[....] Starting OpenBSD Secure Shell server: sshd[ 28.887028] random: sshd: uninitialized urandom read (32 bytes read)
�[?25l�[?1c�7�[1G[�[32m ok �[39;49m�8�[?25h�[?0c.
Debian GNU/Linux 7 syzkaller ttyS0
syzkaller login: [ 32.508839] random: sshd: uninitialized urandom read (32 bytes read)
[ 32.818135] kauditd_printk_skb: 9 callbacks suppressed
[ 32.818143] audit: type=1400 audit(1568244423.363:35): avc: denied { map } for pid=6841 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[ 32.874434] random: sshd: uninitialized urandom read (32 bytes read)
[ 33.491769] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.218' (ECDSA) to the list of known hosts.
[ 39.080317] random: sshd: uninitialized urandom read (32 bytes read)
2019/09/11 23:27:09 fuzzer started
[ 39.277319] audit: type=1400 audit(1568244429.823:36): avc: denied { map } for pid=6851 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[ 39.903239] random: cc1: uninitialized urandom read (8 bytes read)
2019/09/11 23:27:11 dialing manager at 10.128.0.105:37913
2019/09/11 23:27:11 syscalls: 2466
2019/09/11 23:27:11 code coverage: enabled
2019/09/11 23:27:11 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument
2019/09/11 23:27:11 extra coverage: extra coverage is not supported by the kernel
2019/09/11 23:27:11 setuid sandbox: enabled
2019/09/11 23:27:11 namespace sandbox: enabled
2019/09/11 23:27:11 Android sandbox: /sys/fs/selinux/policy does not exist
2019/09/11 23:27:11 fault injection: enabled
2019/09/11 23:27:11 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/09/11 23:27:11 net packet injection: enabled
2019/09/11 23:27:11 net device setup: enabled
[ 41.574091] random: crng init done
23:29:04 executing program 5:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070")
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ppp\x00', 0x0, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58)
r3 = accept(r2, 0x0, 0x0)
dup2(r1, r3)
23:29:04 executing program 0:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0)
r1 = openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000080)={[{0x2b, 'pids'}]}, 0x6)
23:29:04 executing program 3:
perf_event_open(&(0x7f0000000400)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='/group.stat\x00', 0x2761, 0x0)
perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
[ 153.813128] audit: type=1400 audit(1568244544.363:37): avc: denied { map } for pid=6851 comm="syz-fuzzer" path="/root/syzkaller-shm439808498" dev="sda1" ino=1426 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
23:29:04 executing program 1:
r0 = socket$inet6(0xa, 0x3, 0x3c)
setsockopt$inet6_buf(r0, 0x29, 0x46, &(0x7f0000000140)="f51be8be", 0x4)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c)
writev(r0, &(0x7f0000000400)=[{&(0x7f0000000480)="a9", 0x1}], 0x1)
23:29:04 executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1, 0x4, &(0x7f0000000400)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x48, 0x1c, 0x11, 0x1a001000000}, [@ldst={0x7, 0x5, 0xb}]}, &(0x7f0000000080)='GPL\x00', 0x4, 0x3f7, &(0x7f000000cf3d)=""/195}, 0x48)
23:29:04 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070")
r1 = socket$inet6_sctp(0xa, 0x10000000005, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r1, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f00000001c0)={0x1, [<r2=>0x0]}, &(0x7f00000000c0)=0xfe10)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x7b, &(0x7f0000000100)={r2}, &(0x7f0000000180)=0x14)
[ 153.848862] audit: type=1400 audit(1568244544.373:38): avc: denied { map } for pid=6868 comm="syz-executor.5" path="/sys/kernel/debug/kcov" dev="debugfs" ino=1122 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
[ 154.120927] IPVS: ftp: loaded support on port[0] = 21
[ 154.939674] chnl_net:caif_netlink_parms(): no params data found
[ 154.951428] IPVS: ftp: loaded support on port[0] = 21
[ 154.976834] bridge0: port 1(bridge_slave_0) entered blocking state
[ 154.983773] bridge0: port 1(bridge_slave_0) entered disabled state
[ 154.990891] device bridge_slave_0 entered promiscuous mode
[ 154.997876] bridge0: port 2(bridge_slave_1) entered blocking state
[ 155.004792] bridge0: port 2(bridge_slave_1) entered disabled state
[ 155.012061] device bridge_slave_1 entered promiscuous mode
[ 155.030501] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 155.039214] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 155.055381] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[ 155.062713] team0: Port device team_slave_0 added
[ 155.068337] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[ 155.075674] team0: Port device team_slave_1 added
[ 155.081084] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[ 155.089830] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[ 155.152201] device hsr_slave_0 entered promiscuous mode
[ 155.220344] device hsr_slave_1 entered promiscuous mode
[ 155.282359] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[ 155.291744] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[ 155.313417] bridge0: port 2(bridge_slave_1) entered blocking state
[ 155.319863] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 155.326813] bridge0: port 1(bridge_slave_0) entered blocking state
[ 155.333190] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 155.351950] IPVS: ftp: loaded support on port[0] = 21
[ 155.413657] chnl_net:caif_netlink_parms(): no params data found
[ 155.437998] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[ 155.444774] 8021q: adding VLAN 0 to HW filter on device bond0
[ 155.468469] bridge0: port 1(bridge_slave_0) entered blocking state
[ 155.475253] bridge0: port 1(bridge_slave_0) entered disabled state
[ 155.482649] device bridge_slave_0 entered promiscuous mode
[ 155.489258] bridge0: port 2(bridge_slave_1) entered blocking state
[ 155.495786] bridge0: port 2(bridge_slave_1) entered disabled state
[ 155.502658] device bridge_slave_1 entered promiscuous mode
[ 155.518228] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 155.535861] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 155.544815] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 155.553431] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 155.561417] bridge0: port 1(bridge_slave_0) entered disabled state
[ 155.578515] bridge0: port 2(bridge_slave_1) entered disabled state
[ 155.601395] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[ 155.608463] team0: Port device team_slave_0 added
[ 155.615380] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[ 155.621540] 8021q: adding VLAN 0 to HW filter on device team0
[ 155.627847] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[ 155.635537] team0: Port device team_slave_1 added
[ 155.636274] IPVS: ftp: loaded support on port[0] = 21
[ 155.640882] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[ 155.662316] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[ 155.669901] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 155.677673] bridge0: port 1(bridge_slave_0) entered blocking state
[ 155.684033] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 155.715289] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 155.722955] bridge0: port 2(bridge_slave_1) entered blocking state
[ 155.729280] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 155.802590] device hsr_slave_0 entered promiscuous mode
[ 155.860349] device hsr_slave_1 entered promiscuous mode
[ 155.900751] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[ 155.907921] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[ 155.937393] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[ 155.964423] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[ 155.976430] chnl_net:caif_netlink_parms(): no params data found
[ 155.982764] IPVS: ftp: loaded support on port[0] = 21
[ 155.996260] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 156.004462] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 156.012457] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 156.022677] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[ 156.031810] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 156.044729] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 156.053560] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 156.063072] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[ 156.111578] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 156.119136] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 156.166690] bridge0: port 1(bridge_slave_0) entered blocking state
[ 156.173579] bridge0: port 1(bridge_slave_0) entered disabled state
[ 156.180821] device bridge_slave_0 entered promiscuous mode
[ 156.188479] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[ 156.213343] bridge0: port 2(bridge_slave_1) entered blocking state
[ 156.219713] bridge0: port 2(bridge_slave_1) entered disabled state
[ 156.227515] device bridge_slave_1 entered promiscuous mode
[ 156.233757] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 156.242462] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 156.254622] chnl_net:caif_netlink_parms(): no params data found
[ 156.283233] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[ 156.289248] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 156.299871] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 156.309047] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 156.357936] bridge0: port 1(bridge_slave_0) entered blocking state
[ 156.365328] bridge0: port 1(bridge_slave_0) entered disabled state
[ 156.372845] device bridge_slave_0 entered promiscuous mode
[ 156.373106] IPVS: ftp: loaded support on port[0] = 21
[ 156.395781] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[ 156.404616] team0: Port device team_slave_0 added
[ 156.410682] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[ 156.417724] team0: Port device team_slave_1 added
[ 156.423437] bridge0: port 2(bridge_slave_1) entered blocking state
[ 156.429787] bridge0: port 2(bridge_slave_1) entered disabled state
[ 156.436906] device bridge_slave_1 entered promiscuous mode
[ 156.449127] 8021q: adding VLAN 0 to HW filter on device bond0
[ 156.457874] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[ 156.465360] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[ 156.477154] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[ 156.486830] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 156.519266] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 156.528398] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 156.592100] device hsr_slave_0 entered promiscuous mode
[ 156.640554] device hsr_slave_1 entered promiscuous mode
[ 156.692855] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[ 156.699217] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[ 156.706470] team0: Port device team_slave_0 added
[ 156.715283] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[ 156.724040] team0: Port device team_slave_1 added
[ 156.755894] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[ 156.764348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 156.771523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 156.781550] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[ 156.789379] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[ 156.795715] 8021q: adding VLAN 0 to HW filter on device team0
[ 156.804464] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 156.817020] chnl_net:caif_netlink_parms(): no params data found
[ 156.830903] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[ 156.844758] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[ 156.854668] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 156.872139] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 156.879886] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 156.888156] bridge0: port 1(bridge_slave_0) entered blocking state
[ 156.894626] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 156.907495] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 156.926677] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 156.953580] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 156.962020] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 156.970307] bridge0: port 2(bridge_slave_1) entered blocking state
[ 156.976677] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 156.997700] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[ 157.043288] device hsr_slave_0 entered promiscuous mode
[ 157.070586] device hsr_slave_1 entered promiscuous mode
[ 157.158298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 157.168268] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[ 157.176534] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[ 157.188179] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 157.195079] bridge0: port 1(bridge_slave_0) entered blocking state
23:29:07 executing program 5:
r0 = syz_open_dev$loop(&(0x7f0000000340)='/dev/loop#\x00', 0x40, 0x0)
ioctl$BLKFLSBUF(r0, 0x1261, 0x0)
[ 157.202685] bridge0: port 1(bridge_slave_0) entered disabled state
[ 157.209596] device bridge_slave_0 entered promiscuous mode
[ 157.216286] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 157.232237] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[ 157.247189] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
23:29:07 executing program 5:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
sendto$inet(r1, &(0x7f0000000080), 0xffffffffffffff02, 0x420ffe0, 0x0, 0xfffffffffffffd37)
[ 157.267578] bridge0: port 2(bridge_slave_1) entered blocking state
[ 157.275145] bridge0: port 2(bridge_slave_1) entered disabled state
[ 157.283152] device bridge_slave_1 entered promiscuous mode
[ 157.289392] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 157.304754] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 157.312546] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 157.322287] chnl_net:caif_netlink_parms(): no params data found
[ 157.343415] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
23:29:07 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x9, &(0x7f0000000000)=0x20000005, 0x4)
[ 157.363845] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 157.383143] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 157.408087] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 157.416076] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 157.426363] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[ 157.434546] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 157.458422] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 157.466952] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 157.476070] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
23:29:08 executing program 5:
pipe(&(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
close(r2)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r3, &(0x7f0000000140)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
vmsplice(r1, &(0x7f0000000a00)=[{&(0x7f0000000240)="ce", 0x1}, {&(0x7f0000000340)="97", 0x1}], 0x2, 0x0)
splice(r0, 0x0, r2, 0x0, 0xe211, 0x0)
[ 157.509355] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[ 157.521633] team0: Port device team_slave_0 added
[ 157.527002] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 157.538857] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 157.548766] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
23:29:08 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x296, 0x0, 0x0, 0x0, 0x4ce]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
[ 157.555466] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 157.574996] 8021q: adding VLAN 0 to HW filter on device bond0
[ 157.584506] bridge0: port 1(bridge_slave_0) entered blocking state
[ 157.586772] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[ 157.600803] bridge0: port 1(bridge_slave_0) entered disabled state
[ 157.620744] device bridge_slave_0 entered promiscuous mode
[ 157.632237] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[ 157.640345] team0: Port device team_slave_1 added
[ 157.650981] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 157.657656] bridge0: port 2(bridge_slave_1) entered blocking state
[ 157.665120] bridge0: port 2(bridge_slave_1) entered disabled state
[ 157.672278] device bridge_slave_1 entered promiscuous mode
[ 157.685687] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[ 157.693373] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[ 157.708782] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[ 157.718196] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[ 157.758846] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 157.766945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 157.775836] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 157.785817] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[ 157.793436] 8021q: adding VLAN 0 to HW filter on device team0
23:29:08 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000003e00050100040000000000000a000000"], 0x14}}, 0x0)
[ 157.806317] bond0: Enslaving bond_slave_0 as an active interface with an up link
[ 157.843483] device hsr_slave_0 entered promiscuous mode
[ 157.861167] device hsr_slave_1 entered promiscuous mode
[ 157.898466] 8021q: adding VLAN 0 to HW filter on device bond0
[ 157.908586] bond0: Enslaving bond_slave_1 as an active interface with an up link
[ 157.918483] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[ 157.926300] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[ 157.941673] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 157.955532] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 157.966130] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 157.977435] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[ 157.986178] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
23:29:08 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000140)='/dev/sg#\x00', 0x0, 0x5)
writev(r0, &(0x7f0000000000)=[{&(0x7f0000000040)="53000000c659ca807737f400000000800000170800000000000020200000000000000000bfbbb18016410f67f8ed2fbda6599591076756fcb9ff7daf0bdd7cfa3d4ade61ccb14424af8c63ab6fd1845b0c90c78bf8059655", 0x58}], 0x1)
ioctl$SG_GET_REQUEST_TABLE(r0, 0x2286, &(0x7f0000000240))
[ 158.007306] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 158.015484] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 158.023479] bridge0: port 1(bridge_slave_0) entered blocking state
[ 158.029881] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 158.037399] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 158.046818] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 158.070927] bridge0: port 2(bridge_slave_1) entered blocking state
[ 158.077329] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 158.089595] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 158.097470] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 158.109117] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
23:29:08 executing program 0:
ioctl$LOOP_CLR_FD(0xffffffffffffffff, 0x4c01)
io_cancel(0x0, 0x0, 0x0)
prctl$PR_GET_NAME(0x10, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x20000000fb], 0x1f004, 0x485})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
[ 158.116577] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 158.130138] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[ 158.139105] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[ 158.176384] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[ 158.189372] team0: Port device team_slave_0 added
[ 158.200717] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 158.209134] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 158.217566] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 158.226784] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[ 158.237808] 8021q: adding VLAN 0 to HW filter on device team0
[ 158.245885] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[ 158.260091] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[ 158.268184] team0: Port device team_slave_1 added
[ 158.273555] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 158.280644] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 158.288221] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 158.297895] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 158.305854] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[ 158.313606] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[ 158.321428] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[ 158.328332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 158.336252] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 158.343974] bridge0: port 1(bridge_slave_0) entered blocking state
[ 158.350386] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 158.357213] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 158.364771] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 158.372257] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 158.379953] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 158.405885] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[ 158.414109] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 158.422235] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 158.429700] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 158.437873] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 158.445674] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 158.453349] bridge0: port 2(bridge_slave_1) entered blocking state
[ 158.459675] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 158.523476] device hsr_slave_0 entered promiscuous mode
[ 158.571662] device hsr_slave_1 entered promiscuous mode
[ 158.612199] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[ 158.618243] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 158.627073] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[ 158.635460] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[ 158.655461] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[ 158.673065] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 158.682925] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[ 158.695856] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[ 158.703262] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 158.713937] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[ 158.725575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 158.733736] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 158.742729] 8021q: adding VLAN 0 to HW filter on device bond0
[ 158.752489] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 158.759732] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 158.767503] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[ 158.775107] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 158.785663] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 158.794869] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 158.804178] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[ 158.812528] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[ 158.823051] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[ 158.831081] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 158.837952] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 158.845778] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 158.854431] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 158.863331] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[ 158.869400] 8021q: adding VLAN 0 to HW filter on device team0
[ 158.878150] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[ 158.887694] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 158.896928] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 158.912792] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[ 158.919184] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 158.932973] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 158.942892] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 158.954145] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 158.961906] bridge0: port 1(bridge_slave_0) entered blocking state
[ 158.968234] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 158.977167] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 158.988343] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[ 158.998211] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 159.005543] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 159.013667] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 159.021429] bridge0: port 2(bridge_slave_1) entered blocking state
[ 159.027958] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 159.044352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 159.057288] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[ 159.067489] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[ 159.078937] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[ 159.087299] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 159.095755] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 159.104050] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 159.112556] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 159.124921] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
23:29:09 executing program 3:
syz_mount_image$ext4(&(0x7f0000000140)='ext3\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0xf, &(0x7f0000000400)=[{&(0x7f0000000440)="25befc8b31cf43b30234fa0095e0612687463915e39802a9d8aea872943afd874e2f98b579a7186270146d0e0206e73ba8c63cd7dcc6760353effc7b171ed217460344db4506aa5e391360a822ab68be96f427be581828de39e78596db0189732938", 0x62, 0x400}], 0x0, 0x0)
[ 159.134617] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 159.143397] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 159.155501] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 159.166455] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[ 159.184351] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 159.195610] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 159.214843] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities
[ 159.229682] 8021q: adding VLAN 0 to HW filter on device bond0
[ 159.252100] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[ 159.260398] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 159.268166] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 159.278286] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[ 159.289045] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[ 159.295923] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 159.310422] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[ 159.319077] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[ 159.325325] 8021q: adding VLAN 0 to HW filter on device team0
[ 159.331960] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 159.338968] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 159.354102] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[ 159.366085] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 159.374084] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 159.382266] bridge0: port 1(bridge_slave_0) entered blocking state
[ 159.388649] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 159.397919] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[ 159.407254] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[ 159.414940] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 159.426113] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 159.434324] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 159.442429] bridge0: port 2(bridge_slave_1) entered blocking state
[ 159.448815] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 159.457412] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[ 159.465315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 159.477500] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 159.487685] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[ 159.499686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 159.512448] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[ 159.520392] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 159.528011] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
23:29:10 executing program 1:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
dup2(0xffffffffffffffff, 0xffffffffffffffff)
syz_genetlink_get_family_id$tipc(0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x20000000fb], 0x1f004, 0x485})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
[ 159.538676] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[ 159.553536] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[ 159.560859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 159.568836] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 159.593622] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[ 159.601066] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 159.608266] audit: type=1400 audit(1568244550.153:39): avc: denied { create } for pid=6985 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[ 159.634535] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 159.643137] audit: type=1400 audit(1568244550.153:40): avc: denied { write } for pid=6985 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[ 159.669414] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[ 159.678037] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 159.691485] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 159.710761] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[ 159.716861] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[ 159.756046] audit: type=1400 audit(1568244550.153:41): avc: denied { read } for pid=6985 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
23:29:10 executing program 2:
mkdir(&(0x7f0000000340)='./file0\x00', 0x0)
chdir(&(0x7f0000000300)='./file0\x00')
symlink(&(0x7f0000000140)='..', &(0x7f00000000c0)='./file0\x00')
chroot(&(0x7f0000000180)='./file0/file0\x00')
mount(&(0x7f0000000000)=@filename='./file0\x00', &(0x7f0000000040)='./file0/file0\x00', 0x0, 0x2841806, 0x0)
umount2(&(0x7f00000001c0)='./file0/file0\x00', 0x0)
[ 159.809021] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[ 159.828227] 8021q: adding VLAN 0 to HW filter on device batadv0
23:29:12 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = socket$inet6(0xa, 0x3, 0x2)
r4 = dup(r3)
syz_kvm_setup_cpu$x86(r4, r2, &(0x7f000001c000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
23:29:12 executing program 5:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070")
syz_emit_ethernet(0x32, &(0x7f0000000000)={@remote, @empty, [], {@arp={0x8100, @generic={0x0, 0x88ca, 0x6, 0x0, 0x0, @dev, "", @broadcast, "60e72a375db887d65b2dcd6cdc3418ac"}}}}, 0x0)
23:29:12 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, @perf_bp={0x0, 0xe5ec6dbb42ddd7db}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = inotify_init1(0x0)
r1 = getpid()
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
fcntl$getownex(r0, 0x10, &(0x7f0000000100)={0x0, <r2=>0x0})
kcmp(r2, r1, 0x2, 0xffffffffffffffff, 0xffffffffffffffff)
23:29:12 executing program 3:
sendmsg$SEG6_CMD_GET_TUNSRC(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000780)=ANY=[@ANYBLOB="fc7c1c", @ANYRES16=0x0, @ANYBLOB="fef19204815a87be0fd7b838ee9cbdbee386bb6c07aa57da13f28cbc1173b7b5451913bd5d7866cb75136133681de4a95fcfe1c3bf168a36adc967af4346b9d1cb4b42724fe77aed81633647d77e8f3d4959ae42caa10dbc26c5ad83e1e93821fd31cd1d922caa3503edf390cf81e9c9f79a3eca759e661d6b6c131a070c436c959312625df95c834aadf0c37982aa99836d878d97fc6cce9a9d9f279648574300b450fe0e78373812000000000000006f5d62c86aca86a09dce0c8b0700c12ad99dad672056955c11b7ca3c49b9739d088c2eb0c008f628790ec8ebc30285dad91d50bcce0adf55b413006e1bddcc726c3f26aa82425c894e45c3981b85d539047cc9f05cc7252272eada83a203bbbc2317faaa9296d6d19c5b28945da72ec04111fa489070fe636914c3c43f8150a0b6898f36d990369367563bb6512a4be66fc098ba9cc92a9a1eb6392cf015c8e22e7462b2fb48c8dc13daab8ab136babf407ad7df786658fc3cd9105ae606a951b7ec93b1e0d1ea95ec1ac4ddb26766d3296217b97ba47d9d7570efcc239434b1ad319e39d15a1cde4e5219668aeaa48d130aae7c7a664b1dde9e68a4161a34afae4889c2104e23a106"], 0x3}}, 0x0)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, &(0x7f0000000000)={0x7, 0x100})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
23:29:12 executing program 1:
r0 = socket$inet(0x10, 0x2, 0x4)
sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)}, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0x100001c9, 0x0)
fremovexattr(0xffffffffffffffff, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000240)='net/fib_trie\x00')
preadv(r1, &(0x7f0000000480), 0x100000000000022c, 0x6c00000000000000)
socket$inet6(0xa, 0x2, 0x0)
r2 = syz_open_procfs(0x0, 0x0)
getpid()
getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000740)={0x3, 0x0, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_NMI(r5, 0xae9a)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r5, 0xae80, 0x0)
perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0))
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
execveat(r2, 0x0, &(0x7f0000000480)=[0x0], &(0x7f0000000640)=[0x0, 0x0, 0x0], 0x0)
23:29:12 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [], @local}}, 0x1c)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070")
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote, 0x5}, 0x1c)
23:29:12 executing program 3:
ioctl$LOOP_CLR_FD(0xffffffffffffffff, 0x4c01)
write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$tipc(0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x20000000fb], 0x1f004, 0x485})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
[ 162.042057] hrtimer: interrupt took 38453 ns
23:29:12 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
setsockopt$inet_mtu(r0, 0x0, 0xa, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000280)='veth0_to_bond\x00', 0x10)
sendto$inet(r0, &(0x7f0000000080), 0xffffffffffffff02, 0x420ffe0, 0x0, 0xfffffffffffffd37)
23:29:12 executing program 5:
prctl$PR_GET_NAME(0x10, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0)
prlimit64(0x0, 0x0, 0x0, 0x0)
getpid()
socketpair$unix(0x1, 0x200400000000003, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000140)=@abs={0x0, 0x0, 0xfffffffffffffffe}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x924924924924c31, 0x0)
close(r0)
23:29:12 executing program 4:
prctl$PR_GET_NAME(0x10, 0x0)
syz_genetlink_get_family_id$tipc(0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x20000000fb], 0x1f004, 0x485})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
23:29:12 executing program 3:
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=ANY=[@ANYBLOB="021600000200000000000000eede3def"], 0x10}}, 0x0)
23:29:12 executing program 0:
prctl$PR_SET_THP_DISABLE(0x29, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x2, @perf_bp={0x0, 0xe5ec6dbb42ddd7db}, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_dev$ndb(0x0, 0x0, 0x0)
r0 = inotify_init1(0x0)
r1 = getpid()
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
fcntl$getownex(r0, 0x10, &(0x7f0000000100)={0x0, <r2=>0x0})
kcmp(r2, r1, 0x2, 0xffffffffffffffff, 0xffffffffffffffff)
23:29:12 executing program 5:
prctl$PR_GET_NAME(0x10, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, 0x0)
prlimit64(0x0, 0x0, 0x0, 0x0)
getpid()
socketpair$unix(0x1, 0x200400000000003, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000140)=@abs={0x0, 0x0, 0xfffffffffffffffe}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x924924924924c31, 0x0)
close(r0)
23:29:12 executing program 4:
23:29:13 executing program 0:
socket$packet(0x11, 0x0, 0x300)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070")
syz_emit_ethernet(0x32, &(0x7f0000000000)={@remote, @empty, [], {@arp={0x8100, @generic={0x0, 0x88ca, 0x6, 0x0, 0x0, @dev, "", @broadcast, "60e72a375db887d65b2dcd6cdc3418ac"}}}}, 0x0)
23:29:13 executing program 5:
pipe(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400add427323b470c458c560a", 0x11}], 0x1)
r2 = socket$netlink(0x10, 0x3, 0x4)
write$binfmt_misc(r1, &(0x7f00000036c0)=ANY=[@ANYPTR=&(0x7f0000003600)=ANY=[@ANYRES16, @ANYPTR=&(0x7f0000000140)=ANY=[@ANYPTR64, @ANYRES64], @ANYRES16, @ANYRES16, @ANYRESOCT, @ANYRESDEC], @ANYPTR=&(0x7f0000003440)=ANY=[@ANYBLOB="76a47a8b3198c6e32d1c744f4dc050d6ebb0c187f4ebb518e934649ab83626bcb28573f71facfe7de694b9274d5750ea382689fb70fd6af96167f6ea3e1131cfe8c58495e96aaab5bd4824338e6cf574ba07b14711ce8440c9", @ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYPTR, @ANYRES16=0x0, @ANYPTR64, @ANYRES32, @ANYPTR], @ANYPTR64, @ANYPTR64=&(0x7f0000003680)=ANY=[@ANYPTR64, @ANYRESOCT, @ANYRESDEC, @ANYPTR], @ANYPTR64=&(0x7f0000003500)=ANY=[@ANYBLOB="368517de49a47b24b11ce68717ce48f3a0e91561e8d8406c4017c747ee830ffa7f708e6ce33361b759581cb6ba27984c65a21844ae22d3a18d858f7a79371c5b63f5becd0795d5da3f3f9e8c", @ANYRES16]], @ANYRESHEX, @ANYRESOCT], 0xfee3)
splice(r0, 0x0, r2, 0x0, 0x20000000010006, 0x0)
[ 162.529958] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7076 comm=syz-executor.5
[ 162.555289] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7076 comm=syz-executor.5
[ 162.574295] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7076 comm=syz-executor.5
[ 162.592798] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7076 comm=syz-executor.5
[ 162.605777] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7076 comm=syz-executor.5
[ 162.618648] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7076 comm=syz-executor.5
[ 162.634497] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7076 comm=syz-executor.5
[ 162.647003] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7076 comm=syz-executor.5
[ 162.659621] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7076 comm=syz-executor.5
[ 162.672115] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=7076 comm=syz-executor.5
23:29:13 executing program 1:
r0 = getpid()
prctl$PR_SET_PTRACER(0x59616d61, r0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x38)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl(r2, 0x1000008912, &(0x7f0000000140)="11dca50d5e0bcfe47bf070")
ptrace$cont(0x20, r1, 0x0, 0x0)
23:29:13 executing program 2:
bind$inet(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_CAPBSET_READ(0x17, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = inotify_init1(0x0)
r1 = getpid()
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
fcntl$getownex(r0, 0x10, &(0x7f0000000100)={0x0, <r2=>0x0})
kcmp(r2, r1, 0x2, 0xffffffffffffffff, 0xffffffffffffffff)
23:29:13 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071")
r1 = syz_open_dev$usbmon(&(0x7f00008be000)='/dev/usbmon#\x00', 0x0, 0x0)
r2 = syz_open_dev$usbmon(0x0, 0x0, 0x0)
mmap(&(0x7f0000a05000/0x400000)=nil, 0x400300, 0x0, 0x8012, r2, 0x0)
mmap(&(0x7f0000a05000/0x400000)=nil, 0x400300, 0x0, 0x8012, r1, 0x0)
23:29:13 executing program 4:
connect$inet(0xffffffffffffffff, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_open_dev$loop(&(0x7f0000000340)='/dev/loop#\x00', 0x40, 0x0)
ioctl$BLKFLSBUF(r0, 0x1261, 0x0)
23:29:13 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd(0x0)
ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r2})
write$eventfd(r2, &(0x7f0000000000), 0x8)
23:29:13 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x9, &(0x7f0000000000)=0x20000005, 0x4)
23:29:13 executing program 1:
r0 = getpgrp(0x0)
prctl$PR_SET_PTRACER(0x59616d61, r0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
tkill(r1, 0x3f)
ptrace$cont(0x20, r1, 0x0, 0x0)
ptrace$cont(0x9, r1, 0x0, 0x0)
23:29:13 executing program 4:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @broadcast}, 0x10)
prctl$PR_CAPBSET_READ(0x17, 0x0)
setsockopt$sock_int(r0, 0x1, 0x4, &(0x7f00000000c0)=0x3ff, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x20000000, &(0x7f0000000340)={0x2, 0x4e20}, 0x10)
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x2, @perf_bp={&(0x7f0000000040), 0xe5ec6dbb42ddd7db}, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x20000)
r2 = inotify_init1(0x0)
r3 = getpid()
fcntl$setown(r2, 0x8, 0xffffffffffffffff)
fcntl$getownex(r2, 0x10, &(0x7f0000000100)={0x0, <r4=>0x0})
kcmp(r4, r3, 0x2, 0xffffffffffffffff, 0xffffffffffffffff)
ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000140)={[], 0x6, 0x8, 0x5, 0x7fffffff, 0x9, r3})
sendto$inet(r0, &(0x7f0000000080)="e3", 0xffffffffffffff30, 0x4044050, 0x0, 0x105)
23:29:13 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @broadcast}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0xca)
sendto$inet(r0, 0x0, 0x0, 0x20000000, &(0x7f0000000340)={0x2, 0x4e20}, 0x10)
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
sendto$inet(r0, &(0x7f0000000080)="e3", 0xffffffffffffff30, 0x4044050, 0x0, 0x105)
[ 162.896020] audit: type=1400 audit(1568244553.443:42): avc: denied { map } for pid=7097 comm="syz-executor.3" path="/dev/usbmon0" dev="devtmpfs" ino=14978 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usbmon_device_t:s0 tclass=chr_file permissive=1
23:29:13 executing program 3:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, &(0x7f00000002c0)='\f', 0x10003, 0x0, 0x0, 0x0)
23:29:13 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0})
23:29:13 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x9, &(0x7f0000000000)=0x20000005, 0x4)
23:29:13 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x9, &(0x7f0000000000)=0x20000005, 0x4)
23:29:13 executing program 1:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071")
r1 = inotify_init1(0x0)
r2 = getpid()
fcntl$setown(r1, 0x8, 0xffffffffffffffff)
fcntl$getownex(r1, 0x10, &(0x7f0000000100)={0x0, <r3=>0x0})
kcmp(r3, r2, 0x2, 0xffffffffffffffff, 0xffffffffffffffff)
23:29:13 executing program 5:
sendmsg$SEG6_CMD_GET_TUNSRC(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB="fc7c1c", @ANYRES16=0x0, @ANYBLOB="fe0d920481"], 0x3}}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x4)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x296, 0x0, 0x0, 0x0, 0x4ce]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
23:29:13 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @broadcast}, 0x10)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000140)="0800a1695e1dcfe87b1071")
sendto$inet(r0, 0x0, 0x0, 0x20000000, &(0x7f0000000340)={0x2, 0x4e20}, 0x10)
setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f00000000c0)=0x4, 0x4)
sendto$inet(r0, &(0x7f0000000080)="e3", 0x1, 0x0, 0x0, 0x0)
23:29:13 executing program 2:
prctl$PR_GET_DUMPABLE(0x3)
getdents64(0xffffffffffffffff, &(0x7f00000004c0)=""/141, 0x8d)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, &(0x7f0000000000)={0x0, @aes256, 0x2, "0cde737c8ea91285"})
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000180), 0x8)
mmap(&(0x7f0000000000/0xddf000)=nil, 0xddf000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
23:29:13 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = eventfd(0x0)
ioctl$KVM_IRQFD(r3, 0x4020ae76, &(0x7f0000000040)={r4})
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r4})
23:29:13 executing program 1:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
23:29:13 executing program 4:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @broadcast}, 0x10)
prctl$PR_CAPBSET_READ(0x17, 0x0)
setsockopt$sock_int(r0, 0x1, 0x4, &(0x7f00000000c0)=0x3ff, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x20000000, &(0x7f0000000340)={0x2, 0x4e20}, 0x10)
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x2, @perf_bp={&(0x7f0000000040), 0xe5ec6dbb42ddd7db}, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x20000)
r2 = inotify_init1(0x0)
r3 = getpid()
fcntl$setown(r2, 0x8, 0xffffffffffffffff)
fcntl$getownex(r2, 0x10, &(0x7f0000000100)={0x0, <r4=>0x0})
kcmp(r4, r3, 0x2, 0xffffffffffffffff, 0xffffffffffffffff)
ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000140)={[], 0x6, 0x8, 0x5, 0x7fffffff, 0x9, r3})
sendto$inet(r0, &(0x7f0000000080)="e3", 0xffffffffffffff30, 0x4044050, 0x0, 0x105)
23:29:13 executing program 3:
sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)}, 0x0)
r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fremovexattr(r0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000240)='net/fib_trie\x00')
preadv(r1, &(0x7f0000000480), 0x100000000000022c, 0x0)
socket$inet6(0xa, 0x2, 0x0)
getpid()
getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000740)={0x3, 0x0, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
execveat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000480)=[0x0], &(0x7f0000000640)=[0x0, 0x0, 0x0], 0x0)
23:29:13 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x2}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000100)=0x1, 0x4)
listen(r1, 0x0)
sendto$inet6(r0, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c)
[ 163.293754] kvm [7145]: vcpu0, guest rIP: 0x8a disabled perfctr wrmsr: 0x187 data 0x4d00000040f
[ 163.317027] irq bypass consumer (token ffff88808e39ca80) registration fails: -16
[ 163.405995] kvm [7145]: vcpu0, guest rIP: 0x8a ignored wrmsr: 0x11e data 0x4d00000040f
[ 163.423416] TCP: request_sock_TCPv6: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters.
23:29:14 executing program 1:
syz_open_dev$usbmon(&(0x7f00000000c0)='/dev/usbmon#\x00', 0x0, 0x0)
sendmsg$SEG6_CMD_GET_TUNSRC(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB="fc7c1c", @ANYRES16=0x0, @ANYBLOB="fe0d920481"], 0x3}}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x4)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x296, 0x0, 0x0, 0x0, 0x4ce]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
23:29:14 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
io_cancel(0x0, 0x0, &(0x7f0000000680))
syz_genetlink_get_family_id$tipc(0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x20000000fb], 0x1f004, 0x485})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
[ 163.490851] kvm [7145]: vcpu0, guest rIP: 0x8a disabled perfctr wrmsr: 0x186 data 0x4d00000040f
23:29:14 executing program 4:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @broadcast}, 0x10)
prctl$PR_CAPBSET_READ(0x17, 0x0)
setsockopt$sock_int(r0, 0x1, 0x4, &(0x7f00000000c0)=0x3ff, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x20000000, &(0x7f0000000340)={0x2, 0x4e20}, 0x10)
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x2, @perf_bp={&(0x7f0000000040), 0xe5ec6dbb42ddd7db}, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x20000)
r2 = inotify_init1(0x0)
r3 = getpid()
fcntl$setown(r2, 0x8, 0xffffffffffffffff)
fcntl$getownex(r2, 0x10, &(0x7f0000000100)={0x0, <r4=>0x0})
kcmp(r4, r3, 0x2, 0xffffffffffffffff, 0xffffffffffffffff)
ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000140)={[], 0x6, 0x8, 0x5, 0x7fffffff, 0x9, r3})
sendto$inet(r0, &(0x7f0000000080)="e3", 0xffffffffffffff30, 0x4044050, 0x0, 0x105)
[ 163.562447] kvm [7145]: vcpu0, guest rIP: 0x8a disabled perfctr wrmsr: 0x187 data 0x4d00000040f
23:29:14 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x9, &(0x7f0000000000)=0x20000005, 0x4)
getsockopt$inet_tcp_int(r0, 0x6, 0x9, 0x0, &(0x7f00000000c0))
[ 163.703700] kvm [7177]: vcpu0, guest rIP: 0x8a disabled perfctr wrmsr: 0x187 data 0x4d00000040f
23:29:14 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x9, &(0x7f0000000000)=0x20000005, 0x4)
getsockopt$inet_tcp_int(r0, 0x6, 0x9, 0x0, &(0x7f00000000c0))
[ 163.791209] kvm [7177]: vcpu0, guest rIP: 0x8a ignored wrmsr: 0x11e data 0x4d00000040f
[ 163.816995] kvm [7177]: vcpu0, guest rIP: 0x8a disabled perfctr wrmsr: 0x186 data 0x4d00000040f
23:29:14 executing program 5:
io_cancel(0x0, 0x0, 0x0)
syz_genetlink_get_family_id$tipc(0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x20000000fb], 0x1f004, 0x485})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
23:29:14 executing program 2:
prctl$PR_GET_DUMPABLE(0x3)
getdents64(0xffffffffffffffff, &(0x7f00000004c0)=""/141, 0x8d)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, &(0x7f0000000000)={0x0, @aes256, 0x2, "0cde737c8ea91285"})
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000180), 0x8)
mmap(&(0x7f0000000000/0xddf000)=nil, 0xddf000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
23:29:14 executing program 3:
sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)}, 0x0)
r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fremovexattr(r0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000240)='net/fib_trie\x00')
preadv(r1, &(0x7f0000000480), 0x100000000000022c, 0x0)
socket$inet6(0xa, 0x2, 0x0)
getpid()
getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000740)={0x3, 0x0, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
execveat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000480)=[0x0], &(0x7f0000000640)=[0x0, 0x0, 0x0], 0x0)
23:29:14 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
io_cancel(0x0, 0x0, &(0x7f0000000680))
syz_genetlink_get_family_id$tipc(0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x20000000fb], 0x1f004, 0x485})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
23:29:14 executing program 4:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @broadcast}, 0x10)
prctl$PR_CAPBSET_READ(0x17, 0x0)
setsockopt$sock_int(r0, 0x1, 0x4, &(0x7f00000000c0)=0x3ff, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x20000000, &(0x7f0000000340)={0x2, 0x4e20}, 0x10)
prctl$PR_SET_THP_DISABLE(0x29, 0x1)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x2, @perf_bp={&(0x7f0000000040), 0xe5ec6dbb42ddd7db}, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0x0, 0x20000)
r2 = inotify_init1(0x0)
r3 = getpid()
fcntl$setown(r2, 0x8, 0xffffffffffffffff)
fcntl$getownex(r2, 0x10, &(0x7f0000000100)={0x0, <r4=>0x0})
kcmp(r4, r3, 0x2, 0xffffffffffffffff, 0xffffffffffffffff)
ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000140)={[], 0x6, 0x8, 0x5, 0x7fffffff, 0x9, r3})
sendto$inet(r0, &(0x7f0000000080)="e3", 0xffffffffffffff30, 0x4044050, 0x0, 0x105)
23:29:14 executing program 1:
sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f000000d000)}, 0x0)
r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
fremovexattr(r0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000240)='net/fib_trie\x00')
preadv(r1, &(0x7f0000000480), 0x100000000000022c, 0x0)
socket$inet6(0xa, 0x2, 0x0)
getpid()
getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000740)={0x3, 0x0, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
execveat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', &(0x7f0000000480)=[0x0], &(0x7f0000000640)=[0x0, 0x0, 0x0], 0x0)
23:29:14 executing program 5:
23:29:14 executing program 5:
prctl$PR_GET_DUMPABLE(0x3)
getdents64(0xffffffffffffffff, &(0x7f00000004c0)=""/141, 0x8d)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000, 0x0, &(0x7f0000c87000/0x2000)=nil)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, &(0x7f0000000000)={0x0, @aes256, 0x2, "0cde737c8ea91285"})
mlockall(0x3)
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000180), 0x8)
mmap(&(0x7f0000000000/0xddf000)=nil, 0xddf000, 0x0, 0x32, 0xffffffffffffffff, 0x0)
23:29:15 executing program 4:
23:29:15 executing program 4:
23:29:15 executing program 0:
23:29:15 executing program 0:
23:29:15 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000140))
ioctl$KVM_UNREGISTER_COALESCED_MMIO(r1, 0x4010ae68, &(0x7f0000000140)={0xfdfdffff00000000})
23:29:15 executing program 2:
23:29:15 executing program 0:
23:29:15 executing program 1:
23:29:15 executing program 3:
23:29:15 executing program 4:
23:29:15 executing program 1:
23:29:16 executing program 5:
23:29:16 executing program 0:
23:29:16 executing program 3:
23:29:16 executing program 2:
23:29:16 executing program 4:
23:29:16 executing program 1:
23:29:16 executing program 2:
23:29:16 executing program 0:
23:29:16 executing program 4:
23:29:16 executing program 1:
23:29:16 executing program 3:
23:29:16 executing program 5:
23:29:16 executing program 0:
23:29:16 executing program 2:
23:29:16 executing program 5:
23:29:16 executing program 3:
23:29:16 executing program 1:
23:29:16 executing program 4:
23:29:16 executing program 0:
23:29:16 executing program 2:
23:29:16 executing program 3:
23:29:16 executing program 1:
23:29:16 executing program 4:
23:29:16 executing program 5:
23:29:16 executing program 2:
23:29:16 executing program 3:
23:29:16 executing program 0:
23:29:16 executing program 4:
23:29:16 executing program 1:
23:29:16 executing program 5:
23:29:16 executing program 3:
23:29:16 executing program 1:
23:29:16 executing program 4:
23:29:16 executing program 0:
23:29:16 executing program 2:
23:29:16 executing program 1:
23:29:16 executing program 3:
personality(0x8000000)
io_setup(0x3, &(0x7f0000000100))
23:29:16 executing program 4:
23:29:16 executing program 5:
23:29:16 executing program 0:
23:29:16 executing program 2:
23:29:16 executing program 1:
23:29:16 executing program 0:
clone(0x800007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="13d50f34"], 0x4}}, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f0000001a40)=[{{0x0, 0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000002c0)}], 0x3}}], 0x1, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000001b00)=ANY=[@ANYBLOB="eabe9f303b222957eecbc62428a82d2759621c4e25aca1877c7e5255f910c28f5e87a648b9546a1ebed56adb3b91e7f1ffd7e4ab56ad8e39ac079b906da58a5d1ab04e9d752a92806db0c8541ab3234dedb663fc73c7fe3c32325c4541008239fb1aace0ec8aaeca96b11a0d6e07106a0b90a1a706037fe7f2", @ANYRESHEX, @ANYPTR64, @ANYRESOCT, @ANYRES32, @ANYBLOB="0a1da9ee18cff6bc6a83095a16d8e35857b4bc2097af31ac7986a65cad647484f90c9fd46fef259ad171921ffcec605b1e5398c51a4bd95b0e2492f55ac2cddab500c32ec94bbca707914c339a47abae0bdae27c10cd74e98587787e4038c04a4b627b17e13dbcd3f8f5c96d5ac62040f4e1cd7e6716249e8f76346f92a216d694999b59692eed8ee95fe63da028952afc20b543340c03a803000000000000002f511da3e2105f9a23f265f22b279463036de8ff0096431fff"], 0x0, 0x167}, 0x20)
tkill(r0, 0x3b)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x3}, 0x1c)
sendmmsg(r1, &(0x7f0000007e00), 0x40000000000025d, 0x0)
23:29:16 executing program 5:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='attr/current\x00')
write$selinux_create(r0, 0x0, 0x18)
23:29:16 executing program 4:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/dev_snmp6\x00')
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$TCXONC(r2, 0x540a, 0x0)
ioctl$TCXONC(r2, 0x540a, 0x0)
23:29:16 executing program 3:
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000002c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$inet(r0, &(0x7f0000003300)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)
recvmmsg(r1, &(0x7f0000002b80)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x40, 0x0)
23:29:16 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dcab0d5e0be6e47bf070")
r1 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/attr/exec\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000700)=[{&(0x7f0000000500)="c5", 0x1}], 0x1)
23:29:16 executing program 1:
syz_open_dev$evdev(&(0x7f0000006240)='/dev/input/event#\x00', 0x2, 0x4840)
23:29:16 executing program 5:
r0 = openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/create\x00', 0x2, 0x0)
write$selinux_create(r0, 0x0, 0x256)
23:29:16 executing program 0:
r0 = openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/create\x00', 0x2, 0x0)
write$selinux_create(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="73797374656d5f753a6f626a6563745f723a73797374656d5f64627573645f7661725f6c69625f743a733020756e636f6e66696e65645f753a73797374656d5f723a696e736d6f645f743a73302d73303a63302e6331303233203030303018"], 0x5f)
[ 166.169805] ptrace attach of "/root/syz-executor.0"[7340] was attempted by "/root/syz-executor.0"[7344]
23:29:16 executing program 4:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='clear_refs\x00')
write$selinux_create(r0, 0x0, 0x18)
23:29:16 executing program 5:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070")
r1 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r1, &(0x7f00000001c0)={0x2, 0x4e23, @broadcast}, 0x10)
23:29:16 executing program 3:
r0 = openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/create\x00', 0x2, 0x0)
write$selinux_create(r0, 0x0, 0xffad)
23:29:16 executing program 2:
syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f0000000100)='./bus\x00', 0x0, 0x0, 0x0, 0x8000, &(0x7f00000004c0)={[], [{@euid_gt={'euid>'}}]})
23:29:16 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/dev_snmp6\x00')
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$TCXONC(r2, 0x540a, 0x1)
23:29:16 executing program 4:
r0 = openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/create\x00', 0x2, 0x0)
write$selinux_create(r0, 0x0, 0x0)
write$binfmt_aout(r0, 0x0, 0x0)
23:29:16 executing program 1:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dcab0d5e0be6e47bf070")
r1 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/enforce\x00', 0x1, 0x0)
write$FUSE_NOTIFY_RETRIEVE(r1, &(0x7f0000000200)={0x30}, 0x30)
23:29:16 executing program 3:
open(0x0, 0x0, 0x0)
syz_genetlink_get_family_id$SEG6(0x0)
sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, 0x0, 0x0)
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0)
chdir(&(0x7f0000000040)='./file0\x00')
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='mem\x00\x00\x00\x00\x00\x00<s\x8c\')tU\x19\x9a)S\xa7b\xce\xd8\xde\x95\xf6\xc3\\n\xc1\xa2)o\xee\x97\xdf\xe9\xf3\xfdJ\xe8`7iY\x86~\xd8\xecy\xc00.\x90\xfc\xac\xa0\xb8\x1d\x1a\x7f\xec\xea\np\xb4\xd5l\xb5\xc3\xc7w%\x16a~]P\x04\xc7 \xf7\x92\x8b\x8f\x9d&\\\xf9\xa3\x96G<\xd4\x80\x16/\x81\xe7(\x8b\xde9]\xaf\xbc\xb0\r}Ne\xfaX\xb0\x8a\xbd\x1d\xfc\xd4\x91\x95\x00\v\x14a0_\xd9\x1f\xc7\xb5\xc3FS\x16\x03~\xbbc*\xa3\xab`\x06\xf0\xbc\xacJY\xe7\xb2\x8cw\xa4U.\xa4\xe2u\x1d!jVL}#O\t\xb2`\x0e\xe9\xc6*\xf7\xf8Uh\x8e\x01\xf1b\xf5;\x8a\x17\x9a\x0fq\x01\x91pSR\x82-H\n\x1fP\xb6*\xc9\xfd\x89\xb5\x7f\x87m\"\xaa\xce\xed\a\xf2\xfd<\x10\xb8\xcf\xfac\xcc\x0f\xd2\xdd\xcd#8\"\x8b\xf2\xccA\v\xdf\xf5\x8d\xa5-\x02\xaa|\xdd\xd0az\xc8,)\xedf\x89x>\a\x13', 0x275a, 0x0)
23:29:16 executing program 5:
syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x4000)
23:29:16 executing program 0:
r0 = openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/create\x00', 0x2, 0x0)
write$selinux_create(r0, &(0x7f00000000c0)=@access={'system_u:object_r:system_dbusd_var_lib_t:s0', 0x20, 'unconfined_u:system_r:insmod_t:s0-s0:c0.c1023', 0x20, 0xc5a}, 0x6f)
23:29:17 executing program 4:
perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000007c0)='/group.sta\x9f\xd4t\x00+\x96FR\bR\t\x12\x04J{\t\xab\v\x02t\xe1\t\x85\xa6\xfa\x15\xb3[\xa6\x94!\xf2\x04\xde\xc5f\x8a\x06\x00\x00\x00\xb9\x0f\xf8`\xe0\x1f&+\xaf\xacu\nm\\\xe2Y\xcba\xea\f\xd9DXX>\xef/\xc5\x97\xea\x93\xa7\xde\xc9\xb4\x16\x8eF\x8b\xe0W\xdfuE\xfe\x8b\xc4G\x8f\x8e\xd8[T|i$\x88\x04\x00\x00\x00\x00\x00\x00\x00\x90\x1eB\x8b\x98\xad\xd17_Q\xe15\x84\x8f\xea\x98\xc6J\x81W!\xf0\\\xa1O\x9f\x93\x19C\xceQCV\xe3WE\x11\xe0\xc6\x1f\xf2/\xf6\x1fM\xeba_\xa9\xcd\x10\xcd\x0e~\xc6\xed\xb6\x82\xf6\xee\x9aK\xdd\x86\xf8\x0f\x15Y-\xb8A1\x1bb\xff\xf0\xd2M\xf7)\xaa\x8a\x18\xb9_\x83>\xeb\xfc\xc18^<l\v\x85\xbd\xcb\x16\xe3<D\xc8\x11L\xadf9\xb4Y\xec\xf6p\xe6\x0f\xba\xec\xea\x90\xd5y\xf5\x85\x02r\xf3\x16\xc0\xe5\xc5K\xaf<X\xb0\f\xfd\x1a\xbb\xf5\'\xa3\xfe\xcf\xf4Q\xa5\x93>\x1d\xb3Y\xdc#\xde\xdb\x89\x90L\x99o\x02\xb6\x98e\xc6b\xce\xb7\x99k3&\xaf\v\xc6\x80\xff\xdb\xb7\x0e\xb4K\xf8\x17\xba\xf8\xee\fe\xed]\x93\x13\xbc\xf5\xe2<\xa2\xaf\x83\xa3\xaabc\x95\x00\t:\xcc\xe1\t]\x84\x90\x17l\xd3\xa7M\xdb\x02J\x90\xe8\xe8\xb3\xc9\xf6\xea\xb2\xdeI\xe4\x0f\xd4\xca(\xcd\xfa\xb2\xb8@\xca\x17u\x02Rb\xad\xd0\xf7\x9bz#\xb8\x1d\x88\xf6?3,\x89\xb1-p\x8a\r\xdb\xd6,\xa4\x01y\x1bc\xb7\x19\xcey\xb5\xae\xc4\xe3\xc4\xe9=\x1e\x8c\xec\xfe\x05b\x7f`Y k\xc4\xa8 \xc3\x9b\v\xbbE\x8c\xb8\xe6\x8a\xa0s\b\xcb\xbb\xfa\xde\xf0\n`\x8az<\f\xf1\xbe\x85\xd1Wk\x17\xbc1q\x8b\x93Y|\x9e\xe2\xc9Ms/A\x98\xf2\x88\n\x92?7\xb1\xe0\xee\xe8yo\xb7\xb2p\xc5O~\x87\x17F\b\xb5\xd6\xdc\xe4u:$>\xd1\xaf\x1a\xcb\x18\x8a\x0e$\xbd\x94N\xc84}_\x06\x11\xd2\xdd7\xe0\b\x0f\xd0\xb0WZ\xfc\xb1\xc3\tS\x13\a6\xc0\xbc\vG\xe4p\x1b\xee\x89_=\xb8\x12\xddpk\x860\x03\xfd\xde\x0f\x9c\xc2\xe5.\xfe\xaf\x8f\xe2\x16\x8c\xdbS\xe6\xc26\xde\xf4I\x9f\x003P\xb5\x9fg\x82!\xf2\x82 \xc1Os\xd7C\\\xad\xb3n}t\xba|\x10\x05,rk\xd1\t|\x1e\x00\x9e\xfa\"\x85\xdd\xb7O\a\xfc\x14\xa8\x00\x1f6M\xb00\xbd\xb7\xd6\xa8\xffe\xb2\xcb\'', 0x2761, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)}, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000000))
23:29:17 executing program 1:
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@remote, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in=@multicast2, 0x0, 0x2b}, 0x0, @in=@local}}, 0xe8)
r1 = socket$key(0xf, 0x3, 0x2)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f00000001c0), 0x4)
sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b0001020000000000400000000000"], 0x10}}, 0x0)
sendmsg$key(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000040)=ANY=[@ANYBLOB="02120000020000000a000097d3d33373"], 0x10}}, 0x0)
recvmmsg(r1, &(0x7f0000000f00), 0x274, 0x10000, &(0x7f0000001000)={0x77359400})
23:29:17 executing program 2:
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000440)='/dev/uhid\x00', 0x2, 0x0)
write$UHID_INPUT2(r0, &(0x7f0000000480), 0x6)
23:29:17 executing program 3:
r0 = openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/create\x00', 0x2, 0x0)
write$selinux_create(r0, 0x0, 0x0)
close(r0)
23:29:17 executing program 0:
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='loginuid\x00')
write$P9_RLOCK(r0, 0x0, 0x0)
23:29:17 executing program 5:
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x4e23, @broadcast}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x20000003, &(0x7f0000000080)={0x2, 0x1000004e23, @local}, 0x10)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='sit0\x00', 0x10)
r1 = memfd_create(&(0x7f00000000c0)='n\x9e\xc2ux/.bdevh\x01\xd9\"\x8f\xa9\x91\x95\x7f\b\x00\x00', 0x0)
ftruncate(r1, 0x4000b)
socket$packet(0x11, 0x2000000003, 0x300)
sendfile(r0, r1, 0x0, 0x10010000000002)
23:29:17 executing program 0:
perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000003c0)={0x0, <r1=>0x0}, &(0x7f0000000400)=0xc)
ioprio_get$uid(0x3, r1)
23:29:17 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x9, 0x4, &(0x7f0000346fc8)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x6, 0x5, 0x1, 0x14}]}, &(0x7f0000f6bffb)='GPL\x00'}, 0x48)
23:29:17 executing program 2:
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x206, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132})
23:29:17 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x5, 0x53, 0x8000, 0x2000008000000001, 0x0, 0x1}, 0x3c)
bpf$MAP_CREATE(0x2, &(0x7f0000000000)={0x3, 0x0, 0x73fffb, 0x0, 0x822000, 0x0}, 0x2c)
23:29:17 executing program 1:
r0 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
socket$kcm(0x11, 0x3, 0x300)
socket$kcm(0x2, 0x1000000000000002, 0x0)
r1 = socket$kcm(0x11, 0x3, 0x300)
r2 = socket$kcm(0x2, 0x1000000000000002, 0x0)
setsockopt$sock_attach_bpf(r2, 0x1, 0x3e, &(0x7f00000002c0)=r1, 0x4)
sendmsg$kcm(r2, &(0x7f0000003d00)={&(0x7f0000000380)=@in={0x2, 0x4e23, @local}, 0x80, 0x0}, 0xfd00)
write$cgroup_subtree(r2, 0x0, 0x0)
23:29:17 executing program 5:
socket$kcm(0x10, 0x2, 0x0)
r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1fb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
ioctl$PERF_EVENT_IOC_QUERY_BPF(0xffffffffffffffff, 0xc008240a, 0x0)
perf_event_open$cgroup(&(0x7f0000000fc0)={0x0, 0x70, 0x0, 0x0, 0x1, 0x0, 0x0, 0x7, 0x100, 0x4, 0x0, 0x2b, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x5, 0x2, 0x0, 0x0, 0x6, 0x0, 0x1ff, 0x0, 0x7, 0x8, 0xffffffff, 0x0, 0x3ff, 0x2faa, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x5, @perf_config_ext={0x0, 0x489e}, 0x8, 0x0, 0x9, 0x0, 0x6, 0x5, 0x400}, r1, 0x6, 0xffffffffffffffff, 0x4)
openat$cgroup_int(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000003c0)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00', 0x2761, 0x0)
sendmsg(0xffffffffffffffff, &(0x7f00000017c0)={&(0x7f0000000100)=@un=@file={0x1, './file0\x00'}, 0x80, 0x0}, 0x0)
write$cgroup_int(r2, &(0x7f00000009c0), 0x12)
write$cgroup_int(r3, &(0x7f0000000080), 0x297ef)
r4 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
openat$cgroup_int(r4, &(0x7f0000000080)='memory.high\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40042409, 0x0)
openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0)
recvmsg(r3, &(0x7f0000000940)={&(0x7f0000000200)=@x25, 0x80, &(0x7f00000007c0)=[{&(0x7f0000000280)=""/99, 0x63}, {&(0x7f0000000300)=""/47, 0x2f}, {&(0x7f0000000440)=""/160, 0xa0}, {&(0x7f0000000500)=""/137, 0x89}, {&(0x7f0000000340)=""/102, 0x66}, {&(0x7f00000005c0)=""/20, 0x14}, {0x0}], 0x7}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000001600), 0x0, 0xffffffff000003b1}, 0x28)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000c00)={0xffffffffffffffff, 0xc0, &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000980)=0x6, 0x0, 0x0, 0x0, &(0x7f0000000a40)={0x9, 0x5}, 0x0, 0x0, 0x0, &(0x7f0000000ac0), 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b00)=0x8}}, 0x10)
[ 166.734253] syz-executor.5 (7424) used greatest stack depth: 22800 bytes left
23:29:17 executing program 0:
unshare(0x600)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0)
r4 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f000001bff4))
signalfd(r3, &(0x7f0000392ff8), 0x8)
23:29:17 executing program 3:
futex(&(0x7f000000cffc)=0x1, 0x800000000006, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x800000000006, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r0, 0x1000000000016)
pipe(0x0)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$TIOCSLCKTRMIOS(0xffffffffffffffff, 0x5457, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
23:29:17 executing program 4:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180))
creat(&(0x7f0000000040)='./bus\x00', 0x0)
epoll_create1(0x0)
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write(r1, &(0x7f00000001c0), 0xfffffef3)
pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0)
vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
23:29:17 executing program 1:
perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket(0x880800000000010, 0x802, 0x0)
write(r0, &(0x7f0000000040)="240000001a0025f0046bbc04fef7001c020b49ff14000000805608000800040001000200", 0x24)
23:29:17 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r0 = epoll_create1(0x0)
fcntl$getownex(r0, 0x24, &(0x7f000045fff8))
23:29:17 executing program 0:
unshare(0x600)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0)
r4 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f000001bff4))
signalfd(r3, &(0x7f0000392ff8), 0x8)
23:29:17 executing program 2:
perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1)
syz_open_procfs(0x0, &(0x7f0000272000))
23:29:17 executing program 1:
23:29:17 executing program 0:
unshare(0x600)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0)
r4 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f000001bff4))
signalfd(r3, &(0x7f0000392ff8), 0x8)
23:29:17 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
[ 167.030876] audit: type=1326 audit(1568244557.573:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7451 comm="syz-executor.3" exe="/root/syz-executor.3" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c72a code=0x0
23:29:17 executing program 0:
unshare(0x600)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0)
r4 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f000001bff4))
signalfd(r3, &(0x7f0000392ff8), 0x8)
23:29:17 executing program 1:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10)
sendmsg(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f00000000c0)='f', 0x1}], 0x1}, 0x0)
sendto$inet(r0, &(0x7f0000000080), 0xffffffffffffff02, 0x420ffe0, 0x0, 0xfffffffffffffd37)
23:29:17 executing program 0:
unshare(0x600)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0)
epoll_create1(0x0)
signalfd(r3, &(0x7f0000392ff8), 0x8)
[ 167.743350] audit: type=1326 audit(1568244558.293:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7451 comm="syz-executor.3" exe="/root/syz-executor.3" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c72a code=0x0
23:29:18 executing program 3:
futex(&(0x7f000000cffc)=0x1, 0x800000000006, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x800000000006, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r0, 0x1000000000016)
pipe(0x0)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$TIOCSLCKTRMIOS(0xffffffffffffffff, 0x5457, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
23:29:18 executing program 5:
r0 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
ioctl$SIOCAX25CTLCON(r0, 0x89e7, &(0x7f0000000100)={@default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null={0x3}, 0x0, 0x0, 0x0, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null, @default, @default]})
23:29:18 executing program 1:
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r0, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @netrom, @netrom, @rose, @rose]}, 0x48)
listen(r0, 0x0)
23:29:18 executing program 0:
unshare(0x600)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0)
epoll_create1(0x0)
signalfd(r3, &(0x7f0000392ff8), 0x8)
23:29:18 executing program 2:
mknod(&(0x7f00000005c0)='./bus\x00', 0x8, 0x0)
prctl$PR_SET_SECUREBITS(0x1c, 0x1)
clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
execve(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0)
23:29:18 executing program 4:
r0 = memfd_create(&(0x7f0000000100)='net/if_inet6\x00', 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/if_inet6\x00')
sendfile(r0, r1, 0x0, 0x4172)
23:29:18 executing program 0:
unshare(0x600)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0)
epoll_create1(0x0)
signalfd(r3, &(0x7f0000392ff8), 0x8)
23:29:18 executing program 5:
r0 = socket(0x10, 0x2, 0x0)
bind$netlink(r0, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x100a00}, 0xc)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/netlink\x00')
pipe(0x0)
socket$inet(0x2, 0x0, 0x0)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x80000005)
23:29:18 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040)='/dev/hwrng\x00', 0x0, 0x0)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x70aa3dee8a609283, 0x0, 0xfffffffffffffde3)
open(0x0, 0x0, 0x0)
listen(r0, 0x0)
flistxattr(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000180)='reno\x00', 0x5)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r1, 0x0, 0xfffffffffffffdc6, 0x20000004, &(0x7f0000000280)={0xa, 0x4e22}, 0x1c)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
r4 = socket(0x10, 0x400000000080803, 0x0)
write(r4, &(0x7f0000000040)="240000003a00d17da53a7436fef7001d0a0b49ffed000009000028000800030001000000", 0x24)
recvmmsg(r4, &(0x7f0000004040)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000140)=""/116, 0x74}, {&(0x7f00000001c0)=""/4096, 0x1000}], 0x2}}], 0x1, 0x0, 0x0)
r5 = socket(0x10, 0x400000000080803, 0x0)
write(r5, &(0x7f0000000040)="240000003a00d17da53a7436fef7001d0a0b49ffed000009000028000800030001000000", 0x24)
recvmmsg(r5, &(0x7f0000004040)=[{{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000000140)=""/116, 0x74}, {&(0x7f00000001c0)=""/4096, 0x1000}], 0x2}}], 0x1, 0x0, 0x0)
setsockopt$inet_buf(r5, 0x0, 0x29, 0x0, 0x0)
write$P9_RLERROR(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet6_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, 0x0, 0x0)
openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0)
recvfrom$inet6(r1, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFFLAGS(r6, 0x8914, &(0x7f0000000000)={'lo\x00'})
ioctl$sock_inet_SIOCSIFFLAGS(r6, 0x8914, &(0x7f0000000140)={'lo\x00\x00\x00$\x00\x00\x00\x00\x00\x00\b\x00\x00\x11', 0xff})
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
r7 = accept4(r0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
r9 = dup(r8)
ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200)
accept4(r9, &(0x7f0000000080)=@ipx, &(0x7f00000001c0)=0x80, 0x80800)
sendto$inet6(r7, &(0x7f00000000c0), 0xfffffdda, 0x0, 0x0, 0x0)
23:29:18 executing program 2:
clone(0x1bf9, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
setpriority(0x0, 0x0, 0x400000000000e6)
setpriority(0x2, 0x0, 0x0)
fgetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0)
23:29:18 executing program 1:
clone(0x43000108, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
23:29:18 executing program 0:
unshare(0x600)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, &(0x7f000001bff4))
signalfd(r3, &(0x7f0000392ff8), 0x8)
[ 167.963125] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters.
[ 167.997009] selinux_nlmsg_perm: 20 callbacks suppressed
[ 167.997020] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8224 sclass=netlink_route_socket pig=7551 comm=syz-executor.5
[ 167.998989] audit: type=1326 audit(1568244558.543:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7516 comm="syz-executor.3" exe="/root/syz-executor.3" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c72a code=0x0
[ 168.073762] IPVS: ftp: loaded support on port[0] = 21
[ 168.091799] audit: type=1326 audit(1568244558.643:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 pid=7535 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45c72a code=0x0
[ 168.104277] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8224 sclass=netlink_route_socket pig=7561 comm=syz-executor.5
23:29:19 executing program 3:
futex(&(0x7f000000cffc)=0x1, 0x800000000006, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc)=0x1, 0x800000000006, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
tkill(r0, 0x1000000000016)
pipe(0x0)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$TIOCSLCKTRMIOS(0xffffffffffffffff, 0x5457, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
23:29:19 executing program 2:
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x800000000050000}]})
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
write$P9_RLERROR(r0, 0x0, 0x0)
23:29:19 executing program 0:
unshare(0x600)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, &(0x7f000001bff4))
signalfd(r3, &(0x7f0000392ff8), 0x8)
23:29:19 executing program 5:
bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x10034, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x820000, 0x0}, 0x2c)
openat$cgroup_subtree(0xffffffffffffffff, 0x0, 0x2, 0x0)
23:29:19 executing program 0:
unshare(0x600)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000000), 0x8, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r3, &(0x7f000001bff4))
signalfd(r3, &(0x7f0000392ff8), 0x8)
[ 168.743581] ==================================================================
[ 168.751183] BUG: KASAN: use-after-free in tcp_ack+0x414f/0x4760
[ 168.757262] Read of size 4 at addr ffff888099b8a32c by task syz-executor.4/7535
[ 168.764717]
[ 168.766346] CPU: 0 PID: 7535 Comm: syz-executor.4 Not tainted 4.14.143 #0
[ 168.773285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 168.782640] Call Trace:
[ 168.785232] <IRQ>
[ 168.787400] dump_stack+0x138/0x197
[ 168.791038] ? tcp_ack+0x414f/0x4760
[ 168.794749] print_address_description.cold+0x7c/0x1dc
[ 168.800043] ? tcp_ack+0x414f/0x4760
[ 168.803783] kasan_report.cold+0xa9/0x2af
[ 168.807952] __asan_report_load4_noabort+0x14/0x20
[ 168.812887] tcp_ack+0x414f/0x4760
[ 168.816435] ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 168.821553] ? trace_hardirqs_on+0x10/0x10
[ 168.825802] ? tcp_fastretrans_alert+0x2620/0x2620
[ 168.830739] ? lock_downgrade+0x6e0/0x6e0
[ 168.834900] tcp_rcv_established+0x3e9/0x1650
[ 168.839408] ? trace_hardirqs_on+0xd/0x10
23:29:19 executing program 0:
unshare(0x600)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, &(0x7f000001bff4))
signalfd(0xffffffffffffffff, &(0x7f0000392ff8), 0x8)
[ 168.843568] ? save_trace+0x290/0x290
[ 168.847390] ? tcp_data_queue+0x3730/0x3730
[ 168.851725] tcp_v6_do_rcv+0x417/0x1190
[ 168.851754] tcp_v6_rcv+0x2446/0x2ed0
[ 168.859516] ? save_trace+0x290/0x290
[ 168.863339] ip6_input_finish+0x300/0x15a0
[ 168.867603] ip6_input+0xd5/0x340
[ 168.871086] ? ip6_input_finish+0x15a0/0x15a0
[ 168.875603] ? ipv6_rcv+0x16aa/0x1d20
[ 168.879416] ? ip6_rcv_finish+0x7a0/0x7a0
[ 168.883572] ip6_rcv_finish+0x23f/0x7a0
[ 168.887583] ipv6_rcv+0xe4d/0x1d20
23:29:19 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x10034, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getpid()
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x820000, 0x0}, 0x2c)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
recvmsg(0xffffffffffffffff, 0x0, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'irlan0\x00'})
23:29:19 executing program 0:
unshare(0x600)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fcntl$dupfd(r1, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, &(0x7f000001bff4))
signalfd(0xffffffffffffffff, &(0x7f0000392ff8), 0x8)
[ 168.891129] ? put_prev_task_stop+0x358/0x400
[ 168.895636] ? ip6_input+0x340/0x340
[ 168.899346] ? __lock_is_held+0xb6/0x140
[ 168.899356] ? check_preemption_disabled+0x3c/0x250
[ 168.899365] ? ip6_make_skb+0x410/0x410
[ 168.899374] ? rcu_lockdep_current_cpu_online+0xf2/0x140
[ 168.899380] ? ip6_input+0x340/0x340
[ 168.899393] __netif_receive_skb_core+0x1eae/0x2ca0
[ 168.899400] ? trace_hardirqs_on+0x10/0x10
[ 168.899413] ? enqueue_to_backlog+0xcc0/0xcc0
[ 168.917879] ? process_backlog+0x43e/0x730
[ 168.917897] ? lock_acquire+0x16f/0x430
[ 168.917909] __netif_receive_skb+0x2c/0x1b0
[ 168.917917] ? __netif_receive_skb+0x2c/0x1b0
[ 168.917926] process_backlog+0x21f/0x730
[ 168.917932] ? mark_held_locks+0xb1/0x100
[ 168.917945] net_rx_action+0x490/0xf80
[ 168.964449] ? napi_complete_done+0x4f0/0x4f0
[ 168.968964] ? rcu_lockdep_current_cpu_online+0xf2/0x140
[ 168.974435] __do_softirq+0x244/0x9a0
[ 168.978257] ? ip6_finish_output2+0x9c0/0x21b0
[ 168.982866] do_softirq_own_stack+0x2a/0x40
[ 168.987192] </IRQ>
[ 168.989439] do_softirq.part.0+0x10e/0x160
[ 168.993683] __local_bh_enable_ip+0x154/0x1a0
[ 168.998195] ip6_finish_output2+0x9f3/0x21b0
[ 169.002623] ? ip6_forward_finish+0x480/0x480
[ 169.007129] ? __lock_is_held+0xb6/0x140
[ 169.011198] ? check_preemption_disabled+0x3c/0x250
[ 169.016232] ip6_finish_output+0x4f4/0xb50
[ 169.020484] ? ip6_finish_output+0x4f4/0xb50
[ 169.024901] ip6_output+0x20f/0x6d0
[ 169.028530] ? ip6_finish_output+0xb50/0xb50
[ 169.032946] ? __lock_is_held+0xb6/0x140
[ 169.037014] ? check_preemption_disabled+0x3c/0x250
[ 169.042029] ? ip6_fragment+0x32c0/0x32c0
[ 169.042038] ? rcu_lockdep_current_cpu_online+0xf2/0x140
[ 169.042047] ip6_xmit+0xd53/0x1eb0
[ 169.042061] ? ip6_finish_output2+0x21b0/0x21b0
[ 169.042069] ? ip6_dst_check+0x116/0x2c0
[ 169.042080] ? save_trace+0x290/0x290
[ 169.042088] ? ip6_append_data+0x2f0/0x2f0
[ 169.042097] ? __lock_is_held+0xb6/0x140
[ 169.042106] ? check_preemption_disabled+0x3c/0x250
[ 169.042121] inet6_csk_xmit+0x286/0x4d0
[ 169.042129] ? inet6_csk_update_pmtu+0x140/0x140
[ 169.042138] ? tcp_md5_do_lookup+0x1d3/0x530
[ 169.051735] __tcp_transmit_skb+0x172c/0x2fe0
[ 169.051754] ? __tcp_select_window+0x6e0/0x6e0
[ 169.051765] ? kvm_clock_read+0x23/0x40
[ 169.107280] ? sched_clock_cpu+0x1b/0x1c0
[ 169.111439] ? tcp_small_queue_check+0x184/0x1e0
[ 169.116185] tcp_write_xmit+0x523/0x4960
[ 169.120231] ? tcp_v6_md5_lookup+0x23/0x30
[ 169.124448] ? tcp_established_options+0x2c5/0x420
[ 169.129361] ? tcp_current_mss+0x1b1/0x2f0
[ 169.133587] __tcp_push_pending_frames+0xa6/0x260
[ 169.138418] tcp_send_fin+0x17e/0xc40
[ 169.142204] tcp_close+0xcc8/0xfb0
[ 169.145726] ? lock_acquire+0x16f/0x430
[ 169.149687] ? ip_mc_drop_socket+0x1d6/0x230
[ 169.154081] inet_release+0xec/0x1c0
[ 169.157780] inet6_release+0x53/0x80
[ 169.161496] __sock_release+0xce/0x2b0
[ 169.165383] ? __sock_release+0x2b0/0x2b0
[ 169.169513] sock_close+0x1b/0x30
[ 169.172951] __fput+0x275/0x7a0
[ 169.176217] ____fput+0x16/0x20
[ 169.179480] task_work_run+0x114/0x190
[ 169.183355] exit_to_usermode_loop+0x1da/0x220
[ 169.187919] do_syscall_64+0x4bc/0x640
[ 169.191786] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 169.196618] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 169.201790] RIP: 0033:0x4135d1
[ 169.204965] RSP: 002b:00007ffe17fa15d0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 169.212655] RAX: 0000000000000000 RBX: 000000000000000e RCX: 00000000004135d1
[ 169.219905] RDX: 0000000000000000 RSI: 0000000000000391 RDI: 000000000000000d
[ 169.227157] RBP: 0000000000000001 R08: 0000000054e04395 R09: ffffffffffffffff
[ 169.234407] R10: 00007ffe17fa16b0 R11: 0000000000000293 R12: 000000000075c9a0
[ 169.241679] R13: 000000000075c9a0 R14: 00000000007618f0 R15: ffffffffffffffff
[ 169.248939]
[ 169.250547] Allocated by task 7543:
[ 169.254157] save_stack_trace+0x16/0x20
[ 169.258112] save_stack+0x45/0xd0
[ 169.261544] kasan_kmalloc+0xce/0xf0
[ 169.265261] kasan_slab_alloc+0xf/0x20
[ 169.269129] kmem_cache_alloc_node+0x144/0x780
[ 169.273690] __alloc_skb+0x9c/0x500
[ 169.277304] sk_stream_alloc_skb+0xb3/0x780
[ 169.281606] tcp_sendmsg_locked+0xf61/0x3200
[ 169.285995] tcp_sendmsg+0x30/0x50
[ 169.289530] inet_sendmsg+0x122/0x500
[ 169.293309] sock_sendmsg+0xce/0x110
[ 169.297000] SYSC_sendto+0x206/0x310
[ 169.300691] SyS_sendto+0x40/0x50
[ 169.304124] do_syscall_64+0x1e8/0x640
[ 169.307990] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 169.313155]
[ 169.314767] Freed by task 7543:
[ 169.318029] save_stack_trace+0x16/0x20
[ 169.321979] save_stack+0x45/0xd0
[ 169.325409] kasan_slab_free+0x75/0xc0
[ 169.329288] kmem_cache_free+0x83/0x2b0
[ 169.333241] kfree_skbmem+0x8d/0x120
[ 169.336952] __kfree_skb+0x1e/0x30
[ 169.340474] tcp_remove_empty_skb.part.0+0x231/0x2e0
[ 169.345555] tcp_sendmsg_locked+0x1ced/0x3200
[ 169.350035] tcp_sendmsg+0x30/0x50
[ 169.353555] inet_sendmsg+0x122/0x500
[ 169.357334] sock_sendmsg+0xce/0x110
[ 169.361026] SYSC_sendto+0x206/0x310
[ 169.364718] SyS_sendto+0x40/0x50
[ 169.368149] do_syscall_64+0x1e8/0x640
[ 169.372017] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 169.377183]
[ 169.378797] The buggy address belongs to the object at ffff888099b8a300
[ 169.378797] which belongs to the cache skbuff_fclone_cache of size 472
[ 169.392128] The buggy address is located 44 bytes inside of
[ 169.392128] 472-byte region [ffff888099b8a300, ffff888099b8a4d8)
[ 169.403896] The buggy address belongs to the page:
[ 169.410111] page:ffffea000266e280 count:1 mapcount:0 mapping:ffff888099b8a080 index:0x0
[ 169.418238] flags: 0x1fffc0000000100(slab)
[ 169.422457] raw: 01fffc0000000100 ffff888099b8a080 0000000000000000 0000000100000006
[ 169.430325] raw: ffffea000296b120 ffffea00025af6a0 ffff88821b7203c0 0000000000000000
[ 169.438199] page dumped because: kasan: bad access detected
[ 169.443888]
[ 169.445499] Memory state around the buggy address:
[ 169.450408] ffff888099b8a200: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc
[ 169.457749] ffff888099b8a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 169.465107] >ffff888099b8a300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 169.472445] ^
[ 169.477096] ffff888099b8a380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 169.484438] ffff888099b8a400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 169.491778] ==================================================================
[ 169.499115] Disabling lock debugging due to kernel taint
[ 169.504629] Kernel panic - not syncing: panic_on_warn set ...
[ 169.504629]
[ 169.511993] CPU: 0 PID: 7535 Comm: syz-executor.4 Tainted: G B 4.14.143 #0
[ 169.520119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ 169.529455] Call Trace:
[ 169.532016] <IRQ>
[ 169.534149] dump_stack+0x138/0x197
[ 169.537759] ? tcp_ack+0x414f/0x4760
[ 169.541453] panic+0x1f2/0x426
[ 169.544626] ? add_taint.cold+0x16/0x16
[ 169.548583] kasan_end_report+0x47/0x4f
[ 169.552534] kasan_report.cold+0x130/0x2af
[ 169.556750] __asan_report_load4_noabort+0x14/0x20
[ 169.561676] tcp_ack+0x414f/0x4760
[ 169.565195] ? _raw_spin_unlock_irqrestore+0x6b/0xe0
[ 169.570282] ? trace_hardirqs_on+0x10/0x10
[ 169.574498] ? tcp_fastretrans_alert+0x2620/0x2620
[ 169.579408] ? lock_downgrade+0x6e0/0x6e0
[ 169.583540] tcp_rcv_established+0x3e9/0x1650
[ 169.588015] ? trace_hardirqs_on+0xd/0x10
[ 169.592158] ? save_trace+0x290/0x290
[ 169.595937] ? tcp_data_queue+0x3730/0x3730
[ 169.600257] tcp_v6_do_rcv+0x417/0x1190
[ 169.604223] tcp_v6_rcv+0x2446/0x2ed0
[ 169.608013] ? save_trace+0x290/0x290
[ 169.611807] ip6_input_finish+0x300/0x15a0
[ 169.616028] ip6_input+0xd5/0x340
[ 169.619462] ? ip6_input_finish+0x15a0/0x15a0
[ 169.623959] ? ipv6_rcv+0x16aa/0x1d20
[ 169.627748] ? ip6_rcv_finish+0x7a0/0x7a0
[ 169.631892] ip6_rcv_finish+0x23f/0x7a0
[ 169.635848] ipv6_rcv+0xe4d/0x1d20
[ 169.639368] ? put_prev_task_stop+0x358/0x400
[ 169.643841] ? ip6_input+0x340/0x340
[ 169.647533] ? __lock_is_held+0xb6/0x140
[ 169.651574] ? check_preemption_disabled+0x3c/0x250
[ 169.656568] ? ip6_make_skb+0x410/0x410
[ 169.660525] ? rcu_lockdep_current_cpu_online+0xf2/0x140
[ 169.665953] ? ip6_input+0x340/0x340
[ 169.669667] __netif_receive_skb_core+0x1eae/0x2ca0
[ 169.674661] ? trace_hardirqs_on+0x10/0x10
[ 169.678875] ? enqueue_to_backlog+0xcc0/0xcc0
[ 169.683352] ? process_backlog+0x43e/0x730
[ 169.687588] ? lock_acquire+0x16f/0x430
[ 169.691544] __netif_receive_skb+0x2c/0x1b0
[ 169.695846] ? __netif_receive_skb+0x2c/0x1b0
[ 169.700321] process_backlog+0x21f/0x730
[ 169.704910] ? mark_held_locks+0xb1/0x100
[ 169.709038] net_rx_action+0x490/0xf80
[ 169.712913] ? napi_complete_done+0x4f0/0x4f0
[ 169.717388] ? rcu_lockdep_current_cpu_online+0xf2/0x140
[ 169.722820] __do_softirq+0x244/0x9a0
[ 169.726613] ? ip6_finish_output2+0x9c0/0x21b0
[ 169.731174] do_softirq_own_stack+0x2a/0x40
[ 169.735473] </IRQ>
[ 169.737690] do_softirq.part.0+0x10e/0x160
[ 169.741906] __local_bh_enable_ip+0x154/0x1a0
[ 169.746394] ip6_finish_output2+0x9f3/0x21b0
[ 169.750785] ? ip6_forward_finish+0x480/0x480
[ 169.755270] ? __lock_is_held+0xb6/0x140
[ 169.759311] ? check_preemption_disabled+0x3c/0x250
[ 169.764319] ip6_finish_output+0x4f4/0xb50
[ 169.768531] ? ip6_finish_output+0x4f4/0xb50
[ 169.772933] ip6_output+0x20f/0x6d0
[ 169.776539] ? ip6_finish_output+0xb50/0xb50
[ 169.780927] ? __lock_is_held+0xb6/0x140
[ 169.785001] ? check_preemption_disabled+0x3c/0x250
[ 169.790019] ? ip6_fragment+0x32c0/0x32c0
[ 169.794155] ? rcu_lockdep_current_cpu_online+0xf2/0x140
[ 169.799588] ip6_xmit+0xd53/0x1eb0
[ 169.803112] ? ip6_finish_output2+0x21b0/0x21b0
[ 169.807933] ? ip6_dst_check+0x116/0x2c0
[ 169.811995] ? save_trace+0x290/0x290
[ 169.815774] ? ip6_append_data+0x2f0/0x2f0
[ 169.820014] ? __lock_is_held+0xb6/0x140
[ 169.824069] ? check_preemption_disabled+0x3c/0x250
[ 169.829067] inet6_csk_xmit+0x286/0x4d0
[ 169.833019] ? inet6_csk_update_pmtu+0x140/0x140
[ 169.837753] ? tcp_md5_do_lookup+0x1d3/0x530
[ 169.842143] __tcp_transmit_skb+0x172c/0x2fe0
[ 169.846618] ? __tcp_select_window+0x6e0/0x6e0
[ 169.851184] ? kvm_clock_read+0x23/0x40
[ 169.855136] ? sched_clock_cpu+0x1b/0x1c0
[ 169.859263] ? tcp_small_queue_check+0x184/0x1e0
[ 169.863997] tcp_write_xmit+0x523/0x4960
[ 169.868038] ? tcp_v6_md5_lookup+0x23/0x30
[ 169.872266] ? tcp_established_options+0x2c5/0x420
[ 169.877176] ? tcp_current_mss+0x1b1/0x2f0
[ 169.881392] __tcp_push_pending_frames+0xa6/0x260
[ 169.886214] tcp_send_fin+0x17e/0xc40
[ 169.890010] tcp_close+0xcc8/0xfb0
[ 169.893533] ? lock_acquire+0x16f/0x430
[ 169.897485] ? ip_mc_drop_socket+0x1d6/0x230
[ 169.901874] inet_release+0xec/0x1c0
[ 169.905565] inet6_release+0x53/0x80
[ 169.909273] __sock_release+0xce/0x2b0
[ 169.913139] ? __sock_release+0x2b0/0x2b0
[ 169.917264] sock_close+0x1b/0x30
[ 169.920888] __fput+0x275/0x7a0
[ 169.924146] ____fput+0x16/0x20
[ 169.927415] task_work_run+0x114/0x190
[ 169.931284] exit_to_usermode_loop+0x1da/0x220
[ 169.935844] do_syscall_64+0x4bc/0x640
[ 169.939711] ? trace_hardirqs_off_thunk+0x1a/0x1c
[ 169.944535] entry_SYSCALL_64_after_hwframe+0x42/0xb7
[ 169.949720] RIP: 0033:0x4135d1
[ 169.952889] RSP: 002b:00007ffe17fa15d0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 169.960590] RAX: 0000000000000000 RBX: 000000000000000e RCX: 00000000004135d1
[ 169.968979] RDX: 0000000000000000 RSI: 0000000000000391 RDI: 000000000000000d
[ 169.976229] RBP: 0000000000000001 R08: 0000000054e04395 R09: ffffffffffffffff
[ 169.983761] R10: 00007ffe17fa16b0 R11: 0000000000000293 R12: 000000000075c9a0
[ 169.991036] R13: 000000000075c9a0 R14: 00000000007618f0 R15: ffffffffffffffff
[ 169.999658] Kernel Offset: disabled
[ 170.003285] Rebooting in 86400 seconds..