[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 29.727086] kauditd_printk_skb: 8 callbacks suppressed [ 29.727098] audit: type=1800 audit(1545153013.937:29): pid=5900 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 29.752868] audit: type=1800 audit(1545153013.947:30): pid=5900 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 31.915730] sshd (6040) used greatest stack depth: 15744 bytes left Warning: Permanently added '10.128.0.156' (ECDSA) to the list of known hosts. 2018/12/18 17:10:22 fuzzer started 2018/12/18 17:10:25 dialing manager at 10.128.0.26:38421 2018/12/18 17:10:25 syscalls: 1 2018/12/18 17:10:25 code coverage: enabled 2018/12/18 17:10:25 comparison tracing: enabled 2018/12/18 17:10:25 setuid sandbox: enabled 2018/12/18 17:10:25 namespace sandbox: enabled 2018/12/18 17:10:25 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/18 17:10:25 fault injection: enabled 2018/12/18 17:10:25 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/18 17:10:25 net packet injection: enabled 2018/12/18 17:10:25 net device setup: enabled 17:13:35 executing program 0: ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000340)=@nat={'n%t\x00', 0x19, 0x2, 0x1e0, [0x20000100, 0x0, 0x0, 0x200002b0, 0x200002e0], 0x0, 0x0, &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, [{{{0xd, 0x0, 0x0, 'irlan0\x00', 'ip_vti0\x00', 'syzkaller1\x00', 'veth0_to_bond\x00', @remote, [], @broadcast, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@remote}}}}, {{{0x1f, 0x0, 0x0, 'bond_slave_1\x00', 'syzkaller0\x00', 'yam0\x00', 'bpq0\x00', @dev, [], @remote, [], 0x70, 0x70, 0xa8}}, @arpreply={'arpreply\x00', 0x10, {{@local}}}}]}, {0x0, '\x00', 0x2, 0xffffffffffffffff}, {0x0, '\x00', 0x2, 0xffffffffffffffff}]}, 0x258) pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r2, &(0x7f0000002840)=[{&(0x7f0000002740)="bd", 0x1}], 0x1, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000500)={0x40, {{0x2, 0x4e24, @loopback}}, 0x1, 0x3, [{{0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xf}}}, {{0x2, 0x4e22, @rand_addr=0x1f}}, {{0x2, 0x4e20, @rand_addr=0x80}}]}, 0x210) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000340), 0xfffffffffffffef5) splice(r1, 0x0, r3, 0x0, 0x10005, 0x0) [ 231.542898] IPVS: ftp: loaded support on port[0] = 21 17:13:35 executing program 1: r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/net\x00') io_setup(0x0, 0x0) r1 = eventfd(0x0) ioctl$FIGETBSZ(0xffffffffffffffff, 0x2, 0x0) dup3(r1, r0, 0x0) setxattr$security_smack_entry(0x0, 0x0, 0x0, 0x0, 0x0) write$P9_RATTACH(r0, &(0x7f0000000200)={0x14}, 0x14) [ 231.818590] IPVS: ftp: loaded support on port[0] = 21 17:13:36 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) writev(r0, &(0x7f0000000080)=[{&(0x7f0000001100)="7f", 0x1}], 0x1) write(r0, &(0x7f0000000100)="06edf58d0c1495a22f950932cb2247ca561c073c0b804cc41dfbb632fcfc3a470d47c69a72715d513d5cd523767c6be8f925f5952eab07afecb56c746851bc57f1f60550782cd7bcff1d5c09bc92d74724d62592b4d8af1bbb2de5c0a6368066e785edc63a41789e17aacd173cef5a8de07701c70a39f2bf5948f31f35be9f1889c3d87831d6393d545732962a954d57705e90a3fc4c3bfa3f8f086f5baf9e56b17564a430c431ebd945ad104379ff98227300f12cc9fc7792527b04dac5b99bd01f42355c16b9177678b3be97accecd4b63f3f574457132cde27fdf4a4177000a09be819d276054538b8c7983569611d6e82e0777e0cf6675c70718b4f2d0df312488c78cff6d1a163b51b7365d13710d72fe029f9cdb2bc66e0af0a2426d5bc1f29d120a79dd17eed4d4fad4560cb757d966827ab45e2f8ab8570809cd8f86b7fa949ea0019250bcefd3e4eb0c0ee471184a9305e85c82a3728c5689982c8910ecfbc8ce400dd79e002ea01ec1f1421772368be91900bf641b506995b653c936e5a9511491985aad55fca2787c2c3be2a04473fc4a25a68e5d7941c1b6cabb155838ac7b6f36ed213292e711d950591ec39f748d9ef42ef972a4cd9c3c8e39c59a15e419c6fb45fd59acd98ffcae2af102500bea98d288799725e40b7bacebbdbd112214fd0abf7ff3d01e7c3114f23fa8156f7cdfd017d174a4cc9feb7ee01d93571bfd625278d5e9c9abac8e40775ce859ad052dffcb422a9ef8301994a0fe3bf96a8b85e4844af8de195739ebc7a9489979875d965c065ae4e4420013be999355cf2160330f4bacd35e1d64b59c08b6008fa87460d779b52924a2467a15d266a656a89b8a8c18ada45779d16282a6182806481b052bd255322b9d5908fe8add0da8fd466b3d1b393ec7e5019e4dee2c7bd7fd1c40850f19c964f435d41d31e7f0bda0d40624c4eb6736d498feee913aeaec842b8bf11b06f2391d914038de0b89d9b6063c0bd8c789e0bdf7c96eb1c762201d0b86548ef179e2972f1538eeca7a82e223d626e0ac2e4f7958d21c4a4d610d6f50f7494f87622cce1b87c568a34d4533adcaaa5d7f84e7469f83a1531d8484e4f9d9e5ca50eea371662910969f1db5c4be447544f5e936a4fee7df04f1306daffdb8b167c9d7285bce3af6d068c936a0e7b2eae792d3673bd812eaa7c89bccaff1c7a8d653c58751ee44e6c1917e8c8e168f7712cb6c6081b6b78887d16845f383c651fa229e4699e62d2474432a327f2532f3ffa74f0781aa1060d7f060875d5c76f5f6724148957588564883ca1bd98f6cfc74e3feb570031a45367c7bf6a5fc56aa965042f0ce00220eda8c02b92d92022af149a611fa0fd457aa159772f3b6c5a12729301f9610c000545a1877b1b66633a98a94f25ec46af7d8333d77cc07ca64845aedf0064413e77582fadc7da63d187ce16f74051e74a5880818dbe427dcc31c014c2024d4d9483b68029e4ae03fd73e762a7da01f901b13e7aa084e9647be0d6adaf4b151eaa49c1614456ababc37a537e8545a6fc1799fe6d8451571ff845e8c5f7252bab8307dfee4982f02699c92a0ff71169166a0cf1a3e83ba8ee1d1a2b1c39c791557b6c3803bf4cad8071049d93cf58085aed66c0dbcb2901682384de38c92089568aaf32cbf82e8906bc2a2c9d15fad4a12910d4813738f3966e6b19e07a0fbeb18ecacdcd323912f886f573ba8bbc23182c82703934bd432bdd57f2475446a030d5f35b8be94b95ff3e0da66f01621355eaf2ccf321593f23b754c73ee882732e29cdfc9f0de4bd32b8f50eb90c1880532a422606e7e080997591f6f1b8c06465653b112e1cee12133b48aa6e10918ed438a0f9e8920aad134cdc9b758c2acb5577ee58d698d2c24bd276a3bba544c846e34f2fd24849562030cbf0863b670e1352a1dec2b0bf3df1b5c03e273a511d55b0c4e0283c99209e733ed814470d73fa2fc3fedd00241fe0326c78be7689b61f45ba8f4eeeaf183896fda210297c4bb7c7e3f36435d9a43006acb204ac76a1b7f10728ff96e73af3942166750224ef131d3228bd5a2891fb179b11efe8956b373a0be1521c6a757808392f58142a2ef55f70b523613700725bd7ccf2bf7ee7a63e54f96401bf03055ea531caf858baa8ca632f7ea0ba500eeb0594a285f8c417818195ac095daa27dc2df92dc5fc2ab140d31241a9c110a3389a3c580159cda9d01684885d585a6c25addbbc6781ad9ee97e527153bd61004de585da9b78617ac30b123053594f6894181582cc098606ce3b6ecdaa12ad37a80ed2f7c69d5e586be3235c71033cfa3375e5003977aeb1d977550a0cea9d2e026aa17ffe58f675bb5e4eaf51e9989bd1190a18099b985059172bd3a59a4aeba2ea6c2765c0686351c64177c59ce99c85ef62a939d81234bfd0f56272871dc4ccce315d867b4b49101ed600e8f306af1532a75bb789fad693620f909ec9eaf68ca5cceeb02c850c6c204c804c729f34073a10861348c572557120e1828ac5cf2f7b3257c5cd09d3b99ee456a7a450be6a04f60eb244aa52e24f4ec7e52c56311d4fd884e9e9045743b11c570efcecfdfb2ad180aeb19a939d3b927dd3e3579879dc1ced1e7ae78881b67183da82d1286515247e6d1ea68b48bf9a2015009c085da2c111ab5c6cb058e44256be2abc22c99f008bb82af2c3838d01404a93167842ede3f591b85bd752d35fe714a9fdea0aade03daac9ae6e640434d77214357b0284d4af5cd1d27b9f88e9642cfbba8ba7a370a78e63d3bb0520990236f39eaf6cb406ad0a572dc309aff9220ba325910394e2885afa657b1d1eebd63508e3491b9de12de56d99309112a0fe4fa6f281e42ec5e65afbd45cf06f848259f0a295d0c94ecd0cc4f0c6797e60c7d8bd8e69f085f0447cb4e01705d25c4e7f39af78598bf4de942d7bd45ed3a16b325aa46e7a3ca7fcbf08ee63c808d47d8e1f6f48c5c81d90ff8667d8f8969f942cd6e8a63dbba70535c913a1ebb135123e2a91cc3df9c7ba672136280cee6b937dcf28783656c0871dc60dad837b35ec17dedde4bcf5f711e575d4d2ea18055e98950f4c262e9a4b874f574545b554a3a475aa3bdf80788ba60c44717986449830c18cd993181790b8d2d8a0b70e468386ca33529a8a9b3734eccc4f9e287d0a0573fdd22541c43014a909073a5ea9f60c98c127fba514d0d1417010c95bce3dcfdd94c45215a5fab98dcdf257ccf656889a82a57c40462bb6c35f261331d74a2f438d3875336278951f09b0977ee0e35ee6825b2821e386bfc7fe0025ebe3354175e8b4ab00e7bc588f041f466e6430252d412104472b581934055a94148920e01d437672e64e30d9b4f8bd5a2978122ef2a6182160037cd24facdd40d007dcc69ee90bd123f879ff117428775ba640bfc40045c80eebba70122d416eafc234d904ccc91f9e7695c38019720e8c85e941f03d8918331ba8c66ec7d90bb7392f3675ae1f40f3fee59a5c978d3103a66998ccd9ea7c6439b2ed15932185095504be32fcfcf19b06536227a04fccaf68c7ad2bec40b0094755f870706bda9a35beaffa72cbd5dbd2bf9a8fbfe4250e3340520548a74926b502cc9c095d7b3121134233263a48ece7d49f8a8e5456ac441e4dbde2f9fc8bd07cdfc2e203508090fc96747785f01aaa3e8125331b1f11c2284e34bef4529c2ecd29f1cfa531f75cb3e727bf354fda3d8643fd8105ba1896d31192b3143fb1a35af5ca8b723bcae150dfbd5c96ae21b48021b256b2af9d2e871676074287c5f29c977af5d2fc28b6e89b54327a826ffb9ab35e85e54a431d4044484d92813d2f762c2b5912089e10b2b02a967b34cf485171da10a39a30d97759c841dc0908be6606c084946b9ca72428c13500314ceb4788eac3169ccae57cd38c17a9f2e8acfbd936fa9a67d1fe016cac68127f5a44ce954fc5c6112f3dea345a36424c4e5788cbeef1296a69966401deeedbcf60b76de5a53cb06bc1c4a7ed8595c0b4e4242cb15bda2c7cc3b659824b80084bb0cbf515d8ca2c520a86ad8557ac733b04eb7b8ff1360c66dd4f91f5e2f91109f886e84ae7e42762284dd55e79dd2b759605e459a32394379162b616aecb2847a23a4879ff8b22e12cbe3037520884b881a864582fb28cae92d2600d0f3ab2436f725b2bab8a3c316058ec15ec8536b1bdb814cec8b919f9c3640d6d87cec078df6e092b14e8a33b70b04fa56642c7eb483c1a912eb76183920da00642c412f00182bd778ae8fbf011dd66f82916fd0f2cf76b69a63c21c66f0fce8190553748798e707bf2a90916fdbb4ff19a2580458b030b3d6d28c18d4a5e645fd26987464b23e1d5536c223d10c33f30dbb96b3ff913a48378d6c1b9c0c682eada82875bcb47864461ab96dbe58b53857e9c40018316b4659644a4b697c926a80823724f1dc4860b4fd56b1aaa1da1973e8a4237cf0b537444456f58833b901884a426186d6aa57ed8077a408bafb07409a8b7b4281f0a0b6bf2dbb3821944b4bee7f89f62b029898b3ac1ae60bb2094bbf38d4e723c9c5cfb40bc338e144003c511d510ef340c125fce633290a685a010abfe822c2a53c3b687146e1cc1800d01fce0e99fd85dccf7e156fea22924161d855bd8f29e2a287d5de524a70a78cb2aa3996d0ab7bac9ff9b8674e3af4416cf32e66467efaaabc504a19727b07b6a98056a4f8ddc84e55e10b2f256b1b83ca1be629ff4a13ab259f7d7cee434fc0075dbfab82b40ac9f469f638caf3daa0f0284756008b710cd4efc1368c9e6e80ffd810b9a5651ac042b6c55d3f471fd80ee4a7fc096a68064fc794fd4a10e2f70861a49a2ff3ce0f8a104a1212d3b2915ae45690a3c8a2c014904844df6d5320c0401e478701d34e2c58854d63a2f9e9c5132130d7aee402acf87a1aeedf2a1039ddd0d85c55a77843112a2e4816372b9e0f0976b16d38dbf45f405f4a556cd347b48e390bc64a4534ed978411c5d08e20586b56291f4208d7f748ff9d112262350cfd8cb5b5dc9c5b2b99f458d83106550615547152f867373099549e8e11cdbd59fabb5c2711acf84784022577765d1bd5fe0b28ba86da39cbf94550006c7faf0b4ae6412a228c5ab55e7f99c5b2d151772eb27af96ba52cb7855d28c7dbf3a6439ccfefe893303664803112419d882357dd6969d619f193cfce9a02258d1dfea6590baf4887bd3d12eb650a7e03f0b39e15a42c693b069cf72ce61f7b015f39825a12441c2de9dacdfd069d95a6ab0984413778f3482db377a4eec9f60d796bfc37130c200e980002aa24bcc8f99ef9de004dc8118decbc9907b3620117bf76e070904d5bc4265b6c03481a455cac6dd32fd1bbfc66000562a8cfa5a6101c7ca0e161822bb8dbbb84112e0a4f1b6e226de1e4af7f7aac5167eed1d69cd96e5872572448b2141d641e64c25f06e912d77d411d7e02634c146a8e66cf3e77467de9e49808ae9655594f3ae467e242cd5804c9da1023cdaa623807a8ef4151647c8b0dff5df6a50a9fe41ed3971d0848e7d4a9e34de9925081817ef3ac19f746097afcd64631256ed29ffef4051ea85738e5cf5856c3f4ad5cbb8fd9a8593e0b4e7349985937322f6f932ff7daf91bf18881d95b9eb62801d99c048aa40c15a5841a3ee69c93b48be378d4e336e9ce1b5e13f9417d75275e609400f5359fc001009e793040962118fc07ac1a86149271a4cc701459f01bd8b6a4b1e2b66e661dec8b1ab7d38f4b93588aaf0c72", 0x1000) [ 232.157865] IPVS: ftp: loaded support on port[0] = 21 17:13:36 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='/exe\x00\x00\x00\x00\x00\x04\t\x00K\xdd\xd9\xde\x91\xbe\x10\xee\xbf\x00\x0e\xe9\xa9\x0fy\x80XC\x9e\xd5T\xfa\aBJ\xde\xe9\x01\xd2\xcau\xaf0\x02\x00\xf5\xab\xfb\x98E\xf9\xe1\x98Y\xc9i2\x06\xf2\xc6\v\x00\x00\x00\a\x19\xe1\xd6n\x97\x01#\xd8\x93\xd9d\xe5\xb9\xc3(Vw\xb2\x13\x98#\xe5P\f\x92\xab[\x94\xda:}\xe1\x9f\x06;\xb7e\xb0+\xd5\xb6`\xfbC\x16\xcc\xeb[\xae\x13fT\xe5\x84\x99\xda\x7f\xa8\x98\xc6\xf5\xc66\x9c?60h\xd1\n\xf83\xf6G[\xbe\x8byg%[\x17v\a\xba\x10\x0flFTq\x822\xdb\xdad\xaa\x1fi\xcf\x9a\xb5\xb3\xea>\xd64R\xb7\xeb\xd3|\x9d\xaefN2.\b\xad\x8f`)\xfe\x8f\xd0\xb3Lq\x17H\x04q\xae\xca\n?\xc9\xec\xeb(P\x9c\xa8\xa8>O\x8b\x85\x13\x18\b\xbc\\\xfbL\xc2N\x19\x01v\x9c\bL\b\'\x12\xb4p\xa8') preadv(0xffffffffffffffff, &(0x7f0000000280)=[{&(0x7f0000003200)=""/4096, 0x1000}], 0x1, 0x0) preadv(r0, &(0x7f00000001c0), 0x1c1, 0x0) [ 232.572995] IPVS: ftp: loaded support on port[0] = 21 17:13:37 executing program 4: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x2, 0x0) getpid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) write$uinput_user_dev(r0, &(0x7f0000000d00)={'syz0\x00'}, 0x45c) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) ioctl$UI_DEV_DESTROY(r0, 0x5502) [ 232.947992] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.962475] bridge0: port 1(bridge_slave_0) entered disabled state [ 232.970377] device bridge_slave_0 entered promiscuous mode [ 233.157008] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.167025] bridge0: port 2(bridge_slave_1) entered disabled state [ 233.193571] device bridge_slave_1 entered promiscuous mode [ 233.293648] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 233.295996] IPVS: ftp: loaded support on port[0] = 21 [ 233.418498] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 233.625334] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.646994] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.659698] device bridge_slave_0 entered promiscuous mode 17:13:38 executing program 5: r0 = open(&(0x7f0000000080)='.\x00', 0x0, 0x0) fcntl$F_GET_RW_HINT(0xffffffffffffffff, 0x40b, 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) getsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0) write$P9_ROPEN(0xffffffffffffffff, 0x0, 0x38f) fchdir(r0) [ 233.775961] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.798690] bridge0: port 2(bridge_slave_1) entered disabled state [ 233.806068] device bridge_slave_1 entered promiscuous mode [ 233.867064] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 233.970922] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 233.992416] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 233.997958] IPVS: ftp: loaded support on port[0] = 21 [ 234.123497] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 234.173357] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.197654] bridge0: port 1(bridge_slave_0) entered disabled state [ 234.210597] device bridge_slave_0 entered promiscuous mode [ 234.326577] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.358543] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.365929] device bridge_slave_1 entered promiscuous mode [ 234.508741] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 234.607868] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 234.650657] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 234.670247] team0: Port device team_slave_0 added [ 234.678118] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 234.762304] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 234.808791] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 234.816167] team0: Port device team_slave_1 added [ 234.939256] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 234.946661] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 234.963044] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 234.987635] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.002930] bridge0: port 1(bridge_slave_0) entered disabled state [ 235.028928] device bridge_slave_0 entered promiscuous mode [ 235.035902] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 235.050987] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 235.096194] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 235.115839] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 235.132843] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 235.156959] bridge0: port 2(bridge_slave_1) entered blocking state [ 235.169259] bridge0: port 2(bridge_slave_1) entered disabled state [ 235.188820] device bridge_slave_1 entered promiscuous mode [ 235.204280] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 235.221819] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 235.275715] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 235.288909] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 235.304350] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 235.319951] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 235.337270] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 235.373701] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 235.420071] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 235.552365] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 235.560102] team0: Port device team_slave_0 added [ 235.573604] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 235.609062] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 235.615925] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 235.631562] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.637931] bridge0: port 1(bridge_slave_0) entered disabled state [ 235.662135] device bridge_slave_0 entered promiscuous mode [ 235.759028] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 235.778794] team0: Port device team_slave_1 added [ 235.806146] bridge0: port 2(bridge_slave_1) entered blocking state [ 235.828781] bridge0: port 2(bridge_slave_1) entered disabled state [ 235.836130] device bridge_slave_1 entered promiscuous mode [ 235.904734] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 235.932807] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 235.941697] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 235.999842] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 236.006800] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 236.015385] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 236.058446] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 236.078842] team0: Port device team_slave_0 added [ 236.084761] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 236.103348] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 236.122109] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 236.156355] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 236.179441] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 236.227028] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 236.256155] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 236.264778] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 236.289954] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 236.297970] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 236.310880] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 236.318209] team0: Port device team_slave_1 added [ 236.457411] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.466430] bridge0: port 1(bridge_slave_0) entered disabled state [ 236.474412] device bridge_slave_0 entered promiscuous mode [ 236.506516] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 236.572959] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 236.590811] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 236.601557] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.608473] bridge0: port 2(bridge_slave_1) entered disabled state [ 236.639838] device bridge_slave_1 entered promiscuous mode [ 236.650988] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 236.664529] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 236.692967] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 236.704579] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 236.729067] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 236.737256] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 236.749382] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 236.757311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 236.801087] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 236.825768] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 236.838802] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 236.875165] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 236.909684] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 236.931105] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 236.954729] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 236.973833] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 236.994561] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 237.009626] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.016102] bridge0: port 2(bridge_slave_1) entered forwarding state [ 237.023162] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.029573] bridge0: port 1(bridge_slave_0) entered forwarding state [ 237.044806] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 237.196181] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 237.213832] team0: Port device team_slave_0 added [ 237.341230] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 237.349749] team0: Port device team_slave_1 added [ 237.375673] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 237.399124] team0: Port device team_slave_0 added [ 237.438880] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 237.459867] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 237.563499] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 237.579086] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 237.602620] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.609015] bridge0: port 2(bridge_slave_1) entered forwarding state [ 237.615690] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.622121] bridge0: port 1(bridge_slave_0) entered forwarding state [ 237.636440] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 237.649511] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 237.657064] team0: Port device team_slave_1 added [ 237.669636] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 237.678146] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 237.694568] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 237.719227] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 237.789718] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 237.796957] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 237.809750] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 237.841199] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 237.855117] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 237.869177] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 237.880837] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 237.899080] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 237.930793] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 237.939202] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 237.947180] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 237.981255] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 237.988089] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 238.071145] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 238.078289] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 238.099133] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 238.229035] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 238.236201] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 238.245472] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 238.429194] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 238.452855] team0: Port device team_slave_0 added [ 238.568562] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 238.596444] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 238.614359] team0: Port device team_slave_1 added [ 238.641559] bridge0: port 2(bridge_slave_1) entered blocking state [ 238.647960] bridge0: port 2(bridge_slave_1) entered forwarding state [ 238.654662] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.661060] bridge0: port 1(bridge_slave_0) entered forwarding state [ 238.700760] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 238.729280] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 238.736155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 238.744909] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 238.825791] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 238.859264] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 238.874367] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 238.997384] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 239.004741] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 239.014191] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 239.117624] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 239.132182] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 239.149207] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 239.425842] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.432306] bridge0: port 2(bridge_slave_1) entered forwarding state [ 239.439057] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.445421] bridge0: port 1(bridge_slave_0) entered forwarding state [ 239.483485] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 239.579266] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 239.586612] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 239.646761] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.653189] bridge0: port 2(bridge_slave_1) entered forwarding state [ 239.659952] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.666327] bridge0: port 1(bridge_slave_0) entered forwarding state [ 239.713941] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 240.648743] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.655160] bridge0: port 2(bridge_slave_1) entered forwarding state [ 240.661922] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.668293] bridge0: port 1(bridge_slave_0) entered forwarding state [ 240.692638] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 240.704124] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 240.718037] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 242.734415] 8021q: adding VLAN 0 to HW filter on device bond0 [ 243.179541] 8021q: adding VLAN 0 to HW filter on device bond0 [ 243.259993] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 243.647608] 8021q: adding VLAN 0 to HW filter on device bond0 [ 243.703289] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 243.781642] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 243.794476] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 243.802182] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 244.179431] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 244.208881] 8021q: adding VLAN 0 to HW filter on device team0 [ 244.217076] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 244.238986] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 244.249284] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 244.619885] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 244.627866] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 244.645195] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 244.753431] 8021q: adding VLAN 0 to HW filter on device team0 [ 244.770937] 8021q: adding VLAN 0 to HW filter on device bond0 [ 244.792763] 8021q: adding VLAN 0 to HW filter on device bond0 [ 245.134505] 8021q: adding VLAN 0 to HW filter on device team0 [ 245.270199] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 245.299900] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 245.794570] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 245.808570] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 245.817162] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 245.840742] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 245.860481] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 245.867888] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 246.001070] 8021q: adding VLAN 0 to HW filter on device bond0 [ 246.277350] 8021q: adding VLAN 0 to HW filter on device team0 [ 246.360014] 8021q: adding VLAN 0 to HW filter on device team0 [ 246.513507] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 247.021186] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 247.045125] kernel msg: ebtables bug: please report to author: Valid hook without chain [ 247.059150] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 247.068010] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 17:13:51 executing program 0: mmap(&(0x7f0000000000/0x8b000)=nil, 0x8b000, 0x4, 0x10000032, 0xffffffffffffffff, 0x0) futex(&(0x7f0000000240), 0x7, 0x0, 0x0, 0x0, 0x0) 17:13:51 executing program 0: mmap(&(0x7f0000000000/0x8b000)=nil, 0x8b000, 0x4, 0x10000032, 0xffffffffffffffff, 0x0) futex(&(0x7f0000000240), 0x7, 0x0, 0x0, 0x0, 0x0) 17:13:51 executing program 0: mmap(&(0x7f0000000000/0x8b000)=nil, 0x8b000, 0x4, 0x10000032, 0xffffffffffffffff, 0x0) futex(&(0x7f0000000240), 0x7, 0x0, 0x0, 0x0, 0x0) 17:13:51 executing program 0: mmap(&(0x7f0000000000/0x8b000)=nil, 0x8b000, 0x4, 0x10000032, 0xffffffffffffffff, 0x0) futex(&(0x7f0000000240), 0x7, 0x0, 0x0, 0x0, 0x0) 17:13:51 executing program 0: futex(&(0x7f0000000240), 0x7, 0x0, 0x0, 0x0, 0x0) [ 247.578757] 8021q: adding VLAN 0 to HW filter on device team0 17:13:52 executing program 0: futex(&(0x7f0000000240), 0x7, 0x0, 0x0, 0x0, 0x0) 17:13:52 executing program 2: r0 = epoll_create(0x6) rt_sigsuspend(0x0, 0x0) ioctl$VT_ACTIVATE(0xffffffffffffffff, 0x5606, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0) setrlimit(0x0, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) ptrace$getsig(0x4202, 0x0, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) setgid(0x0) shmctl$IPC_INFO(0x0, 0x3, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) getsockopt$IP_VS_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x481, 0x0, 0x0) io_setup(0x0, 0x0) setrlimit(0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000001dc0)={'team0\x00'}) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) getsockopt(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000001f80)) 17:13:52 executing program 1: r0 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) ftruncate(r0, 0x8007ffc) socketpair$unix(0x1, 0x400000005, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendfile(r0, r0, 0x0, 0x101) write$9p(r0, &(0x7f00000001c0)="14", 0x1) 17:13:52 executing program 0: futex(&(0x7f0000000240), 0x7, 0x0, 0x0, 0x0, 0x0) [ 248.819551] input: syz0 as /devices/virtual/input/input5 17:13:53 executing program 3: r0 = creat(&(0x7f0000000240)='./bus\x00', 0x0) socketpair$unix(0x1, 0x80000000002, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f00000000c0)) [ 248.891258] input: syz0 as /devices/virtual/input/input6 17:13:53 executing program 0: mmap(&(0x7f0000000000/0x8b000)=nil, 0x8b000, 0x0, 0x10000032, 0xffffffffffffffff, 0x0) futex(&(0x7f0000000240), 0x7, 0x0, 0x0, 0x0, 0x0) [ 248.957190] EXT4-fs warning (device sda1): ext4_group_add:1637: No reserved GDT blocks, can't resize 17:13:53 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f000002dff8)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r1, &(0x7f0000001340)=[{&(0x7f0000001240)="1d", 0x1}], 0x1) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000000000)={0x0, 0x2710}, 0x10) recvmmsg(r0, &(0x7f000000a780)=[{{0x0, 0x0, &(0x7f000000a6c0)=[{&(0x7f0000008240)=""/100, 0x64}], 0x1}}], 0x1, 0x200000000100, 0x0) r2 = syz_open_dev$swradio(&(0x7f0000000040)='/dev/swradio#\x00', 0x0, 0x2) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffff9c, 0x84, 0x73, &(0x7f0000000080)={0x0, 0x2, 0x30, 0xe94, 0x2}, &(0x7f00000000c0)=0x18) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000100)={r3}, &(0x7f0000000140)=0x8) 17:13:53 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) getsockopt$IP_VS_SO_GET_SERVICES(r0, 0x0, 0x482, &(0x7f0000000040)=""/8, &(0x7f0000000080)=0x8) 17:13:53 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000240)=""/148, 0x94}], 0x1, 0x0) pipe2(0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000300)='net/route\x00') preadv(r0, &(0x7f0000000480), 0x27d, 0x0) 17:13:53 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) connect$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @remote}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='syz_tun\x00', 0x10) setsockopt$inet_tcp_int(r0, 0x6, 0x4000000000014, &(0x7f0000000180)=0x1, 0x4) accept$packet(0xffffffffffffff9c, &(0x7f0000000500)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000540)=0x14) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000580)={'team0\x00', r1}) sendto$inet(r0, &(0x7f00000003c0)="a0", 0x1, 0x0, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffff9c, 0x5429, &(0x7f0000000040)=0x0) r3 = syz_open_dev$midi(&(0x7f0000000100)='/dev/midi#\x00', 0xffff, 0x80000) getsockopt$XDP_STATISTICS(r3, 0x11b, 0x7, &(0x7f0000000140), &(0x7f0000000400)=0x18) fcntl$lock(r0, 0x27, &(0x7f00000000c0)={0x1, 0x3, 0x6, 0x100000000, r2}) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000000), 0x14) getsockopt$inet_sctp6_SCTP_CONTEXT(r3, 0x84, 0x11, &(0x7f0000000440)={0x0, 0xfffffffffffffffc}, &(0x7f0000000480)=0x8) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r3, 0x84, 0x78, &(0x7f00000004c0)=r4, 0x4) recvmsg(r0, &(0x7f0000000300)={&(0x7f0000000340)=@can, 0x80, &(0x7f0000001700)=[{&(0x7f0000000200)=""/241, 0xf1}], 0x1, &(0x7f00000017c0)=""/70, 0xfffffdbb}, 0x22) 17:13:53 executing program 3: r0 = socket$vsock_stream(0x28, 0x1, 0x0) r1 = dup(r0) sendmsg$FOU_CMD_GET(r1, &(0x7f00000003c0)={&(0x7f0000000280), 0xc, &(0x7f0000000380)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="00080c0000000000000003000000dc8d6726530927bcc1289fa705bc9fb7bf78dd709b81d7c006a2f8aadaf60ab654952ffc6ac6c41aac19275e9a8a70e0c29cd409dda0d69a78d3bacce8f6a41ae240cb4a310c1558be952e863e541dd70a4122601509bce0544d57ad952ab02c9f33a40fbffba969ae9016214ec0db27a1bde08c19e9ac9696107dd1a60a84a40c496a74843a5af18f7fb394d8cd5ec7e5afaa0b42592c6f0b52b148b624297ab283a360d5ba6a8c66746e716e"], 0x14}}, 0x40801) 17:13:53 executing program 0: mmap(&(0x7f0000000000/0x8b000)=nil, 0x8b000, 0x0, 0x10000032, 0xffffffffffffffff, 0x0) futex(&(0x7f0000000240), 0x7, 0x0, 0x0, 0x0, 0x0) 17:13:53 executing program 0: mmap(&(0x7f0000000000/0x8b000)=nil, 0x8b000, 0x0, 0x10000032, 0xffffffffffffffff, 0x0) futex(&(0x7f0000000240), 0x7, 0x0, 0x0, 0x0, 0x0) 17:13:53 executing program 3: socket$inet(0x2, 0x1, 0x3) r0 = socket$inet(0x2, 0x6000000000000001, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) r3 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0a5c2d023c126285718070") close(r2) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @remote}, 0x10) socket$xdp(0x2c, 0x3, 0x0) sendto$inet(r0, 0x0, 0x0, 0x20000802, &(0x7f0000000040)={0x2, 0x404e23, @remote}, 0x10) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, 0x0, &(0x7f0000000640)) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000140)='veth1_to_bridge\x00', 0x10) write$binfmt_elf32(r0, &(0x7f0000001480)={{0x7f, 0x45, 0x4c, 0x46, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38}, [{}], "", [[], [], [], [], []]}, 0x558) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r4, &(0x7f0000000180)={0x1, 0x100}, 0x2) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, 0x0, 0x0) sendto$inet(r0, &(0x7f00000000c0)="8b", 0x1, 0x4000101, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='tunl0\x00\x00\x00\x00\x00\x00\x00\xe4\xa1\x00', 0x10) write(r0, &(0x7f0000000ec0)="89f9d765312b4001000000b0967bdae72ee5094371136a6477ba0a51a2969dbc2d4028ac7b5af67f178f9314ea2bb3ac1c442eaf749c21ae2af8e39a40c3dc032e6f8eb738786a79df71302ff3b5d42731597d995bed6103ff63b9a908bcc05e0400000092bdf4d3282f62d6928117f82c2dae48742dac857de846096e82c1a02e1edcadda721a3f8dc9a54da05d467ed35b6f931d8686986960e756048c61c2a2c374c318d21d7a7ef550779190066e82ea3f6724a9f61ff028ec7e8d7a04352e7a78f777a68b823abb646bdc55dbde285ce15bf45820f0ae20e4023f57c71f8b41e08eff14c3441485c6f54a30750c780852dad879d6d4be7243bd07f841f89009000000c23d6b4f70fe48b54577449cfcbc4d5dbefb8b465d45bc2d11afbe7bfbe6ca76ac259e634eebf8db694ff02fe2b4c80783b443ef68287e9cf7cbcc2ee196f10c4ffb3f59e4921e0f9f08cba9a2c56c49fa7465b4836da5b2d9b142763889caa718d8a4fcb2f3ef6dc6185708fb1e0f9081d29fb3defae8c525f07437c7835b4eac8f86e2a22a81eff4120340e4a379446aac45dbff791d147805cd2748d74b8996c9b51ec03b410ef8fe126117fbf106795bc1b25d8dd786b6496bd743b7c75c638b516214ff56ec99a9c0f2919fa781cd8b4f2f2e425a6780c630a05c8e60011bc8e10055a6b6b652e5a13c73fd96f79038a65d6991ac38899ab98486d92bbcffdcf39a08a248ae1045ff8c6123de2f15d9ac360a3497c07001a3a1936ff1c03194ace131d380f515629ff016bd890ff822704c0db8bc68efad2eace5466628e7d6c2f2b3043698c46fdd62588fc54b72a786af0d026353879892c58007f7988a3f2240a43303218cc1df27807bfbde117c505f060396850a82459830a89a6a8601ea2e47f2e41379d110b96576f8f7705bba7ec63d6b44ccf84073cf9bdcf1aee48cb60c2f6dd3e89f3626a5e23339ea99c918d76a43fecf7401f7550e8eaefa4d84f1143320599daf7699858b2bf408e9093aa91d6dd9ae39d8decf3f7a199b0c1918d47be3b7aeff9a8c10efabe787b43141e7abaa4317158864b0361568140ab79cade1223c3ef81da4c4eefdd5b21fcc1b87872fc3b346737105589b84ba9814679b7510ed9b4f290083ee634ae12243ccc63413d7bc35eee0d1a4bc9dd33c37f5130303edddfc2636ffbf1ee0febb953436710c2ed9bd001d2ebe878788ddf7f7ad55b7a8cbcb348e82cd65b59315858086606115d04a3cda0e4af2a703afe09e4afedf00d5fbb2284df9af1d1ec9f15356c58fdcde45fff250568347f3b0b49e11e44c0a4d98a1e3393ce5d76614990f23b2e146842b166fb070894c128f957b0cc7d80a16275efd15659e0f81990062ebfdf9454d12e63d1ce1dad7848fcbab642a0d62ebb17abc824883e4c6e1e81992f28f5bbd7b26e2645c7941b03dd2f27c29baa2412976a05fa13d8fc4d6bd152a8668d986a9cf605b8b4a61600481e01bdd74c96d73390518add968100ac742aaf5dd7eb4ccf0868ee3ef7f12c32298737dea65bd5d7161dd679b4dd6799aa086bf3b8c889780ac102b7b1ebcf2569dd77f201d74d94a61400ced9c613414012b451628a96e6cc8fe738e964940f7b753065677776f3b5398975aeac974fced560667cead03a8976eb4229ff4e1bca5588d5d544cbca8588215a2f5ef7a5fc1a07438d3a3e05d21eb30d46f1688543d4327d36e07635396eaab4e9bc862ee9c7fa24de38c5cbf8fa5afd024116bc84854d01072145ecc4bb415d94a333e0d91e9cf6fda5a2c244a585e3a32c95398f44800c578faf4a2ccc5979664db7a55aa5cc02789f84321ccaeed4f37dd48c8d1484ade0588fc4255ec8780534a693e2bfe88b622034552084492c6757429239bbe8dad8b904e58007639ca773344040a441dc0027a46c22198f3d0b0588e164881a9fc7a85a63c459b0d002e3d890edd250742d363e85250badb91a734759baf773c32b177d36eefb662be70", 0x595) sendto$inet(r0, &(0x7f00000003c0), 0xfffffdef, 0x5940, 0x0, 0x0) [ 249.319860] hrtimer: interrupt took 37444 ns 17:13:53 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) getsockopt$IP_VS_SO_GET_SERVICES(r0, 0x0, 0x482, &(0x7f0000000040)=""/8, &(0x7f0000000080)=0x8) 17:13:53 executing program 4: r0 = socket(0x2, 0x802, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r1 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ftruncate(r1, 0x8007ffc) sendfile(r0, r1, 0x0, 0x400008bca) ioctl$KVM_PPC_GET_PVINFO(r0, 0x4080aea1, &(0x7f00000000c0)=""/188) 17:13:53 executing program 5: r0 = syz_open_dev$evdev(&(0x7f0000000300)='/dev/input/event#\x00', 0x6, 0x101001) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) write$evdev(r0, &(0x7f0000000000)=[{{0x0, 0x2710}, 0x1, 0x40000000000004f, 0x2}], 0x18) r2 = syz_open_dev$vbi(&(0x7f0000000040)='/dev/vbi#\x00', 0x0, 0x2) ioctl$sock_inet_SIOCSIFNETMASK(r2, 0x891c, &(0x7f00000002c0)={'ipddp0\x00', {0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x1f}}}) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x210900}, 0xc, &(0x7f0000000240)={&(0x7f0000000140)={0xec, r3, 0x800, 0x70bd27, 0x25dfdbfb, {}, [@TIPC_NLA_SOCK={0x1c, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0xf1}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xfffffffffffffbff}]}, @TIPC_NLA_LINK={0xbc, 0x4, [@TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x67ee8196}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x483b}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x4c, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10001}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x701a}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2400000000000000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffffffffffe}]}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}]}]}]}, 0xec}, 0x1, 0x0, 0x0, 0x884}, 0x800) 17:13:53 executing program 0: mmap(&(0x7f0000000000/0x8b000)=nil, 0x8b000, 0x4, 0x10, 0xffffffffffffffff, 0x0) futex(&(0x7f0000000240), 0x7, 0x0, 0x0, 0x0, 0x0) 17:13:53 executing program 2: socketpair$unix(0x1, 0x8000000000000001, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x29, 0x5, 0x0) close(r1) r2 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x2, 0x180) getsockopt$EBT_SO_GET_INIT_INFO(r2, 0x0, 0x82, &(0x7f00000000c0)={'nat\x00'}, &(0x7f0000000040)=0x78) r3 = socket$kcm(0x2b, 0x1, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0xd, &(0x7f0000000080), 0x2cb) close(r3) 17:13:53 executing program 0: mmap(&(0x7f0000000000/0x8b000)=nil, 0x8b000, 0x4, 0x10, 0xffffffffffffffff, 0x0) futex(&(0x7f0000000240), 0x7, 0x0, 0x0, 0x0, 0x0) 17:13:53 executing program 1: r0 = socket$bt_rfcomm(0x1f, 0x1, 0x3) clock_gettime(0x7, &(0x7f0000000000)={0x0, 0x0}) recvmmsg(r0, &(0x7f00000038c0)=[{{&(0x7f00000002c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}}}, 0x80, &(0x7f0000000740)=[{&(0x7f0000000340)=""/75, 0x4b}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f0000000440)=""/123, 0x7b}, {&(0x7f0000000540)=""/215, 0xd7}, {&(0x7f0000000640)=""/20, 0x14}, {&(0x7f0000000680)=""/37, 0x25}, {&(0x7f00000006c0)=""/13, 0xd}, {&(0x7f0000000700)=""/26, 0x1a}], 0x8, 0x0, 0x0, 0x3}, 0x9}, {{0x0, 0x0, &(0x7f0000000b80)=[{&(0x7f0000000940)=""/198, 0xc6}, {&(0x7f0000000a40)=""/103, 0x67}, {&(0x7f0000000ac0)=""/175, 0xaf}], 0x3, &(0x7f0000000bc0)=""/189, 0xbd, 0xffffffffffffff7f}, 0x435}, {{&(0x7f00000012c0)=@l2, 0x80, &(0x7f0000001340)=[{&(0x7f00000013c0)=""/4096, 0x1000}], 0x1, 0x0, 0x0, 0x6}, 0xfffffffffffffffa}, {{&(0x7f00000023c0)=@pptp={0x18, 0x2, {0x0, @loopback}}, 0x80, &(0x7f00000025c0)=[{&(0x7f0000002440)=""/186, 0xba}, {&(0x7f0000002500)=""/21, 0x15}, {&(0x7f0000002540)=""/88, 0x58}], 0x3, &(0x7f0000002600)=""/4096, 0x1000, 0x400}, 0x4}, {{&(0x7f0000003600)=@l2, 0x80, &(0x7f0000003780)=[{&(0x7f0000003680)=""/152, 0x98}, {&(0x7f0000003740)}], 0x2, &(0x7f00000037c0)=""/220, 0xdc, 0x100}, 0xb}], 0x5, 0x102, &(0x7f0000003b00)={r1, r2+30000000}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) r4 = openat$audio(0xffffffffffffff9c, &(0x7f00000007c0)='/dev/audio\x00', 0xa00, 0x0) ioctl$TIOCCONS(r4, 0x541d) ioctl$TCXONC(r4, 0x540a, 0x5) bind$alg(r3, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha1\x00'}, 0x58) openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x400, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b005e381e5b3b60ced5c54dbb7", 0x10) r5 = accept$alg(r3, 0x0, 0x0) recvmmsg(r5, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x167, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x3ed, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) 17:13:53 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socketpair(0x1e, 0x4, 0x0, &(0x7f0000000280)={0x0, 0x0}) getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r3, 0x84, 0xc, &(0x7f0000000880), &(0x7f00000008c0)=0x4) ioctl$FICLONERANGE(r2, 0x4020940d, &(0x7f0000000900)={r0, 0x0, 0x0, 0xffff, 0x8}) r4 = socket$nl_generic(0x10, 0x3, 0x10) getresuid(&(0x7f0000000040), &(0x7f00000000c0)=0x0, &(0x7f00000001c0)) r6 = getuid() r7 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000ac0)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DAEMON(r2, &(0x7f0000000bc0)={&(0x7f0000000a80)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000b80)={&(0x7f0000000b00)={0x54, r7, 0xa00, 0x70bd2a, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xa37a}, @IPVS_CMD_ATTR_DEST={0x38, 0x2, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x80000000}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x1}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e24}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e20}, @IPVS_DEST_ATTR_ADDR={0x14, 0x1, @ipv4=@remote}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x400c050}, 0x44) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, &(0x7f0000000940)={0x0, 0x8c, "fe1da514d57398a064887104d72c4af2f88ce3f47f398d0b6a34676b5c06185525ad269fe605f29b286fc9231f59dd0e9d244cf1d39587e65fa35d30c5090680723d24dadbfff45c31ff910c51a8d0450da9a936889cbb366847e4c7fe837bd3493da6487e8778f97848bd0cba90c2fbb9e9db0bf9a0a58f3d34510f73d61166f31b07efe8308b0de60e6f5d"}, &(0x7f0000000a00)=0x94) setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r3, 0x84, 0x19, &(0x7f0000000a40)={r8, 0x1}, 0x8) fstat(r4, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r10 = getegid() setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f00000002c0)=@nat={'nat\x00', 0x1b, 0x5, 0x558, 0x228, 0x3f0, 0x0, 0x3f0, 0x3f0, 0x4c0, 0x4c0, 0x4c0, 0x4c0, 0x4c0, 0x5, &(0x7f0000000140), {[{{@ip={@dev={0xac, 0x14, 0x14, 0xc}, @loopback, 0xffffff00, 0xff, 'syzkaller1\x00', 'bridge0\x00', {0xff}, {}, 0xd, 0x3, 0x22}, 0x0, 0x1f0, 0x228, 0x0, {}, [@common=@inet=@policy={0x158, 'policy\x00', 0x0, {[{@ipv4=@local, [0xffffff00, 0xff000000, 0x0, 0xffffffff], @ipv6=@mcast2, [0xffffff00, 0x0, 0xff000000, 0xffffffff], 0x4d6, 0x34ff, 0x2e, 0x1, 0x6, 0x18}, {@ipv4=@local, [0xffffffff, 0xffffff00, 0xff000000, 0xffffff00], @ipv4=@loopback, [0xffffffff, 0xffffff00, 0x0, 0xffffffff], 0x4d3, 0x3504, 0x2f, 0x0, 0x4, 0x2}, {@ipv4=@remote, [0xff, 0xffffffff, 0xffffffff, 0xffffffff], @ipv6=@loopback, [0xffffff00, 0x0, 0xffffff00, 0xff], 0x4d4, 0x3503, 0x6e, 0x1, 0x1b, 0xa}, {@ipv4=@multicast2, [0x0, 0xff, 0xffffffff, 0xffffffff], @ipv6=@dev={0xfe, 0x80, [], 0x1f}, [0xff000000, 0xff, 0xffffffff, 0xffffffff], 0x4d4, 0x3501, 0x0, 0x1, 0x3}], 0xf, 0x3}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x12, @multicast2, @empty, @gre_key=0x80000001, @gre_key=0x1}}}}, {{@uncond, 0x0, 0x98, 0xc0}, @common=@unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x0, {0x1}}}, {{@ip={@multicast1, @empty, 0xffffffff, 0xffffff00, 'team_slave_0\x00', 'veth1_to_bond\x00', {0xff}, {0xff}, 0xff, 0x1, 0x10}, 0x0, 0xd0, 0x108, 0x0, {}, [@common=@unspec=@owner={0x38, 'owner\x00', 0x0, {r5, r6, r9, r10, 0x2, 0x3}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x1, @empty, @loopback, @icmp_id=0x67, @gre_key=0x80}}}}, {{@uncond, 0x0, 0x98, 0xd0}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0x2, 0x4, 0x200}, {0x2, 0x5, 0xfffffffffffffffa}, {0x2222e094, 0x9, 0xfffffffeffffffff}, 0x1f, 0x6}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x5b8) sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c313b7fe037137721000000fcff400001000000000029bcbe620000009458b6d49a00000000"], 0x1c}}, 0x0) 17:13:54 executing program 4: r0 = socket(0x2, 0x802, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x32) r1 = open(&(0x7f0000074000)='./file0\x00', 0x141046, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ftruncate(r1, 0x8007ffc) sendfile(r0, r1, 0x0, 0x400008bca) ioctl$KVM_PPC_GET_PVINFO(r0, 0x4080aea1, &(0x7f00000000c0)=""/188) 17:13:54 executing program 0: mmap(&(0x7f0000000000/0x8b000)=nil, 0x8b000, 0x4, 0x10, 0xffffffffffffffff, 0x0) futex(&(0x7f0000000240), 0x7, 0x0, 0x0, 0x0, 0x0) 17:13:54 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffff9c, 0x8904, 0x0) process_vm_writev(0x0, 0x0, 0x0, &(0x7f00000002c0)=[{0x0}, {&(0x7f0000000200)=""/162, 0xa2}], 0x2, 0x0) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x20000, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x1020015, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup2(r3, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4c, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="11634840000000000000000000000000000000000000000000000000000000000000000028000000000000000800000000000000", @ANYPTR=&(0x7f0000000580)=ANY=[@ANYBLOB="852a6877000000000000000000000000020000000000000000000000000000000000000000000000"], @ANYPTR=&(0x7f00000005c0)=ANY=[@ANYBLOB="0000000003003f10"], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x0, 0x0}) 17:13:54 executing program 3: socket$inet(0x2, 0x1, 0x3) r0 = socket$inet(0x2, 0x6000000000000001, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) r3 = socket$l2tp(0x18, 0x1, 0x1) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0a5c2d023c126285718070") close(r2) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @remote}, 0x10) socket$xdp(0x2c, 0x3, 0x0) sendto$inet(r0, 0x0, 0x0, 0x20000802, &(0x7f0000000040)={0x2, 0x404e23, @remote}, 0x10) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, 0x0, &(0x7f0000000640)) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000140)='veth1_to_bridge\x00', 0x10) write$binfmt_elf32(r0, &(0x7f0000001480)={{0x7f, 0x45, 0x4c, 0x46, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38}, [{}], "", [[], [], [], [], []]}, 0x558) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, 0x0, 0x0) r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x2, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r4, &(0x7f0000000180)={0x1, 0x100}, 0x2) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, 0x0, 0x0) sendto$inet(r0, &(0x7f00000000c0)="8b", 0x1, 0x4000101, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='tunl0\x00\x00\x00\x00\x00\x00\x00\xe4\xa1\x00', 0x10) write(r0, &(0x7f0000000ec0)="89f9d765312b4001000000b0967bdae72ee5094371136a6477ba0a51a2969dbc2d4028ac7b5af67f178f9314ea2bb3ac1c442eaf749c21ae2af8e39a40c3dc032e6f8eb738786a79df71302ff3b5d42731597d995bed6103ff63b9a908bcc05e0400000092bdf4d3282f62d6928117f82c2dae48742dac857de846096e82c1a02e1edcadda721a3f8dc9a54da05d467ed35b6f931d8686986960e756048c61c2a2c374c318d21d7a7ef550779190066e82ea3f6724a9f61ff028ec7e8d7a04352e7a78f777a68b823abb646bdc55dbde285ce15bf45820f0ae20e4023f57c71f8b41e08eff14c3441485c6f54a30750c780852dad879d6d4be7243bd07f841f89009000000c23d6b4f70fe48b54577449cfcbc4d5dbefb8b465d45bc2d11afbe7bfbe6ca76ac259e634eebf8db694ff02fe2b4c80783b443ef68287e9cf7cbcc2ee196f10c4ffb3f59e4921e0f9f08cba9a2c56c49fa7465b4836da5b2d9b142763889caa718d8a4fcb2f3ef6dc6185708fb1e0f9081d29fb3defae8c525f07437c7835b4eac8f86e2a22a81eff4120340e4a379446aac45dbff791d147805cd2748d74b8996c9b51ec03b410ef8fe126117fbf106795bc1b25d8dd786b6496bd743b7c75c638b516214ff56ec99a9c0f2919fa781cd8b4f2f2e425a6780c630a05c8e60011bc8e10055a6b6b652e5a13c73fd96f79038a65d6991ac38899ab98486d92bbcffdcf39a08a248ae1045ff8c6123de2f15d9ac360a3497c07001a3a1936ff1c03194ace131d380f515629ff016bd890ff822704c0db8bc68efad2eace5466628e7d6c2f2b3043698c46fdd62588fc54b72a786af0d026353879892c58007f7988a3f2240a43303218cc1df27807bfbde117c505f060396850a82459830a89a6a8601ea2e47f2e41379d110b96576f8f7705bba7ec63d6b44ccf84073cf9bdcf1aee48cb60c2f6dd3e89f3626a5e23339ea99c918d76a43fecf7401f7550e8eaefa4d84f1143320599daf7699858b2bf408e9093aa91d6dd9ae39d8decf3f7a199b0c1918d47be3b7aeff9a8c10efabe787b43141e7abaa4317158864b0361568140ab79cade1223c3ef81da4c4eefdd5b21fcc1b87872fc3b346737105589b84ba9814679b7510ed9b4f290083ee634ae12243ccc63413d7bc35eee0d1a4bc9dd33c37f5130303edddfc2636ffbf1ee0febb953436710c2ed9bd001d2ebe878788ddf7f7ad55b7a8cbcb348e82cd65b59315858086606115d04a3cda0e4af2a703afe09e4afedf00d5fbb2284df9af1d1ec9f15356c58fdcde45fff250568347f3b0b49e11e44c0a4d98a1e3393ce5d76614990f23b2e146842b166fb070894c128f957b0cc7d80a16275efd15659e0f81990062ebfdf9454d12e63d1ce1dad7848fcbab642a0d62ebb17abc824883e4c6e1e81992f28f5bbd7b26e2645c7941b03dd2f27c29baa2412976a05fa13d8fc4d6bd152a8668d986a9cf605b8b4a61600481e01bdd74c96d73390518add968100ac742aaf5dd7eb4ccf0868ee3ef7f12c32298737dea65bd5d7161dd679b4dd6799aa086bf3b8c889780ac102b7b1ebcf2569dd77f201d74d94a61400ced9c613414012b451628a96e6cc8fe738e964940f7b753065677776f3b5398975aeac974fced560667cead03a8976eb4229ff4e1bca5588d5d544cbca8588215a2f5ef7a5fc1a07438d3a3e05d21eb30d46f1688543d4327d36e07635396eaab4e9bc862ee9c7fa24de38c5cbf8fa5afd024116bc84854d01072145ecc4bb415d94a333e0d91e9cf6fda5a2c244a585e3a32c95398f44800c578faf4a2ccc5979664db7a55aa5cc02789f84321ccaeed4f37dd48c8d1484ade0588fc4255ec8780534a693e2bfe88b622034552084492c6757429239bbe8dad8b904e58007639ca773344040a441dc0027a46c22198f3d0b0588e164881a9fc7a85a63c459b0d002e3d890edd250742d363e85250badb91a734759baf773c32b177d36eefb662be70", 0x595) sendto$inet(r0, &(0x7f00000003c0), 0xfffffdef, 0x5940, 0x0, 0x0) 17:13:54 executing program 0: mmap(&(0x7f0000000000/0x8b000)=nil, 0x8b000, 0x4, 0x10000032, 0xffffffffffffffff, 0x0) futex(0x0, 0x7, 0x0, 0x0, 0x0, 0x0) [ 249.931150] binder_alloc: 7744: binder_alloc_buf, no vma [ 249.968243] binder: 7744:7745 transaction failed 29189/-3, size 40-8 line 2973 17:13:54 executing program 5: setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, 0x0, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000000480), 0x0, 0x0) r0 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000240)={&(0x7f00000001c0)='./file0\x00', 0x0, 0x8}, 0x10) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000180)=0xc) socket$vsock_stream(0x28, 0x1, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_setup(0x7, &(0x7f0000000200)) r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000300)='/dev/mixer\x00', 0x101000, 0x0) pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$IOC_PR_PREEMPT_ABORT(r1, 0x401870cc, &(0x7f0000000280)={0x6, 0x7ff, 0xc9a, 0x10001}) getsockopt$inet6_buf(r4, 0x29, 0x32, &(0x7f0000000800)=""/4096, 0x0) r5 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x200000, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f0000000580)={0x0, 0x3, 0x2, 0x80, 0x1e, 0x200}, &(0x7f00000005c0)=0x14) openat$ashmem(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ashmem\x00', 0x8800, 0x0) r6 = memfd_create(&(0x7f0000000140)='t\bnu\xf7\xff\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0) vmsplice(r5, &(0x7f00000000c0)=[{&(0x7f0000000600)="88aabee37656ee02d774f82f49e19b8e47bc7b270777a1348780d7c41eb143693f732bec1cb807635e4bc2489972db3ba8004797bc7d4f5f25abea6844ff7b1da01b3a9fe6", 0x45}], 0x1, 0x6) fcntl$F_GET_RW_HINT(r3, 0x40b, &(0x7f0000000100)) pwritev(r6, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r6) sendmsg$IPVS_CMD_SET_SERVICE(r6, 0x0, 0x0) keyctl$get_security(0x11, 0x0, &(0x7f0000000480)=""/5, 0x5) sendfile(r1, r6, &(0x7f0000000380)=0x4, 0x2000005) ioctl$LOOP_CLR_FD(r1, 0x4c01) socket(0x0, 0x0, 0x10001) ioctl$LOOP_SET_FD(r1, 0x4c00, r6) 17:13:54 executing program 2: r0 = socket(0x1e, 0x1, 0x0) getsockname$inet(r0, &(0x7f0000000000), &(0x7f0000000480)=0x10) writev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000000), 0x1e6}], 0x1038) sendmmsg(r0, &(0x7f0000000080), 0x1c0, 0x0) r1 = syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x2, 0x80) ioctl$VIDIOC_G_PARM(r1, 0xc0cc5615, &(0x7f00000000c0)={0x9, @capture={0x1000, 0x1, {0x0, 0x8000}, 0x3, 0xff}}) [ 250.087530] binder: undelivered TRANSACTION_ERROR: 29189 17:13:54 executing program 0: mmap(&(0x7f0000000000/0x8b000)=nil, 0x8b000, 0x4, 0x10000032, 0xffffffffffffffff, 0x0) futex(0x0, 0x7, 0x0, 0x0, 0x0, 0x0) 17:13:54 executing program 2: openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x64a500, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x1, 0x0) syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x3, 0x2) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00') preadv(r0, &(0x7f0000000480), 0x10000000000002a1, 0x1c) 17:13:54 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x6}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x12, &(0x7f0000000100)=0x40, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmmsg(r0, &(0x7f000000ac80), 0x66, 0x0) [ 250.266800] print_req_error: I/O error, dev loop3, sector 124 [ 250.283886] print_req_error: I/O error, dev loop3, sector 124 [ 250.310773] syz-executor3 (7742) used greatest stack depth: 12928 bytes left [ 250.379673] print_req_error: I/O error, dev loop3, sector 0 [ 250.385568] Buffer I/O error on dev loop3, logical block 0, lost async page write [ 250.393668] print_req_error: I/O error, dev loop3, sector 4 [ 250.399473] Buffer I/O error on dev loop3, logical block 1, lost async page write [ 250.407478] print_req_error: I/O error, dev loop3, sector 8 [ 250.414056] Buffer I/O error on dev loop3, logical block 2, lost async page write [ 250.421814] print_req_error: I/O error, dev loop3, sector 12 [ 250.427639] Buffer I/O error on dev loop3, logical block 3, lost async page write [ 250.435801] print_req_error: I/O error, dev loop3, sector 16 [ 250.441705] Buffer I/O error on dev loop3, logical block 4, lost async page write [ 250.449723] print_req_error: I/O error, dev loop3, sector 20 [ 250.455584] Buffer I/O error on dev loop3, logical block 5, lost async page write [ 250.464519] print_req_error: I/O error, dev loop3, sector 24 [ 250.470429] Buffer I/O error on dev loop3, logical block 6, lost async page write [ 250.478093] print_req_error: I/O error, dev loop3, sector 28 [ 250.484272] Buffer I/O error on dev loop3, logical block 7, lost async page write [ 250.492051] Buffer I/O error on dev loop3, logical block 8, lost async page write [ 250.500061] Buffer I/O error on dev loop3, logical block 9, lost async page write 17:13:54 executing program 1: r0 = socket$bt_rfcomm(0x1f, 0x1, 0x3) clock_gettime(0x7, &(0x7f0000000000)={0x0, 0x0}) recvmmsg(r0, &(0x7f00000038c0)=[{{&(0x7f00000002c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}}}, 0x80, &(0x7f0000000740)=[{&(0x7f0000000340)=""/75, 0x4b}, {&(0x7f00000003c0)=""/68, 0x44}, {&(0x7f0000000440)=""/123, 0x7b}, {&(0x7f0000000540)=""/215, 0xd7}, {&(0x7f0000000640)=""/20, 0x14}, {&(0x7f0000000680)=""/37, 0x25}, {&(0x7f00000006c0)=""/13, 0xd}, {&(0x7f0000000700)=""/26, 0x1a}], 0x8, 0x0, 0x0, 0x3}, 0x9}, {{0x0, 0x0, &(0x7f0000000b80)=[{&(0x7f0000000940)=""/198, 0xc6}, {&(0x7f0000000a40)=""/103, 0x67}, {&(0x7f0000000ac0)=""/175, 0xaf}], 0x3, &(0x7f0000000bc0)=""/189, 0xbd, 0xffffffffffffff7f}, 0x435}, {{&(0x7f00000012c0)=@l2, 0x80, &(0x7f0000001340)=[{&(0x7f00000013c0)=""/4096, 0x1000}], 0x1, 0x0, 0x0, 0x6}, 0xfffffffffffffffa}, {{&(0x7f00000023c0)=@pptp={0x18, 0x2, {0x0, @loopback}}, 0x80, &(0x7f00000025c0)=[{&(0x7f0000002440)=""/186, 0xba}, {&(0x7f0000002500)=""/21, 0x15}, {&(0x7f0000002540)=""/88, 0x58}], 0x3, &(0x7f0000002600)=""/4096, 0x1000, 0x400}, 0x4}, {{&(0x7f0000003600)=@l2, 0x80, &(0x7f0000003780)=[{&(0x7f0000003680)=""/152, 0x98}, {&(0x7f0000003740)}], 0x2, &(0x7f00000037c0)=""/220, 0xdc, 0x100}, 0xb}], 0x5, 0x102, &(0x7f0000003b00)={r1, r2+30000000}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) r4 = openat$audio(0xffffffffffffff9c, &(0x7f00000007c0)='/dev/audio\x00', 0xa00, 0x0) ioctl$TIOCCONS(r4, 0x541d) ioctl$TCXONC(r4, 0x540a, 0x5) bind$alg(r3, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha1\x00'}, 0x58) openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x400, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000ff8000)="0a0775b005e381e5b3b60ced5c54dbb7", 0x10) r5 = accept$alg(r3, 0x0, 0x0) recvmmsg(r5, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x167, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x3ed, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) 17:13:54 executing program 0: mmap(&(0x7f0000000000/0x8b000)=nil, 0x8b000, 0x4, 0x10000032, 0xffffffffffffffff, 0x0) futex(0x0, 0x7, 0x0, 0x0, 0x0, 0x0) 17:13:54 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r1 = msgget(0x0, 0x0) msgctl$MSG_INFO(r1, 0xc, &(0x7f0000000280)=""/252) r2 = openat$cgroup_int(r0, &(0x7f0000000040)='memory.high\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000440)}}, 0x20) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000600)='net/dev_snmp6\x00') mkdir(&(0x7f0000000000)='./file0\x00', 0x0) perf_event_open(&(0x7f000000a000)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x8000000200000000, 0x800007f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(&(0x7f0000000140), &(0x7f0000343ff8)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) write$RDMA_USER_CM_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000004c0)={0xa, 0x4}, 0xc) writev(r2, &(0x7f0000000700), 0x10000000000000ea) io_setup(0x3ff, &(0x7f0000000100)) dup(r2) openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) 17:13:54 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket(0x11, 0x2, 0x0) setsockopt(r1, 0x107, 0x1, &(0x7f0000d52ff0)="010000000000060000071a80000001cc", 0x10) close(r1) close(r0) 17:13:55 executing program 0: mmap(&(0x7f0000000000/0x8b000)=nil, 0x8b000, 0x4, 0x10000032, 0xffffffffffffffff, 0x0) futex(&(0x7f0000000240), 0x0, 0x0, 0x0, 0x0, 0x0) 17:13:55 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$sock_inet_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f0000000040)={'ip6_vti0\x00', {0x2, 0x4e23, @multicast1}}) fcntl$getownex(r0, 0x10, &(0x7f000045fff8)={0x0, 0x0}) r3 = syz_open_dev$radio(&(0x7f0000000080)='/dev/radio#\x00', 0x2, 0x2) write$FUSE_NOTIFY_STORE(0xffffffffffffffff, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000100)=@assoc_id=0x0, &(0x7f0000000140)=0x4) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r3, 0x84, 0xf, &(0x7f00000002c0)={r4, @in={{0x2, 0x4e23, @broadcast}}, 0x200, 0x4, 0x1, 0x5, 0xc01}, &(0x7f0000000200)=0x98) tgkill(r2, r2, 0x2f) ptrace$getsig(0x4202, r2, 0x0, &(0x7f0000000240)) ioctl$PPPIOCGCHAN(r3, 0x80047437, &(0x7f0000000000)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r3, 0xc0305302, &(0x7f00000000c0)={0x4, 0x4, 0x4, 0x100, 0x8, 0x3}) ioctl$SNDRV_TIMER_IOCTL_STOP(r3, 0x54a1) 17:13:55 executing program 5: setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, 0x0, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000000480), 0x0, 0x0) r0 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000240)={&(0x7f00000001c0)='./file0\x00', 0x0, 0x8}, 0x10) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000180)=0xc) socket$vsock_stream(0x28, 0x1, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_setup(0x7, &(0x7f0000000200)) r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000300)='/dev/mixer\x00', 0x101000, 0x0) pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$IOC_PR_PREEMPT_ABORT(r1, 0x401870cc, &(0x7f0000000280)={0x6, 0x7ff, 0xc9a, 0x10001}) getsockopt$inet6_buf(r4, 0x29, 0x32, &(0x7f0000000800)=""/4096, 0x0) r5 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x200000, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f0000000580)={0x0, 0x3, 0x2, 0x80, 0x1e, 0x200}, &(0x7f00000005c0)=0x14) openat$ashmem(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ashmem\x00', 0x8800, 0x0) r6 = memfd_create(&(0x7f0000000140)='t\bnu\xf7\xff\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0) vmsplice(r5, &(0x7f00000000c0)=[{&(0x7f0000000600)="88aabee37656ee02d774f82f49e19b8e47bc7b270777a1348780d7c41eb143693f732bec1cb807635e4bc2489972db3ba8004797bc7d4f5f25abea6844ff7b1da01b3a9fe6", 0x45}], 0x1, 0x6) fcntl$F_GET_RW_HINT(r3, 0x40b, &(0x7f0000000100)) pwritev(r6, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r6) sendmsg$IPVS_CMD_SET_SERVICE(r6, 0x0, 0x0) keyctl$get_security(0x11, 0x0, &(0x7f0000000480)=""/5, 0x5) sendfile(r1, r6, &(0x7f0000000380)=0x4, 0x2000005) ioctl$LOOP_CLR_FD(r1, 0x4c01) socket(0x0, 0x0, 0x10001) ioctl$LOOP_SET_FD(r1, 0x4c00, r6) 17:13:55 executing program 0: mmap(&(0x7f0000000000/0x8b000)=nil, 0x8b000, 0x4, 0x10000032, 0xffffffffffffffff, 0x0) futex(&(0x7f0000000240), 0x0, 0x0, 0x0, 0x0, 0x0) 17:13:55 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x6}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x12, &(0x7f0000000100)=0x40, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmmsg(r0, &(0x7f000000ac80), 0x66, 0x0) [ 251.092672] sctp: [Deprecated]: syz-executor2 (pid 7797) Use of int in maxseg socket option. [ 251.092672] Use struct sctp_assoc_value instead 17:13:55 executing program 0: mmap(&(0x7f0000000000/0x8b000)=nil, 0x8b000, 0x4, 0x10000032, 0xffffffffffffffff, 0x0) futex(&(0x7f0000000240), 0x0, 0x0, 0x0, 0x0, 0x0) [ 251.195750] sctp: [Deprecated]: syz-executor2 (pid 7808) Use of int in maxseg socket option. [ 251.195750] Use struct sctp_assoc_value instead 17:13:55 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$sock_inet_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f0000000040)={'ip6_vti0\x00', {0x2, 0x4e23, @multicast1}}) fcntl$getownex(r0, 0x10, &(0x7f000045fff8)={0x0, 0x0}) r3 = syz_open_dev$radio(&(0x7f0000000080)='/dev/radio#\x00', 0x2, 0x2) write$FUSE_NOTIFY_STORE(0xffffffffffffffff, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000100)=@assoc_id=0x0, &(0x7f0000000140)=0x4) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r3, 0x84, 0xf, &(0x7f00000002c0)={r4, @in={{0x2, 0x4e23, @broadcast}}, 0x200, 0x4, 0x1, 0x5, 0xc01}, &(0x7f0000000200)=0x98) tgkill(r2, r2, 0x2f) ptrace$getsig(0x4202, r2, 0x0, &(0x7f0000000240)) ioctl$PPPIOCGCHAN(r3, 0x80047437, &(0x7f0000000000)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r3, 0xc0305302, &(0x7f00000000c0)={0x4, 0x4, 0x4, 0x100, 0x8, 0x3}) ioctl$SNDRV_TIMER_IOCTL_STOP(r3, 0x54a1) 17:13:55 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$sock_inet_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f0000000040)={'ip6_vti0\x00', {0x2, 0x4e23, @multicast1}}) fcntl$getownex(r0, 0x10, &(0x7f000045fff8)={0x0, 0x0}) r3 = syz_open_dev$radio(&(0x7f0000000080)='/dev/radio#\x00', 0x2, 0x2) write$FUSE_NOTIFY_STORE(0xffffffffffffffff, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000100)=@assoc_id=0x0, &(0x7f0000000140)=0x4) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r3, 0x84, 0xf, &(0x7f00000002c0)={r4, @in={{0x2, 0x4e23, @broadcast}}, 0x200, 0x4, 0x1, 0x5, 0xc01}, &(0x7f0000000200)=0x98) tgkill(r2, r2, 0x2f) ptrace$getsig(0x4202, r2, 0x0, &(0x7f0000000240)) ioctl$PPPIOCGCHAN(r3, 0x80047437, &(0x7f0000000000)) ioctl$SNDRV_SEQ_IOCTL_SYSTEM_INFO(r3, 0xc0305302, &(0x7f00000000c0)={0x4, 0x4, 0x4, 0x100, 0x8, 0x3}) ioctl$SNDRV_TIMER_IOCTL_STOP(r3, 0x54a1) [ 251.529243] sctp: [Deprecated]: syz-executor2 (pid 7825) Use of int in maxseg socket option. [ 251.529243] Use struct sctp_assoc_value instead [ 251.660823] sctp: [Deprecated]: syz-executor0 (pid 7829) Use of int in maxseg socket option. [ 251.660823] Use struct sctp_assoc_value instead [ 251.692021] FS-Cache: Duplicate cookie detected [ 251.696714] FS-Cache: O-cookie c=00000000c52533d0 [p=0000000086323b42 fl=212 nc=0 na=0] [ 251.704941] FS-Cache: O-cookie d= (null) n= (null) [ 251.711536] FS-Cache: O-key=[10] '0200020000807f000008' [ 251.717051] FS-Cache: N-cookie c=00000000abed59ef [p=0000000086323b42 fl=2 nc=0 na=1] [ 251.725097] FS-Cache: N-cookie d=0000000062d938d9 n=000000004f1c88eb [ 251.731631] FS-Cache: N-key=[10] '0200020000807f000008' 17:13:56 executing program 2 (fault-call:1 fault-nth:0): mmap(&(0x7f0000000000/0x8b000)=nil, 0x8b000, 0x4, 0x10000032, 0xffffffffffffffff, 0x0) futex(&(0x7f0000000240), 0x7, 0x0, 0x0, 0x0, 0x0) 17:13:56 executing program 5: setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, 0x0, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000000480), 0x0, 0x0) r0 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000240)={&(0x7f00000001c0)='./file0\x00', 0x0, 0x8}, 0x10) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000500), &(0x7f0000000180)=0xc) socket$vsock_stream(0x28, 0x1, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000400)='/dev/loop#\x00', 0x3, 0x182) io_setup(0x7, &(0x7f0000000200)) r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000300)='/dev/mixer\x00', 0x101000, 0x0) pipe(&(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$IOC_PR_PREEMPT_ABORT(r1, 0x401870cc, &(0x7f0000000280)={0x6, 0x7ff, 0xc9a, 0x10001}) getsockopt$inet6_buf(r4, 0x29, 0x32, &(0x7f0000000800)=""/4096, 0x0) r5 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x200000, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f0000000580)={0x0, 0x3, 0x2, 0x80, 0x1e, 0x200}, &(0x7f00000005c0)=0x14) openat$ashmem(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ashmem\x00', 0x8800, 0x0) r6 = memfd_create(&(0x7f0000000140)='t\bnu\xf7\xff\x00\x00\x00\x00\x00\x00\x00\x8c\x00', 0x0) vmsplice(r5, &(0x7f00000000c0)=[{&(0x7f0000000600)="88aabee37656ee02d774f82f49e19b8e47bc7b270777a1348780d7c41eb143693f732bec1cb807635e4bc2489972db3ba8004797bc7d4f5f25abea6844ff7b1da01b3a9fe6", 0x45}], 0x1, 0x6) fcntl$F_GET_RW_HINT(r3, 0x40b, &(0x7f0000000100)) pwritev(r6, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81805) ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r6) sendmsg$IPVS_CMD_SET_SERVICE(r6, 0x0, 0x0) keyctl$get_security(0x11, 0x0, &(0x7f0000000480)=""/5, 0x5) sendfile(r1, r6, &(0x7f0000000380)=0x4, 0x2000005) ioctl$LOOP_CLR_FD(r1, 0x4c01) socket(0x0, 0x0, 0x10001) ioctl$LOOP_SET_FD(r1, 0x4c00, r6) 17:13:56 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mount(0x0, 0x0, &(0x7f0000000180)='gfs2meta\x00', 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="6edbdd12e52b87db8c3f3bb41422810015ddb6085b1b69ac11"]) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000140)='tmpfs\x00', 0x0, &(0x7f0000000180)) 17:13:56 executing program 0: r0 = shmget$private(0x0, 0xfffffffffeffffff, 0x78000f70, &(0x7f0000ffc000/0x2000)=nil) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) ioctl$KVM_HAS_DEVICE_ATTR(r1, 0x4018aee3, &(0x7f0000000100)={0x0, 0x6, 0x1000, &(0x7f00000000c0)=0x4000000000006}) recvmsg(r1, &(0x7f00000003c0)={&(0x7f0000000180)=@ll={0x11, 0x0, 0x0}, 0x80, &(0x7f00000002c0)=[{&(0x7f0000000200)=""/96, 0x60}, {&(0x7f0000000280)=""/30, 0x1e}], 0x2, &(0x7f0000000300)=""/167, 0xa7}, 0x3) setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000400)={r2, 0x1, 0x6, @broadcast}, 0x10) shmctl$IPC_RMID(r0, 0x0) fanotify_mark(r1, 0x81, 0x8000000, r1, &(0x7f0000000140)='./file0\x00') r3 = socket$inet6_sctp(0xa, 0x0, 0x84) syz_open_dev$amidi(&(0x7f00000006c0)='/dev/amidi#\x00', 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000440)={'vcan0\x00', 0x0}) r5 = creat(&(0x7f0000000000)='./file0\x00', 0x80) setsockopt$TIPC_IMPORTANCE(r5, 0x10f, 0x7f, &(0x7f0000000040)=0x100000000, 0x4) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000480)={{{@in=@remote, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast1}, 0x0, @in=@dev}}, &(0x7f0000000580)=0xe8) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f00000005c0)={{{@in6=@mcast2, @in=@broadcast, 0x4e23, 0xa89, 0x4e24, 0x7, 0x2, 0x20, 0x80, 0x3c, r4, r6}, {0x7, 0x4, 0x80000000, 0x12a, 0x0, 0x800, 0x0, 0x6}, {0x2, 0x0, 0x5}, 0x929c, 0x6e6bb9, 0x0, 0x0, 0x2}, {{@in6=@loopback, 0x4d2, 0x33}, 0x2, @in6=@remote, 0x3505, 0x4, 0x3, 0x0, 0xdb, 0x100000000, 0x40}}, 0xe8) 17:13:56 executing program 4: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x401000000001, 0x0) r2 = inotify_add_watch(0xffffffffffffffff, &(0x7f0000000000)='./bus\x00', 0x100) inotify_rm_watch(0xffffffffffffffff, r2) close(r1) socket$netlink(0x10, 0x3, 0xa) r3 = open(&(0x7f0000000400)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x2007fff) sendfile(r0, r3, 0x0, 0xdb) ftruncate(0xffffffffffffffff, 0x4820f) 17:13:56 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write$binfmt_script(r1, &(0x7f0000000080)={'#! ', './file0', [{0x20, 'mime_typewlan0bdevnodev{*system'}, {}, {0x20, 'vmnet0md5sum'}, {0x20, 'cpusetkeyringvmnet1ppp1%proc:security'}, {0x20, 'usernodev@/systemnodev'}, {0x20, 'Gvmnet0securityusertrustedem0user*ppp1'}, {0x20, 'proc$'}, {}, {0x20, ':'}], 0xa, "03e008bad969e3870c27193c47ad16d617d57dee6830bd5379d61e2bdd6a0975ab255a478ba430d74c6a73193c3d5fc7f4182d389885e818b0866e4098fb07ff3b0ea9bb706d4670bd5f6237eaea041f1dd225532f72f75182327c28dc2bf20c463370aa4dea41493ed2645a498fb33b300590bfa1d92e53b1ff3a3b9be10cbf23cf2f95d615e57f09354fc7d2dd40d7c7e2d88bd2bf0a7d15e798446230756cb4534f8d29436950b5ff4906566569e2de1dadba04067d47444daba63cc4aa4900b42c9a4e77f6391cf9a7cb5ad7fc4713e47642d985e66a51bc38fd672b4941c88808499f08424350f5854b269e75e7df8ea98bd20091"}, 0x19d) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = fcntl$dupfd(r1, 0x406, r0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) clock_gettime(0x0, &(0x7f0000000340)={0x0, 0x0}) write$evdev(r3, &(0x7f0000000380)=[{{}, 0x17, 0x80, 0xa75e}, {{0x77359400}, 0x0, 0x80000000, 0x8}, {{0x77359400}, 0x12, 0x9, 0xfffffffffffffff7}, {{0x0, 0x2710}, 0x3, 0x1, 0x287}, {{r4, r5/1000+30000}, 0x0, 0xbfe, 0x8}, {{0x77359400}, 0x0, 0x7ff, 0x6}, {{0x0, 0x7530}, 0x12, 0x6, 0x6}, {{r6, r7/1000+10000}, 0x17, 0x2, 0xfffffffffffff19b}], 0xc0) r8 = fcntl$dupfd(r1, 0x0, r1) ioctl$sock_bt_hci(r2, 0x0, 0x0) ioctl$FS_IOC_GETFSLABEL(r8, 0x81009431, &(0x7f0000000240)) bind$bt_rfcomm(r8, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x2}}, 0xa) dup3(r8, r8, 0x400000011080000) r9 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000480)='TIPCv2\x00') sendmsg$TIPC_NL_SOCK_GET(r3, &(0x7f0000000840)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000800)={&(0x7f00000004c0)={0x310, r9, 0x400, 0x70bd29, 0x25dfdbfc, {}, [@TIPC_NLA_SOCK={0x18, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8}]}, @TIPC_NLA_NET={0x1c, 0x7, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5}, @TIPC_NLA_NET_NODEID_W1={0xc}]}, @TIPC_NLA_MON={0x14, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x30a1f371}]}, @TIPC_NLA_MEDIA={0xc8, 0x5, [@TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x376b8f51}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffffffffff8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb96a}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffeffffffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}]}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffffffffbff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}]}]}, @TIPC_NLA_NET={0x28, 0x7, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x37}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x200000000}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x934b}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x558}]}, @TIPC_NLA_MEDIA={0x14c, 0x5, [@TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3e000000000000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}]}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7d}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3ff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}]}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xe3b0}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1ff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffffffffe00}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x100000000}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x4c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8001}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9b7a4c5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}]}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x800}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xd529}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80000001}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3d3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_MEDIA={0x78, 0x5, [@TIPC_NLA_MEDIA_PROP={0x34, 0x2, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x400}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x81}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x800}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}]}]}, 0x310}, 0x1, 0x0, 0x0, 0x10}, 0x10) [ 251.892422] FAULT_INJECTION: forcing a failure. [ 251.892422] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 251.949054] CPU: 1 PID: 7839 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #155 [ 251.956387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 251.965745] Call Trace: [ 251.968421] dump_stack+0x244/0x39d [ 251.972076] ? dump_stack_print_info.cold.1+0x20/0x20 [ 251.977359] ? print_usage_bug+0xc0/0xc0 [ 251.981512] should_fail.cold.4+0xa/0x17 [ 251.985594] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 251.990710] ? zap_class+0x640/0x640 [ 251.994435] ? zap_class+0x640/0x640 [ 251.998172] ? print_usage_bug+0xc0/0xc0 [ 252.002256] ? __lock_is_held+0xb5/0x140 [ 252.006355] ? lock_release+0xa00/0xa00 [ 252.010399] ? perf_trace_sched_process_exec+0x860/0x860 [ 252.015866] ? __lock_acquire+0x62f/0x4c20 [ 252.017845] tmpfs: No value for mount option 'gfs2meta' [ 252.020157] ? __mutex_lock+0x85e/0x16f0 [ 252.020236] ? __might_sleep+0x95/0x190 [ 252.033713] __alloc_pages_nodemask+0x366/0xea0 [ 252.038488] ? print_usage_bug+0xc0/0xc0 [ 252.042568] ? __alloc_pages_slowpath+0x2de0/0x2de0 [ 252.047591] ? find_held_lock+0x36/0x1c0 [ 252.051675] ? mark_held_locks+0xc7/0x130 [ 252.055839] ? __lock_acquire+0x62f/0x4c20 [ 252.060082] ? __lock_acquire+0x62f/0x4c20 [ 252.064424] ? ima_match_policy+0x848/0x1560 [ 252.068907] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 252.074516] alloc_pages_current+0x173/0x350 [ 252.078974] pte_alloc_one+0x1b/0x1a0 [ 252.079033] __pte_alloc+0x2a/0x350 [ 252.079055] __handle_mm_fault+0x490a/0x5be0 [ 252.079080] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 252.086627] ? check_usage+0x1aa/0x790 17:13:56 executing program 3: r0 = memfd_create(&(0x7f00000005c0)='W1.S\xca\xb7\xef\xfdN0\x99\xb2\xcd\xa4Q\xff&\xe4\x97\xfd\xdc\xd0\xc6\'\x93\xb2\xfe\x85\xf1q~\xe6S#\x1d\xa8;f\x15\x8a[\xc6\x1a\x90b\x1c\x14\xa3\xecL\x16f!\xf3\xa3\x11q\x1bX\xc8U\xcd\xdf\xd0\xddG\xc7P\x86\xaaOex\xc5A;\xf8\xfbok\xe1\xacb{\xc9\xc5[\xa3j\xdbT\xfd\xa3\xc3\a\xee\xfe', 0x0) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x0, 0x51, r0, 0x0) ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, &(0x7f0000000700)=ANY=[@ANYPTR=&(0x7f00000000c0)=ANY=[], @ANYRESOCT]) r1 = getpgid(0xffffffffffffffff) fcntl$setown(r0, 0x8, r1) getpid() getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffff9c, 0x84, 0x75, &(0x7f0000000400)={0x0}, &(0x7f0000000440)=0x8) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$usbmon(&(0x7f0000000540)='/dev/usbmon#\x00', 0x4, 0x80100) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r3, 0x84, 0x71, &(0x7f00000005c0)={0x0, 0x78f3}, &(0x7f0000000600)=0x8) r4 = socket$inet6(0xa, 0x400000000001, 0x0) close(r4) getsockopt$inet6_mreq(r4, 0x29, 0x1f, &(0x7f00000000c0)={@ipv4={[], [], @local}, 0x0}, &(0x7f00000003c0)=0x14) r6 = openat$tun(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/net/tun\x00', 0x2, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000080)={'\x00\x00\x1c\x00\x00\x00\x00\x00\x00\x1c\x9e\x00\x02\x00', 0x811}) ioctl$TUNSETIFINDEX(r3, 0x400454da, &(0x7f0000000280)=r5) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000100)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0xfffffffffffffffe}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) ioctl$UI_BEGIN_FF_ERASE(r3, 0xc00c55ca, &(0x7f0000000680)={0x2, 0x3, 0x8}) ioctl$FS_IOC_SETVERSION(r4, 0x40087602, &(0x7f0000000740)=0x2) r8 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ftruncate(r8, 0x2007fff) fremovexattr(r6, &(0x7f00000004c0)=ANY=[@ANYBLOB]) ioctl$TIOCSPGRP(r6, 0x5410, &(0x7f0000000000)) write$P9_RSETATTR(r8, &(0x7f0000000040)={0x7}, 0x7) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffff9c, 0x84, 0x18, &(0x7f0000000340)={r2}, &(0x7f0000000380)=0x8) sendfile(r4, r8, &(0x7f0000d83ff8), 0x800000000024) getsockopt$inet6_mtu(r8, 0x29, 0x17, &(0x7f0000000240), &(0x7f0000000500)=0x4) creat(&(0x7f0000000200)='./bus\x00', 0x0) write$P9_RLCREATE(0xffffffffffffffff, &(0x7f0000000580)={0x18, 0xf, 0x0, {{0x31, 0x3, 0x1}, 0x3}}, 0x18) [ 252.086645] ? print_usage_bug+0xc0/0xc0 [ 252.086680] ? zap_class+0x640/0x640 [ 252.086699] ? zap_class+0x640/0x640 [ 252.111296] ? find_held_lock+0x36/0x1c0 [ 252.115384] ? handle_mm_fault+0x42a/0xc70 [ 252.119627] ? lock_downgrade+0x900/0x900 [ 252.123851] ? check_preemption_disabled+0x48/0x280 [ 252.129005] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 252.133983] ? kasan_check_read+0x11/0x20 [ 252.138147] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 252.143437] ? rcu_softirq_qs+0x20/0x20 17:13:56 executing program 4: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000100)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000080)={0x0}, &(0x7f00000000c0)=0xc) r1 = syz_open_procfs(r0, &(0x7f0000000240)='gid_map\x00') preadv(r1, &(0x7f00000017c0), 0x1a1, 0x0) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r1, 0xc05c5340, &(0x7f00000001c0)={0x6, 0x8, 0x81, {r2, r3+10000000}, 0x2, 0x3}) [ 252.147471] ? trace_hardirqs_off_caller+0x310/0x310 [ 252.152588] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 252.158144] ? check_preemption_disabled+0x48/0x280 [ 252.163185] handle_mm_fault+0x54f/0xc70 [ 252.167257] ? __handle_mm_fault+0x5be0/0x5be0 [ 252.171858] ? find_vma+0x34/0x190 [ 252.175457] __do_page_fault+0x5e8/0xe60 [ 252.179530] ? rcu_softirq_qs+0x20/0x20 [ 252.183527] do_page_fault+0xf2/0x7e0 [ 252.187351] ? vmalloc_sync_all+0x30/0x30 [ 252.191514] ? error_entry+0x76/0xd0 [ 252.195244] ? trace_hardirqs_off_caller+0xbb/0x310 [ 252.200269] ? find_held_lock+0x36/0x1c0 [ 252.204382] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 252.209241] ? trace_hardirqs_on_caller+0x310/0x310 [ 252.214297] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 252.219193] page_fault+0x1e/0x30 [ 252.222652] RIP: 0010:__get_user_4+0x21/0x30 [ 252.227083] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 18 14 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65 [ 252.245996] RSP: 0018:ffff8881808cf8b0 EFLAGS: 00010202 [ 252.251379] RAX: 0000000020000243 RBX: 0000000000000007 RCX: ffffc90009e0e000 [ 252.258655] RDX: ffffffffffffffff RSI: ffffffff81b1a6e3 RDI: 0000000000000286 [ 252.265935] RBP: ffff8881808cfd10 R08: 1ffff11030119ef3 R09: 0000000000000008 [ 252.273215] R10: 0000000000000001 R11: ffff8881c8d4a100 R12: 0000000000000001 [ 252.280495] R13: ffff8881808cfb28 R14: 0000000000000000 R15: dffffc0000000000 [ 252.287791] ? __might_fault+0x1a3/0x1e0 [ 252.291923] ? do_futex+0x45f/0x26d0 [ 252.295658] ? zap_class+0x640/0x640 17:13:56 executing program 4: r0 = socket(0x10, 0x803, 0x0) write(r0, &(0x7f0000000000)="2600000022004701050007008980e8ff06006d20002b1f00c0e9ff094a51f10101c7033500b0", 0x26) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffff9c, 0x0, 0x7, &(0x7f0000000080)='vmnet0\x00', 0xffffffffffffffff}, 0x30) ioctl$sock_FIOSETOWN(r0, 0x8901, &(0x7f0000000100)=r1) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000d9bffc), 0x4) sendto(r0, &(0x7f00000005c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) getsockopt$sock_int(r0, 0x1, 0x4, 0x0, &(0x7f0000000040)=0xba) [ 252.299398] ? exit_robust_list+0x280/0x280 [ 252.303772] ? get_pid_task+0xd6/0x1a0 [ 252.307682] ? lock_downgrade+0x900/0x900 [ 252.311843] ? check_preemption_disabled+0x48/0x280 [ 252.316885] ? find_held_lock+0x36/0x1c0 [ 252.320982] ? __f_unlock_pos+0x19/0x20 [ 252.324970] ? lock_downgrade+0x900/0x900 [ 252.329134] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 252.334709] ? proc_fail_nth_write+0x9e/0x210 [ 252.339220] ? proc_cwd_link+0x1d0/0x1d0 [ 252.343304] ? find_held_lock+0x36/0x1c0 17:13:56 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000240)={'bond_slave_0\x00', {0x2, 0x200004e21, @dev={0xac, 0x14, 0x14, 0x1d}}}) r1 = syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x5, 0x32200) ioctl$PERF_EVENT_IOC_REFRESH(r1, 0x2402, 0x8) ioctl$VT_ACTIVATE(r1, 0x5606, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) [ 252.347439] ? kasan_check_write+0x14/0x20 [ 252.351694] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 252.356640] ? wait_for_completion+0x8a0/0x8a0 [ 252.361252] ? __lock_is_held+0xb5/0x140 [ 252.365359] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 252.370908] ? check_preemption_disabled+0x48/0x280 [ 252.376011] ? __sb_end_write+0xd9/0x110 [ 252.380118] __x64_sys_futex+0x472/0x6a0 [ 252.384194] ? do_futex+0x26d0/0x26d0 [ 252.388003] ? trace_hardirqs_on+0xbd/0x310 [ 252.392347] ? __ia32_sys_read+0xb0/0xb0 [ 252.396421] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 252.401797] ? trace_hardirqs_off_caller+0x310/0x310 [ 252.406925] do_syscall_64+0x1b9/0x820 [ 252.410827] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 252.416232] ? syscall_return_slowpath+0x5e0/0x5e0 [ 252.421169] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 252.426023] ? trace_hardirqs_on_caller+0x310/0x310 [ 252.431051] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 252.436084] ? prepare_exit_to_usermode+0x291/0x3b0 [ 252.441173] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 252.446031] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 252.451250] RIP: 0033:0x457669 [ 252.454463] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 252.473385] RSP: 002b:00007f927cd8fc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 252.481107] RAX: ffffffffffffffda RBX: 00007f927cd8fc90 RCX: 0000000000457669 [ 252.488379] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000020000240 17:13:56 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write$binfmt_script(r1, &(0x7f0000000080)={'#! ', './file0', [{0x20, 'mime_typewlan0bdevnodev{*system'}, {}, {0x20, 'vmnet0md5sum'}, {0x20, 'cpusetkeyringvmnet1ppp1%proc:security'}, {0x20, 'usernodev@/systemnodev'}, {0x20, 'Gvmnet0securityusertrustedem0user*ppp1'}, {0x20, 'proc$'}, {}, {0x20, ':'}], 0xa, "03e008bad969e3870c27193c47ad16d617d57dee6830bd5379d61e2bdd6a0975ab255a478ba430d74c6a73193c3d5fc7f4182d389885e818b0866e4098fb07ff3b0ea9bb706d4670bd5f6237eaea041f1dd225532f72f75182327c28dc2bf20c463370aa4dea41493ed2645a498fb33b300590bfa1d92e53b1ff3a3b9be10cbf23cf2f95d615e57f09354fc7d2dd40d7c7e2d88bd2bf0a7d15e798446230756cb4534f8d29436950b5ff4906566569e2de1dadba04067d47444daba63cc4aa4900b42c9a4e77f6391cf9a7cb5ad7fc4713e47642d985e66a51bc38fd672b4941c88808499f08424350f5854b269e75e7df8ea98bd20091"}, 0x19d) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r3 = fcntl$dupfd(r1, 0x406, r0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) clock_gettime(0x0, &(0x7f0000000340)={0x0, 0x0}) write$evdev(r3, &(0x7f0000000380)=[{{}, 0x17, 0x80, 0xa75e}, {{0x77359400}, 0x0, 0x80000000, 0x8}, {{0x77359400}, 0x12, 0x9, 0xfffffffffffffff7}, {{0x0, 0x2710}, 0x3, 0x1, 0x287}, {{r4, r5/1000+30000}, 0x0, 0xbfe, 0x8}, {{0x77359400}, 0x0, 0x7ff, 0x6}, {{0x0, 0x7530}, 0x12, 0x6, 0x6}, {{r6, r7/1000+10000}, 0x17, 0x2, 0xfffffffffffff19b}], 0xc0) r8 = fcntl$dupfd(r1, 0x0, r1) ioctl$sock_bt_hci(r2, 0x0, 0x0) ioctl$FS_IOC_GETFSLABEL(r8, 0x81009431, &(0x7f0000000240)) bind$bt_rfcomm(r8, &(0x7f0000000040)={0x1f, {0xffffffffffffffff, 0xffffffff, 0x2}}, 0xa) dup3(r8, r8, 0x400000011080000) r9 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000480)='TIPCv2\x00') sendmsg$TIPC_NL_SOCK_GET(r3, &(0x7f0000000840)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000800)={&(0x7f00000004c0)={0x310, r9, 0x400, 0x70bd29, 0x25dfdbfc, {}, [@TIPC_NLA_SOCK={0x18, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8}]}, @TIPC_NLA_NET={0x1c, 0x7, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5}, @TIPC_NLA_NET_NODEID_W1={0xc}]}, @TIPC_NLA_MON={0x14, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x30a1f371}]}, @TIPC_NLA_MEDIA={0xc8, 0x5, [@TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x376b8f51}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffffffffff8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xb96a}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffeffffffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}]}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffffffffbff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}]}]}, @TIPC_NLA_NET={0x28, 0x7, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x37}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x200000000}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x934b}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x558}]}, @TIPC_NLA_MEDIA={0x14c, 0x5, [@TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3e000000000000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}]}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7d}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3ff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}]}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xe3b0}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1ff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffffffffe00}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x100000000}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x4c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8001}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9b7a4c5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}]}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x800}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xd529}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80000001}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3d3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_MEDIA={0x78, 0x5, [@TIPC_NLA_MEDIA_PROP={0x34, 0x2, [@TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x400}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x81}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x800}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_PRIO={0x8}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}]}]}, 0x310}, 0x1, 0x0, 0x0, 0x10}, 0x10) [ 252.495661] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 252.502949] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f927cd906d4 [ 252.510240] R13: 00000000004be03f R14: 00000000004cde70 R15: 0000000000000003 17:13:56 executing program 0: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0a5c2d023c126285718070") r1 = socket$inet6(0xa, 0x3, 0x0) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f000014f000)={0x0, 0x0, &(0x7f00000bfff0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000ff010000000000000000000000000001e00000010000000000000000000000000002000000c6cb06b1ff512c456abedfce000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'], 0xb8}}, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2a, &(0x7f0000000280)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x1, [0x2]}}}, {{0xa, 0x0, 0x0, @ipv4={[], [], @multicast2}}}}, 0x108) setsockopt$inet6_MRT6_ADD_MFC(r1, 0x29, 0xcc, &(0x7f0000000100)={{0xa, 0x4e23, 0x0, @mcast2, 0x2}, {0xa, 0x4e24, 0x8001, @local, 0xcc21cf9}, 0xffffffff, [0x0, 0x7d9, 0x40, 0x101, 0x7, 0xa8d6, 0x946, 0x6]}, 0x5c) 17:13:56 executing program 2 (fault-call:1 fault-nth:1): mmap(&(0x7f0000000000/0x8b000)=nil, 0x8b000, 0x4, 0x10000032, 0xffffffffffffffff, 0x0) futex(&(0x7f0000000240), 0x7, 0x0, 0x0, 0x0, 0x0) [ 252.681356] FAULT_INJECTION: forcing a failure. [ 252.681356] name failslab, interval 1, probability 0, space 0, times 1 [ 252.697797] CPU: 0 PID: 7891 Comm: syz-executor2 Not tainted 4.20.0-rc7+ #155 [ 252.705105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 252.714463] Call Trace: [ 252.717307] dump_stack+0x244/0x39d [ 252.720964] ? dump_stack_print_info.cold.1+0x20/0x20 [ 252.726187] ? kasan_check_read+0x11/0x20 [ 252.730364] should_fail.cold.4+0xa/0x17 [ 252.730383] ? check_preemption_disabled+0x48/0x280 [ 252.730403] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 252.730421] ? check_preemption_disabled+0x48/0x280 [ 252.730446] ? __lock_is_held+0xb5/0x140 [ 252.739507] ? zap_class+0x640/0x640 [ 252.739534] ? find_held_lock+0x36/0x1c0 [ 252.739555] ? __lock_is_held+0xb5/0x140 [ 252.739585] ? perf_trace_sched_process_exec+0x860/0x860 [ 252.739613] ? __lock_acquire+0x62f/0x4c20 [ 252.739633] __should_failslab+0x124/0x180 [ 252.779533] should_failslab+0x9/0x14 [ 252.783377] kmem_cache_alloc+0x2be/0x730 [ 252.787556] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 252.793152] ptlock_alloc+0x20/0x80 [ 252.796791] pte_alloc_one+0x6b/0x1a0 [ 252.800614] __pte_alloc+0x2a/0x350 [ 252.804263] __handle_mm_fault+0x490a/0x5be0 [ 252.808692] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 252.813582] ? print_usage_bug+0xc0/0xc0 [ 252.817703] ? zap_class+0x640/0x640 [ 252.821460] ? zap_class+0x640/0x640 [ 252.825185] ? find_held_lock+0x36/0x1c0 [ 252.829295] ? handle_mm_fault+0x42a/0xc70 [ 252.833547] ? lock_downgrade+0x900/0x900 [ 252.837707] ? check_preemption_disabled+0x48/0x280 [ 252.842739] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 252.847678] ? kasan_check_read+0x11/0x20 [ 252.851830] ? rcu_dynticks_curr_cpu_in_eqs+0xa2/0x170 [ 252.857131] ? rcu_softirq_qs+0x20/0x20 [ 252.857149] ? trace_hardirqs_off_caller+0x310/0x310 [ 252.857169] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 252.857191] ? check_preemption_disabled+0x48/0x280 [ 252.876813] handle_mm_fault+0x54f/0xc70 [ 252.880888] ? __handle_mm_fault+0x5be0/0x5be0 [ 252.885492] ? find_vma+0x34/0x190 [ 252.889045] __do_page_fault+0x5e8/0xe60 [ 252.893129] do_page_fault+0xf2/0x7e0 [ 252.896946] ? vmalloc_sync_all+0x30/0x30 [ 252.901131] ? error_entry+0x76/0xd0 [ 252.901151] ? trace_hardirqs_off_caller+0xbb/0x310 [ 252.901167] ? find_held_lock+0x36/0x1c0 [ 252.901184] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 252.901202] ? trace_hardirqs_on_caller+0x310/0x310 [ 252.901230] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 252.909946] page_fault+0x1e/0x30 [ 252.909964] RIP: 0010:__get_user_4+0x21/0x30 [ 252.909980] Code: 50 ff 31 c0 0f 1f 00 c3 90 48 83 c0 03 72 55 65 48 8b 14 25 40 ee 01 00 48 3b 82 18 14 00 00 73 43 48 19 d2 48 21 d0 0f 1f 00 <8b> 50 fd 31 c0 0f 1f 00 c3 66 0f 1f 44 00 00 48 83 c0 07 72 25 65 [ 252.910004] RSP: 0018:ffff8881804cf8b0 EFLAGS: 00010202 [ 252.910017] RAX: 0000000020000243 RBX: 0000000000000007 RCX: ffffc90009e0e000 [ 252.910026] RDX: ffffffffffffffff RSI: ffffffff81b1a6e3 RDI: 0000000000000286 [ 252.910036] RBP: ffff8881804cfd10 R08: 1ffff11030099ef3 R09: 0000000000000008 [ 252.910045] R10: 0000000000000001 R11: ffff8881bb8b8180 R12: 0000000000000001 [ 252.910054] R13: ffff8881804cfb28 R14: 0000000000000000 R15: dffffc0000000000 [ 252.910081] ? __might_fault+0x1a3/0x1e0 [ 252.910100] ? do_futex+0x45f/0x26d0 [ 252.910117] ? zap_class+0x640/0x640 [ 252.928850] ? exit_robust_list+0x280/0x280 [ 252.928871] ? get_pid_task+0xd6/0x1a0 [ 252.928890] ? lock_downgrade+0x900/0x900 [ 252.928908] ? check_preemption_disabled+0x48/0x280 [ 252.928933] ? find_held_lock+0x36/0x1c0 [ 252.928956] ? __f_unlock_pos+0x19/0x20 [ 252.928971] ? lock_downgrade+0x900/0x900 [ 252.928993] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 252.936836] ? proc_fail_nth_write+0x9e/0x210 [ 252.936854] ? proc_cwd_link+0x1d0/0x1d0 [ 252.936878] ? find_held_lock+0x36/0x1c0 [ 252.936900] ? kasan_check_write+0x14/0x20 [ 252.961153] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 252.961176] ? wait_for_completion+0x8a0/0x8a0 [ 252.961198] ? __lock_is_held+0xb5/0x140 [ 252.961222] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 252.961248] ? check_preemption_disabled+0x48/0x280 [ 252.975784] ? __sb_end_write+0xd9/0x110 [ 252.975819] __x64_sys_futex+0x472/0x6a0 [ 252.975854] ? do_futex+0x26d0/0x26d0 [ 252.975875] ? trace_hardirqs_on+0xbd/0x310 [ 252.990402] ? __ia32_sys_read+0xb0/0xb0 [ 252.990419] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 252.990437] ? trace_hardirqs_off_caller+0x310/0x310 [ 252.990467] do_syscall_64+0x1b9/0x820 [ 252.990483] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 252.990501] ? syscall_return_slowpath+0x5e0/0x5e0 [ 252.990517] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 252.990536] ? trace_hardirqs_on_caller+0x310/0x310 [ 252.990554] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 252.990572] ? prepare_exit_to_usermode+0x291/0x3b0 [ 252.990602] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 252.990625] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 253.001939] RIP: 0033:0x457669 17:13:57 executing program 5: socket$inet6(0xa, 0x803, 0x3) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f00000002c0)="0a5c2d023c1285718070bd6ecf0467a80390898b0a17667272810487a9df87a30aa4826d610c62b32626a8deb0cd59548bf61d7478311d2955cc5d3e713b4bd8a75127f19abbc583802d54a725d65b4c2e0bfb1d2146852ca07ac1fb339657033634b996415c0574b20aafe844bc5f9c11937ba618b5d0c39e4d13d2a60b6d2b623dba78609cf1984349e2cba0f86522f893349ae064ebf55c5ffcdc52617504a0358aa538411495bc76b955a8a7b07453b3932ba8b50cd86a0e7572763929ea62acc7001737abb0610f54489e88") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f00000000c0)='nv\x00', 0x265) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) write$binfmt_elf32(r1, &(0x7f0000000400)=ANY=[@ANYBLOB='w'], 0x1) write$binfmt_elf64(r1, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0x7ff8) 17:13:57 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x2, 0x2) ioctl$sock_SIOCGIFINDEX(0xffffffffffffff9c, 0x8933, &(0x7f0000000440)={'veth0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000006c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)=ANY=[@ANYBLOB="4c0000002e00000229bd7000fedbdf2500000000", @ANYRES32=r1, @ANYBLOB="ffff09000b000b0007000f0008000b000101edff07000b000500000008000b007f00000008000b007f00000008000b0005030000"], 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x40) openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VIDIOC_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, &(0x7f0000000700)={0x0, @reserved}) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='/gro<#\xfbW\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5\xbcq\x9a\t\x9ej5\t\x00\x00\x009\x8c4', 0x2761, 0x0) write$selinux_attr(r2, 0x0, 0x0) write$cgroup_pid(r2, &(0x7f0000000100), 0xda4fff08) gettid() perf_event_open(&(0x7f00000002c0)={0x2, 0x70, 0x1f, 0x2, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x0, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0xf5, &(0x7f00000005c0)=""/245, 0x41100}, 0x48) getpid() fsetxattr(r3, &(0x7f0000000040)=@known='trusted.syz\x00', &(0x7f0000000240)='GPL\x00', 0x4, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r2, 0x660c, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x1b, &(0x7f0000000280)=0x8, 0x4) ioctl$VHOST_GET_VRING_ENDIAN(r3, 0x4008af14, &(0x7f0000000080)={0x0, 0x401}) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) 17:13:57 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000240)={'bond_slave_0\x00', {0x2, 0x200004e21, @dev={0xac, 0x14, 0x14, 0x1d}}}) r1 = syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x5, 0x32200) ioctl$PERF_EVENT_IOC_REFRESH(r1, 0x2402, 0x8) ioctl$VT_ACTIVATE(r1, 0x5606, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'bond_slave_0\x00', {0x2, 0x0, @local}}) 17:13:57 executing program 2 (fault-call:1 fault-nth:2): mmap(&(0x7f0000000000/0x8b000)=nil, 0x8b000, 0x4, 0x10000032, 0xffffffffffffffff, 0x0) futex(&(0x7f0000000240), 0x7, 0x0, 0x0, 0x0, 0x0) [ 253.001956] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 253.001966] RSP: 002b:00007f927cd8fc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 253.001981] RAX: ffffffffffffffda RBX: 00007f927cd8fc90 RCX: 0000000000457669 [ 253.002010] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000020000240 [ 253.013781] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 253.013791] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f927cd906d4 [ 253.013800] R13: 00000000004be03f R14: 00000000004cde70 R15: 0000000000000003 17:13:57 executing program 0: r0 = socket$inet6(0xa, 0x803, 0x3) r1 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x4, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r1, 0x4020565a, &(0x7f0000000040)={0x3, 0x100000000098f905, 0x1}) r2 = syz_open_dev$radio(&(0x7f0000000080)='/dev/radio#\x00', 0x1, 0x2) sendmsg$key(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)={0x2, 0xb, 0x56a5, 0xf, 0x21, 0x0, 0x70bd27, 0x25dfdbfc, [@sadb_x_sa2={0x2, 0x13, 0x38b, 0x0, 0x0, 0x70bd2b, 0x3502}, @sadb_sa={0x2, 0x1, 0x4d3, 0xab6, 0xffffffffffff9e27, 0x2e, 0x4, 0x80000001}, @sadb_key={0x1b, 0x9, 0x660, 0x0, "0fb9d5be6da7e0c97c0b2cf00a078705a7b850a56613158125102b193a50206615048431d02086a6e3913d95d635b25a106a26534d74e3d61ef4cdcfba2dfbd7d40ad593c7cf83457d06d69a2f88c1cf06fac21bad3c7077700d9269b3070bec9f8579b923213dd04af157b80ad077fe19a7c9c9afa1d2cbf32170e04e728c4e8f4b497f9fe245ef4bf08a6099832675037407f387eea15a2249aed812f0662f2a4088f3c99a62acea989085866221b5771bfa5f96f1c91d6fedaf97a11f00f994a05e1f263cb847fba0c184"}]}, 0x108}}, 0x80) r3 = syz_open_dev$adsp(&(0x7f00000000c0)='/dev/adsp#\x00', 0x48c, 0x40000) r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000380)='/dev/dsp\x00', 0x400, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000480)='/dev/audio\x00', 0x4680f042198fc2a7, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffe000/0x2000)=nil, 0x2000}, &(0x7f0000000140)=0x10) ioctl$NBD_SET_SOCK(r2, 0xab00, r3) mkdirat(r2, &(0x7f0000000340)='./file0\x00', 0x20) setsockopt$inet_MCAST_JOIN_GROUP(r4, 0x0, 0x2a, &(0x7f00000003c0)={0x4, {{0x2, 0x4e23, @local}}}, 0x88) r5 = dup3(r0, r1, 0x0) ioctl$VIDIOC_G_ENC_INDEX(r5, 0x8818564c, &(0x7f00000004c0)) [ 253.257896] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 253.311079] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 253.564544] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 17:13:58 executing program 3: r0 = socket$inet6(0xa, 0x803, 0x100000003) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0a5c2d023c126285718070") r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xffffffff000}) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-monitor\x00', 0x8200, 0x0) 17:13:58 executing program 2: mmap(&(0x7f0000000000/0x8b000)=nil, 0x8b000, 0x4, 0x10000032, 0xffffffffffffffff, 0x0) futex(&(0x7f0000000240), 0x7, 0x0, 0x0, 0x0, 0x0) 17:13:58 executing program 0: r0 = socket$inet6(0xa, 0x803, 0x3) r1 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x4, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r1, 0x4020565a, &(0x7f0000000040)={0x3, 0x100000000098f905, 0x1}) r2 = syz_open_dev$radio(&(0x7f0000000080)='/dev/radio#\x00', 0x1, 0x2) sendmsg$key(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)={0x2, 0xb, 0x56a5, 0xf, 0x21, 0x0, 0x70bd27, 0x25dfdbfc, [@sadb_x_sa2={0x2, 0x13, 0x38b, 0x0, 0x0, 0x70bd2b, 0x3502}, @sadb_sa={0x2, 0x1, 0x4d3, 0xab6, 0xffffffffffff9e27, 0x2e, 0x4, 0x80000001}, @sadb_key={0x1b, 0x9, 0x660, 0x0, "0fb9d5be6da7e0c97c0b2cf00a078705a7b850a56613158125102b193a50206615048431d02086a6e3913d95d635b25a106a26534d74e3d61ef4cdcfba2dfbd7d40ad593c7cf83457d06d69a2f88c1cf06fac21bad3c7077700d9269b3070bec9f8579b923213dd04af157b80ad077fe19a7c9c9afa1d2cbf32170e04e728c4e8f4b497f9fe245ef4bf08a6099832675037407f387eea15a2249aed812f0662f2a4088f3c99a62acea989085866221b5771bfa5f96f1c91d6fedaf97a11f00f994a05e1f263cb847fba0c184"}]}, 0x108}}, 0x80) r3 = syz_open_dev$adsp(&(0x7f00000000c0)='/dev/adsp#\x00', 0x48c, 0x40000) r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000380)='/dev/dsp\x00', 0x400, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000480)='/dev/audio\x00', 0x4680f042198fc2a7, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffe000/0x2000)=nil, 0x2000}, &(0x7f0000000140)=0x10) ioctl$NBD_SET_SOCK(r2, 0xab00, r3) mkdirat(r2, &(0x7f0000000340)='./file0\x00', 0x20) setsockopt$inet_MCAST_JOIN_GROUP(r4, 0x0, 0x2a, &(0x7f00000003c0)={0x4, {{0x2, 0x4e23, @local}}}, 0x88) r5 = dup3(r0, r1, 0x0) ioctl$VIDIOC_G_ENC_INDEX(r5, 0x8818564c, &(0x7f00000004c0)) 17:13:58 executing program 4: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$unix(r2, &(0x7f0000000080)=""/93, 0x5d, 0x0, 0x0, 0x0) dup2(r1, r2) r3 = memfd_create(&(0x7f0000000000)='#em1#+\x00', 0x0) write(r3, &(0x7f0000000440)='\a', 0x1) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r3, 0x0) 17:13:58 executing program 5: r0 = syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x202, 0x800000002009) r1 = socket$inet6(0xa, 0x803, 0x100000003) getsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080), 0x10) ioctl(r1, 0x1000008912, &(0x7f0000000180)="0a5c2d023c126285718070") ioctl$FS_IOC_FSGETXATTR(r0, 0xc0185500, &(0x7f0000000000)={0x20123, 0x2}) 17:13:58 executing program 2: mmap(&(0x7f0000000000/0x8b000)=nil, 0x8b000, 0x4, 0x10000032, 0xffffffffffffffff, 0x0) futex(&(0x7f0000000240)=0x2501, 0x7, 0x0, 0x0, 0x0, 0x0) [ 254.098703] vhci_hcd: ClearPortFeature: USB_PORT_FEAT_SUSPEND req not supported for USB 3.0 roothub [ 254.114144] vhci_hcd: ClearPortFeature: USB_PORT_FEAT_SUSPEND req not supported for USB 3.0 roothub 17:13:58 executing program 0: r0 = creat(&(0x7f00000000c0)='./file0\x00', 0xc) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000800)=ANY=[], 0x0) request_key(&(0x7f0000000600)='logon\x00', &(0x7f0000000640)={'syz', 0x1}, &(0x7f0000000680)='$', 0xfffffffffffffff9) request_key(&(0x7f0000000540)='cifs.spnego\x00', &(0x7f0000000180)={'syz', 0x3}, &(0x7f0000000280)='keyring\x00', 0xffffffffffffffff) add_key$keyring(0x0, &(0x7f00000008c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffa) keyctl$instantiate_iov(0x14, 0x0, &(0x7f0000000840), 0x0, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000440)=ANY=[@ANYBLOB="08245dc9"], 0x4) ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'veth1_to_team\x00', 0x5001}) write$FUSE_NOTIFY_INVAL_INODE(r0, &(0x7f00000005c0)={0x28, 0x2, 0x0, {0x3, 0x8001, 0x2}}, 0x28) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000940)={{{@in6, @in6=@ipv4={[], [], @dev}}}, {{@in6=@mcast1}, 0x0, @in=@multicast1}}, &(0x7f0000000580)=0xe8) sendmsg(r0, &(0x7f0000000ec0)={&(0x7f0000000ac0)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x4e24, @broadcast}, 0x3, 0x2, 0x0, 0x1}}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000dc0)}], 0x1, 0x0, 0x0, 0x40}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f0000000b40)}], 0x1, 0x0, 0x0, 0x8004}, 0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000040), 0xffffffffffffffff) getsockopt$inet_sctp_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000480)={0x0, 0x7ff, 0x1f, 0x0, 0x0, 0x7d, 0x7fffffff, 0x1, {0x0, @in={{0x2, 0x4e21, @multicast2}}, 0x3ff, 0x6, 0x100, 0x20, 0x40}}, &(0x7f00000002c0)=0xb0) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) write$UHID_INPUT2(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="0c03f6ffffffffffffff"], 0x1) ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0106426, &(0x7f0000000240)={0x3, &(0x7f0000000140)=[{}, {}, {}]}) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000d00)={&(0x7f0000000980)=@updpolicy={0xb8, 0x19, 0x421, 0x0, 0x0, {{@in6=@mcast1, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa}}}, 0xb8}}, 0x0) 17:13:58 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, &(0x7f0000000080)={r0}) accept$nfc_llcp(r2, &(0x7f00000000c0), &(0x7f0000000140)=0x60) r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0) r4 = dup(r3) r5 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) read(r5, &(0x7f0000001900)=""/4096, 0xfffffffffffffdb5) ftruncate(r5, 0x80080) bind$pptp(r5, &(0x7f0000000040)={0x18, 0x2, {0x0, @broadcast}}, 0x1e) sendfile(r4, r5, 0x0, 0x200800100000001) 17:13:58 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x2, 0x2) ioctl$sock_SIOCGIFINDEX(0xffffffffffffff9c, 0x8933, &(0x7f0000000440)={'veth0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000006c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)=ANY=[@ANYBLOB="4c0000002e00000229bd7000fedbdf2500000000", @ANYRES32=r1, @ANYBLOB="ffff09000b000b0007000f0008000b000101edff07000b000500000008000b007f00000008000b007f00000008000b0005030000"], 0x4c}, 0x1, 0x0, 0x0, 0x20000800}, 0x40) openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VIDIOC_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, &(0x7f0000000700)={0x0, @reserved}) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='/gro<#\xfbW\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5\xbcq\x9a\t\x9ej5\t\x00\x00\x009\x8c4', 0x2761, 0x0) write$selinux_attr(r2, 0x0, 0x0) write$cgroup_pid(r2, &(0x7f0000000100), 0xda4fff08) gettid() perf_event_open(&(0x7f00000002c0)={0x2, 0x70, 0x1f, 0x2, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x0, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0xf5, &(0x7f00000005c0)=""/245, 0x41100}, 0x48) getpid() fsetxattr(r3, &(0x7f0000000040)=@known='trusted.syz\x00', &(0x7f0000000240)='GPL\x00', 0x4, 0x1) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r2, 0x660c, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x1b, &(0x7f0000000280)=0x8, 0x4) ioctl$VHOST_GET_VRING_ENDIAN(r3, 0x4008af14, &(0x7f0000000080)={0x0, 0x401}) openat$cgroup_ro(r3, 0x0, 0x0, 0x0) 17:13:58 executing program 2: mmap(&(0x7f0000000000/0x8b000)=nil, 0x8b000, 0x4, 0x10000032, 0xffffffffffffffff, 0x0) futex(&(0x7f0000000240)=0x125, 0x7, 0x0, 0x0, 0x0, 0x0) 17:13:58 executing program 5: mknod$loop(&(0x7f0000000100)='./file0\x00', 0x400002000006008, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x200) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x0) r2 = getpid() ptrace$getsig(0x4202, r2, 0x5, &(0x7f0000000040)) mmap(&(0x7f0000000000/0xfda000)=nil, 0xfda000, 0x2, 0x31, 0xffffffffffffffff, 0x0) ioctl$BLKALIGNOFF(r1, 0x125d, &(0x7f00000002c0)) 17:13:58 executing program 2: mmap(&(0x7f0000000000/0x8b000)=nil, 0x8b000, 0x4, 0x10000032, 0xffffffffffffffff, 0x0) futex(&(0x7f0000000240)=0x2501000000000000, 0x7, 0x0, 0x0, 0x0, 0x0) 17:13:58 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x6c400, 0x0) write(r0, &(0x7f0000000400)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) ioctl$SNDRV_TIMER_IOCTL_PVERSION(r0, 0x80045400, &(0x7f0000000280)) ioctl$KVM_HAS_DEVICE_ATTR(r0, 0x4018aee3, &(0x7f0000000240)={0x0, 0x10000, 0x3, &(0x7f0000000000)=0x6}) sendfile(r0, r1, 0x0, 0x10000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) ioctl$RTC_VL_READ(r0, 0x80047013, &(0x7f0000000200)) waitid(0x3, 0x0, 0x0, 0xa, &(0x7f0000000140)) getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)=""/1, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000000)={@local, @dev, [], {@ipv4={0x800, {{0x7, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @remote, {[@rr={0x7, 0x7, 0x4, [@loopback]}]}}, @icmp=@timestamp_reply}}}}, 0x0) 17:13:58 executing program 1: r0 = epoll_create1(0xfffffffffffffffd) r1 = epoll_create1(0x0) close(r0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000026ff8)='./file0\x00', &(0x7f000000c000)='ramfs\x00', 0x0, 0x0) r2 = inotify_init() inotify_add_watch(r2, &(0x7f00000000c0)='./file0\x00', 0x20000000) syz_execute_func(&(0x7f0000000280)="c482f922cf4083f90042d82cff440f38ca922af2f971664b0f7ece366526f045836e0100c4a1ed61c9c4417810617e0f381e49ecc4c27590147f") umount2(&(0x7f0000000200)='./file0\x00', 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000c85000)) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000040)={0x1}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000140)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000001000/0x18000)=nil, &(0x7f0000000380)=[@textreal={0x8, &(0x7f0000000000)="0f20e06635000004000f22e0f40ff2bb001066b9530b000066b80a00000066ba000000000f3066b9e00600000f3266b9b209000066b80068000066ba000000000f303e660f38dcc4baf80c66b8803ae88b66efbafc0c66ed0f01d966b8f9a05f790f23d80f21f86635000000200f23f8", 0x70}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_CPUID(r5, 0x4008ae8a, &(0x7f0000000100)=ANY=[]) ioctl$KVM_RUN(r5, 0xae80, 0x0) epoll_pwait(r1, &(0x7f0000000240)=[{}], 0x1, 0x8001, 0x0, 0x0) r7 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x111100, 0x0) mount$9p_xen(&(0x7f0000000300)='ramfs\x00', &(0x7f0000000340)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x20, &(0x7f0000000400)={'trans=xen,', {[{@version_9p2000='version=9p2000'}, {@version_9p2000='version=9p2000'}, {@mmap='mmap'}, {@cachetag={'cachetag', 0x3d, '/dev/vcs\x00'}}, {@afid={'afid', 0x3d, 0x7}}, {@nodevmap='nodevmap'}], [{@appraise_type='appraise_type=imasig'}]}}) ioctl$TIOCGSID(r7, 0x5429, &(0x7f00000001c0)) 17:13:58 executing program 2: mmap(&(0x7f0000000000/0x8b000)=nil, 0x8b000, 0x4, 0x10000032, 0xffffffffffffffff, 0x0) futex(&(0x7f0000000240)=0xffffffff00000000, 0x7, 0x0, 0x0, 0x0, 0x0) [ 254.672106] audit: type=1800 audit(1545153238.887:31): pid=7984 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor3" name="file0" dev="sda1" ino=16577 res=0 [ 254.765094] audit: type=1804 audit(1545153238.907:32): pid=7984 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor3" name="/root/syzkaller-testdir275099789/syzkaller.b9qdKu/9/file0" dev="sda1" ino=16577 res=1 [ 254.819317] audit: type=1800 audit(1545153238.907:33): pid=7984 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor3" name="file0" dev="sda1" ino=16577 res=0 17:13:59 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280-generic\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000000a200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x2000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000480), 0x7536aeb8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x1000000}, 0x0, &(0x7f0000000140)={0x1b7}, 0x0, 0x0) ioctl$VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000100)={0x4d78b68a, 0x100000000}) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 17:13:59 executing program 2: mmap(&(0x7f0000000000/0x8b000)=nil, 0x8b000, 0x4, 0x10000032, 0xffffffffffffffff, 0x0) futex(&(0x7f0000000240)=0x100000000000000, 0x7, 0x0, 0x0, 0x0, 0x0) 17:13:59 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000540)={&(0x7f0000000000), 0xc, &(0x7f0000000500)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0xf31, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @ipip6={{0xc, 0x1, 'ip6tnl\x00'}, {0xc, 0x2, [@tunl6_policy=[@tunl_policy=[@IFLA_IPTUN_ENCAP_SPORT={0x8}]]]}}}]}, 0x3c}}, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x101000, 0x0) r2 = syz_open_dev$audion(&(0x7f0000000100)='/dev/audio#\x00', 0x8, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000140)={0x0, &(0x7f00000000c0), 0xc, r2, 0x7}) 17:13:59 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PIO_SCRNMAP(0xffffffffffffffff, 0x4b41, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000300)={0xffffffffffffffff}) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x8, &(0x7f0000000340)=0x81, 0x4) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x0, 0x0) mq_getsetattr(r3, &(0x7f0000000280)={0x5, 0x1, 0x503d39d4, 0xc1f, 0xffffffffffffffff, 0x9, 0x5, 0x24}, &(0x7f00000002c0)) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffff9c, 0x8933, &(0x7f00000001c0)={'vcan0\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xf, 0x6, &(0x7f0000000080)=ANY=[@ANYBLOB="950000e3ffffff0062700000fcffffffff5bf4ff1000000075bf00000000000018170000", @ANYRES32=r3, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], &(0x7f00000000c0)='GPL\x00', 0x9, 0x92, &(0x7f0000000100)=""/146, 0x41f00, 0x1, [], r4, 0x7}, 0x48) sendmsg$TIPC_NL_BEARER_ENABLE(r1, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000640)={0xffffffffffffffc1, r2, 0x201, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x48, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @remote}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @loopback={0xff0f000000000000}}}}}]}]}, 0x5c}}, 0x0) 17:13:59 executing program 4: rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000400), &(0x7f00000003c0), 0x8) syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000200)={{{@in6=@mcast1, @in=@multicast2}}, {{@in=@broadcast}, 0x0, @in=@multicast1}}, &(0x7f00000004c0)=0xe8) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000940)={'team0\x00'}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{0xffffffffffffffff, 0x0, &(0x7f0000003280)=[{&(0x7f0000002180)=""/113, 0x71}, {&(0x7f0000002200)=""/66, 0x42}, {&(0x7f0000002280)=""/4096, 0x1000}, {&(0x7f0000001e40)=""/64, 0x40}], 0x4, &(0x7f00000032c0)=""/224, 0xe0, 0x9}, 0xfffffffffffffffe}, {{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{&(0x7f0000003540)=""/187, 0xbb}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{&(0x7f0000003980)=@ipx, 0x80, &(0x7f0000005bc0)=[{&(0x7f0000003ac0)=""/4, 0x4}, {&(0x7f0000005b00)=""/119, 0x77}], 0x2, &(0x7f0000005c40)=""/4096, 0x1000}, 0x8}, {{&(0x7f0000006c40)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x80, &(0x7f0000006ec0)=[{&(0x7f0000006dc0)=""/66, 0x42}, {&(0x7f0000006e40)=""/103, 0x67}], 0x2, &(0x7f0000006f00)=""/245, 0xf5, 0x1000}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{&(0x7f00000070c0)=@sco, 0x80, &(0x7f0000008300)=[{&(0x7f0000007140)=""/136, 0x88}, {&(0x7f0000007200)=""/213, 0xd5}, {&(0x7f0000007300)=""/4096, 0x1000}], 0x3, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}, 0x1}], 0x6, 0x0, 0x0) prctl$PR_GET_CHILD_SUBREAPER(0x25) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000000100)='team\x00', 0x7) getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000140), &(0x7f0000000180)=0x4) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) bind$alg(r0, &(0x7f0000000300)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes128\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) ioctl$VIDIOC_DBG_S_REGISTER(r3, 0x4038564f, &(0x7f0000000100)={{0x7, @addr=0x800}, 0x8, 0x680, 0x7f}) r4 = syz_open_dev$video(&(0x7f0000000180)='/dev/video#\x00', 0x3, 0x0) ioctl$VIDIOC_SUBDEV_S_EDID(r4, 0xc0285629, &(0x7f0000000080)={0xfff, 0x9, 0x100000001, [], &(0x7f0000000040)=0x6}) r5 = socket$inet6(0xa, 0x803, 0x3) ioctl(r5, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r6 = socket$inet6(0x10, 0x3, 0x0) sendmsg(r6, &(0x7f0000002fc8)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f4a00fe01b2a4a280930a06000000a84306910000003900090035000c00060000001900150003000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) [ 255.107208] netlink: 'syz-executor1': attribute type 17 has an invalid length. 17:13:59 executing program 2: mmap(&(0x7f0000000000/0x8b000)=nil, 0x8b000, 0x4, 0x10000032, 0xffffffffffffffff, 0x0) futex(&(0x7f0000000240)=0x8000000000000000, 0x7, 0x0, 0x0, 0x0, 0x0) [ 255.277225] netlink: 'syz-executor1': attribute type 17 has an invalid length. [ 255.379684] netlink: 13 bytes leftover after parsing attributes in process `syz-executor4'. 17:13:59 executing program 2: mmap(&(0x7f0000000000/0x8b000)=nil, 0x8b000, 0x4, 0x10000032, 0xffffffffffffffff, 0x0) futex(&(0x7f0000000240)=0x25010000, 0x7, 0x0, 0x0, 0x0, 0x0) 17:13:59 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000540)=0x1950, 0x4) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22}, 0x1c) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x410000, 0x0) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000280)=0x5, 0x4) r2 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000780)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0) setsockopt$inet6_icmp_ICMP_FILTER(r2, 0x1, 0x1, &(0x7f00000000c0)={0x8}, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x200408d4, &(0x7f0000000380)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f0000000180)={0x7, 0x0, 0x0, 0x101, 0x7, 0x0, 0x9, 0x6, 0x0}, &(0x7f00000001c0)=0x20) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0xa, &(0x7f0000000200)={0x3, 0x5, 0x4, 0x8000, 0x100, 0x800, 0x5, 0x1f, r3}, 0x20) sendto$inet6(r2, &(0x7f0000000580)="cc6844dc3c8ee1c8f50b429c6aa2573e902d900a0066ab89a34e9164d31d10b32d69979b60a5d21d0d3db34f99ff96ab5d3ce0d4e6c405111aaafce218a1039ff715e8902da7e3548b798ce310f1630863b3ac1dc4a8786fa564c11c24233492d04a093fc0bc179d847e8696d6c99caeb7ea834613b12a1d67d0237808c49d66e7fe13bb0238c4ede7a747354e5fb3d338b496b4926273d008a3f7e554c9031964eb864fbfa17cd03c3660c605c400486277d7f60dadebc50244049c549e5205786ce22bc560e4ab0a51b77785d19b3454b7f1fde252891253bbae9543759474d3382c8505f3d245605104fd37350fdaf510ef7f4634747a59323e5efb9d2a3e109cbd3e1d8b186d56ab74225242f63712fcb572abc9b0afc1e840a174b031db632eb042dedb6a", 0x127, 0x0, 0x0, 0x0) syz_open_dev$radio(&(0x7f00000002c0)='/dev/radio#\x00', 0x1, 0x2) ioctl$RTC_UIE_OFF(r2, 0x7004) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f0000000100)=0x0) process_vm_readv(r4, &(0x7f0000000240)=[{&(0x7f0000000300)=""/111, 0x6f}, {&(0x7f00000003c0)=""/96, 0x60}], 0x2, &(0x7f0000000740)=[{&(0x7f0000000440)=""/90, 0x5a}, {&(0x7f00000004c0)=""/42, 0x2a}, {&(0x7f0000000500)=""/57, 0x39}, {&(0x7f00000006c0)=""/109, 0x6d}], 0x4, 0x0) sendto$inet6(r0, &(0x7f0000000140)=' ', 0x1, 0x0, 0x0, 0x0) 17:13:59 executing program 0: r0 = socket$inet6(0xa, 0x400000000000803, 0x3) ioctl(r0, 0x400001000008912, &(0x7f0000000100)="0a5c2d023c126285718070") r1 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x41}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r2, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000080)={0x41}, 0x10) sendmsg$tipc(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) setsockopt$TIPC_GROUP_LEAVE(r1, 0x10f, 0x88) [ 255.612623] audit: type=1804 audit(1545153239.827:34): pid=7984 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor3" name="/root/syzkaller-testdir275099789/syzkaller.b9qdKu/9/file0" dev="sda1" ino=16577 res=1 [ 255.659490] netlink: 13 bytes leftover after parsing attributes in process `syz-executor4'. 17:13:59 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x6c400, 0x0) write(r0, &(0x7f0000000400)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) ioctl$SNDRV_TIMER_IOCTL_PVERSION(r0, 0x80045400, &(0x7f0000000280)) ioctl$KVM_HAS_DEVICE_ATTR(r0, 0x4018aee3, &(0x7f0000000240)={0x0, 0x10000, 0x3, &(0x7f0000000000)=0x6}) sendfile(r0, r1, 0x0, 0x10000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) ioctl$RTC_VL_READ(r0, 0x80047013, &(0x7f0000000200)) waitid(0x3, 0x0, 0x0, 0xa, &(0x7f0000000140)) getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)=""/1, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000000)={@local, @dev, [], {@ipv4={0x800, {{0x7, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @remote, {[@rr={0x7, 0x7, 0x4, [@loopback]}]}}, @icmp=@timestamp_reply}}}}, 0x0) 17:13:59 executing program 2: mmap(&(0x7f0000000000/0x8b000)=nil, 0x8b000, 0x4, 0x10000032, 0xffffffffffffffff, 0x0) futex(&(0x7f0000000240)=0x1000000, 0x7, 0x0, 0x0, 0x0, 0x0) 17:14:00 executing program 4: rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000400), &(0x7f00000003c0), 0x8) syz_genetlink_get_family_id$team(&(0x7f00000001c0)='team\x00') getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000200)={{{@in6=@mcast1, @in=@multicast2}}, {{@in=@broadcast}, 0x0, @in=@multicast1}}, &(0x7f00000004c0)=0xe8) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000940)={'team0\x00'}) recvmmsg(0xffffffffffffffff, &(0x7f0000009340)=[{{0xffffffffffffffff, 0x0, &(0x7f0000003280)=[{&(0x7f0000002180)=""/113, 0x71}, {&(0x7f0000002200)=""/66, 0x42}, {&(0x7f0000002280)=""/4096, 0x1000}, {&(0x7f0000001e40)=""/64, 0x40}], 0x4, &(0x7f00000032c0)=""/224, 0xe0, 0x9}, 0xfffffffffffffffe}, {{&(0x7f00000034c0)=@sco, 0x80, &(0x7f0000003700)=[{&(0x7f0000003540)=""/187, 0xbb}, {&(0x7f0000003600)=""/253, 0xfd}], 0x2, &(0x7f0000003740)=""/165, 0xa5}, 0x5}, {{&(0x7f0000003980)=@ipx, 0x80, &(0x7f0000005bc0)=[{&(0x7f0000003ac0)=""/4, 0x4}, {&(0x7f0000005b00)=""/119, 0x77}], 0x2, &(0x7f0000005c40)=""/4096, 0x1000}, 0x8}, {{&(0x7f0000006c40)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x80, &(0x7f0000006ec0)=[{&(0x7f0000006dc0)=""/66, 0x42}, {&(0x7f0000006e40)=""/103, 0x67}], 0x2, &(0x7f0000006f00)=""/245, 0xf5, 0x1000}, 0x5}, {{0x0, 0x0, &(0x7f0000007000), 0x0, &(0x7f0000007040)=""/66, 0x42, 0x800}, 0x7}, {{&(0x7f00000070c0)=@sco, 0x80, &(0x7f0000008300)=[{&(0x7f0000007140)=""/136, 0x88}, {&(0x7f0000007200)=""/213, 0xd5}, {&(0x7f0000007300)=""/4096, 0x1000}], 0x3, &(0x7f0000008340)=""/4096, 0x1000, 0x49e1}, 0x1}], 0x6, 0x0, 0x0) prctl$PR_GET_CHILD_SUBREAPER(0x25) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = memfd_create(&(0x7f0000000100)='team\x00', 0x7) getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000140), &(0x7f0000000180)=0x4) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000ff8000), 0x0) setitimer(0x1, &(0x7f0000000380), &(0x7f0000000440)) bind$alg(r0, &(0x7f0000000300)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes128\x00'}, 0x58) r2 = accept$alg(r1, 0x0, 0x0) recvmmsg(r2, &(0x7f0000001280)=[{{&(0x7f0000000ec0)=@nl=@proc, 0x34e, &(0x7f0000001180)=[{&(0x7f0000001080)=""/251, 0xfb}], 0x11, &(0x7f00000011c0)=""/157, 0x9d}}], 0x1500, 0x0, &(0x7f0000001380)={0x77359400}) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0xdc341f362a05dc0b, 0x0) ioctl$VIDIOC_DBG_S_REGISTER(r3, 0x4038564f, &(0x7f0000000100)={{0x7, @addr=0x800}, 0x8, 0x680, 0x7f}) r4 = syz_open_dev$video(&(0x7f0000000180)='/dev/video#\x00', 0x3, 0x0) ioctl$VIDIOC_SUBDEV_S_EDID(r4, 0xc0285629, &(0x7f0000000080)={0xfff, 0x9, 0x100000001, [], &(0x7f0000000040)=0x6}) r5 = socket$inet6(0xa, 0x803, 0x3) ioctl(r5, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r6 = socket$inet6(0x10, 0x3, 0x0) sendmsg(r6, &(0x7f0000002fc8)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f000000dfaa)="5500000018007f4a00fe01b2a4a280930a06000000a84306910000003900090035000c00060000001900150003000000000000dc1338d54400009b84136ef75afb83de4411001600c43ab8220000060cec4fab91d4", 0x55}], 0x1}, 0x0) [ 255.763258] audit: type=1800 audit(1545153239.827:35): pid=7984 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor3" name="file0" dev="sda1" ino=16577 res=0 [ 255.875879] audit: type=1800 audit(1545153240.077:36): pid=8046 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor3" name="file0" dev="sda1" ino=16596 res=0 [ 255.953281] netlink: 13 bytes leftover after parsing attributes in process `syz-executor4'. [ 256.001285] audit: type=1804 audit(1545153240.087:37): pid=8046 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor3" name="/root/syzkaller-testdir275099789/syzkaller.b9qdKu/10/file0" dev="sda1" ino=16596 res=1 17:14:00 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x6c400, 0x0) write(r0, &(0x7f0000000400)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) ioctl$SNDRV_TIMER_IOCTL_PVERSION(r0, 0x80045400, &(0x7f0000000280)) ioctl$KVM_HAS_DEVICE_ATTR(r0, 0x4018aee3, &(0x7f0000000240)={0x0, 0x10000, 0x3, &(0x7f0000000000)=0x6}) sendfile(r0, r1, 0x0, 0x10000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) ioctl$RTC_VL_READ(r0, 0x80047013, &(0x7f0000000200)) waitid(0x3, 0x0, 0x0, 0xa, &(0x7f0000000140)) getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)=""/1, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000000)={@local, @dev, [], {@ipv4={0x800, {{0x7, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @remote, {[@rr={0x7, 0x7, 0x4, [@loopback]}]}}, @icmp=@timestamp_reply}}}}, 0x0) 17:14:00 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x6c400, 0x0) write(r0, &(0x7f0000000400)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) ioctl$SNDRV_TIMER_IOCTL_PVERSION(r0, 0x80045400, &(0x7f0000000280)) ioctl$KVM_HAS_DEVICE_ATTR(r0, 0x4018aee3, &(0x7f0000000240)={0x0, 0x10000, 0x3, &(0x7f0000000000)=0x6}) sendfile(r0, r1, 0x0, 0x10000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) ioctl$RTC_VL_READ(r0, 0x80047013, &(0x7f0000000200)) waitid(0x3, 0x0, 0x0, 0xa, &(0x7f0000000140)) getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)=""/1, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000000)={@local, @dev, [], {@ipv4={0x800, {{0x7, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @remote, {[@rr={0x7, 0x7, 0x4, [@loopback]}]}}, @icmp=@timestamp_reply}}}}, 0x0) 17:14:00 executing program 2: mmap(&(0x7f0000000000/0x8b000)=nil, 0x8b000, 0x4, 0x10000032, 0xffffffffffffffff, 0x0) futex(&(0x7f0000000240), 0x6, 0x0, 0x0, 0x0, 0x0) [ 256.080534] audit: type=1800 audit(1545153240.097:38): pid=8046 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor3" name="file0" dev="sda1" ino=16596 res=0 17:14:00 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f0000000380)='./file0\x00', 0x6c400, 0x0) write(r0, &(0x7f0000000400)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) ioctl$SNDRV_TIMER_IOCTL_PVERSION(r0, 0x80045400, &(0x7f0000000280)) ioctl$KVM_HAS_DEVICE_ATTR(r0, 0x4018aee3, &(0x7f0000000240)={0x0, 0x10000, 0x3, &(0x7f0000000000)=0x6}) sendfile(r0, r1, 0x0, 0x10000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) ioctl$RTC_VL_READ(r0, 0x80047013, &(0x7f0000000200)) waitid(0x3, 0x0, 0x0, 0xa, &(0x7f0000000140)) getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)=""/1, 0x0) syz_emit_ethernet(0x3e, &(0x7f0000000000)={@local, @dev, [], {@ipv4={0x800, {{0x7, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @remote, {[@rr={0x7, 0x7, 0x4, [@loopback]}]}}, @icmp=@timestamp_reply}}}}, 0x0) [ 256.172951] audit: type=1800 audit(1545153240.387:39): pid=8058 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor1" name="file0" dev="sda1" ino=16550 res=0 [ 256.233550] audit: type=1804 audit(1545153240.427:40): pid=8058 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz-executor1" name="/root/syzkaller-testdir173247712/syzkaller.qk9XgL/12/file0" dev="sda1" ino=16550 res=1 17:14:00 executing program 2: mmap(&(0x7f0000000000/0x8b000)=nil, 0x8b000, 0x4, 0x10000032, 0xffffffffffffffff, 0x0) futex(&(0x7f0000000240), 0x5, 0x0, 0x0, 0x0, 0x0) [ 256.551725] ================================================================== [ 256.559354] BUG: KASAN: use-after-free in tipc_group_bc_cong+0x327/0x3f0 [ 256.566223] Read of size 2 at addr ffff8881d4ffcd74 by task syz-executor0/8033 [ 256.573585] [ 256.575243] CPU: 0 PID: 8033 Comm: syz-executor0 Not tainted 4.20.0-rc7+ #155 [ 256.582523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 256.591922] Call Trace: [ 256.594532] dump_stack+0x244/0x39d [ 256.598182] ? dump_stack_print_info.cold.1+0x20/0x20 [ 256.603438] ? printk+0xa7/0xcf [ 256.606735] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 256.611504] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 256.616628] print_address_description.cold.7+0x9/0x1ff [ 256.622012] kasan_report.cold.8+0x242/0x309 [ 256.622199] kasan: CONFIG_KASAN_INLINE enabled [ 256.626429] ? tipc_group_bc_cong+0x327/0x3f0 [ 256.626453] __asan_report_load2_noabort+0x14/0x20 [ 256.640564] tipc_group_bc_cong+0x327/0x3f0 [ 256.644906] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 256.650021] ? tipc_group_cong+0x5d0/0x5d0 [ 256.654267] ? remove_wait_queue+0x1a6/0x360 [ 256.658719] ? add_wait_queue+0x2b0/0x2b0 [ 256.662949] ? __local_bh_enable_ip+0x160/0x260 [ 256.667730] tipc_send_group_bcast+0x50a/0xd90 [ 256.672390] ? tipc_sk_sock_err.isra.61+0x2f0/0x2f0 [ 256.677521] ? __init_waitqueue_head+0x150/0x150 [ 256.682290] ? refill_pi_state_cache.part.8+0x310/0x310 [ 256.687688] ? mark_held_locks+0x130/0x130 [ 256.690782] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 256.691939] ? futex_wait_setup+0x266/0x3e0 [ 256.703628] ? futex_wake+0x760/0x760 [ 256.707473] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 256.712684] __tipc_sendmsg+0xeec/0x1d40 [ 256.716958] ? futex_wait+0x5ec/0xa50 [ 256.720782] ? tipc_sendmcast+0xf50/0xf50 [ 256.724941] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 256.730148] ? zap_class+0x640/0x640 [ 256.733874] ? print_usage_bug+0xc0/0xc0 [ 256.737948] ? find_held_lock+0x36/0x1c0 [ 256.742036] ? find_held_lock+0x36/0x1c0 [ 256.746117] ? mark_held_locks+0xc7/0x130 17:14:00 executing program 2: mmap(&(0x7f0000000000/0x8b000)=nil, 0x8b000, 0x4, 0x10000032, 0xffffffffffffffff, 0x0) futex(&(0x7f0000000240), 0x8, 0x0, 0x0, 0x0, 0x0) [ 256.750277] ? __local_bh_enable_ip+0x160/0x260 [ 256.754956] ? __local_bh_enable_ip+0x160/0x260 [ 256.759651] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 256.764266] ? trace_hardirqs_on+0xbd/0x310 [ 256.768605] ? lock_release+0xa00/0xa00 [ 256.772657] ? lock_sock_nested+0xe2/0x120 [ 256.776910] ? trace_hardirqs_off_caller+0x310/0x310 [ 256.782031] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 256.787582] ? check_preemption_disabled+0x48/0x280 [ 256.792624] ? lock_sock_nested+0x9a/0x120 [ 256.796875] ? lock_sock_nested+0x9a/0x120 [ 256.801127] ? __local_bh_enable_ip+0x160/0x260 [ 256.805818] tipc_sendmsg+0x50/0x70 [ 256.809454] ? __tipc_sendmsg+0x1d40/0x1d40 [ 256.813847] sock_sendmsg+0xd5/0x120 [ 256.817574] ___sys_sendmsg+0x7fd/0x930 [ 256.821566] ? __local_bh_enable_ip+0x160/0x260 [ 256.826255] ? copy_msghdr_from_user+0x580/0x580 [ 256.826478] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 256.831015] ? _raw_spin_unlock_bh+0x30/0x40 [ 256.837242] CPU: 1 PID: 8038 Comm: syz-executor0 Not tainted 4.20.0-rc7+ #155 [ 256.841636] ? __fget_light+0x2e9/0x430 [ 256.849403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 256.853366] ? fget_raw+0x20/0x20 [ 256.862710] RIP: 0010:tipc_group_update_bc_members+0x38/0x1f0 [ 256.866146] ? __might_fault+0x12b/0x1e0 [ 256.872012] Code: 54 53 48 83 ec 18 89 55 c4 89 75 d0 e8 31 b8 db f9 49 8d 4e 72 48 b8 00 00 00 00 00 fc ff df 48 89 ca 48 89 4d c8 48 c1 ea 03 <0f> b6 14 02 48 89 c8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 76 [ 256.876063] ? lock_downgrade+0x900/0x900 [ 256.894945] RSP: 0018:ffff88817f74f370 EFLAGS: 00010202 [ 256.899079] ? lock_release+0xa00/0xa00 [ 256.904427] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000072 [ 256.908390] ? perf_trace_sched_process_exec+0x860/0x860 [ 256.915641] RDX: 000000000000000e RSI: ffffffff87a3cc3f RDI: 0000000000000000 [ 256.921131] ? posix_ktime_get_ts+0x15/0x20 [ 256.928337] RBP: ffff88817f74f3b0 R08: ffff8881c2d56400 R09: ffffed103b5e5b5f [ 256.932656] ? trace_hardirqs_off_caller+0x310/0x310 [ 256.939903] R10: ffffed103b5e5b5f R11: ffff8881daf2dafb R12: ffff88817f74f618 [ 256.944997] ? tipc_setsockopt+0x726/0xd70 [ 256.952249] R13: ffff8881b9ce761c R14: 0000000000000000 R15: 0000000000000000 [ 256.956479] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 256.963728] FS: 00007f1546265700(0000) GS:ffff8881daf00000(0000) knlGS:0000000000000000 [ 256.969254] ? sockfd_lookup_light+0xc5/0x160 [ 256.977460] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 256.981941] __sys_sendmsg+0x11d/0x280 [ 256.987799] CR2: 0000000020000240 CR3: 00000001bd689000 CR4: 00000000001406e0 [ 256.991678] ? __ia32_sys_shutdown+0x80/0x80 [ 256.998930] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 257.003337] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 257.010586] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 257.016161] ? put_timespec64+0x10f/0x1b0 [ 257.016182] ? do_syscall_64+0x9a/0x820 [ 257.023430] Call Trace: [ 257.027575] ? do_syscall_64+0x9a/0x820 [ 257.031536] tipc_send_group_bcast+0xa71/0xd90 [ 257.034101] ? trace_hardirqs_off_caller+0x310/0x310 [ 257.038064] ? tipc_sk_sock_err.isra.61+0x2f0/0x2f0 [ 257.042628] __x64_sys_sendmsg+0x78/0xb0 [ 257.047715] ? __init_waitqueue_head+0x150/0x150 [ 257.052712] do_syscall_64+0x1b9/0x820 [ 257.056756] ? refill_pi_state_cache.part.8+0x310/0x310 [ 257.061496] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 257.065366] ? print_usage_bug+0xc0/0xc0 [ 257.070712] ? syscall_return_slowpath+0x5e0/0x5e0 [ 257.076057] ? mark_held_locks+0x130/0x130 [ 257.080101] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 257.085017] ? futex_wait_setup+0x266/0x3e0 [ 257.089242] ? trace_hardirqs_on_caller+0x310/0x310 [ 257.094065] ? __lock_acquire+0x62f/0x4c20 [ 257.098367] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 257.103371] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 257.107596] ? prepare_exit_to_usermode+0x291/0x3b0 [ 257.112589] __tipc_sendmsg+0xeec/0x1d40 [ 257.117766] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 257.122762] ? futex_wait+0x5ec/0xa50 [ 257.126810] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 257.131631] ? tipc_sendmcast+0xf50/0xf50 [ 257.135436] RIP: 0033:0x457669 [ 257.140629] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 257.144757] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 257.147935] ? zap_class+0x640/0x640 [ 257.153108] RSP: 002b:00007f1546285c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 257.172018] ? print_usage_bug+0xc0/0xc0 [ 257.175710] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 257.183418] ? find_held_lock+0x36/0x1c0 [ 257.187461] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000004 [ 257.194723] ? find_held_lock+0x36/0x1c0 [ 257.198763] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 257.206022] ? mark_held_locks+0xc7/0x130 [ 257.210059] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f15462866d4 [ 257.217318] ? __local_bh_enable_ip+0x160/0x260 [ 257.221457] R13: 00000000004c44f4 R14: 00000000004d7518 R15: 00000000ffffffff [ 257.228747] ? __local_bh_enable_ip+0x160/0x260 [ 257.233397] [ 257.240659] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 257.245300] Allocated by task 8033: [ 257.246930] ? trace_hardirqs_on+0xbd/0x310 [ 257.251498] save_stack+0x43/0xd0 [ 257.255108] ? lock_release+0xa00/0xa00 [ 257.259406] kasan_kmalloc+0xc7/0xe0 [ 257.262843] ? lock_sock_nested+0xe2/0x120 [ 257.266799] kmem_cache_alloc_trace+0x152/0x750 [ 257.270500] ? trace_hardirqs_off_caller+0x310/0x310 [ 257.274721] tipc_group_create+0x152/0xa70 [ 257.279371] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 257.284451] tipc_setsockopt+0x2d1/0xd70 [ 257.288673] ? check_preemption_disabled+0x48/0x280 [ 257.294190] __sys_setsockopt+0x1ba/0x3c0 [ 257.298233] ? lock_sock_nested+0x9a/0x120 [ 257.303234] __x64_sys_setsockopt+0xbe/0x150 [ 257.307380] ? lock_sock_nested+0x9a/0x120 [ 257.311628] do_syscall_64+0x1b9/0x820 [ 257.316018] ? __local_bh_enable_ip+0x160/0x260 [ 257.320249] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 257.324128] tipc_sendmsg+0x50/0x70 [ 257.328765] [ 257.333950] ? __tipc_sendmsg+0x1d40/0x1d40 [ 257.337567] Freed by task 8038: [ 257.339201] sock_sendmsg+0xd5/0x120 [ 257.343507] save_stack+0x43/0xd0 [ 257.346769] ___sys_sendmsg+0x7fd/0x930 [ 257.350469] __kasan_slab_free+0x102/0x150 [ 257.353904] ? __local_bh_enable_ip+0x160/0x260 [ 257.357859] kasan_slab_free+0xe/0x10 [ 257.362073] ? copy_msghdr_from_user+0x580/0x580 [ 257.366726] kfree+0xcf/0x230 [ 257.370510] ? _raw_spin_unlock_bh+0x30/0x40 [ 257.375247] tipc_group_delete+0x2e4/0x3f0 [ 257.378348] ? __fget_light+0x2e9/0x430 [ 257.382737] tipc_sk_leave+0x113/0x220 [ 257.386954] ? fget_raw+0x20/0x20 [ 257.390912] tipc_setsockopt+0x97d/0xd70 [ 257.394797] ? __might_fault+0x12b/0x1e0 [ 257.398232] __sys_setsockopt+0x1ba/0x3c0 [ 257.402279] ? lock_downgrade+0x900/0x900 [ 257.406344] __x64_sys_setsockopt+0xbe/0x150 [ 257.410473] ? lock_release+0xa00/0xa00 [ 257.414608] do_syscall_64+0x1b9/0x820 [ 257.418996] ? perf_trace_sched_process_exec+0x860/0x860 [ 257.422955] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 257.426835] ? posix_ktime_get_ts+0x15/0x20 [ 257.432264] [ 257.437463] ? trace_hardirqs_off_caller+0x310/0x310 [ 257.441761] The buggy address belongs to the object at ffff8881d4ffcd00 [ 257.441761] which belongs to the cache kmalloc-192 of size 192 [ 257.443376] ? tipc_setsockopt+0x726/0xd70 [ 257.448485] The buggy address is located 116 bytes inside of [ 257.448485] 192-byte region [ffff8881d4ffcd00, ffff8881d4ffcdc0) [ 257.461127] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 257.465346] The buggy address belongs to the page: [ 257.477217] ? sockfd_lookup_light+0xc5/0x160 [ 257.482734] page:ffffea000753ff00 count:1 mapcount:0 mapping:ffff8881da800040 index:0x0 [ 257.487652] __sys_sendmsg+0x11d/0x280 [ 257.492123] flags: 0x2fffc0000000200(slab) [ 257.500256] ? __ia32_sys_shutdown+0x80/0x80 [ 257.504126] raw: 02fffc0000000200 ffffea00074eb908 ffffea000752f708 ffff8881da800040 [ 257.508350] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 257.512737] raw: 0000000000000000 ffff8881d4ffc000 0000000100000010 0000000000000000 [ 257.520604] ? put_timespec64+0x10f/0x1b0 [ 257.526118] page dumped because: kasan: bad access detected [ 257.533989] ? do_syscall_64+0x9a/0x820 [ 257.538106] [ 257.543811] ? do_syscall_64+0x9a/0x820 [ 257.547755] Memory state around the buggy address: [ 257.549381] ? trace_hardirqs_off_caller+0x310/0x310 [ 257.553346] ffff8881d4ffcc00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 257.558282] __x64_sys_sendmsg+0x78/0xb0 [ 257.563373] ffff8881d4ffcc80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 257.570722] do_syscall_64+0x1b9/0x820 [ 257.574758] >ffff8881d4ffcd00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 257.582111] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 257.585970] ^ [ 257.593332] ? syscall_return_slowpath+0x5e0/0x5e0 [ 257.598666] ffff8881d4ffcd80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 257.605673] ? trace_hardirqs_on_caller+0x310/0x310 [ 257.610579] ffff8881d4ffce00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 257.617934] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 257.622923] ================================================================== [ 257.630351] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 257.649297] ? __switch_to_asm+0x40/0x70 [ 257.653374] ? __switch_to_asm+0x34/0x70 [ 257.657452] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 257.662305] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 257.667511] RIP: 0033:0x457669 [ 257.670712] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 257.689621] RSP: 002b:00007f1546264c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 257.697348] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 257.704622] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000007 [ 257.711895] RBP: 000000000072bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 257.719275] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f15462656d4 [ 257.726553] R13: 00000000004c44f4 R14: 00000000004d7518 R15: 00000000ffffffff [ 257.733830] Modules linked in: 17:14:02 executing program 2: mmap(&(0x7f0000000000/0x8b000)=nil, 0x8b000, 0x4, 0x10000032, 0xffffffffffffffff, 0x0) futex(&(0x7f0000000240), 0x9, 0x0, 0x0, 0x0, 0x0) [ 257.864458] kobject: 'loop2' (0000000088e81f02): kobject_uevent_env [ 257.903064] kobject: 'loop2' (0000000088e81f02): fill_kobj_path: path = '/devices/virtual/block/loop2' 17:14:02 executing program 2: mmap(&(0x7f0000000000/0x8b000)=nil, 0x8b000, 0x4, 0x10000032, 0xffffffffffffffff, 0x0) futex(&(0x7f0000000240), 0x3, 0x0, 0x0, 0x0, 0x0) [ 258.533260] kobject: 'loop2' (0000000088e81f02): kobject_uevent_env [ 258.550699] kobject: 'loop2' (0000000088e81f02): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 258.768580] ---[ end trace fd2ebb0cac6102d2 ]--- [ 258.773401] RIP: 0010:tipc_group_update_bc_members+0x38/0x1f0 [ 258.779380] Code: 54 53 48 83 ec 18 89 55 c4 89 75 d0 e8 31 b8 db f9 49 8d 4e 72 48 b8 00 00 00 00 00 fc ff df 48 89 ca 48 89 4d c8 48 c1 ea 03 <0f> b6 14 02 48 89 c8 83 e0 07 83 c0 01 38 d0 7c 08 84 d2 0f 85 76 [ 258.798490] RSP: 0018:ffff88817f74f370 EFLAGS: 00010202 [ 258.803864] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000072 [ 258.806348] kobject: 'loop1' (0000000001cb21dd): kobject_uevent_env [ 258.811174] RDX: 000000000000000e RSI: ffffffff87a3cc3f RDI: 0000000000000000 [ 258.811184] RBP: ffff88817f74f3b0 R08: ffff8881c2d56400 R09: ffffed103b5e5b5f [ 258.811193] R10: ffffed103b5e5b5f R11: ffff8881daf2dafb R12: ffff88817f74f618 [ 258.811202] R13: ffff8881b9ce761c R14: 0000000000000000 R15: 0000000000000000 [ 258.811215] FS: 00007f1546265700(0000) GS:ffff8881daf00000(0000) knlGS:0000000000000000 [ 258.811225] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 258.811234] CR2: 0000000000625208 CR3: 00000001bd689000 CR4: 00000000001406e0 [ 258.811246] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 258.811260] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 258.819559] kobject: 'loop1' (0000000001cb21dd): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 258.824968] Kernel panic - not syncing: Fatal exception [ 258.898863] Kernel Offset: disabled [ 258.902484] Rebooting in 86400 seconds..