[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   64.781238][   T27] audit: type=1800 audit(1561083266.207:25): pid=8816 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[   64.827344][   T27] audit: type=1800 audit(1561083266.207:26): pid=8816 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[   64.877337][   T27] audit: type=1800 audit(1561083266.207:27): pid=8816 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.10.5' (ECDSA) to the list of known hosts.
2019/06/21 02:14:37 fuzzer started
2019/06/21 02:14:39 dialing manager at 10.128.0.26:33901
2019/06/21 02:14:40 syscalls: 2465
2019/06/21 02:14:40 code coverage: enabled
2019/06/21 02:14:40 comparison tracing: enabled
2019/06/21 02:14:40 extra coverage: extra coverage is not supported by the kernel
2019/06/21 02:14:40 setuid sandbox: enabled
2019/06/21 02:14:40 namespace sandbox: enabled
2019/06/21 02:14:40 Android sandbox: /sys/fs/selinux/policy does not exist
2019/06/21 02:14:40 fault injection: enabled
2019/06/21 02:14:40 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/06/21 02:14:40 net packet injection: enabled
2019/06/21 02:14:40 net device setup: enabled
02:17:28 executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071")
ioctl$sock_ifreq(r0, 0x89f1, &(0x7f0000000240)={'bond0\x00[`!\x06l\x00\x0f\x01z\x94', @ifru_names='bond_slave_1\x00'})

syzkaller login: [  246.939537][ T8986] IPVS: ftp: loaded support on port[0] = 21
02:17:28 executing program 1:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
readv(r0, &(0x7f0000000780)=[{&(0x7f0000000000)=""/196, 0xc4}, {0x0}, {0x0}, {0x0}, {0x0}], 0x5)
r1 = dup(r0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
recvfrom$inet(r2, 0x0, 0xe5ad, 0x0, 0x0, 0x800e007fe)
shutdown(r1, 0x0)
recvmsg(r2, &(0x7f0000003280)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000100)=""/19, 0x13}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x6}, 0x0)
shutdown(r2, 0x0)

[  247.105949][ T8986] chnl_net:caif_netlink_parms(): no params data found
[  247.187417][ T8989] IPVS: ftp: loaded support on port[0] = 21
[  247.202650][ T8986] bridge0: port 1(bridge_slave_0) entered blocking state
[  247.216317][ T8986] bridge0: port 1(bridge_slave_0) entered disabled state
[  247.225849][ T8986] device bridge_slave_0 entered promiscuous mode
[  247.251741][ T8986] bridge0: port 2(bridge_slave_1) entered blocking state
[  247.259106][ T8986] bridge0: port 2(bridge_slave_1) entered disabled state
[  247.267436][ T8986] device bridge_slave_1 entered promiscuous mode
[  247.306588][ T8986] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  247.321878][ T8986] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  247.359221][ T8986] team0: Port device team_slave_0 added
[  247.381383][ T8986] team0: Port device team_slave_1 added
02:17:28 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071")
r1 = socket$inet6(0xa, 0x1, 0x0)
getsockopt$inet6_int(r1, 0x29, 0x4b, &(0x7f0000000400), &(0x7f0000000680)=0xffffffffffffff3e)

[  247.475117][ T8989] chnl_net:caif_netlink_parms(): no params data found
[  247.521383][ T8986] device hsr_slave_0 entered promiscuous mode
[  247.578001][ T8986] device hsr_slave_1 entered promiscuous mode
02:17:29 executing program 3:
r0 = socket$kcm(0xa, 0x8000000001, 0x0)
sendmsg$kcm(r0, &(0x7f00000001c0)={&(0x7f0000000100)=@in6={0xa, 0x0, 0x0, @local, 0x81}, 0x80, 0x0}, 0x20040001)

[  247.659431][ T8992] IPVS: ftp: loaded support on port[0] = 21
[  247.703033][ T8986] bridge0: port 2(bridge_slave_1) entered blocking state
[  247.710318][ T8986] bridge0: port 2(bridge_slave_1) entered forwarding state
[  247.718268][ T8986] bridge0: port 1(bridge_slave_0) entered blocking state
[  247.725373][ T8986] bridge0: port 1(bridge_slave_0) entered forwarding state
[  247.788513][ T8989] bridge0: port 1(bridge_slave_0) entered blocking state
[  247.798761][ T8989] bridge0: port 1(bridge_slave_0) entered disabled state
[  247.806997][ T8989] device bridge_slave_0 entered promiscuous mode
[  247.831600][ T8989] bridge0: port 2(bridge_slave_1) entered blocking state
[  247.857828][ T8989] bridge0: port 2(bridge_slave_1) entered disabled state
[  247.866258][ T8989] device bridge_slave_1 entered promiscuous mode
[  247.895730][ T8989] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  247.924052][ T8989] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  247.960121][ T8989] team0: Port device team_slave_0 added
[  247.969056][ T8994] IPVS: ftp: loaded support on port[0] = 21
[  247.981838][ T8989] team0: Port device team_slave_1 added
02:17:29 executing program 4:
r0 = gettid()
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
timer_create(0x0, &(0x7f00000001c0)={0x0, 0x12, 0x4, @tid=r0}, 0x0)
dup(r1)
r2 = ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0)
ioctl$TIOCLINUX6(r2, 0x541c, &(0x7f0000000180)={0x6, 0x8001})
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r3, 0x1000008912, &(0x7f0000000040)="c0dca5055e0bcfec7be070")
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x6800, 0x1)
r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$DRM_IOCTL_DROP_MASTER(0xffffffffffffffff, 0x641f)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffff9c, 0x0)
clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={<r5=>0x0, r4, 0x0, 0x5, &(0x7f00000001c0)='self\x00', 0xffffffffffffffff}, 0x30)
ptrace$peekuser(0x3, r5, 0x1000)
perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xd}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mount(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f00000003c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000))
r6 = socket$inet(0x10, 0x3, 0xc)
sendmsg(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)="24000000030307031dfffd944ef20c0020200a0009000100021d85680c1baba20400ff7e28000000110affff82aba0aa1c0009b356da5a80918b06b20cd37ed01cc000"/76, 0x4c}], 0x1}, 0x0)

[  248.100705][ T8989] device hsr_slave_0 entered promiscuous mode
[  248.147953][ T8989] device hsr_slave_1 entered promiscuous mode
[  248.262929][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  248.271713][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  248.316766][ T8996] IPVS: ftp: loaded support on port[0] = 21
02:17:29 executing program 5:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x0, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0xffffffffffffff0f)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
accept4(0xffffffffffffffff, &(0x7f0000000140)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @dev}}, &(0x7f0000000000)=0x80, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x608, 0xffffffffffffffff, 0x0, 0x0, 0x4cc]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071")

[  248.397242][ T8986] 8021q: adding VLAN 0 to HW filter on device bond0
[  248.571214][ T8992] chnl_net:caif_netlink_parms(): no params data found
[  248.591859][ T8994] chnl_net:caif_netlink_parms(): no params data found
[  248.626012][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  248.640907][    T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  248.668251][ T8986] 8021q: adding VLAN 0 to HW filter on device team0
[  248.747898][ T3133] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  248.752116][ T9001] IPVS: ftp: loaded support on port[0] = 21
[  248.756848][ T3133] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  248.776952][ T3133] bridge0: port 1(bridge_slave_0) entered blocking state
[  248.784326][ T3133] bridge0: port 1(bridge_slave_0) entered forwarding state
[  248.805798][ T8989] 8021q: adding VLAN 0 to HW filter on device bond0
[  248.844485][ T8994] bridge0: port 1(bridge_slave_0) entered blocking state
[  248.853478][ T8994] bridge0: port 1(bridge_slave_0) entered disabled state
[  248.861448][ T8994] device bridge_slave_0 entered promiscuous mode
[  248.870739][ T8992] bridge0: port 1(bridge_slave_0) entered blocking state
[  248.878396][ T8992] bridge0: port 1(bridge_slave_0) entered disabled state
[  248.886160][ T8992] device bridge_slave_0 entered promiscuous mode
[  248.908462][ T8996] chnl_net:caif_netlink_parms(): no params data found
[  248.920881][ T8994] bridge0: port 2(bridge_slave_1) entered blocking state
[  248.929013][ T8994] bridge0: port 2(bridge_slave_1) entered disabled state
[  248.938116][ T8994] device bridge_slave_1 entered promiscuous mode
[  248.945244][ T8992] bridge0: port 2(bridge_slave_1) entered blocking state
[  248.952859][ T8992] bridge0: port 2(bridge_slave_1) entered disabled state
[  248.961419][ T8992] device bridge_slave_1 entered promiscuous mode
[  248.972354][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  248.981257][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  248.989879][ T8997] bridge0: port 2(bridge_slave_1) entered blocking state
[  248.997026][ T8997] bridge0: port 2(bridge_slave_1) entered forwarding state
[  249.004785][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  249.013972][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  249.022872][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  249.031624][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  249.040357][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  249.049495][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  249.058148][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  249.105288][ T8992] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  249.131357][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  249.140871][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  249.149887][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  249.157775][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  249.173375][ T8992] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  249.192283][ T8994] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  249.203481][ T8994] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  249.225273][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  249.234122][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  249.245463][ T8989] 8021q: adding VLAN 0 to HW filter on device team0
[  249.283523][ T8986] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  249.309006][ T8994] team0: Port device team_slave_0 added
[  249.316027][ T8992] team0: Port device team_slave_0 added
[  249.323102][ T8996] bridge0: port 1(bridge_slave_0) entered blocking state
[  249.330378][ T8996] bridge0: port 1(bridge_slave_0) entered disabled state
[  249.341152][ T8996] device bridge_slave_0 entered promiscuous mode
[  249.349516][ T8996] bridge0: port 2(bridge_slave_1) entered blocking state
[  249.356609][ T8996] bridge0: port 2(bridge_slave_1) entered disabled state
[  249.364852][ T8996] device bridge_slave_1 entered promiscuous mode
[  249.378291][ T8992] team0: Port device team_slave_1 added
[  249.389492][ T8994] team0: Port device team_slave_1 added
[  249.443376][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  249.454448][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  249.463391][   T22] bridge0: port 1(bridge_slave_0) entered blocking state
[  249.470484][   T22] bridge0: port 1(bridge_slave_0) entered forwarding state
[  249.580489][ T8992] device hsr_slave_0 entered promiscuous mode
[  249.619561][ T8992] device hsr_slave_1 entered promiscuous mode
[  249.710980][ T8994] device hsr_slave_0 entered promiscuous mode
[  249.798119][ T8994] device hsr_slave_1 entered promiscuous mode
[  249.858467][ T3133] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  249.866596][ T3133] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  249.875522][ T3133] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  249.883883][ T3133] bridge0: port 2(bridge_slave_1) entered blocking state
[  249.891112][ T3133] bridge0: port 2(bridge_slave_1) entered forwarding state
[  249.901997][ T8986] 8021q: adding VLAN 0 to HW filter on device batadv0
[  249.926787][ T8996] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  249.964147][ T9001] chnl_net:caif_netlink_parms(): no params data found
[  249.978885][ T8996] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  250.001064][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  250.051029][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  250.064005][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  250.073752][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  250.091890][ T8996] team0: Port device team_slave_0 added
[  250.101216][ T8996] team0: Port device team_slave_1 added
[  250.114620][ T9001] bridge0: port 1(bridge_slave_0) entered blocking state
[  250.121978][ T9001] bridge0: port 1(bridge_slave_0) entered disabled state
[  250.130232][ T9001] device bridge_slave_0 entered promiscuous mode
[  250.142640][ T9001] bridge0: port 2(bridge_slave_1) entered blocking state
[  250.150534][ T9001] bridge0: port 2(bridge_slave_1) entered disabled state
[  250.159167][ T9001] device bridge_slave_1 entered promiscuous mode
[  250.167185][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  250.175743][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  250.186042][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  250.262248][ T8996] device hsr_slave_0 entered promiscuous mode
[  250.298488][ T8996] device hsr_slave_1 entered promiscuous mode
[  250.401448][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  250.411706][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  250.455668][ T8989] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  250.475047][ T8989] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  250.486346][ T9001] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  250.518673][ T3133] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  250.527328][ T3133] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  250.578798][ T9001] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  250.605920][ T9001] team0: Port device team_slave_0 added
[  250.620303][ T8989] 8021q: adding VLAN 0 to HW filter on device batadv0
[  250.631643][ T9013] bond0: Releasing backup interface bond_slave_1
02:17:32 executing program 0:
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x50000}]})
r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_RESET(r0, 0x2403, 0x0)

[  250.735024][ T9001] team0: Port device team_slave_1 added
[  250.779939][ T8992] 8021q: adding VLAN 0 to HW filter on device bond0
[  250.866953][ T8994] 8021q: adding VLAN 0 to HW filter on device bond0
02:17:32 executing program 0:
syz_emit_ethernet(0x1, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd60eb6c5500080000fe800000009e8f390c14e2730000000000000000000000ff02000000000000000000000000000100008100000000000000aaefdbdac6d526a391acbf60fcede95051c4147370ff6a3a47e68e30e5f771b447a246ab4ed2f71e6c0fb4727381e2badc1a01"], 0x0)

[  250.938121][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  250.946081][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  250.979936][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  251.000397][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  251.023829][ T8994] 8021q: adding VLAN 0 to HW filter on device team0
02:17:32 executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=@can_newroute={0x2c, 0x18, 0x315, 0x0, 0x0, {}, [@CGW_MOD_OR={0x18, 0x2, {{{}, 0x0, 0x0, 0x0, 0x0, "93978c15b1e948db"}, 0x2}}]}, 0x2c}}, 0x0)

[  251.036894][ T8992] 8021q: adding VLAN 0 to HW filter on device team0
02:17:32 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f0000000280)=0x1f)
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
unshare(0x40000000)
link(0x0, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cpuset.effective_cpus\x00', 0x0, 0x0)
ioctl$KDGETKEYCODE(r3, 0x4b4c, &(0x7f0000000300)={0x6, 0x9})
ioctl$LOOP_SET_FD(r3, 0x4c00, r1)
unlink(0x0)
r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x0, 0x0)
fcntl$F_SET_RW_HINT(r4, 0x40c, &(0x7f00000002c0))
r5 = gettid()
process_vm_readv(r5, 0x0, 0x0, &(0x7f0000001b00)=[{&(0x7f0000000400)=""/181, 0xb5}, {0x0}, {&(0x7f0000000540)=""/208, 0xd0}, {0x0}, {&(0x7f00000001c0)=""/30, 0x1e}, {&(0x7f0000000640)=""/51, 0x33}, {&(0x7f0000001a40)=""/129, 0x81}], 0x7, 0x0)
write$P9_RREADDIR(r4, 0x0, 0x0)
getgroups(0x1, &(0x7f00000003c0)=[0xffffffffffffffff])
lstat(&(0x7f0000000680)='./file0\x00', &(0x7f00000006c0))
ioctl$VT_RELDISP(r4, 0x5605)
timer_create(0x1, &(0x7f0000000000)={0x0, 0x16, 0x4, @tid=r5}, &(0x7f0000000100)=<r6=>0x0)
timer_delete(r6)
poll(&(0x7f00000000c0)=[{r2}, {r2, 0x400}, {r4, 0x8280}, {r4, 0x100}, {r4}, {r2, 0x2010}, {r4, 0x8008}], 0x7, 0x6)
ioctl$int_in(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSFLAGS1(r4, 0x40047459, &(0x7f0000000240)=0x40000)
socket$inet6_udp(0xa, 0x2, 0x0)
mmap(&(0x7f00006ff000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0)
mmap(&(0x7f00006ff000/0x2000)=nil, 0x2000, 0x0, 0x10012, r0, 0x0)

[  251.103928][ T9001] device hsr_slave_0 entered promiscuous mode
[  251.138205][ T9001] device hsr_slave_1 entered promiscuous mode
02:17:32 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
sendto$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
recvfrom$inet(r0, 0x0, 0x10101, 0x0, 0x0, 0x800e00749)
shutdown(r0, 0x0)

[  251.250382][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  251.264544][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  251.275852][ T8997] bridge0: port 1(bridge_slave_0) entered blocking state
[  251.283029][ T8997] bridge0: port 1(bridge_slave_0) entered forwarding state
[  251.307987][ T9035] IPVS: ftp: loaded support on port[0] = 21
[  251.316435][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  251.326916][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  251.342042][ T8997] bridge0: port 2(bridge_slave_1) entered blocking state
[  251.349214][ T8997] bridge0: port 2(bridge_slave_1) entered forwarding state
[  251.356882][    C0] hrtimer: interrupt took 33125 ns
[  251.372629][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  251.382071][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  251.391035][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  251.399638][ T8997] bridge0: port 1(bridge_slave_0) entered blocking state
02:17:32 executing program 0:
pipe(&(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$FUSE_NOTIFY_POLL(r1, &(0x7f0000000000)={0x18}, 0xffffffffffffff6d)
r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000340)='/dev/cuse\x00', 0x2, 0x0)
splice(r0, 0x0, r2, 0x0, 0x18, 0x0)

[  251.406724][ T8997] bridge0: port 1(bridge_slave_0) entered forwarding state
[  251.425508][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  251.434721][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  251.444026][ T8997] bridge0: port 2(bridge_slave_1) entered blocking state
[  251.451204][ T8997] bridge0: port 2(bridge_slave_1) entered forwarding state
[  251.465783][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  251.480228][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
02:17:32 executing program 0:
close(0xffffffffffffffff)
r0 = syz_open_pts(0xffffffffffffffff, 0x0)
fcntl$setown(r0, 0x6, 0x0)

[  251.542487][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  251.556720][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  251.571407][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  251.583637][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  251.593092][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  251.614741][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  251.625445][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
02:17:33 executing program 0:
pipe(&(0x7f00000002c0)={<r0=>0xffffffffffffffff})
openat$cgroup_type(r0, &(0x7f0000000300)='cgroup.type\x00', 0x2, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000780)=[{&(0x7f0000000380)=""/167, 0xa7}], 0x1, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000200)='status\x00')
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
preadv(r1, &(0x7f0000000480), 0x1000000000000237, 0x0)
ioctl$BLKIOOPT(r1, 0x1279, &(0x7f00000000c0))
ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b67, &(0x7f0000000100)={0x0, 0x0})
write$P9_RXATTRWALK(r1, &(0x7f00000001c0)={0xf, 0x1f, 0x1, 0x7}, 0xf)
r2 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$update(0x2, r2, &(0x7f0000000280)="5cff", 0x2)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x11, 0x0, 0x0)

[  251.652493][ T8996] 8021q: adding VLAN 0 to HW filter on device bond0
[  251.675121][ T9005] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  251.684204][ T9005] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  251.692959][ T9005] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  251.702844][ T9005] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  251.712494][ T9005] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  251.721953][ T9005] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  251.731160][ T9005] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  251.748426][ T9005] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  251.762715][ T9005] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  251.771828][ T9005] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  251.781220][ T9005] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  251.790186][ T9005] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  251.800690][ T8992] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  251.825488][ T8994] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  251.843965][ T8994] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  251.887119][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  251.903985][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  251.913149][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  251.928337][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  251.977144][ T8996] 8021q: adding VLAN 0 to HW filter on device team0
[  251.994963][ T8992] 8021q: adding VLAN 0 to HW filter on device batadv0
[  252.063001][ T8994] 8021q: adding VLAN 0 to HW filter on device batadv0
[  252.076397][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  252.085916][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  252.118075][ T8997] bridge0: port 1(bridge_slave_0) entered blocking state
[  252.125192][ T8997] bridge0: port 1(bridge_slave_0) entered forwarding state
[  252.133442][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  252.142308][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  252.153198][ T8997] bridge0: port 2(bridge_slave_1) entered blocking state
[  252.160330][ T8997] bridge0: port 2(bridge_slave_1) entered forwarding state
[  252.169132][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  252.174171][ T9060] IPVS: ftp: loaded support on port[0] = 21
[  252.188191][ T9001] 8021q: adding VLAN 0 to HW filter on device bond0
[  252.233251][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  252.252638][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  252.285771][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  252.295366][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  252.304063][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  252.313053][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  252.322079][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  252.330630][ T2993] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  252.350380][ T9001] 8021q: adding VLAN 0 to HW filter on device team0
[  252.362118][ T8996] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  252.376088][ T8996] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  252.394758][ T9005] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  252.403523][ T9005] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  252.414221][ T9005] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  252.423244][ T9005] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  252.432137][ T9005] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  252.447763][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  252.456648][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  252.465393][ T8997] bridge0: port 1(bridge_slave_0) entered blocking state
[  252.472527][ T8997] bridge0: port 1(bridge_slave_0) entered forwarding state
[  252.484311][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  252.493340][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  252.503038][ T8997] bridge0: port 2(bridge_slave_1) entered blocking state
[  252.510343][ T8997] bridge0: port 2(bridge_slave_1) entered forwarding state
[  252.518370][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  252.568642][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  252.578562][ T8997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  252.655225][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  252.671395][   T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  252.694728][ T8996] 8021q: adding VLAN 0 to HW filter on device batadv0
[  252.748290][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  252.757962][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  252.772521][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  252.785321][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
02:17:34 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="0aa736950f10cfcb3c8fc4164ea0979228d5542bdbf561dfac8b77d57bd70c313aab6afe9d76af90108b6e006e0860dfa115c5def280d9b130aeadeecfeb9e87054486975a9f46ca6d94a1f96b93b4eaef6737736533aed3f8768ba4d15977da655c5fbbb7950c9de0d61afd218d32a79949ea1bbba91ef8e11b6dae68530fe03c0ff3603b11a100ddc835a9ba2a165c5a795a161f2e89e4a6c8392e5fe617f8ce7e6a917d729852fe572b07177ef73d04a33b0d40c28b162239d01a"], 0x0, 0xbc}, 0x20)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000015000/0x1000)=nil})
getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000480)={0x0, 0x9fd}, &(0x7f00000004c0)=0x8)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f004})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r3, 0x80001000008912, &(0x7f0000000040)="00080000000000007be070")
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

02:17:34 executing program 0:
r0 = socket$netlink(0x10, 0x3, 0x0)
writev(r0, &(0x7f0000000000)=[{&(0x7f0000000280)="290000002000190000003fffffffda060200000000e80001060000040d000300ea11000000050088a8", 0x29}], 0x1)

[  252.801070][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  252.855557][ T9001] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  252.885934][ T9001] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  252.911324][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  252.914924][   T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  252.926701][ T9084] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  253.038558][ T9001] 8021q: adding VLAN 0 to HW filter on device batadv0
02:17:34 executing program 4:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000040)="0800a1695e0bcfe87b0071")
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @dev}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x20000800, &(0x7f0000000240)={0x2, 0x4e23, @loopback}, 0x10)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='veth0_to_bond\x00', 0x10)
sendto$inet(r0, &(0x7f0000000000), 0xac8123d2, 0xc2, 0x0, 0x78ea5452d7231b78)

02:17:35 executing program 5:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x0, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0xffffffffffffff0f)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
accept4(0xffffffffffffffff, &(0x7f0000000140)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @dev}}, &(0x7f0000000000)=0x80, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x608, 0xffffffffffffffff, 0x0, 0x0, 0x4cc]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b0071")

02:17:35 executing program 3:
preadv(0xffffffffffffffff, &(0x7f0000000780)=[{&(0x7f0000000380)=""/167, 0xa7}], 0x1, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/arp\x00')
preadv(r0, &(0x7f0000000480), 0x1000000000000237, 0x0)

02:17:35 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
syz_mount_image$minix(&(0x7f00000000c0)='minix\x00', &(0x7f0000000440)='./file0\x00', 0x6c000000, 0x1, &(0x7f0000000240)=[{&(0x7f0000000100)="600084e002000a00905dda40ff1ad5c98f13", 0x12, 0x400}], 0x0, 0x0)

02:17:35 executing program 4:

[  254.283790][ T9116] MINIX-fs: mounting unchecked file system, running fsck is recommended
[  254.440427][ T8986] minix_free_inode: bit 1 already cleared
02:17:37 executing program 2:

02:17:37 executing program 4:

02:17:37 executing program 3:

02:17:37 executing program 5:

02:17:37 executing program 1:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f0000000280)=0x1f)
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
unshare(0x40000000)
link(0x0, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cpuset.effective_cpus\x00', 0x0, 0x0)
ioctl$KDGETKEYCODE(r3, 0x4b4c, &(0x7f0000000300)={0x6, 0x9})
ioctl$LOOP_SET_FD(r3, 0x4c00, r1)
unlink(0x0)
r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x0, 0x0)
fcntl$F_SET_RW_HINT(r4, 0x40c, &(0x7f00000002c0))
r5 = gettid()
process_vm_readv(r5, 0x0, 0x0, &(0x7f0000001b00)=[{&(0x7f0000000400)=""/181, 0xb5}, {0x0}, {&(0x7f0000000540)=""/208, 0xd0}, {0x0}, {&(0x7f00000001c0)=""/30, 0x1e}, {&(0x7f0000000640)=""/51, 0x33}, {&(0x7f0000001a40)=""/129, 0x81}], 0x7, 0x0)
write$P9_RREADDIR(r4, 0x0, 0x0)
getgroups(0x1, &(0x7f00000003c0)=[0xffffffffffffffff])
lstat(&(0x7f0000000680)='./file0\x00', &(0x7f00000006c0))
ioctl$VT_RELDISP(r4, 0x5605)
timer_create(0x1, &(0x7f0000000000)={0x0, 0x16, 0x4, @tid=r5}, &(0x7f0000000100)=<r6=>0x0)
timer_delete(r6)
poll(&(0x7f00000000c0)=[{r2}, {r2, 0x400}, {r4, 0x8280}, {r4, 0x100}, {r4}, {r2, 0x2010}, {r4, 0x8008}], 0x7, 0x6)
ioctl$int_in(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSFLAGS1(r4, 0x40047459, &(0x7f0000000240)=0x40000)
socket$inet6_udp(0xa, 0x2, 0x0)
mmap(&(0x7f00006ff000/0x4000)=nil, 0x4000, 0x0, 0x12, r0, 0x0)
mmap(&(0x7f00006ff000/0x2000)=nil, 0x2000, 0x0, 0x10012, r0, 0x0)

02:17:37 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
syz_mount_image$minix(&(0x7f00000000c0)='minix\x00', &(0x7f0000000440)='./file0\x00', 0x6c000000, 0x1, &(0x7f0000000240)=[{&(0x7f0000000100)="600084e002000a00905dda40ff1ad5c98f13", 0x12, 0x400}], 0x0, 0x0)

02:17:37 executing program 4:

02:17:37 executing program 2:

02:17:37 executing program 5:

02:17:37 executing program 3:

[  256.054458][ T9137] MINIX-fs: mounting unchecked file system, running fsck is recommended
02:17:37 executing program 2:

02:17:37 executing program 5:
open(0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee68, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x1d, &(0x7f0000000080)=0x7, 0x4)
bind$inet(r0, &(0x7f00001edff0)={0x2, 0x10000004e20, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
recvmmsg(r0, &(0x7f00000038c0)=[{{&(0x7f0000001a80)=@nfc_llcp, 0x80, &(0x7f0000001540)=[{&(0x7f00000000c0)=""/4096, 0x1000}], 0x1, &(0x7f00000010c0)=""/164, 0xa4}}, {{&(0x7f0000002240)=@can, 0x80, &(0x7f0000002580), 0x0, &(0x7f0000001180)=""/246, 0x6}}], 0x2ba, 0x40000002, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f000057bff0)={0x2, 0x4e20, @multicast1}, 0x10)
syz_open_dev$loop(0x0, 0x7, 0xed80)

02:17:37 executing program 4:
r0 = syz_open_dev$binder(&(0x7f0000000840)='/dev/binder#\x00', 0xffffffffffffffff, 0x802)
ioctl$BINDER_GET_NODE_DEBUG_INFO(r0, 0xc018620b, 0x0)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xe, 0x0, &(0x7f0000000680)=[@acquire_done], 0xfffffffffffffeb3, 0x0, &(0x7f00000007c0)})
getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffff9c, 0x84, 0x10, 0x0, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, 0x0)

02:17:37 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
readv(r0, &(0x7f00000007c0)=[{&(0x7f0000000080)=""/150, 0x96}, {0x0}, {0x0}, {0x0}], 0x4)
r1 = dup(r0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
recvfrom$inet(r2, 0x0, 0xccf3, 0x0, 0x0, 0x800e004cd)
shutdown(r1, 0x0)
readv(r2, &(0x7f0000000400)=[{&(0x7f0000000000)=""/73, 0x49}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x7)
shutdown(r2, 0x0)

02:17:37 executing program 2:
r0 = socket(0x2, 0xc003, 0x0)
close(r0)
r1 = socket$inet(0x2, 0x3, 0x11)
connect$unix(r0, &(0x7f0000000000)=@file={0xbd5699bc1ec0282, './file0\x00'}, 0x10)
writev(r1, &(0x7f0000000340)=[{&(0x7f0000000080)="f82e6cac14dda453", 0x8}], 0x1)

02:17:37 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mknod(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
syz_mount_image$minix(&(0x7f00000000c0)='minix\x00', &(0x7f0000000440)='./file0\x00', 0x6c000000, 0x1, &(0x7f0000000240)=[{&(0x7f0000000100)="600084e002000a00905dda40ff1ad5c98f13", 0x12, 0x400}], 0x0, 0x0)

[  256.369197][ T9161] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based  firewall rule not found. Use the iptables CT target to attach helpers instead.
[  256.453797][ T9163] binder: 9160:9163 ioctl c018620b 0 returned -14
[  256.480784][ T9163] binder: 9160:9163 ioctl c0306201 200003c0 returned -11
[  256.500763][ T9141] IPVS: ftp: loaded support on port[0] = 21
[  256.503895][ T9163] binder: 9160:9163 ioctl c018620b 0 returned -14
[  256.518077][ T8986] minix_free_inode: bit 1 already cleared
[  256.822509][ T9180] MINIX-fs: mounting unchecked file system, running fsck is recommended
[  256.972131][ T8986] minix_free_inode: bit 1 already cleared
02:17:38 executing program 1:
r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20\x00', 0x0, 0x0)
ioctl$KVM_SET_PIT(r0, 0x8048ae66, &(0x7f0000000080)={[{0x8000000, 0x0, 0x3, 0x5, 0xa2, 0x5c, 0x0, 0x1, 0x6, 0x8, 0x5, 0xfffffffffffffff7, 0x579a7b38}, {0x5, 0x0, 0x7, 0x3, 0x100000001, 0xb2, 0x27c37889, 0xffffffff7fffffff, 0xa34, 0x10000, 0x4, 0x8, 0xa1e}, {0x55, 0x1, 0x9f, 0x9, 0xfff, 0x8, 0x2b0, 0x7, 0x9, 0x400, 0x6, 0x4, 0x8b1}], 0xfffffffffffffff7})
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000100)=r0, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x8, 0x4, &(0x7f0000010a00)=@framed={{}, [@alu={0x8000000201a7fe3, 0x3, 0x7, 0x61, 0x0, 0x98}]}, &(0x7f0000000000)='syzkaller\x00'}, 0x48)

02:17:38 executing program 2:
r0 = memfd_create(&(0x7f0000000340)=']\'\x00', 0x0)
syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x0, 0x11, r0, 0x0)
r1 = syz_open_dev$loop(0x0, 0x0, 0x0)
close(r1)

02:17:38 executing program 5:
r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000600)='/dev/video1\x00', 0x2, 0x0)
ioctl$VIDIOC_S_FBUF(r0, 0x4030560b, &(0x7f0000000400)={0x6629a22a58706afd, 0x1, &(0x7f0000000300)="d70dd8be66de136ae0cc306b6ee145d0c4fa387caf715cb06fa5211271432db51357aa0005540bd71c867366ff64eddc30dd00c8bd6c4417d1e4428b8840209a904441129ae0e6b054042895d8f9e1cbd2c5d8fbacd6ce83096db554f386d524c3ba520188063bd178f94a48056c79445319bea232c628841dd03e5b1c6dac02ff1daa739d5e35a3d1f845844a6151045f02cd3bd5cc3d6e672ec723e4dac175d59b9b4fd491cd5538503335c69af2fe03400d5a928e329cf371e1085ce1ffc8226d8d9f593287cd1103175fff5c16b2c6742b0b495f110418725f67e09e0131d8b8cb75", {0xe8, 0xea2f, 0x20303159, 0x7, 0xfffffffffffff801, 0x8, 0xb, 0x7}})
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r1, &(0x7f0000000180), 0x10)
r2 = syz_open_dev$cec(&(0x7f00000002c0)='/dev/cec#\x00', 0x0, 0x2)
write$input_event(r2, &(0x7f0000000440)={{0x77359400}, 0x12, 0xed2, 0x9}, 0x18)
io_setup(0xd, &(0x7f00000001c0)=<r3=>0x0)
io_submit(r3, 0x1, &(0x7f0000000080)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000000)="0600000093c21faf16da39de706f646800580f02000000003f427e000000000000580f02000000003f420f02000000000000000002000000", 0x38}])
r4 = geteuid()
mount$9p_virtio(&(0x7f0000000040)='\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x202088, &(0x7f0000000200)={'trans=virtio,', {[{@cache_fscache='cache=fscache'}, {@privport='privport'}, {@mmap='mmap'}, {@access_client='access=client'}, {@msize={'msize', 0x3d, 0x5}}, {@mmap='mmap'}, {@dfltuid={'dfltuid', 0x3d, r4}}, {@cache_loose='cache=loose'}, {@access_user='access=user'}], [{@appraise='appraise'}, {@pcr={'pcr', 0x3d, 0x11}}]}})
getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000480)={<r5=>0x0, @loopback, @dev}, &(0x7f00000004c0)=0xc)
setsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000500)={{{@in=@broadcast, @in6=@remote, 0x4e24, 0x40, 0x4e20, 0x3, 0xa, 0xa0, 0x20, 0x21, r5, r4}, {0x1, 0x4, 0x5324, 0x488, 0x1, 0x8dd0, 0xf44, 0x8}, {0x7, 0x7, 0x4, 0x5}, 0x1, 0x6e6bb8, 0x0, 0x1, 0x2, 0x1}, {{@in6=@loopback, 0x4d6, 0x3c}, 0xa, @in6=@mcast1, 0x0, 0x4, 0x3, 0x3, 0x1828, 0xfffffffffffffff9, 0x174c000000000000}}, 0xe8)
sendfile(r0, r1, 0x0, 0x8001)

02:17:38 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca5055e0bcfec7be070")
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f0000000140)=0x2, 0x4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bond0\x00', <r2=>0x0})
bind$packet(r1, &(0x7f0000000080)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @dev}, 0x14)
setsockopt$packet_tx_ring(r1, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)

02:17:38 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = dup2(r0, r0)
ioctl$KVM_GET_REG_LIST(r1, 0xc008aeb0, &(0x7f0000000080)={0x5, [0x33f, 0x80fc, 0x7, 0x3e, 0xa39]})
connect$rds(r1, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
r2 = syz_genetlink_get_family_id$SEG6(&(0x7f0000001880)='SEG6\x00')
ioctl$RTC_AIE_OFF(r1, 0x7002)
sendmsg$SEG6_CMD_GET_TUNSRC(r0, &(0x7f0000001980)={0x0, 0x353, &(0x7f0000001940)={&(0x7f0000000000)={0x14, r2, 0x3ff, 0x0, 0x25dfdbfd}, 0x14}}, 0x0)

02:17:38 executing program 0:
r0 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000001fd8)=ANY=[@ANYBLOB="8500fd00070000677fbb5800000083b195000000fe8f1f36"], &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)
ioctl$PERF_EVENT_IOC_SET_BPF(r0, 0x40042408, r1)

02:17:38 executing program 3:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = accept4(r1, &(0x7f0000000600)=@generic, &(0x7f0000000680)=0x80, 0x80000)
getsockopt$bt_l2cap_L2CAP_OPTIONS(r2, 0x6, 0x1, &(0x7f00000006c0), &(0x7f0000000700)=0xc)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)={0x15, 0x65, 0xffff, 0x8001, 0x8, '9P2000.u'}, 0x15)
clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})
socketpair(0xb, 0x3, 0x3, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$inet_sctp(r3, &(0x7f00000005c0)={&(0x7f00000000c0)=@in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10, &(0x7f0000000540)=[{&(0x7f0000000140)="862bab742496b83230b9292bf92d38ac4994675cb3944d43250d481c6adcec3e56477c08955d633cb9cac46fa0dafbdd146df06c91f1a30bb52a17dbee9d885ae7bd8d53062c91c003635cfb1763ca88e51ef08c61296a74ff944e2c22e05b550d3466d600299c3b9979cc0fb54479de583ffeef191f75f062b692c17469d1669f6febbeb0a14bfe1b3b1274f91f1ffc52", 0x91}, {&(0x7f0000000200)="0dd143ce628e6b3d678f6458838df1af89edf842f3bdf5f110fac32316a352df75b39b", 0x23}, {&(0x7f0000000380)="3f49e56ae1664562ad7e88f9a14a81f0dc1a195aefee4b13bd0c7eb495392e474fbab0a024157926d47cd90d9a49a56dbfd15249c782ae6c1787dfa799b9b7b32e75898a5ae16a370f2c813e707e899f6ea9462a02f754c672c76d198f7bec84a64a47a723cd138376d947ddd4e59ee0722feb0390734f3fc584140ab879db6da8af15bb2f0067644993e325bffe0673905a45c209c835657fde63d9fab5d77d381f47c1fd8f6705432991e6c68673c17226087a341297cef0c68a4d3cf7243803601191b703316a49", 0xc9}, {&(0x7f0000000480)="7176271d4c044e57f5cddaab7e65b426f71908e42dd1af9580b4cb6070a79d5aa6b5d8f11cb54419ec8078579dbcdc9d4ce10f5352f5f92371af8f7b25f4b325bec695b2b4f8eaf341bcf03449c048dec466f2403e5938ff202d49b9a5edf2ad3231c867e78afb0fc707262e72b605042c6f379132b80fcbe484ecb1550034d6f308d5980b003cb61f75bcef6bae68343181763883582b5b3827724216283d29f55bae3c28d35a9649c82e3b560e", 0xae}, {&(0x7f00000002c0)="13038df895431be57a", 0x9}], 0x5, &(0x7f0000000300)=[@dstaddrv4={0x18, 0x84, 0x7, @rand_addr=0x7}], 0x18, 0x804}, 0x0)

02:17:38 executing program 2:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = creat(&(0x7f00000000c0)='./file0/file0\x00', 0x110)
write$tun(r1, &(0x7f00000008c0)={@val={0x0, 0x6006}, @void, @llc={@llc={0x80, 0xfe, "ab", "673f73d31994f91d688ac780e518d65c23f1a640fdc053eedf45057455179a1e9b793716fbf1576de18827eb1f8d1449119c44efb3bdcedf0c2145a9b66aba7a8896cd9817c0ae2ba4b90dab81fadc988d1165726946a7f4402ae69f324e0a16e1ffcfcf7705d971918fd0b9b7e5f348a873efa053c81363d4932d7f1275b0d7b4187283f93929eac4e0d1347e4e8aaad9cbf04073962c012b4d6139cee3ca08e1f92a29d5ca00ff2805d6d25aeb4104d138d26c3c637b7c1dc0d845f7ce"}}}, 0xc5)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
fallocate(r0, 0x3, 0xffffbffffffffa6d, 0xffffffff)
connect$inet(0xffffffffffffffff, &(0x7f00000004c0)={0x2, 0x0, @local}, 0xfffffe91)
ioctl$TUNGETVNETHDRSZ(r1, 0x800454d7, &(0x7f0000000300))
getsockopt$IP_VS_SO_GET_SERVICE(0xffffffffffffffff, 0x0, 0x483, &(0x7f0000000240), 0x0)
r3 = syz_open_dev$usbmon(0x0, 0x40, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCDELDLCI(0xffffffffffffffff, 0x8981, &(0x7f00000002c0)={'veth0\x00', 0x20})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(r4, 0x89a1, &(0x7f0000000380)={@local})
stat(0x0, 0x0)
openat(r2, 0x0, 0x40, 0x0)
ioctl$EVIOCGSND(r1, 0x8040451a, 0x0)
flock(0xffffffffffffffff, 0xfffffffffffffffe)
getsockopt$inet6_int(r1, 0x29, 0x7f, &(0x7f0000000000), &(0x7f00000003c0)=0xffffff04)
getsockopt$IP_VS_SO_GET_SERVICES(0xffffffffffffffff, 0x0, 0x482, 0x0, &(0x7f0000000340))
ioctl$sock_inet6_SIOCADDRT(r4, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000, 0x77a0100]}, @rand_addr="58c4c4a733d993a894f49491cb15d13e", @loopback})
ioctl$TIOCSERGETLSR(r3, 0x5459, &(0x7f0000000040))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)
execveat(r1, &(0x7f0000000440)='./file0/file0\x00', &(0x7f0000000480), &(0x7f0000000840)=[&(0x7f00000005c0)='^vboxnet0self!\x00', &(0x7f0000000600)='-selinuxem0md5summime_type#\x00', &(0x7f0000000640)=')eth1@-posix_acl_access\x00', &(0x7f0000000680)='\x00', &(0x7f00000006c0)='veth0\x00', &(0x7f0000000700)='veth0\x00', &(0x7f0000000740)='nodev]proc\x00', &(0x7f0000000780)='veth0\x00', &(0x7f00000007c0)='veth0\x00'], 0x1000)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x8010, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c)
setsockopt$inet_udp_encap(r1, 0x11, 0x64, &(0x7f0000000180)=0x3, 0x4)
ioctl$KDDELIO(0xffffffffffffffff, 0x4b35, 0x0)
getsockopt$IPT_SO_GET_ENTRIES(r3, 0x0, 0x41, 0x0, 0x0)

02:17:38 executing program 1:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfec7be070")
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58)
remap_file_pages(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x4, 0x83000)
r2 = accept(r1, 0x0, 0x0)
sendmsg$nfc_llcp(r2, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000001300)="6de27de28232afe885fd5b982fc0e33fea1da6e575e302231faa68becd296a1dc3e9d127f63de5aa2777034aa6299140291ebeb2bfe4f2f9803bf5afd619339575604d10d17e556e0b866cc6faf628988139208617f6f14b046b0a946011c3d3b915c4362ed002a866bc3e2c98d0ac574a350df7ecbf4acac3934f78cbee31675e47c12129700b4515f40af5f1af4a361e390210c1fd87e21f3220fc10581bc5651c4e3b1d42143a0c3557222e58cce604e8a74feb92cd40bcdaf264edb786fc19b0006df4d63354a06e3bef72603179c4efb19a83d7ff787cf7fb7fccd8fd38151f5666ed12e7bc7e7222ba2330dae5da47cbcc150810b106e16ab720f8d1a435198fcc920c8e3a9386ae1bcc48c80f51880237bc6af878b5bc448398771ee94637b44151cd2b652cb478ad43857a379c65d2d320ff2f9e6d729cfa2b07ae82d9b157a8a0dd408d9c92755172f7c302e3849d8bf869fec0469c5564c652a1314ffae28a60062d6887720002192a88b69d31a494dbf41c430c16d6fa1000d3c65b15f98f24c0767e4fd9f0d5e729c8f72e478fc65025cc782f04a1372ea08430a9284b0873d083d050622329fc9c6317c6295a21dc1ce5ff517f19d10f69d9bda80e4b154faebfe5a8854dc01ed4b84d8ec2333b69982d06", 0x1d8}], 0x1}, 0x0)
read$alg(r2, &(0x7f0000000180)=""/4096, 0x20001180)

02:17:38 executing program 0:
getpid()
fcntl$getownex(0xffffffffffffff9c, 0x10, &(0x7f0000000000))
getsockopt$sock_cred(0xffffffffffffff9c, 0x1, 0x11, &(0x7f00000000c0)={<r0=>0x0}, &(0x7f0000000100)=0xc)
prlimit64(r0, 0x9, &(0x7f0000000040)={0x8, 0x20}, 0x0)
syz_open_pts(0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
io_setup(0x4008, &(0x7f0000000080))
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x30)
wait4(0x0, 0x0, 0x0, 0x0)

02:17:38 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xe, 0x4, 0x4, 0x5, 0x0, 0x1}, 0x2c)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={r0, &(0x7f0000000040), 0x0}, 0x18)
r1 = syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0xff, 0x926dce12183d0522)
setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, &(0x7f00000000c0), 0x4)

[  257.426582][ T9210] ------------[ cut here ]------------
[  257.453541][ T9210] refcount_t: underflow; use-after-free.
[  257.498163][ T9210] WARNING: CPU: 0 PID: 9210 at lib/refcount.c:190 refcount_sub_and_test_checked+0x1d0/0x200
[  257.512564][ T9210] Kernel panic - not syncing: panic_on_warn set ...
[  257.519221][ T9210] CPU: 0 PID: 9210 Comm: syz-executor.3 Not tainted 5.2.0-rc5+ #38
[  257.527191][ T9210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  257.529714][ T9215] kobject: '��' (00000000c14fe89e): kobject_add_internal: parent: 'net', set: 'devices'
[  257.537421][ T9210] Call Trace:
[  257.537561][ T9210]  dump_stack+0x172/0x1f0
[  257.537590][ T9210]  ? refcount_sub_and_test_checked+0x120/0x200
[  257.537682][ T9210]  panic+0x2cb/0x744
[  257.565110][ T9210]  ? __warn_printk+0xf3/0xf3
[  257.569741][ T9210]  ? refcount_sub_and_test_checked+0x1d0/0x200
[  257.576054][ T9210]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  257.582894][ T9210]  ? __warn.cold+0x5/0x4d
[  257.587250][ T9210]  ? refcount_sub_and_test_checked+0x1d0/0x200
[  257.593463][ T9210]  __warn.cold+0x20/0x4d
[  257.597778][ T9210]  ? vprintk_emit+0x1ea/0x700
[  257.602481][ T9210]  ? refcount_sub_and_test_checked+0x1d0/0x200
[  257.608658][ T9210]  report_bug+0x263/0x2b0
[  257.613112][ T9210]  do_error_trap+0x11b/0x200
[  257.617741][ T9210]  do_invalid_op+0x37/0x50
[  257.623183][ T9210]  ? refcount_sub_and_test_checked+0x1d0/0x200
[  257.629393][ T9210]  invalid_op+0x14/0x20
[  257.633569][ T9210] RIP: 0010:refcount_sub_and_test_checked+0x1d0/0x200
[  257.640359][ T9210] Code: 1d 7e 69 48 06 31 ff 89 de e8 dc 62 3c fe 84 db 75 94 e8 93 61 3c fe 48 c7 c7 60 9c a4 87 c6 05 5e 69 48 06 01 e8 9e 9a 0e fe <0f> 0b e9 75 ff ff ff e8 74 61 3c fe e9 6e ff ff ff 48 89 df e8 d7
[  257.651678][ T9215] kobject: '��' (00000000c14fe89e): kobject_uevent_env
[  257.661325][ T9210] RSP: 0018:ffff888059587880 EFLAGS: 00010286
[  257.661411][ T9210] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  257.661420][ T9210] RDX: 0000000000006cca RSI: ffffffff815ad926 RDI: ffffed100b2b0f02
[  257.661428][ T9210] RBP: ffff888059587918 R08: ffff888090c50400 R09: ffffed1015d060a1
[  257.661437][ T9210] R10: ffffed1015d060a0 R11: ffff8880ae830507 R12: 00000000ffffffff
[  257.661447][ T9210] R13: 0000000000000001 R14: ffff8880595878f0 R15: 0000000000000000
[  257.661483][ T9210]  ? vprintk_func+0x86/0x189
[  257.661508][ T9210]  ? refcount_dec_not_one+0x1f0/0x1f0
[  257.661525][ T9210]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  257.661603][ T9210]  ? p9_fd_close+0x29e/0x570
[  257.661630][ T9210]  ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[  257.683855][ T9215] kobject: '��' (00000000c14fe89e): fill_kobj_path: path = '/devices/virtual/net/��'
[  257.690597][ T9210]  ? lockdep_hardirqs_on+0x418/0x5d0
[  257.690622][ T9210]  refcount_dec_and_test_checked+0x1b/0x20
[  257.690639][ T9210]  p9_req_put+0x20/0x60
[  257.690659][ T9210]  p9_fd_close+0x2ee/0x570
[  257.690679][ T9210]  p9_client_create+0x98c/0x1400
[  257.690727][ T9210]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[  257.690755][ T9210]  ? p9_client_zc_rpc.constprop.0+0x10b0/0x10b0
[  257.690822][ T9210]  ? rcu_read_lock_sched_held+0x110/0x130
[  257.690845][ T9210]  ? lockdep_init_map+0x1be/0x6d0
[  257.707206][ T9215] kobject: 'queues' (00000000521ada33): kobject_add_internal: parent: '��', set: '<NULL>'
[  257.714901][ T9210]  v9fs_session_init+0x1e7/0x18c0
[  257.714923][ T9210]  ? v9fs_session_init+0x1e7/0x18c0
[  257.714940][ T9210]  ? find_held_lock+0x35/0x130
[  257.715003][ T9210]  ? fs_reclaim_acquire.part.0+0x30/0x30
[  257.715028][ T9210]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  257.720851][ T9215] kobject: 'queues' (00000000521ada33): kobject_uevent_env
[  257.725201][ T9210]  ? fault_create_debugfs_attr+0x1e0/0x1e0
[  257.725221][ T9210]  ? v9fs_show_options+0x7e0/0x7e0
[  257.725241][ T9210]  ? v9fs_mount+0x5e/0x920
[  257.725258][ T9210]  ? rcu_read_lock_sched_held+0x110/0x130
[  257.725345][ T9210]  ? kmem_cache_alloc_trace+0x351/0x750
[  257.725370][ T9210]  ? retint_kernel+0x2b/0x2b
[  257.731792][ T9215] kobject: 'queues' (00000000521ada33): kobject_uevent_env: filter function caused the event to drop!
[  257.735873][ T9210]  ? v9fs_write_inode+0x70/0x70
[  257.735892][ T9210]  v9fs_mount+0x7d/0x920
[  257.735912][ T9210]  ? v9fs_write_inode+0x70/0x70
[  257.736009][ T9210]  legacy_get_tree+0x108/0x220
[  257.736033][ T9210]  ? legacy_parse_monolithic+0x11f/0x180
[  257.743019][ T9215] kobject: 'rx-0' (00000000373b5934): kobject_add_internal: parent: 'queues', set: 'queues'
[  257.751353][ T9210]  vfs_get_tree+0x8e/0x390
[  257.751385][ T9210]  do_mount+0x138c/0x1c00
[  257.751407][ T9210]  ? copy_mount_string+0x40/0x40
[  257.751426][ T9210]  ? copy_mount_options+0x198/0x3a0
[  257.751445][ T9210]  ? __sanitizer_cov_trace_pc+0x48/0x50
[  257.751464][ T9210]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  257.751480][ T9210]  ? copy_mount_options+0x280/0x3a0
[  257.751502][ T9210]  ksys_mount+0xdb/0x150
[  257.751521][ T9210]  __x64_sys_mount+0xbe/0x150
[  257.751599][ T9210]  do_syscall_64+0xfd/0x680
[  257.751623][ T9210]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  257.751673][ T9210] RIP: 0033:0x4592c9
[  257.751690][ T9210] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  257.751699][ T9210] RSP: 002b:00007fa094ed9c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  257.751715][ T9210] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000004592c9
[  257.751724][ T9210] RDX: 0000000020000100 RSI: 0000000020000040 RDI: 0000000000000000
[  257.751731][ T9210] RBP: 000000000075bf20 R08: 0000000020000280 R09: 0000000000000000
[  257.751738][ T9210] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fa094eda6d4
[  257.751746][ T9210] R13: 00000000004c5683 R14: 00000000004d9ab8 R15: 00000000ffffffff
[  257.758721][ T9210] Kernel Offset: disabled
[  258.052418][ T9210] Rebooting in 86400 seconds..