+0x11/0x20 [ 264.814882][ T9373] ? __fget+0x384/0x560 [ 264.819046][ T9373] ? ksys_dup3+0x3e0/0x3e0 [ 264.823461][ T9373] ? __fget_light+0x1a9/0x230 [ 264.828130][ T9373] ? __fdget+0x1b/0x20 [ 264.832204][ T9373] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 264.838452][ T9373] __sys_sendmsg+0x105/0x1d0 [ 264.843049][ T9373] ? __sys_sendmsg_sock+0xd0/0xd0 [ 264.848085][ T9373] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 264.853570][ T9373] ? do_syscall_64+0x26/0x760 01:24:25 executing program 1: r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = open(0x0, 0x0, 0x2) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, 0x0, &(0x7f00000007c0)) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200)='/dev/zero\x00', 0x0, 0x0) fcntl$addseals(r2, 0x409, 0x0) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000500)={0x0, @in6={{0xa, 0x4e23, 0x4, @mcast1, 0x3ff}}, 0x0, 0x0, 0x0, 0x3}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) recvmsg$kcm(r4, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=""/134, 0x10}, 0x0) ioctl$GIO_CMAP(0xffffffffffffffff, 0x4b70, &(0x7f0000000240)) ioctl$KVM_SET_TSC_KHZ(0xffffffffffffffff, 0xaea2, 0x1ff) fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, 0x0, &(0x7f00000001c0)) mkdir(&(0x7f0000000200)='./file0\x00', 0x0) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000000)=@assoc_value={r3, 0xfff}, 0x8) r5 = open$dir(&(0x7f00004daff8)='./file0\x00', 0x0, 0x0) prctl$PR_GET_THP_DISABLE(0x2a) mkdirat(r5, &(0x7f00000002c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) r6 = gettid() ptrace$setopts(0x4206, r6, 0x0, 0x0) tkill(r6, 0x3c) ptrace$cont(0x18, r6, 0x0, 0x0) ptrace$setregs(0xd, r6, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r6, 0x0, 0x0) syz_open_procfs(r6, &(0x7f0000000040)='net/netstat\x00') mkdir(&(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x10) r7 = open(&(0x7f00000000c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, 0x0) renameat(r5, &(0x7f0000000940)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r7, &(0x7f00000009c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00') clone(0x2000000002800100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000100)="a4abd38028db4b2b4d2f2f3ff7b72780af4c90ccb170e60b8bf56db763e3062d037dca29d0d2f3999f98acf933", 0x2d}], 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xfffffffffffffe75}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x27d) [ 264.858250][ T9373] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 264.864489][ T9373] ? do_syscall_64+0x26/0x760 [ 264.869169][ T9373] __x64_sys_sendmsg+0x78/0xb0 [ 264.873935][ T9373] do_syscall_64+0xfa/0x760 [ 264.878448][ T9373] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 264.884337][ T9373] RIP: 0033:0x459a59 [ 264.888229][ T9373] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 264.907830][ T9373] RSP: 002b:00007f39049b4c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 264.916254][ T9373] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000459a59 [ 264.924227][ T9373] RDX: 0000000000000000 RSI: 0000000020000d40 RDI: 0000000000000006 [ 264.932198][ T9373] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 264.940167][ T9373] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f39049b56d4 [ 264.948133][ T9373] R13: 00000000004c7b64 R14: 00000000004dd8c0 R15: 00000000ffffffff [ 264.957597][ T9373] Kernel Offset: disabled [ 264.961925][ T9373] Rebooting in 86400 seconds..