syzkaller login: [  254.717242][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  254.775582][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  254.831125][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
[  263.829600][ T1859] netlink: 4 bytes leftover after parsing attributes in process `dhcpcd'.
Warning: Permanently added '[localhost]:32661' (ECDSA) to the list of known hosts.
1970/01/01 00:05:42 fuzzer started
1970/01/01 00:05:55 dialing manager at localhost:40819
[  362.402086][ T2026] cgroup: Unknown subsys name 'net'
[  363.207906][ T2026] cgroup: Unknown subsys name 'rlimit'
1970/01/01 00:06:02 syscalls: 2918
1970/01/01 00:06:02 code coverage: enabled
1970/01/01 00:06:02 comparison tracing: enabled
1970/01/01 00:06:02 extra coverage: enabled
1970/01/01 00:06:02 delay kcov mmap: mmap returned an invalid pointer
1970/01/01 00:06:02 setuid sandbox: enabled
1970/01/01 00:06:02 namespace sandbox: enabled
1970/01/01 00:06:02 Android sandbox: /sys/fs/selinux/policy does not exist
1970/01/01 00:06:02 fault injection: enabled
1970/01/01 00:06:02 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
1970/01/01 00:06:02 net packet injection: enabled
1970/01/01 00:06:02 net device setup: enabled
1970/01/01 00:06:02 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
1970/01/01 00:06:02 devlink PCI setup: PCI device 0000:00:10.0 is not available
1970/01/01 00:06:02 NIC VF setup: PCI device 0000:00:11.0 is not available
1970/01/01 00:06:02 USB emulation: enabled
1970/01/01 00:06:02 hci packet injection: /dev/vhci does not exist
1970/01/01 00:06:02 wifi device emulation: /sys/class/mac80211_hwsim/ does not exist
1970/01/01 00:06:02 802.15.4 emulation: /sys/bus/platform/devices/mac802154_hwsim does not exist
1970/01/01 00:06:03 fetching corpus: 0, signal 0/2000 (executing program)
1970/01/01 00:06:09 fetching corpus: 50, signal 25934/29335 (executing program)
1970/01/01 00:06:14 fetching corpus: 99, signal 46250/50610 (executing program)
1970/01/01 00:06:17 fetching corpus: 146, signal 52839/58315 (executing program)
1970/01/01 00:06:21 fetching corpus: 196, signal 59794/66261 (executing program)
1970/01/01 00:06:24 fetching corpus: 246, signal 66681/73977 (executing program)
1970/01/01 00:06:26 fetching corpus: 293, signal 73065/81056 (executing program)
1970/01/01 00:06:30 fetching corpus: 343, signal 77563/86282 (executing program)
1970/01/01 00:06:32 fetching corpus: 393, signal 81414/90827 (executing program)
1970/01/01 00:06:35 fetching corpus: 443, signal 84620/94737 (executing program)
1970/01/01 00:06:37 fetching corpus: 493, signal 86261/97204 (executing program)
1970/01/01 00:06:39 fetching corpus: 543, signal 88926/100480 (executing program)
1970/01/01 00:06:42 fetching corpus: 593, signal 91133/103332 (executing program)
1970/01/01 00:06:44 fetching corpus: 641, signal 93301/106120 (executing program)
1970/01/01 00:06:48 fetching corpus: 691, signal 96575/109755 (executing program)
1970/01/01 00:06:51 fetching corpus: 740, signal 99752/113255 (executing program)
1970/01/01 00:06:54 fetching corpus: 788, signal 102553/116317 (executing program)
1970/01/01 00:06:57 fetching corpus: 837, signal 106111/119961 (executing program)
1970/01/01 00:07:01 fetching corpus: 886, signal 110041/123858 (executing program)
1970/01/01 00:07:04 fetching corpus: 936, signal 112449/126437 (executing program)
1970/01/01 00:07:07 fetching corpus: 986, signal 114393/128658 (executing program)
1970/01/01 00:07:10 fetching corpus: 1036, signal 116631/130990 (executing program)
1970/01/01 00:07:13 fetching corpus: 1085, signal 118398/132956 (executing program)
1970/01/01 00:07:16 fetching corpus: 1135, signal 120234/134890 (executing program)
1970/01/01 00:07:18 fetching corpus: 1184, signal 121622/136471 (executing program)
1970/01/01 00:07:21 fetching corpus: 1234, signal 123360/138308 (executing program)
1970/01/01 00:07:24 fetching corpus: 1284, signal 125592/140414 (executing program)
1970/01/01 00:07:27 fetching corpus: 1334, signal 128277/142761 (executing program)
1970/01/01 00:07:29 fetching corpus: 1384, signal 129895/144373 (executing program)
1970/01/01 00:07:32 fetching corpus: 1434, signal 131846/146144 (executing program)
1970/01/01 00:07:34 fetching corpus: 1484, signal 133338/147582 (executing program)
1970/01/01 00:07:37 fetching corpus: 1533, signal 135153/149169 (executing program)
1970/01/01 00:07:39 fetching corpus: 1581, signal 136696/150567 (executing program)
1970/01/01 00:07:44 fetching corpus: 1631, signal 137957/151744 (executing program)
1970/01/01 00:07:47 fetching corpus: 1680, signal 139343/152994 (executing program)
1970/01/01 00:07:49 fetching corpus: 1730, signal 140447/154084 (executing program)
1970/01/01 00:07:52 fetching corpus: 1779, signal 142059/155431 (executing program)
1970/01/01 00:07:55 fetching corpus: 1829, signal 143591/156618 (executing program)
1970/01/01 00:07:58 fetching corpus: 1879, signal 145661/158134 (executing program)
1970/01/01 00:08:00 fetching corpus: 1929, signal 147211/159306 (executing program)
1970/01/01 00:08:03 fetching corpus: 1977, signal 148461/160289 (executing program)
1970/01/01 00:08:06 fetching corpus: 2026, signal 149947/161322 (executing program)
1970/01/01 00:08:08 fetching corpus: 2075, signal 151383/162314 (executing program)
1970/01/01 00:08:10 fetching corpus: 2123, signal 152336/163023 (executing program)
1970/01/01 00:08:12 fetching corpus: 2173, signal 153218/163689 (executing program)
1970/01/01 00:08:14 fetching corpus: 2223, signal 154275/164422 (executing program)
1970/01/01 00:08:16 fetching corpus: 2273, signal 156140/165492 (executing program)
1970/01/01 00:08:19 fetching corpus: 2321, signal 156999/166080 (executing program)
1970/01/01 00:08:21 fetching corpus: 2371, signal 158297/166914 (executing program)
1970/01/01 00:08:23 fetching corpus: 2420, signal 159370/167574 (executing program)
1970/01/01 00:08:25 fetching corpus: 2470, signal 160372/168161 (executing program)
1970/01/01 00:08:27 fetching corpus: 2519, signal 161258/168658 (executing program)
1970/01/01 00:08:30 fetching corpus: 2567, signal 162295/169219 (executing program)
1970/01/01 00:08:33 fetching corpus: 2616, signal 163323/169739 (executing program)
1970/01/01 00:08:35 fetching corpus: 2666, signal 164360/170252 (executing program)
1970/01/01 00:08:38 fetching corpus: 2716, signal 165092/170619 (executing program)
1970/01/01 00:08:40 fetching corpus: 2766, signal 165860/171017 (executing program)
1970/01/01 00:08:43 fetching corpus: 2815, signal 167522/171687 (executing program)
1970/01/01 00:08:45 fetching corpus: 2865, signal 168422/172074 (executing program)
1970/01/01 00:08:48 fetching corpus: 2915, signal 169018/172316 (executing program)
1970/01/01 00:08:49 fetching corpus: 2964, signal 169639/172562 (executing program)
1970/01/01 00:08:52 fetching corpus: 3014, signal 170543/172848 (executing program)
1970/01/01 00:08:54 fetching corpus: 3064, signal 171454/173130 (executing program)
1970/01/01 00:08:55 fetching corpus: 3099, signal 171906/173292 (executing program)
1970/01/01 00:08:55 fetching corpus: 3099, signal 171906/173315 (executing program)
1970/01/01 00:08:55 fetching corpus: 3099, signal 171906/173341 (executing program)
1970/01/01 00:08:55 fetching corpus: 3099, signal 171906/173374 (executing program)
1970/01/01 00:08:56 fetching corpus: 3099, signal 171906/173398 (executing program)
1970/01/01 00:08:56 fetching corpus: 3099, signal 171906/173421 (executing program)
1970/01/01 00:08:56 fetching corpus: 3099, signal 171906/173448 (executing program)
1970/01/01 00:08:56 fetching corpus: 3099, signal 171906/173463 (executing program)
1970/01/01 00:08:56 fetching corpus: 3099, signal 171906/173483 (executing program)
1970/01/01 00:08:56 fetching corpus: 3099, signal 171906/173507 (executing program)
1970/01/01 00:08:56 fetching corpus: 3099, signal 171906/173534 (executing program)
1970/01/01 00:08:57 fetching corpus: 3099, signal 171906/173556 (executing program)
1970/01/01 00:08:57 fetching corpus: 3099, signal 171906/173580 (executing program)
1970/01/01 00:08:57 fetching corpus: 3101, signal 171942/173618 (executing program)
1970/01/01 00:08:57 fetching corpus: 3102, signal 171950/173648 (executing program)
1970/01/01 00:08:58 fetching corpus: 3102, signal 171950/173673 (executing program)
1970/01/01 00:08:58 fetching corpus: 3102, signal 171950/173699 (executing program)
1970/01/01 00:08:58 fetching corpus: 3102, signal 171950/173716 (executing program)
1970/01/01 00:08:58 fetching corpus: 3102, signal 171950/173744 (executing program)
1970/01/01 00:08:58 fetching corpus: 3102, signal 171950/173757 (executing program)
1970/01/01 00:08:59 fetching corpus: 3102, signal 171950/173777 (executing program)
1970/01/01 00:08:59 fetching corpus: 3102, signal 171950/173795 (executing program)
1970/01/01 00:08:59 fetching corpus: 3102, signal 171950/173812 (executing program)
1970/01/01 00:08:59 fetching corpus: 3102, signal 171950/173836 (executing program)
1970/01/01 00:08:59 fetching corpus: 3102, signal 171950/173836 (executing program)
1970/01/01 00:10:56 starting 2 fuzzer processes
00:10:56 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
pwritev(r0, &(0x7f0000000a80)=[{&(0x7f0000000980)='+', 0x1}], 0x1, 0x100bfaa, 0x0)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0)
openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = openat(0xffffffffffffffff, 0x0, 0x0, 0x4)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0)
sendfile(r2, r4, 0x0, 0x2)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x2fff2)
openat$cgroup_procs(r3, 0x0, 0x2, 0x0)

00:10:56 executing program 1:
r0 = socket$l2tp(0x2, 0x2, 0x73)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
r2 = epoll_create1(0x0)
r3 = fcntl$dupfd(r2, 0x0, r0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f00000000c0))
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = fcntl$dupfd(r1, 0x0, r4)
setsockopt$inet6_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f0000003640)=0x1, 0x4)
connect$l2tp(r5, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10)
setsockopt$inet6_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f0000000000), 0x4)

[  681.883616][ T2038] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  682.006551][ T2038] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  683.772038][ T2039] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  683.880653][ T2039] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  692.726421][ T2038] device hsr_slave_0 entered promiscuous mode
[  692.771023][ T2038] device hsr_slave_1 entered promiscuous mode
[  694.489962][ T2039] device hsr_slave_0 entered promiscuous mode
[  694.537401][ T2039] device hsr_slave_1 entered promiscuous mode
[  694.574783][ T2039] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  694.578725][ T2039] Cannot create hsr debugfs directory
[  700.838943][ T2038] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  700.970679][ T2038] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  701.049952][ T2038] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  701.165708][ T2038] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  702.346238][ T2039] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  702.498017][ T2039] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  702.571357][ T2039] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  702.851428][ T2039] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  713.209887][ T2038] 8021q: adding VLAN 0 to HW filter on device bond0
[  714.136957][ T2335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  714.298634][ T2335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  715.990709][ T2039] 8021q: adding VLAN 0 to HW filter on device bond0
[  716.535194][ T2101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  716.594959][ T2101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  723.799433][  T831] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  723.879276][  T831] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  724.204648][ T2335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  724.259291][ T2335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  724.521004][ T2101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  724.743517][  T831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  725.435843][ T2101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  725.615752][ T2101] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  726.266891][ T2038] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  726.365875][ T2038] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  726.977049][   T82] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  727.010984][   T82] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  727.837933][ T2231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  727.881085][ T2231] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  729.346803][   T82] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  729.404411][   T82] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  729.435042][   T82] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  729.501385][   T82] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  731.020164][ T2039] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  731.021492][ T2039] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  731.531975][ T2231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  731.628114][ T2231] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  731.718716][ T2231] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  731.771591][ T2231] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  731.892156][ T2231] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  736.549810][ T2101] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  736.560396][ T2101] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  740.685770][   T82] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  740.689133][   T82] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  754.585854][ T2101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  754.667024][ T2101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  756.354984][ T2101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  756.448340][ T2101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  761.453795][   T82] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  761.524601][   T82] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  761.716141][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  761.750146][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  761.800438][ T2038] device veth0_vlan entered promiscuous mode
[  762.361518][ T2038] device veth1_vlan entered promiscuous mode
[  762.623823][  T831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  762.661064][  T831] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  762.807267][  T831] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  762.854641][  T831] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  762.997079][ T2039] device veth0_vlan entered promiscuous mode
[  763.496540][ T2039] device veth1_vlan entered promiscuous mode
[  763.808957][ T2335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  763.865650][ T2335] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  764.149934][ T2038] device veth0_macvtap entered promiscuous mode
[  764.426458][ T2038] device veth1_macvtap entered promiscuous mode
[  764.717149][ T2335] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  764.749991][ T2335] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  765.448910][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  765.467899][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  765.510785][ T2039] device veth0_macvtap entered promiscuous mode
[  765.659998][  T831] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  765.698404][  T831] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  765.767342][  T831] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  766.094861][ T2039] device veth1_macvtap entered promiscuous mode
[  766.263555][ T2101] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  766.295215][ T2101] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  766.598116][ T2038] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  766.601234][ T2038] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  766.638961][ T2038] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  766.640568][ T2038] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  767.235839][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  767.270803][ T2027] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  767.789263][  T831] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  767.837534][  T831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  768.390636][ T2039] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  768.415311][ T2039] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  768.417277][ T2039] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  768.418902][ T2039] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  774.315823][   T26] audit: type=1804 audit(773.070:2): pid=2731 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/syzkaller-testdir61983672/syzkaller.DYz486/0/file1" dev="vda" ino=644 res=1 errno=0
[  775.224120][   T26] audit: type=1804 audit(773.980:3): pid=2732 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/syzkaller-testdir61983672/syzkaller.DYz486/0/file1" dev="vda" ino=644 res=1 errno=0
00:12:55 executing program 1:
r0 = socket$l2tp(0x2, 0x2, 0x73)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
r2 = epoll_create1(0x0)
r3 = fcntl$dupfd(r2, 0x0, r0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f00000000c0))
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = fcntl$dupfd(r1, 0x0, r4)
setsockopt$inet6_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f0000003640)=0x1, 0x4)
connect$l2tp(r5, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10)
setsockopt$inet6_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f0000000000), 0x4)

[  777.193872][ T2731] syz-executor.0: vmalloc error: size 4096, page order 0, failed to allocate pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz0,mems_allowed=0
[  777.200121][ T2731] CPU: 1 PID: 2731 Comm: syz-executor.0 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0
[  777.201736][ T2731] Hardware name: riscv-virtio,qemu (DT)
[  777.203627][ T2731] Call Trace:
[  777.204617][ T2731] [<ffffffff8000a228>] dump_backtrace+0x2e/0x3c
[  777.206000][ T2731] [<ffffffff831668cc>] show_stack+0x34/0x40
[  777.207249][ T2731] [<ffffffff831756ba>] dump_stack_lvl+0xe4/0x150
[  777.208586][ T2731] [<ffffffff83175742>] dump_stack+0x1c/0x24
[  777.209877][ T2731] [<ffffffff80417ab6>] warn_alloc+0x170/0x212
[  777.211135][ T2731] [<ffffffff8040c8de>] __vmalloc_node_range+0xa36/0xab2
[  777.212505][ T2731] [<ffffffff8040cd22>] vmalloc+0x76/0x8c
[  777.214375][ T2731] [<ffffffff8296d12c>] netlink_sendmsg+0x370/0x994
[  777.215765][ T2731] [<ffffffff826d264e>] sock_sendmsg+0xa0/0xc4
[  777.217082][ T2731] [<ffffffff826d2924>] kernel_sendmsg+0x40/0x52
[  777.218524][ T2731] [<ffffffff826dd04e>] sock_no_sendpage+0x1a8/0x1f2
[  777.219769][ T2731] [<ffffffff826d21cc>] kernel_sendpage.part.0+0x12c/0x242
[  777.221097][ T2731] [<ffffffff826d32aa>] sock_sendpage+0x88/0xc4
[  777.222791][ T2731] [<ffffffff8054aef2>] pipe_to_sendpage+0x130/0x1ca
[  777.224043][ T2731] [<ffffffff8054d8f8>] __splice_from_pipe+0x2b2/0x472
[  777.225341][ T2731] [<ffffffff8054e2ba>] generic_splice_sendpage+0xd8/0x11a
[  777.226688][ T2731] [<ffffffff8054c75a>] direct_splice_actor+0x7a/0xb6
[  777.227953][ T2731] [<ffffffff8054bcdc>] splice_direct_to_actor+0x212/0x478
[  777.229246][ T2731] [<ffffffff8054c08e>] do_splice_direct+0x14c/0x1ca
[  777.230522][ T2731] [<ffffffff804c787e>] do_sendfile+0x6ee/0x7da
[  777.231813][ T2731] [<ffffffff804c9f7e>] sys_sendfile64+0x1dc/0x1e8
[  777.233754][ T2731] [<ffffffff80005716>] ret_from_syscall+0x0/0x2
[  777.336333][ T2731] Mem-Info:
[  777.338606][ T2731] active_anon:32 inactive_anon:55199 isolated_anon:0
[  777.338606][ T2731]  active_file:1784 inactive_file:5690 isolated_file:0
[  777.338606][ T2731]  unevictable:768 dirty:15 writeback:0
[  777.338606][ T2731]  slab_reclaimable:5471 slab_unreclaimable:23294
[  777.338606][ T2731]  mapped:11863 shmem:816 pagetables:364 bounce:0
[  777.338606][ T2731]  kernel_misc_reclaimable:0
[  777.338606][ T2731]  free:229069 free_pcp:1100 free_cma:4096
[  777.398540][ T2731] Node 0 active_anon:128kB inactive_anon:220796kB active_file:7136kB inactive_file:22760kB unevictable:3072kB isolated(anon):0kB isolated(file):0kB mapped:47452kB dirty:60kB writeback:0kB shmem:3264kB writeback_tmp:0kB kernel_stack:2736kB pagetables:1456kB all_unreclaimable? no
[  777.497635][ T2731] Node 0 DMA32 free:916276kB boost:0kB min:4684kB low:6056kB high:7428kB reserved_highatomic:0KB active_anon:128kB inactive_anon:220796kB active_file:7136kB inactive_file:22760kB unevictable:3072kB writepending:60kB present:2095104kB managed:1375480kB mlocked:0kB bounce:0kB free_pcp:4624kB local_pcp:2816kB free_cma:16384kB
[  777.540957][ T2731] lowmem_reserve[]: 0 0 0
[  777.578709][ T2731] Node 0 DMA32: 57*4kB (M) 20*8kB (UME) 9*16kB (UME) 17*32kB (UM) 2*64kB (ME) 9*128kB (UME) 2*256kB (UM) 2*512kB (UE) 3*1024kB (UME) 0*2048kB 222*4096kB (MC) = 916276kB
[  777.690787][ T2731] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  777.745500][ T2731] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[  777.748001][ T2731] 8291 total pagecache pages
[  777.748970][ T2731] 0 pages in swap cache
[  777.749814][ T2731] Swap cache stats: add 0, delete 0, find 0/0
[  777.750941][ T2731] Free swap  = 0kB
[  777.751793][ T2731] Total swap = 0kB
[  777.780689][ T2731] 523776 pages RAM
[  777.788588][ T2731] 0 pages HighMem/MovableOnly
[  777.805764][ T2731] 179906 pages reserved
[  777.828349][ T2731] 4096 pages cma reserved
00:12:58 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
pwritev(r0, &(0x7f0000000a80)=[{&(0x7f0000000980)='+', 0x1}], 0x1, 0x100bfaa, 0x0)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0)
openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = openat(0xffffffffffffffff, 0x0, 0x0, 0x4)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0)
sendfile(r2, r4, 0x0, 0x2)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x2fff2)
openat$cgroup_procs(r3, 0x0, 0x2, 0x0)

00:12:58 executing program 1:
r0 = socket$l2tp(0x2, 0x2, 0x73)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
r2 = epoll_create1(0x0)
r3 = fcntl$dupfd(r2, 0x0, r0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f00000000c0))
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = fcntl$dupfd(r1, 0x0, r4)
setsockopt$inet6_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f0000003640)=0x1, 0x4)
connect$l2tp(r5, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10)
setsockopt$inet6_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f0000000000), 0x4)

[  782.169907][   T26] audit: type=1804 audit(780.920:4): pid=2737 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/syzkaller-testdir61983672/syzkaller.DYz486/1/file1" dev="vda" ino=643 res=1 errno=0
[  783.189926][   T26] audit: type=1804 audit(781.890:5): pid=2737 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/syzkaller-testdir61983672/syzkaller.DYz486/1/file1" dev="vda" ino=643 res=1 errno=0
00:13:02 executing program 1:
r0 = socket$l2tp(0x2, 0x2, 0x73)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
r2 = epoll_create1(0x0)
r3 = fcntl$dupfd(r2, 0x0, r0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f00000000c0))
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = fcntl$dupfd(r1, 0x0, r4)
setsockopt$inet6_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f0000003640)=0x1, 0x4)
connect$l2tp(r5, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10)
setsockopt$inet6_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f0000000000), 0x4)

00:13:07 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
pwritev(r0, &(0x7f0000000a80)=[{&(0x7f0000000980)='+', 0x1}], 0x1, 0x100bfaa, 0x0)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0)
openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = openat(0xffffffffffffffff, 0x0, 0x0, 0x4)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0)
sendfile(r2, r4, 0x0, 0x2)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x2fff2)
openat$cgroup_procs(r3, 0x0, 0x2, 0x0)

00:13:07 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
pwritev(r0, &(0x7f0000000a80)=[{&(0x7f0000000980)='+', 0x1}], 0x1, 0x100bfaa, 0x0)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0)
openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = openat(0xffffffffffffffff, 0x0, 0x0, 0x4)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0)
sendfile(r2, r4, 0x0, 0x2)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x2fff2)
openat$cgroup_procs(r3, 0x0, 0x2, 0x0)

[  791.680353][   T26] audit: type=1804 audit(790.440:6): pid=2749 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/syzkaller-testdir721490365/syzkaller.sOF9l9/4/file1" dev="vda" ino=644 res=1 errno=0
[  792.114993][   T26] audit: type=1804 audit(790.870:7): pid=2750 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/syzkaller-testdir61983672/syzkaller.DYz486/2/file1" dev="vda" ino=645 res=1 errno=0
[  792.469317][   T26] audit: type=1804 audit(791.230:8): pid=2752 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/syzkaller-testdir721490365/syzkaller.sOF9l9/4/file1" dev="vda" ino=644 res=1 errno=0
[  792.605345][   T26] audit: type=1804 audit(791.360:9): pid=2750 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/syzkaller-testdir61983672/syzkaller.DYz486/2/file1" dev="vda" ino=645 res=1 errno=0
[  794.755887][ T2749] warn_alloc: 1 callbacks suppressed
[  794.756194][ T2749] syz-executor.1: vmalloc error: size 4096, page order 0, failed to allocate pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz1,mems_allowed=0
[  794.759300][ T2749] CPU: 1 PID: 2749 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0
[  794.760252][ T2749] Hardware name: riscv-virtio,qemu (DT)
[  794.760831][ T2749] Call Trace:
[  794.761383][ T2749] [<ffffffff8000a228>] dump_backtrace+0x2e/0x3c
[  794.762540][ T2749] [<ffffffff831668cc>] show_stack+0x34/0x40
[  794.763532][ T2749] [<ffffffff831756ba>] dump_stack_lvl+0xe4/0x150
[  794.764706][ T2749] [<ffffffff83175742>] dump_stack+0x1c/0x24
[  794.765897][ T2749] [<ffffffff80417ab6>] warn_alloc+0x170/0x212
[  794.766876][ T2749] [<ffffffff8040c8de>] __vmalloc_node_range+0xa36/0xab2
[  794.767827][ T2749] [<ffffffff8040cd22>] vmalloc+0x76/0x8c
[  794.768702][ T2749] [<ffffffff8296d12c>] netlink_sendmsg+0x370/0x994
[  794.769999][ T2749] [<ffffffff826d264e>] sock_sendmsg+0xa0/0xc4
[  794.771196][ T2749] [<ffffffff826d2924>] kernel_sendmsg+0x40/0x52
[  794.772346][ T2749] [<ffffffff826dd04e>] sock_no_sendpage+0x1a8/0x1f2
[  794.773676][ T2749] [<ffffffff826d21cc>] kernel_sendpage.part.0+0x12c/0x242
[  794.774891][ T2749] [<ffffffff826d32aa>] sock_sendpage+0x88/0xc4
[  794.775751][ T2749] [<ffffffff8054aef2>] pipe_to_sendpage+0x130/0x1ca
[  794.776666][ T2749] [<ffffffff8054d8f8>] __splice_from_pipe+0x2b2/0x472
[  794.777599][ T2749] [<ffffffff8054e2ba>] generic_splice_sendpage+0xd8/0x11a
[  794.778557][ T2749] [<ffffffff8054c75a>] direct_splice_actor+0x7a/0xb6
[  794.779389][ T2749] [<ffffffff8054bcdc>] splice_direct_to_actor+0x212/0x478
[  794.780324][ T2749] [<ffffffff8054c08e>] do_splice_direct+0x14c/0x1ca
[  794.781221][ T2749] [<ffffffff804c787e>] do_sendfile+0x6ee/0x7da
[  794.782263][ T2749] [<ffffffff804c9f7e>] sys_sendfile64+0x1dc/0x1e8
[  794.783923][ T2749] [<ffffffff80005716>] ret_from_syscall+0x0/0x2
[  794.910284][ T2749] Mem-Info:
[  794.912049][ T2749] active_anon:56 inactive_anon:55201 isolated_anon:0
[  794.912049][ T2749]  active_file:1827 inactive_file:5755 isolated_file:0
[  794.912049][ T2749]  unevictable:768 dirty:26 writeback:0
[  794.912049][ T2749]  slab_reclaimable:5504 slab_unreclaimable:23703
[  794.912049][ T2749]  mapped:11942 shmem:856 pagetables:391 bounce:0
[  794.912049][ T2749]  kernel_misc_reclaimable:0
[  794.912049][ T2749]  free:228483 free_pcp:972 free_cma:4096
[  794.931716][ T2749] Node 0 active_anon:224kB inactive_anon:220804kB active_file:7308kB inactive_file:23020kB unevictable:3072kB isolated(anon):0kB isolated(file):0kB mapped:47768kB dirty:104kB writeback:0kB shmem:3424kB writeback_tmp:0kB kernel_stack:2848kB pagetables:1564kB all_unreclaimable? no
[  794.980889][ T2749] Node 0 DMA32 free:913932kB boost:0kB min:4684kB low:6056kB high:7428kB reserved_highatomic:0KB active_anon:224kB inactive_anon:220804kB active_file:7308kB inactive_file:23020kB unevictable:3072kB writepending:104kB present:2095104kB managed:1375480kB mlocked:0kB bounce:0kB free_pcp:3840kB local_pcp:1300kB free_cma:16384kB
[  795.045630][ T2749] lowmem_reserve[]: 0 0 0
[  795.056399][ T2749] Node 0 DMA32: 37*4kB (E) 13*8kB (UME) 7*16kB (UME) 5*32kB (UME) 2*64kB (ME) 1*128kB (M) 1*256kB (M) 1*512kB (E) 3*1024kB (UME) 0*2048kB 222*4096kB (MC) = 913932kB
[  795.136192][ T2749] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  795.137923][ T2749] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[  795.141682][ T2749] 8459 total pagecache pages
[  795.196969][ T2749] 0 pages in swap cache
[  795.198989][ T2749] Swap cache stats: add 0, delete 0, find 0/0
[  795.200099][ T2749] Free swap  = 0kB
[  795.200911][ T2749] Total swap = 0kB
[  795.201745][ T2749] 523776 pages RAM
[  795.256173][ T2749] 0 pages HighMem/MovableOnly
[  795.257053][ T2749] 179906 pages reserved
[  795.257731][ T2749] 4096 pages cma reserved
00:13:15 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
pwritev(r0, &(0x7f0000000a80)=[{&(0x7f0000000980)='+', 0x1}], 0x1, 0x100bfaa, 0x0)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0)
openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = openat(0xffffffffffffffff, 0x0, 0x0, 0x4)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0)
sendfile(r2, r4, 0x0, 0x2)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x2fff2)
openat$cgroup_procs(r3, 0x0, 0x2, 0x0)

00:13:16 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
pwritev(r0, &(0x7f0000000a80)=[{&(0x7f0000000980)='+', 0x1}], 0x1, 0x100bfaa, 0x0)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0)
openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = openat(0xffffffffffffffff, 0x0, 0x0, 0x4)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0)
sendfile(r2, r4, 0x0, 0x2)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x2fff2)
openat$cgroup_procs(r3, 0x0, 0x2, 0x0)

[  799.729816][   T26] audit: type=1804 audit(798.490:10): pid=2757 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/syzkaller-testdir721490365/syzkaller.sOF9l9/5/file1" dev="vda" ino=644 res=1 errno=0
[  799.993872][   T26] audit: type=1804 audit(798.750:11): pid=2758 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/syzkaller-testdir61983672/syzkaller.DYz486/3/file1" dev="vda" ino=645 res=1 errno=0
[  800.058950][   T26] audit: type=1804 audit(798.820:12): pid=2757 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/syzkaller-testdir721490365/syzkaller.sOF9l9/5/file1" dev="vda" ino=644 res=1 errno=0
[  800.300790][   T26] audit: type=1804 audit(799.060:13): pid=2758 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/syzkaller-testdir61983672/syzkaller.DYz486/3/file1" dev="vda" ino=645 res=1 errno=0
00:13:20 executing program 1:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
pwritev(r0, &(0x7f0000000a80)=[{&(0x7f0000000980)='+', 0x1}], 0x1, 0x100bfaa, 0x0)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0)
openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = openat(0xffffffffffffffff, 0x0, 0x0, 0x4)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0)
sendfile(r2, r4, 0x0, 0x2)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x2fff2)
openat$cgroup_procs(r3, 0x0, 0x2, 0x0)

[  805.450432][   T26] audit: type=1804 audit(804.210:14): pid=2762 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/syzkaller-testdir721490365/syzkaller.sOF9l9/6/file1" dev="vda" ino=640 res=1 errno=0
00:13:24 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
pwritev(r0, &(0x7f0000000a80)=[{&(0x7f0000000980)='+', 0x1}], 0x1, 0x100bfaa, 0x0)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0)
openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = openat(0xffffffffffffffff, 0x0, 0x0, 0x4)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0)
sendfile(r2, r4, 0x0, 0x2)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x2fff2)
openat$cgroup_procs(r3, 0x0, 0x2, 0x0)

[  805.750800][   T26] audit: type=1804 audit(804.510:15): pid=2762 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/syzkaller-testdir721490365/syzkaller.sOF9l9/6/file1" dev="vda" ino=640 res=1 errno=0
[  806.880967][   T26] audit: type=1804 audit(805.640:16): pid=2764 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/syzkaller-testdir61983672/syzkaller.DYz486/4/file1" dev="vda" ino=645 res=1 errno=0
[  807.390145][   T26] audit: type=1804 audit(806.150:17): pid=2764 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/syzkaller-testdir61983672/syzkaller.DYz486/4/file1" dev="vda" ino=645 res=1 errno=0
00:13:30 executing program 1:
r0 = socket$l2tp(0x2, 0x2, 0x73)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
r2 = epoll_create1(0x0)
r3 = fcntl$dupfd(r2, 0x0, r0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f00000000c0))
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = fcntl$dupfd(r1, 0x0, r4)
setsockopt$inet6_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f0000003640)=0x1, 0x4)
connect$l2tp(r5, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10)
setsockopt$inet6_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f0000000000), 0x4)

00:13:30 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
pwritev(r0, &(0x7f0000000a80)=[{&(0x7f0000000980)='+', 0x1}], 0x1, 0x100bfaa, 0x0)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0)
openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = openat(0xffffffffffffffff, 0x0, 0x0, 0x4)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0)
sendfile(r2, r4, 0x0, 0x2)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x2fff2)
openat$cgroup_procs(r3, 0x0, 0x2, 0x0)

[  813.536215][   T26] audit: type=1804 audit(812.280:18): pid=2770 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/syzkaller-testdir61983672/syzkaller.DYz486/5/file1" dev="vda" ino=644 res=1 errno=0
[  814.049860][   T26] audit: type=1804 audit(812.810:19): pid=2770 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/syzkaller-testdir61983672/syzkaller.DYz486/5/file1" dev="vda" ino=644 res=1 errno=0
00:13:32 executing program 1:
r0 = socket$l2tp(0x2, 0x2, 0x73)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
r2 = epoll_create1(0x0)
r3 = fcntl$dupfd(r2, 0x0, r0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f00000000c0))
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = fcntl$dupfd(r1, 0x0, r4)
setsockopt$inet6_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f0000003640)=0x1, 0x4)
connect$l2tp(r5, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10)
setsockopt$inet6_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f0000000000), 0x4)

00:13:35 executing program 0:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
pwritev(r0, &(0x7f0000000a80)=[{&(0x7f0000000980)='+', 0x1}], 0x1, 0x100bfaa, 0x0)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10e042, 0x0)
openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = openat(0xffffffffffffffff, 0x0, 0x0, 0x4)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0)
sendfile(r2, r4, 0x0, 0x2)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0, 0x0)
sendfile(r1, r5, 0x0, 0x2fff2)
openat$cgroup_procs(r3, 0x0, 0x2, 0x0)

00:13:36 executing program 1:
r0 = socket$l2tp(0x2, 0x2, 0x73)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
r2 = epoll_create1(0x0)
r3 = fcntl$dupfd(r2, 0x0, r0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f00000000c0))
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = fcntl$dupfd(r1, 0x0, r4)
setsockopt$inet6_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f0000003640)=0x1, 0x4)
connect$l2tp(r5, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10)
setsockopt$inet6_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f0000000000), 0x4)

[  818.730063][   T26] audit: type=1804 audit(817.490:20): pid=2775 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/syzkaller-testdir61983672/syzkaller.DYz486/6/file1" dev="vda" ino=640 res=1 errno=0
[  819.147866][   T26] audit: type=1804 audit(817.890:21): pid=2775 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/syzkaller-testdir61983672/syzkaller.DYz486/6/file1" dev="vda" ino=640 res=1 errno=0
00:13:40 executing program 1:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @loopback}, 0x10)
sendto$inet(r0, &(0x7f0000001340)="8a", 0x1, 0x0, &(0x7f00000001c0)={0x2, 0x4e23, @loopback}, 0x10)
setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000a40), 0x8)

00:13:43 executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x1c, 0x1, 0x4, 0x301, 0x0, 0x0, {}, [@NFULA_CFG_CMD={0x5, 0x1, 0x4}]}, 0x1c}}, 0x0)

[  824.701437][ T2779] Kernel panic - not syncing: corrupted stack end detected inside scheduler
[  824.704979][ T2779] CPU: 0 PID: 2779 Comm: syz-executor.1 Not tainted 5.17.0-rc1-syzkaller-00002-g0966d385830d #0
[  824.706515][ T2779] Hardware name: riscv-virtio,qemu (DT)
[  824.707504][ T2779] Call Trace:
[  824.708412][ T2779] [<ffffffff8000a228>] dump_backtrace+0x2e/0x3c
[  824.709779][ T2779] [<ffffffff831668cc>] show_stack+0x34/0x40
[  824.713249][ T2779] [<ffffffff831756ba>] dump_stack_lvl+0xe4/0x150
[  824.714625][ T2779] [<ffffffff83175742>] dump_stack+0x1c/0x24
[  824.715982][ T2779] [<ffffffff83166fa8>] panic+0x24a/0x634
[  824.717133][ T2779] [<ffffffff831a688a>] schedule+0x0/0x14c
[  824.718404][ T2779] [<ffffffff831a6b00>] preempt_schedule_common+0x4e/0xde
[  824.721551][ T2779] [<ffffffff831a6bc4>] preempt_schedule+0x34/0x36
[  824.723229][ T2779] [<ffffffff80061140>] __local_bh_enable_ip+0x29e/0x2a4
[  824.724804][ T2779] [<ffffffff82af5eaa>] ip_finish_output2+0x57c/0x1720
[  824.726095][ T2779] [<ffffffff82af8978>] __ip_finish_output+0x25a/0x3ee
[  824.727414][ T2779] [<ffffffff82af8b4a>] ip_finish_output+0x3e/0x176
[  824.729178][ T2779] [<ffffffff82af8e52>] ip_output+0x1d0/0x2d0
[  824.730771][ T2779] [<ffffffff82afbbce>] __ip_queue_xmit+0x4a0/0xeb2
[  824.732003][ T2779] [<ffffffff82f2f3e0>] sctp_v4_xmit+0x4c2/0x590
[  824.733674][ T2779] [<ffffffff82f7ca4c>] sctp_packet_transmit+0x1126/0x170c
[  824.734981][ T2779] [<ffffffff82f503c8>] sctp_outq_flush_transports+0x2f2/0x568
[  824.736296][ T2779] [<ffffffff82f55372>] sctp_outq_uncork+0x144/0x182
[  824.737458][ T2779] [<ffffffff82f2ca74>] sctp_do_sm+0x28d6/0x2ef4
[  824.738577][ T2779] [<ffffffff82f79c0c>] sctp_primitive_ABORT+0x6a/0x82
[  824.739782][ T2779] [<ffffffff82f61582>] sctp_close+0x1b8/0x664
[  824.740861][ T2779] [<ffffffff82bb8360>] inet_release+0xd4/0x15c
[  824.741995][ T2779] [<ffffffff826d0a98>] __sock_release+0x88/0x17e
[  824.743757][ T2779] [<ffffffff826d0bac>] sock_close+0x1e/0x2a
[  824.744948][ T2779] [<ffffffff804cb3c0>] __fput+0x164/0x502
[  824.746006][ T2779] [<ffffffff804cb7d2>] ____fput+0x1a/0x24
[  824.747098][ T2779] [<ffffffff800a0530>] task_work_run+0xdc/0x154
[  824.748240][ T2779] [<ffffffff80008c12>] do_notify_resume+0x894/0xa56
[  824.749398][ T2779] [<ffffffff80005724>] ret_from_exception+0x0/0x10
[  824.750856][ T2779] SMP: stopping secondary CPUs
[  824.753444][ T2779] Rebooting in 86400 seconds..

VM DIAGNOSIS:
22:52:14  Registers:
info registers vcpu 0
 pc       ffffffff8233751e
 mhartid  0000000000000000
 mstatus  00000000000000a0
 mip      00000000000000a0
 mie      000000000000022a
 mideleg  0000000000000222
 medeleg  000000000000b109
 mtvec    0000000080000540
 stvec    ffffffff800055d4
 mepc     ffffffff80200f00
 sepc     ffffffff800bdb3e
 mcause   8000000000000007
 scause   8000000000000009
 mtval  0000000000000000
 stval  0000000000000000
 x0/zero 0000000000000000 x1/ra ffffffff8233751a x2/sp ffffaf802308a920 x3/gp ffffffff85863ac0
 x4/tp ffffaf800e30c8c0 x5/t0 ffffffff86bcb657 x6/t1 ffffaf802308ac20 x7/t2 0000000000000000
 x8/s0 ffffaf802308a930 x9/s1 ffffffff84b8e270 x10/a0 00000001eff314f8 x11/a1 00000000000f0000
 x12/a2 0000000000000002 x13/a3 ffffffff8233751a x14/a4 ffffaf800e30d8c0 x15/a5 0000000000000000
 x16/a6 0000000000f00000 x17/a7 fffffffff2000000 x18/s2 ffffaf800e30c8c0 x19/s3 0000000000000004
 x20/s4 ffffaf802308acb8 x21/s5 ffffffff84b8e240 x22/s6 ffffffff83607d80 x23/s7 ffffffff84b8e270
 x24/s8 0000000000000000 x25/s9 1ffff5f00461153c x26/s10 ffffffff85889780 x27/s11 0000000000000008
 x28/t3 1ffff5f004611584 x29/t4 fffff5ef0b53910c x30/t5 fffff5ef0b53910d x31/t6 ffffaf802308a7f8
 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000
 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000
 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000
 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000
 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000
 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000
 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000
info registers vcpu 1
 pc       ffffffff80200f00
 mhartid  0000000000000001
 mstatus  00000000000000a2
 mip      0000000000000000
 mie      00000000000002aa
 mideleg  0000000000000222
 medeleg  000000000000b109
 mtvec    0000000080000540
 stvec    ffffffff800055d4
 mepc     ffffffff8000f97e
 sepc     ffffffff804b93ca
 mcause   0000000000000009
 scause   8000000000000005
 mtval  0000000000000000
 stval  0000000000000000
 x0/zero 0000000000000000 x1/ra ffffffff801126a0 x2/sp ffffaf80100cb0b0 x3/gp ffffffff85863ac0
 x4/tp ffffaf800bbae100 x5/t0 00007fffe1639198 x6/t1 880f1c0c5fe0b800 x7/t2 44436e15e48abb98
 x8/s0 ffffaf80100cb210 x9/s1 ffffffff86c1a628 x10/a0 ffffaf800bbaeb68 x11/a1 0000000000000003
 x12/a2 1ffffffff0cda0a6 x13/a3 ffffffff801110e4 x14/a4 fffff5ef01775d62 x15/a5 ffffaf800bbaeb40
 x16/a6 ffffffff866f2f18 x17/a7 ffffffff803ccf2c x18/s2 f5bbe57cbb22da28 x19/s3 0000000000010000
 x20/s4 ffffaf800bbaf100 x21/s5 ffffaf800bbaeb18 x22/s6 ffffffff858c4ca0 x23/s7 b256ce4c2f4b43b2
 x24/s8 ffffaf800bbaeb48 x25/s9 0000000000000000 x26/s10 0000000069286e20 x27/s11 ffffaf800bbae100
 x28/t3 fffffffff3f3f300 x29/t4 ffffffff80112282 x30/t5 1ffff5f002019628 x31/t6 0000000000040000
 f0/ft0 0000000000000000 f1/ft1 0000000000000000 f2/ft2 0000000000000000 f3/ft3 0000000000000000
 f4/ft4 0000000000000000 f5/ft5 0000000000000000 f6/ft6 0000000000000000 f7/ft7 0000000000000000
 f8/fs0 0000000000000000 f9/fs1 0000000000000000 f10/fa0 0000000000000000 f11/fa1 0000000000000000
 f12/fa2 0000000000000000 f13/fa3 0000000000000000 f14/fa4 0000000000000000 f15/fa5 0000000000000000
 f16/fa6 0000000000000000 f17/fa7 0000000000000000 f18/fs2 0000000000000000 f19/fs3 0000000000000000
 f20/fs4 0000000000000000 f21/fs5 0000000000000000 f22/fs6 0000000000000000 f23/fs7 0000000000000000
 f24/fs8 0000000000000000 f25/fs9 0000000000000000 f26/fs10 0000000000000000 f27/fs11 0000000000000000
 f28/ft8 0000000000000000 f29/ft9 0000000000000000 f30/ft10 0000000000000000 f31/ft11 0000000000000000