[ 58.215830] audit: type=1800 audit(1539121488.258:27): pid=6041 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 59.781240] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 61.823069] random: sshd: uninitialized urandom read (32 bytes read) [ 62.167076] random: sshd: uninitialized urandom read (32 bytes read) [ 63.875524] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.39' (ECDSA) to the list of known hosts. [ 69.769635] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/09 21:45:01 fuzzer started [ 74.429138] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/09 21:45:06 dialing manager at 10.128.0.26:44001 2018/10/09 21:45:06 syscalls: 1 2018/10/09 21:45:06 code coverage: enabled 2018/10/09 21:45:06 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/09 21:45:06 setuid sandbox: enabled 2018/10/09 21:45:06 namespace sandbox: enabled 2018/10/09 21:45:06 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/09 21:45:06 fault injection: enabled 2018/10/09 21:45:06 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/09 21:45:06 net packed injection: enabled 2018/10/09 21:45:06 net device setup: enabled [ 80.699745] random: crng init done 21:47:10 executing program 0: syz_open_dev$loop(&(0x7f00000000c0)='/dev/loop#\x00', 0x0, 0x0) syz_open_dev$vcsa(0xfffffffffffffffd, 0x0, 0x80) [ 201.147075] IPVS: ftp: loaded support on port[0] = 21 [ 203.811287] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.817871] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.826647] device bridge_slave_0 entered promiscuous mode [ 204.003594] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.015808] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.024581] device bridge_slave_1 entered promiscuous mode [ 204.181362] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 21:47:14 executing program 1: clone(0x200, &(0x7f0000000080), &(0x7f0000000000), &(0x7f0000000100), &(0x7f0000000280)) mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000000400)='./file0\x00', &(0x7f00000003c0), &(0x7f0000000600)) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000540)=""/11, 0x485) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff) r1 = creat(&(0x7f0000000080)="e91f7189591e9233614b00", 0x109) r2 = dup2(r0, r1) execve(&(0x7f00000000c0)="e91f7189591e9233614b00", &(0x7f0000000140), &(0x7f0000001580)) ioctl$TUNSETTXFILTER(r2, 0x400454d1, &(0x7f00000001c0)=ANY=[]) r3 = open$dir(&(0x7f0000000180)='./file0\x00', 0x841, 0x0) clone(0x3102001ff6, 0x0, 0xfffffffffffffffe, &(0x7f0000000300), 0xffffffffffffffff) execve(&(0x7f0000000040)='./file1\x00', &(0x7f0000000400), &(0x7f0000000b40)) write$P9_RLOPEN(r3, &(0x7f00000001c0)={0x18}, 0x18) [ 204.364105] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 204.971177] IPVS: ftp: loaded support on port[0] = 21 [ 205.128583] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 205.376984] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 205.690209] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 205.697437] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 205.957408] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 205.964649] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 206.756342] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 206.764542] team0: Port device team_slave_0 added [ 207.040276] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 207.048436] team0: Port device team_slave_1 added [ 207.253056] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 207.260125] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 207.268915] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 207.576516] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 207.583776] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 207.592998] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 207.845209] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 207.852935] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 207.862203] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 208.078432] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 208.086299] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 208.095784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 209.153347] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.159880] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.168708] device bridge_slave_0 entered promiscuous mode [ 209.422179] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.428662] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.437924] device bridge_slave_1 entered promiscuous mode [ 209.605396] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 209.816249] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 21:47:20 executing program 2: writev(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000380)="a7f5088d87c54c3753a2a6c6f0e548352a67261797558285df15fa6c1ebd68aa4b064faf411a9b840afcd1498bee79c01f3213a7653d4e3a876264ba02ab4a39946b2a2b85ae87f9cf8d939a11a9d848b87d70d6e2eb56bef01c339c9a46ecd093250e3ec5d9ed3ef82c1194b880cf101dbe681593e164785a868d2b7151b8b3ecbb7550d7b992dad0976969dbc8b6e63653854fab858995a5394261c99530e0043574cd8013d4a4a1ea3adf5b18089bdcfcd3222bbb553ec832e62e8264880d2b04461eae52ff481b9d810e0ff2bff99fe88ce41d4591b1a9bf2bb9d4ddf1ad3e570aab708c03f7733e212f635400392d502bfdf3992e2ad54145d86c3b8a", 0xff}], 0x1) [ 210.640884] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 210.971955] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 211.153165] IPVS: ftp: loaded support on port[0] = 21 [ 211.156265] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.164955] bridge0: port 2(bridge_slave_1) entered forwarding state [ 211.172137] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.178606] bridge0: port 1(bridge_slave_0) entered forwarding state [ 211.187381] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 211.294492] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 211.336328] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 211.353084] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 211.723392] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 211.730464] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 212.630101] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 212.638385] team0: Port device team_slave_0 added [ 212.938051] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 212.946821] team0: Port device team_slave_1 added [ 213.203173] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 213.224874] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 213.234113] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 213.564074] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 213.572282] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 213.581873] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 213.792687] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 213.800311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 213.809615] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 214.006108] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 214.013928] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 214.024519] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 216.436315] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.442939] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.451396] device bridge_slave_0 entered promiscuous mode [ 216.806373] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.813030] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.821475] device bridge_slave_1 entered promiscuous mode [ 217.048694] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 217.365580] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.372146] bridge0: port 2(bridge_slave_1) entered forwarding state [ 217.379129] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.385755] bridge0: port 1(bridge_slave_0) entered forwarding state [ 217.394634] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 217.403624] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 218.092815] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 218.232213] bond0: Enslaving bond_slave_0 as an active interface with an up link 21:47:28 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.stat\x00', 0x275a, 0x0) r1 = socket$inet6(0xa, 0x3, 0x800000000000008) ioctl(r1, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") write$cgroup_int(r0, &(0x7f0000000000), 0xfffffe97) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000100)=0x84000) [ 218.661389] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 219.067840] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 219.075086] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 219.426728] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 219.433951] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 219.543797] IPVS: ftp: loaded support on port[0] = 21 [ 220.571586] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 220.580756] team0: Port device team_slave_0 added [ 220.951160] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 220.959310] team0: Port device team_slave_1 added [ 221.426950] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 221.434265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 221.443083] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 221.816882] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 221.824107] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 221.833094] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 222.163135] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 222.170808] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 222.180621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 222.594503] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 222.602381] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 222.611402] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 225.549487] 8021q: adding VLAN 0 to HW filter on device bond0 [ 225.919194] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.925874] bridge0: port 1(bridge_slave_0) entered disabled state [ 225.934669] device bridge_slave_0 entered promiscuous mode [ 226.374418] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.380943] bridge0: port 2(bridge_slave_1) entered disabled state [ 226.389772] device bridge_slave_1 entered promiscuous mode [ 226.755133] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 227.045524] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 227.178073] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 227.338952] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.345539] bridge0: port 2(bridge_slave_1) entered forwarding state [ 227.352621] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.359130] bridge0: port 1(bridge_slave_0) entered forwarding state [ 227.368203] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 227.374985] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 228.401435] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 228.473395] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 228.479860] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 228.488197] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 228.895331] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 229.266149] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 229.273364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 21:47:39 executing program 4: pipe2(&(0x7f0000f14000), 0x0) r0 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000280)="2f65786500000000000409004bddd9de91be10eebf000e0e281ab42fb897c0d554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a984237d092ef1c00b517026f8bd7f2b0436a4c40960ab3f6bc482809f6bd82caa34799193b35445293b992ab5e44573eef5fd0f423a5cfb386f9cc996c6effde7e603fdeab448671b63bec6e9395aabab4d045f1ad982a2a897fafa710be9e681f3c6a45db03d9e6cb58fbec3d8397005f17d6f7afa102ded1837bcb805600000000000000000000") pread64(r1, &(0x7f0000000080), 0xff7c, 0x0) execveat(r0, &(0x7f0000000000)='\x00', &(0x7f00000003c0), &(0x7f0000000500), 0x1000) [ 229.725039] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 229.732474] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 230.059845] 8021q: adding VLAN 0 to HW filter on device team0 [ 231.061531] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 231.076207] team0: Port device team_slave_0 added [ 231.119852] IPVS: ftp: loaded support on port[0] = 21 [ 231.623481] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 231.631587] team0: Port device team_slave_1 added [ 232.011135] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 232.018882] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 232.027975] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 232.633092] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 232.640200] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 232.649180] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 233.015865] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 233.024343] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 233.033546] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 233.537816] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 233.545598] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 233.555083] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 234.618107] 8021q: adding VLAN 0 to HW filter on device bond0 [ 236.330811] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 238.213705] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 238.220700] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 238.229223] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 239.133754] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.140429] bridge0: port 2(bridge_slave_1) entered forwarding state [ 239.147461] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.154292] bridge0: port 1(bridge_slave_0) entered forwarding state [ 239.163575] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 239.181248] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.189956] bridge0: port 1(bridge_slave_0) entered disabled state [ 239.204482] device bridge_slave_0 entered promiscuous mode [ 239.754592] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.761133] bridge0: port 2(bridge_slave_1) entered disabled state [ 239.769927] device bridge_slave_1 entered promiscuous mode [ 239.777955] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 240.126733] 8021q: adding VLAN 0 to HW filter on device team0 [ 240.255283] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 240.745929] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 21:47:51 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x8912, &(0x7f0000002080)="153f6234488dd25d766070") r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)="2f67726f75702e73746174003c23fb572a1f0294e6f378b41ad54b4d9d9a1f63f8785ad188a7e1c88875e05b18a4cb3a9cd12dcea440d899c22c652b3a471b4a7fa2f3fdf6e034d804e5f0df4b1dee483b157624c59c0100e89e6a357c000000", 0x2761, 0x0) ioctl$FITRIM(r1, 0xc0185879, &(0x7f0000000180)={0x0, 0xb3fc}) 21:47:52 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x0, 0x0) ioctl$UI_SET_PHYS(r1, 0x4008556c, &(0x7f0000000080)='syz0\x00') setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x2, 0x7fff}, 0x4) socket$inet_udp(0x2, 0x2, 0x0) sendto$inet(r1, &(0x7f0000000140), 0x0, 0x0, &(0x7f000057bff0)={0x2, 0x4e20, @multicast2}, 0x10) [ 242.225070] bond0: Enslaving bond_slave_0 as an active interface with an up link 21:47:52 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='uid_map\x00') epoll_ctl$EPOLL_CTL_DEL(r1, 0x2, r0) r2 = socket$inet(0x2, 0x2, 0x0) readv(r2, &(0x7f0000000c00)=[{&(0x7f00000003c0)=""/175, 0xaf}], 0x1) shutdown(r2, 0x0) 21:47:52 executing program 5: r0 = getpgrp(0xffffffffffffffff) ptrace$peekuser(0x3, r0, 0xe6c) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x100, 0x0) ioctl$DRM_IOCTL_GEM_OPEN(0xffffffffffffffff, 0xc010640b, &(0x7f0000000040)={0x0, 0x0, 0x4}) r3 = syz_open_dev$admmidi(&(0x7f0000000080)='/dev/admmidi#\x00', 0x7ff, 0xa000) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f00000000c0)={r2, 0x0, r3}) ioctl$BLKIOOPT(r1, 0x1279, &(0x7f0000000100)) ioctl$KVM_PPC_ALLOCATE_HTAB(r3, 0xc004aea7, &(0x7f0000000140)) ioctl$sock_SIOCDELDLCI(r1, 0x8981, &(0x7f0000000180)={'\x00', 0x3}) ioctl$DRM_IOCTL_AGP_ENABLE(r1, 0x40086432, &(0x7f00000001c0)=0x5) ioctl$KVM_GET_PIT(r1, 0xc048ae65, &(0x7f0000000200)) ioctl$KVM_S390_VCPU_FAULT(r1, 0x4008ae52, &(0x7f0000000280)=0x2) r5 = syz_open_pts(r1, 0x8000) r6 = add_key(&(0x7f00000002c0)='rxrpc\x00', &(0x7f0000000300)={'syz', 0x1}, &(0x7f0000000340)="e54d3742a2831a7c09b254896c16fcc129", 0x11, 0xfffffffffffffff9) keyctl$assume_authority(0x10, r6) setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r1, 0x28, 0x0, &(0x7f0000000380)=0x7, 0x8) getpid() ioctl$KVM_PPC_GET_PVINFO(r3, 0x4080aea1, &(0x7f00000003c0)=""/4096) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r1, 0x84, 0x4, &(0x7f00000013c0)=0x1, 0x4) ptrace$getregs(0xe, r0, 0x3f, &(0x7f0000001400)=""/75) ioctl$TIOCNXCL(r1, 0x540d) ioctl$PPPIOCGFLAGS(r3, 0x8004745a, &(0x7f0000001480)) getsockopt$inet6_IPV6_IPSEC_POLICY(r4, 0x29, 0x22, &(0x7f00000014c0)={{{@in=@broadcast, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in6=@ipv4={[], [], @local}}}, &(0x7f00000015c0)=0xe8) ioctl$sock_inet6_SIOCSIFADDR(r1, 0x8916, &(0x7f0000001600)={@remote, 0x74, r7}) ioctl$KDSKBMODE(r5, 0x4b45, &(0x7f0000001640)=0x5) keyctl$set_timeout(0xf, r6, 0xffffffff) syncfs(r1) r8 = fcntl$dupfd(r3, 0x0, r3) ioctl$KVM_SET_FPU(r8, 0x41a0ae8d, &(0x7f0000001680)={[], 0x5, 0x6, 0x3, 0x0, 0x1f, 0x4, 0xd004, [], 0xf9}) sched_setscheduler(r0, 0x7, &(0x7f0000001840)=0x4) [ 242.738948] bond0: Enslaving bond_slave_1 as an active interface with an up link 21:47:53 executing program 0: [ 243.238085] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 243.245818] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 21:47:53 executing program 0: [ 243.813215] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 243.820304] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 21:47:54 executing program 0: 21:47:54 executing program 0: [ 244.618384] IPVS: ftp: loaded support on port[0] = 21 [ 245.355666] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 245.364560] team0: Port device team_slave_0 added [ 245.757036] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 245.765256] team0: Port device team_slave_1 added [ 246.213068] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 246.220143] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 246.229189] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 246.520654] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 246.527913] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 246.537033] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 246.924056] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 246.952120] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 246.961447] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 247.211463] 8021q: adding VLAN 0 to HW filter on device bond0 [ 247.238717] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 247.246869] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 247.256041] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 248.830063] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 250.263653] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 250.270073] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 250.278822] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 21:48:00 executing program 1: [ 250.967956] bridge0: port 1(bridge_slave_0) entered blocking state [ 250.974555] bridge0: port 1(bridge_slave_0) entered disabled state [ 250.983201] device bridge_slave_0 entered promiscuous mode [ 251.315880] bridge0: port 2(bridge_slave_1) entered blocking state [ 251.322470] bridge0: port 2(bridge_slave_1) entered forwarding state [ 251.329395] bridge0: port 1(bridge_slave_0) entered blocking state [ 251.336026] bridge0: port 1(bridge_slave_0) entered forwarding state [ 251.345489] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 251.388297] bridge0: port 2(bridge_slave_1) entered blocking state [ 251.395040] bridge0: port 2(bridge_slave_1) entered disabled state [ 251.403560] device bridge_slave_1 entered promiscuous mode [ 251.556519] 8021q: adding VLAN 0 to HW filter on device team0 [ 251.717022] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 251.975914] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 252.253438] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 252.863533] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 253.217069] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 253.526867] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 253.534180] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 253.869002] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 253.876138] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 254.884351] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 254.892783] team0: Port device team_slave_0 added [ 255.066630] 8021q: adding VLAN 0 to HW filter on device bond0 [ 255.183236] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 255.191956] team0: Port device team_slave_1 added [ 255.472577] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 255.479671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 255.488701] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 255.709740] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 255.717032] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 255.726364] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 256.076090] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 256.083787] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 256.093231] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 256.240312] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 256.324401] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 256.332049] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 256.341084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 257.387866] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 257.394334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 257.402547] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 258.261174] 8021q: adding VLAN 0 to HW filter on device team0 21:48:09 executing program 2: [ 260.039929] bridge0: port 2(bridge_slave_1) entered blocking state [ 260.046491] bridge0: port 2(bridge_slave_1) entered forwarding state [ 260.053548] bridge0: port 1(bridge_slave_0) entered blocking state [ 260.060146] bridge0: port 1(bridge_slave_0) entered forwarding state [ 260.068324] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 260.076132] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 262.746667] 8021q: adding VLAN 0 to HW filter on device bond0 [ 263.738981] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 264.751905] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 264.758283] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 264.766753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 21:48:15 executing program 3: [ 265.549345] 8021q: adding VLAN 0 to HW filter on device team0 [ 268.129542] 8021q: adding VLAN 0 to HW filter on device bond0 [ 268.684511] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready 21:48:19 executing program 4: pipe2(&(0x7f0000f14000), 0x0) r0 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000280)="2f65786500000000000409004bddd9de91be10eebf000e0e281ab42fb897c0d554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a984237d092ef1c00b517026f8bd7f2b0436a4c40960ab3f6bc482809f6bd82caa34799193b35445293b992ab5e44573eef5fd0f423a5cfb386f9cc996c6effde7e603fdeab448671b63bec6e9395aabab4d045f1ad982a2a897fafa710be9e681f3c6a45db03d9e6cb58fbec3d8397005f17d6f7afa102ded1837bcb805600000000000000000000") pread64(r1, &(0x7f0000000080), 0xff7c, 0x0) execveat(r0, &(0x7f0000000000)='\x00', &(0x7f00000003c0), &(0x7f0000000500), 0x1000) 21:48:19 executing program 0: 21:48:19 executing program 1: 21:48:19 executing program 2: [ 269.505888] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 269.512193] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 269.519809] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 269.813040] 8021q: adding VLAN 0 to HW filter on device team0 [ 271.668998] QAT: Invalid ioctl [ 271.672728] QAT: Invalid ioctl [ 271.676546] QAT: Invalid ioctl [ 271.680084] QAT: Invalid ioctl [ 271.683879] QAT: Invalid ioctl [ 271.687349] QAT: Invalid ioctl [ 271.690823] QAT: Invalid ioctl [ 271.696837] QAT: Invalid ioctl [ 271.700852] QAT: Invalid ioctl [ 271.709006] QAT: Invalid ioctl [ 271.712519] QAT: Invalid ioctl [ 271.716127] QAT: Invalid ioctl [ 271.719716] QAT: Invalid ioctl [ 271.723167] QAT: Invalid ioctl [ 271.726688] QAT: Invalid ioctl [ 271.730131] QAT: Invalid ioctl [ 271.734902] QAT: Invalid ioctl [ 271.738861] QAT: Invalid ioctl 21:48:21 executing program 0: 21:48:21 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) write(r0, &(0x7f0000000000)="24000000260077000000000000007701000000ff0100000000000000dfffffff013fe836", 0x24) 21:48:21 executing program 3: 21:48:21 executing program 2: 21:48:21 executing program 1: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r2, 0x0, 0x8ec0, 0x0) write$binfmt_aout(r1, &(0x7f0000000000), 0x20) 21:48:21 executing program 4: pipe2(&(0x7f0000f14000), 0x0) r0 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000280)="2f65786500000000000409004bddd9de91be10eebf000e0e281ab42fb897c0d554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a984237d092ef1c00b517026f8bd7f2b0436a4c40960ab3f6bc482809f6bd82caa34799193b35445293b992ab5e44573eef5fd0f423a5cfb386f9cc996c6effde7e603fdeab448671b63bec6e9395aabab4d045f1ad982a2a897fafa710be9e681f3c6a45db03d9e6cb58fbec3d8397005f17d6f7afa102ded1837bcb805600000000000000000000") pread64(r1, &(0x7f0000000080), 0xff7c, 0x0) execveat(r0, &(0x7f0000000000)='\x00', &(0x7f00000003c0), &(0x7f0000000500), 0x1000) 21:48:22 executing program 3: r0 = socket(0x2, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10) getsockopt$sock_buf(r0, 0x1, 0x19, &(0x7f0000b56f40)=""/192, &(0x7f0000004ffc)=0xc0) 21:48:22 executing program 2: r0 = socket$inet6(0xa, 0x3, 0x800000000000004) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TEAM_CMD_PORT_LIST_GET(r1, &(0x7f0000000040)={&(0x7f0000000100), 0xc, &(0x7f0000000240)={&(0x7f0000000980)={0xfffffffffffffff9}, 0x14}}, 0x0) recvmmsg(r1, &(0x7f0000006100)=[{{&(0x7f0000003940)=@can, 0x80, &(0x7f0000003d00), 0x0, &(0x7f0000003d80)=""/4096, 0x1000}}], 0x1, 0x0, &(0x7f0000006180)={0x0, 0x1c9c380}) sendmsg$nl_generic(r1, &(0x7f00005a5000)={&(0x7f000059fff4), 0xc, &(0x7f0000007000)={&(0x7f0000070000)=ANY=[@ANYBLOB="280000001c00090100060000000000000100000014000205100000000000000000000000"], 0x1}}, 0x0) 21:48:22 executing program 0: getpid() r0 = mq_open(&(0x7f0000000000)="5cf7a0cc16482d6f0037e6b31a8e697add303650d4880073ef75df610179dec236aa04e9468779ba0700000000000000359855b49b889bb5e49b358e793a6f7af52766d6fe93ca0672ac1b8a87ca6677d5220fb77cb613b3db9104d16aa1ca6cc76a74e7bd4bdc5226757b03f85b010324576c40c1c8655c739fc1a68df5e2bcb6e5ed46c8289e48ea75e785eb5d6497cd233b10b91832cf5e31767c1c419d4646cd883f25", 0x0, 0x0, &(0x7f0000664fc0)) mq_getsetattr(r0, &(0x7f0000738fc0), &(0x7f0000356000)) 21:48:22 executing program 1: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000140)="2400000052001f0014f9f407000904000a00071008000100feffffff0800000f00000000", 0x24) 21:48:22 executing program 5: openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x218200, 0x22) mknod$loop(&(0x7f0000000100)='./file0\x00', 0x6006, 0x1) quotactl(0x0, &(0x7f0000000200)='./file0\x00', 0x0, &(0x7f0000000040)) 21:48:22 executing program 3: r0 = syz_open_dev$sg(&(0x7f0000005000)='/dev/sg#\x00', 0x0, 0x0) ioctl$FIBMAP(r0, 0x2284, &(0x7f0000000040)) 21:48:22 executing program 4: pipe2(&(0x7f0000f14000), 0x0) r0 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000280)="2f65786500000000000409004bddd9de91be10eebf000e0e281ab42fb897c0d554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a984237d092ef1c00b517026f8bd7f2b0436a4c40960ab3f6bc482809f6bd82caa34799193b35445293b992ab5e44573eef5fd0f423a5cfb386f9cc996c6effde7e603fdeab448671b63bec6e9395aabab4d045f1ad982a2a897fafa710be9e681f3c6a45db03d9e6cb58fbec3d8397005f17d6f7afa102ded1837bcb805600000000000000000000") pread64(r1, &(0x7f0000000080), 0xff7c, 0x0) execveat(r0, &(0x7f0000000000)='\x00', &(0x7f00000003c0), &(0x7f0000000500), 0x1000) 21:48:22 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000240), &(0x7f00000002c0)=0x14) r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r1, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r1, 0x4) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) syz_genetlink_get_family_id$ipvs(&(0x7f0000000200)='IPVS\x00') ioctl$FIGETBSZ(0xffffffffffffffff, 0x2, &(0x7f00000001c0)) pipe2(&(0x7f0000000140)={0xffffffffffffffff}, 0x800) sendto$inet6(r2, &(0x7f0000e33fe0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) write$binfmt_misc(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="e500000100e3698b2d7d57a4fca9"], 0xe) stat(&(0x7f0000000880)='./file0\x00', &(0x7f00000008c0)) stat(&(0x7f0000000940)='./file0\x00', &(0x7f0000000980)) getsockopt$inet6_IPV6_IPSEC_POLICY(r3, 0x29, 0x22, &(0x7f0000000a00)={{{@in=@dev, @in=@multicast1}}, {{@in=@loopback}, 0x0, @in6=@loopback}}, &(0x7f0000000b00)=0xe8) getgid() getgid() stat(&(0x7f0000000b80)='./file0\x00', &(0x7f0000000bc0)) getgroups(0x4, &(0x7f0000000c40)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xee00]) fstat(r3, &(0x7f0000000c80)) getegid() lstat(&(0x7f0000000d00)='./file0\x00', &(0x7f0000000d40)) fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000080)='system.posix_acl_access\x00', &(0x7f0000000dc0)=ANY=[@ANYBLOB], 0x1, 0x1) r4 = accept4(r1, 0x0, &(0x7f0000000040), 0x0) ioctl$SG_IO(r3, 0x2285, &(0x7f0000000640)={0x53, 0xfffffffffffffffe, 0x56, 0x8000, @scatter={0x2, 0x0, &(0x7f0000000100)=[{&(0x7f00000000c0)=""/1, 0x1}, {&(0x7f00000004c0)=""/95, 0x5f}]}, &(0x7f0000000540)="48ea7a3731f65c22a96b0ae2e841f6ce6f78cfa5db5210de2585ffb830d5f4df585c857446b23e57623b49f46650c1369d05ba8acae6e192d9bfe844cc37927fe7fa1b35456d58debd77fcfc7ba64239237833232caf", &(0x7f00000005c0)=""/10, 0x10000, 0x24, 0x0, &(0x7f0000000600)}) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000000300)=ANY=[@ANYRES32=0x0], &(0x7f0000000340)=0x1) dup3(r0, r4, 0x80000) 21:48:22 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f0000000140)={0x1d, r1}, 0x10) close(r0) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000000000), 0x10) syz_open_dev$admmidi(&(0x7f0000000080)='/dev/admmidi#\x00', 0x0, 0x0) [ 272.872653] hrtimer: interrupt took 54814 ns 21:48:23 executing program 3: r0 = syz_open_dev$usb(&(0x7f00000000c0)='/dev/bus/usb/00#/00#\x00', 0x40000ffffff, 0x1) ioctl$FS_IOC_FSGETXATTR(r0, 0x80045505, &(0x7f0000000240)={0x81}) 21:48:23 executing program 5: r0 = socket(0xa, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000000)={0x0, "765674060000001900", 0x8}, 0xfffffffffffffd85) ioctl(r0, 0x8916, &(0x7f0000000000)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl(r0, 0x8936, &(0x7f0000000000)) 21:48:23 executing program 4: pipe2(&(0x7f0000f14000), 0x0) r0 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) syz_open_procfs(0x0, &(0x7f0000000280)="2f65786500000000000409004bddd9de91be10eebf000e0e281ab42fb897c0d554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a984237d092ef1c00b517026f8bd7f2b0436a4c40960ab3f6bc482809f6bd82caa34799193b35445293b992ab5e44573eef5fd0f423a5cfb386f9cc996c6effde7e603fdeab448671b63bec6e9395aabab4d045f1ad982a2a897fafa710be9e681f3c6a45db03d9e6cb58fbec3d8397005f17d6f7afa102ded1837bcb805600000000000000000000") execveat(r0, &(0x7f0000000000)='\x00', &(0x7f00000003c0), &(0x7f0000000500), 0x1000) [ 273.151064] usb usb9: usbfs: interface 0 claimed by hub while 'syz-executor3' sets config #129 21:48:23 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x0, &(0x7f0000000080), 0x0, r2}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000100)={0x0, &(0x7f0000000040), 0x0, r2, 0x4}) 21:48:23 executing program 2: r0 = open$dir(&(0x7f0000001240)='./file0\x00', 0x400000002c2, 0x0) faccessat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x1) mlockall(0x200000003) r1 = dup(r0) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x10, r1, 0x0) write(r1, &(0x7f0000000080)="90", 0x1) 21:48:23 executing program 3: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000240), &(0x7f00000002c0)=0x14) ioctl$VHOST_GET_VRING_ENDIAN(0xffffffffffffffff, 0x4008af14, &(0x7f0000000180)) r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r1, &(0x7f0000ef8cfd)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r1, 0x4) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) ioctl$FIGETBSZ(0xffffffffffffffff, 0x2, &(0x7f00000001c0)) pipe2(&(0x7f0000000140)={0xffffffffffffffff}, 0x800) syz_genetlink_get_family_id$ipvs(&(0x7f00000006c0)='IPVS\x00') sendto$inet6(r2, &(0x7f0000e33fe0)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) stat(&(0x7f0000000880)='./file0\x00', &(0x7f00000008c0)) stat(&(0x7f0000000940)='./file0\x00', &(0x7f0000000980)) getsockopt$inet6_IPV6_IPSEC_POLICY(r3, 0x29, 0x22, &(0x7f0000000a00)={{{@in=@dev, @in=@multicast1}}, {{@in=@loopback}, 0x0, @in6=@loopback}}, &(0x7f0000000b00)=0xe8) getgid() getgid() stat(&(0x7f0000000b80)='./file0\x00', &(0x7f0000000bc0)) getgroups(0x4, &(0x7f0000000c40)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xee00]) fstat(r3, &(0x7f0000000c80)) getegid() lstat(&(0x7f0000000d00)='./file0\x00', &(0x7f0000000d40)) fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000080)='system.posix_acl_access\x00', &(0x7f0000000dc0)=ANY=[@ANYBLOB], 0x1, 0x1) r4 = accept4(r1, 0x0, &(0x7f0000000040), 0x0) ioctl$RTC_UIE_OFF(0xffffffffffffffff, 0x7004) ioctl$SG_IO(r3, 0x2285, &(0x7f0000000640)={0x0, 0xfffffffffffffffe, 0x56, 0x8000, @scatter={0x0, 0x0, &(0x7f0000000100)}, &(0x7f0000000540)="48ea7a3731f65c22a96b0ae2e841f6ce6f78cfa5db5210de2585ffb830d5f4df585c857446b23e57623b49f46650c1369d05ba8acae6e192d9bfe844cc37927fe7fa1b35456d58debd77fcfc7ba64239237833232caf", &(0x7f00000005c0)=""/10, 0x10000, 0x24, 0x0, &(0x7f0000000600)}) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000000300)=ANY=[@ANYRES32=0x0], &(0x7f0000000340)=0x1) dup3(r0, r4, 0x80000) [ 273.676027] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 21:48:23 executing program 5: r0 = open$dir(&(0x7f0000001240)='./file0\x00', 0x400000002c2, 0x0) mlockall(0x200000003) r1 = dup(r0) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x10, r1, 0x0) write(r1, &(0x7f0000000080)="90", 0x1) 21:48:24 executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x8, &(0x7f0000000140)=ANY=[@ANYBLOB="7a0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000bd120000000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0xa}, 0x48) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00syz1\x00', 0x200002, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000200)={r1, r0, 0x2000000000000a, 0x2}, 0x10) 21:48:24 executing program 4: pipe2(&(0x7f0000f14000), 0x0) r0 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) syz_open_procfs(0x0, &(0x7f0000000280)="2f65786500000000000409004bddd9de91be10eebf000e0e281ab42fb897c0d554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a984237d092ef1c00b517026f8bd7f2b0436a4c40960ab3f6bc482809f6bd82caa34799193b35445293b992ab5e44573eef5fd0f423a5cfb386f9cc996c6effde7e603fdeab448671b63bec6e9395aabab4d045f1ad982a2a897fafa710be9e681f3c6a45db03d9e6cb58fbec3d8397005f17d6f7afa102ded1837bcb805600000000000000000000") execveat(r0, &(0x7f0000000000)='\x00', &(0x7f00000003c0), &(0x7f0000000500), 0x1000) 21:48:24 executing program 2: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x2, 0x0) write$sndseq(r0, &(0x7f0000000000)=[{0x10005, 0x4ec, 0x0, 0x0, @time={0x77359400}, {}, {}, @time=@tick=0x5}], 0x30) 21:48:24 executing program 5: r0 = mq_open(&(0x7f0000000000)="5cf7a0cc16482d6f0037e6b31a8e697add303650d4880073ef75df610179dec236aa04e9468779ba0700000000000000359855b49b889bb5e49b358e793a6f7af52766d6fe93ca0672ac1b8a87ca6677d5220fb77cb613b3db9104d16aa1ca6cc76a74e7bd4bdc5226757b03f85b010324576c40c1c8655c739fc1a68df5e2bcb6e5ed46c8289e48ea75e785eb5d6497cd233b10b91832cf5e31767c1c419d4646cd883f25", 0x0, 0x0, &(0x7f0000664fc0)) mq_getsetattr(r0, &(0x7f0000738fc0), &(0x7f0000356000)) 21:48:24 executing program 0: r0 = socket$inet6(0xa, 0x80801, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x8, &(0x7f0000000140)=ANY=[@ANYBLOB="7a0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000bd120000000000008500000006000000b7000000000000009500000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0xa}, 0x48) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00syz1\x00', 0x200002, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000200)={r2, r1, 0x2000000000000a, 0x2}, 0x10) 21:48:24 executing program 1: r0 = socket$inet6(0xa, 0x1000000000003, 0x6) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$inet6(0xa, 0x3, 0x4) setsockopt$inet6_int(r1, 0x29, 0x3e, &(0x7f0000002ac0)=0x1000, 0x4) sendto$inet6(r1, &(0x7f0000000000), 0xffa7, 0x0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback={0x0, 0x8}}, 0x1c) 21:48:24 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000000)="153f0c34488dd25d766070") bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x1dae42df16aa5471, &(0x7f0000000380)=ANY=[], &(0x7f0000000080)='syzkalleP\x00', 0x0, 0x38, &(0x7f0000000180)=""/206}, 0xfffffffffffffe55) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000000)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001000000b7050000020000006a0a00fe00000000850000000b000000b7000000000000009500040000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000000)={0xffffffffffffffff, &(0x7f00000000c0)="b82283392d450ff1fb635a5849d20600000000000000e1"}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={r1, 0x38, &(0x7f00000000c0)}, 0x48) 21:48:25 executing program 5: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000980)={0x2, 0x1}, 0x10) syz_emit_ethernet(0x423, &(0x7f0000000080)={@link_local, @empty, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x415, 0x0, 0x0, 0x0, 0x200000000000011, 0x0, @rand_addr, @multicast1}, @dccp={{0x0, 0x1, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "d70502", 0x0, "f53475"}, "b441d632cdbbcb211363807aec73d3883762a61dc02d349bfa3ac974b987aa7fb97eb324d594fbbb77bab759418aa8d451d921e8f5d2cf2b08292111701192e97cac366dd3eb2e0fb039e58314ef4709c5f3556db6a1ab6b4fb2bdd83cdc26e8395ec4984ec3faf71a611d1569545d654cded93be827a85188b803c19c1b56aab522862a718b81e512b49690994d3425e33bd93f0e744c66a083c1f9f1bd7bb8f9e123c08f3f041ed3fdc058136cf0071a47cc0e38720a12e11e842a7b5b26dff07f578fdb9a7b14662a625c1ee76c41ccb2b1fc6376aa718e1067b9e4af511ef5b360dbfad326108bb033db193dab27974eb8c462739eaee51d87f31c516e7e391073770da3202e02c41a7277c847df24bd5b0a7ab6e252f3c8ebf00688cc55311d887e8bfd95a7f4c6a126af3fe26714ddb869c66d18f870631bbd497e8a06881b754ecdcdd0dcffc51cd52a6b560f8d64b63a1674745edc5f53b18a8ffcc5c2fbc4d2bbcc2faf3c189d9b36c0655d1394f5c127ec86b8a764a87b546c2b6ac37d0a8ec3edd7cda6f930570763dbdc0640d219749bd57c7c89eaadfdae41d654a46b17be069a32a7d94d29b612fbe61b8bd11a2d10ba5d4ac7014fc0465c3f144598bd1f913343e7293711040eee0ae8df1e49f04ed1037d4b742aed0e932116060aaf6b985238d2e10fb5b11d19d7801befed4833287d96a85a7cdd9e211a672760335655576fc0fa0336621c2b2b1018ef71bb5077c67ee5fa8d479d6776013363e98b1f1213712be7e47549b6035459008c509f0f983130a451531381ee3c1ab9e1cbb8e558b56ca1a70939389addc5f9632b37ff3f634abb504bb0be0a51649683f6e29588c15cda40255e173328681884ffef6729e9058c5623e1401fdcc7b8cb5623a8fd725fbeea05fc417c44e46500619218dff7c70aa068994c58883cada505a2aa85b6620dfe9c45b707c9aa1222b86972eae564b28a05ddfa3545df231fde2707d4bf67dc6ba41daba91dee8081e5c7e2bcfbebebd42d5ab8a32d6e098fd57233e3b813dc0d772134775def451823b7fef2bc93da01722cd613b9a3db7e2d4c51fb7b56006ee9cea53b62343599a56167388d45247f9289fb1cab67a7cb0c3665ddf1e1411875b4de3428b32fc6603691a023d8e4cb93c667acb7b535fb5f77af9a49640cbe8ffe3a193cf4df1b556a67cb753c60bdf978b871aa513c07074c6602037ebc32199290e3c7ac6f103ad9358951ad4de0c8f1b34951b0e6a48295975cf08b2c3c95064855fc95317e386f1c18608d1d08699003c998b93332cd316f17a5139d350cbfa9dabc3f77c4197a0186e50913978e980a7a028e7ccdeee718af028200e94a6b3a0ec93ba14b0c64dfaf3967e230d8cf876f26287d436ebc9588b52b43f2380836bfe3"}}}}}, 0x0) syz_emit_ethernet(0x423, &(0x7f0000000cc0)={@link_local, @empty=[0x0, 0x0, 0x14], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x415, 0x0, 0x0, 0x0, 0x200000000000011, 0x0, @rand_addr, @multicast1}, @dccp={{0x0, 0x1, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "d70502", 0x0, "f53475"}, "b441d632cdbbcb211363807aec73d3883762a61dc02d349bfa3ac974b987aa7fb97eb324d594fbbb77bab759418aa8d451d921e8f5d2cf2b08292111701192e97cac366dd3eb2e0fb039e58314ef4709c5f3556db6a1ab6b4fb2bdd83cdc26e8395ec4984ec3faf71a611d1569545d654cded93be827a85188b803c19c1b56aab522862a718b81e512b49690994d3425e33bd93f0e744c66a083c1f9f1bd7bb8f9e123c08f3f041ed3fdc058136cf0071a47cc0e38720a12e11e842a7b5b26dff07f578fdb9a7b14662a625c1ee76c41ccb2b1fc6376aa718e1067b9e4af511ef5b360dbfad326108bb033db193dab27974eb8c462739eaee51d87f31c516e7e391073770da3202e02c41a7277c847df24bd5b0a7ab6e252f3c8ebf00688cc55311d887e8bfd95a7f4c6a126af3fe26714ddb869c66d18f870631bbd497e8a06881b754ecdcdd0dcffc51cd52a6b560f8d64b63a1674745edc5f53b18a8ffcc5c2fbc4d2bbcc2faf3c189d9b36c0655d1394f5c127ec86b8a764a87b546c2b6ac37d0a8ec3edd7cda6f930570763dbdc0640d219749bd57c7c89eaadfdae41d654a46b17be069a32a7d94d29b612fbe61b8bd11a2d10ba5d4ac7014fc0465c3f144598bd1f913343e7293711040eee0ae8df1e49f04ed1037d4b742aed0e932116060aaf6b985238d2e10fb5b11d19d7801befed4833287d96a85a7cdd9e211a672760335655576fc0fa0336621c2b2b1018ef71bb5077c67ee5fa8d479d6776013363e98b1f1213712be7e47549b6035459008c509f0f983130a451531381ee3c1ab9e1cbb8e558b56ca1a70939389addc5f9632b37ff3f634abb504bb0be0a51649683f6e29588c15cda40255e173328681884ffef6729e9058c5623e1401fdcc7b8cb5623a8fd725fbeea05fc417c44e46500619218dff7c70aa068994c58883cada505a2aa85b6620dfe9c45b707c9aa1222b86972eae564b28a05ddfa3545df231fde2707d4bf67dc6ba41daba91dee8081e5c7e2bcfbebebd42d5ab8a32d6e098fd57233e3b813dc0d772134775def451823b7fef2bc93da01722cd613b9a3db7e2d4c51fb7b56006ee9cea53b62343599a56167388d45247f9289fb1cab67a7cb0c3665ddf1e1411875b4de3428b32fc6603691a023d8e4cb93c667acb7b535fb5f77af9a49640cbe8ffe3a193cf4df1b556a67cb753c60bdf978b871aa513c07074c6602037ebc32199290e3c7ac6f103ad9358951ad4de0c8f1b34951b0e6a48295975cf08b2c3c95064855fc95317e386f1c18608d1d08699003c998b93332cd316f17a5139d350cbfa9dabc3f77c4197a0186e50913978e980a7a028e7ccdeee718af028200e94a6b3a0ec93ba14b0c64dfaf3967e230d8cf876f26287d436ebc9588b52b43f2380836bfe3"}}}}}, 0x0) 21:48:25 executing program 2: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x2, 0x0) write$sndseq(r0, &(0x7f0000000000)=[{0x10005, 0x4ec, 0x0, 0x0, @time={0x77359400}, {}, {}, @time=@tick=0x5}], 0x30) 21:48:25 executing program 4: pipe2(&(0x7f0000f14000), 0x0) r0 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) syz_open_procfs(0x0, &(0x7f0000000280)="2f65786500000000000409004bddd9de91be10eebf000e0e281ab42fb897c0d554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a984237d092ef1c00b517026f8bd7f2b0436a4c40960ab3f6bc482809f6bd82caa34799193b35445293b992ab5e44573eef5fd0f423a5cfb386f9cc996c6effde7e603fdeab448671b63bec6e9395aabab4d045f1ad982a2a897fafa710be9e681f3c6a45db03d9e6cb58fbec3d8397005f17d6f7afa102ded1837bcb805600000000000000000000") execveat(r0, &(0x7f0000000000)='\x00', &(0x7f00000003c0), &(0x7f0000000500), 0x1000) 21:48:25 executing program 0: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x2, 0x0) write$sndseq(r0, &(0x7f0000000000)=[{0x10005, 0x4ec, 0x0, 0x0, @time={0x77359400}, {}, {}, @time=@tick=0x5}], 0x30) 21:48:25 executing program 3: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f0000000140)={0x1d, r1}, 0x10) close(r0) 21:48:25 executing program 1: 21:48:25 executing program 2: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x2, 0x0) write$sndseq(r0, &(0x7f0000000000)=[{0x10005, 0x4ec, 0x0, 0x0, @time={0x77359400}, {}, {}, @time=@tick=0x5}], 0x30) 21:48:25 executing program 5: 21:48:26 executing program 3: 21:48:26 executing program 4: pipe2(&(0x7f0000f14000), 0x0) r0 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) pread64(0xffffffffffffffff, &(0x7f0000000080), 0xff7c, 0x0) execveat(r0, &(0x7f0000000000)='\x00', &(0x7f00000003c0), &(0x7f0000000500), 0x1000) 21:48:26 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x4, &(0x7f0000000000)='pids'}, 0x30) ptrace$cont(0xffffffffffffffff, r1, 0x7fffffff, 0x2) r2 = openat$cgroup_subtree(r0, &(0x7f00000001c0)='cgroup.subtree_control\x00', 0x2, 0x0) write$cgroup_subtree(r2, &(0x7f0000000080)={[{0x2b, 'pids'}]}, 0x6) rt_sigtimedwait(&(0x7f00000000c0)={0x999a}, &(0x7f0000000140), &(0x7f0000000180), 0x8) r3 = socket$inet6(0xa, 0x1080000000002, 0x0) ioctl(r3, 0x8000000000008912, &(0x7f0000000280)="153f6234488dd25d766070") getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x66, &(0x7f0000000200)={0x0, 0x55}, &(0x7f00000002c0)=0x8) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x18, &(0x7f0000000300)={r4, 0xff}, &(0x7f0000000340)=0x8) 21:48:26 executing program 0: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f0000000140)={0x1d, r1}, 0x10) setsockopt(r0, 0x65, 0x1, &(0x7f0000000080), 0x1d0) connect$inet6(0xffffffffffffffff, &(0x7f0000000140), 0x1c) getpgrp(0xffffffffffffffff) 21:48:26 executing program 5: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f0000000140)={0x1d, r1}, 0x10) close(r0) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000100), 0x28) 21:48:26 executing program 2: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x2, 0x0) write$sndseq(r0, &(0x7f0000000000)=[{0x10005, 0x4ec, 0x0, 0x0, @time={0x77359400}, {}, {}, @time=@tick=0x5}], 0x30) 21:48:26 executing program 1: 21:48:26 executing program 0: 21:48:26 executing program 3: 21:48:27 executing program 2: write$sndseq(0xffffffffffffffff, &(0x7f0000000000)=[{0x10005, 0x4ec, 0x0, 0x0, @time={0x77359400}, {}, {}, @time=@tick=0x5}], 0x30) 21:48:27 executing program 0: 21:48:27 executing program 1: 21:48:27 executing program 5: 21:48:27 executing program 4: pipe2(&(0x7f0000f14000), 0x0) r0 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) pread64(0xffffffffffffffff, &(0x7f0000000080), 0xff7c, 0x0) execveat(r0, &(0x7f0000000000)='\x00', &(0x7f00000003c0), &(0x7f0000000500), 0x1000) 21:48:27 executing program 3: 21:48:27 executing program 2: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x0, 0x0) write$sndseq(r0, &(0x7f0000000000)=[{0x10005, 0x4ec, 0x0, 0x0, @time={0x77359400}, {}, {}, @time=@tick=0x5}], 0x30) 21:48:27 executing program 3: 21:48:27 executing program 0: 21:48:27 executing program 1: 21:48:27 executing program 5: 21:48:27 executing program 4: pipe2(&(0x7f0000f14000), 0x0) r0 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) pread64(0xffffffffffffffff, &(0x7f0000000080), 0xff7c, 0x0) execveat(r0, &(0x7f0000000000)='\x00', &(0x7f00000003c0), &(0x7f0000000500), 0x1000) 21:48:28 executing program 2: openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x2, 0x0) write$sndseq(0xffffffffffffffff, &(0x7f0000000000)=[{0x10005, 0x4ec, 0x0, 0x0, @time={0x77359400}, {}, {}, @time=@tick=0x5}], 0x30) 21:48:28 executing program 5: 21:48:28 executing program 0: 21:48:28 executing program 3: 21:48:28 executing program 1: 21:48:28 executing program 0: 21:48:28 executing program 2: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x2, 0x0) write$sndseq(r0, &(0x7f0000000000), 0x0) 21:48:28 executing program 5: 21:48:28 executing program 4: pipe2(&(0x7f0000f14000), 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000280)="2f65786500000000000409004bddd9de91be10eebf000e0e281ab42fb897c0d554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a984237d092ef1c00b517026f8bd7f2b0436a4c40960ab3f6bc482809f6bd82caa34799193b35445293b992ab5e44573eef5fd0f423a5cfb386f9cc996c6effde7e603fdeab448671b63bec6e9395aabab4d045f1ad982a2a897fafa710be9e681f3c6a45db03d9e6cb58fbec3d8397005f17d6f7afa102ded1837bcb805600000000000000000000") pread64(r0, &(0x7f0000000080), 0xff7c, 0x0) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', &(0x7f00000003c0), &(0x7f0000000500), 0x1000) 21:48:28 executing program 1: 21:48:28 executing program 3: 21:48:29 executing program 0: 21:48:29 executing program 2: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x2, 0x0) write$sndseq(r0, &(0x7f0000000000), 0x0) 21:48:29 executing program 1: 21:48:29 executing program 4: pipe2(&(0x7f0000f14000), 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000280)="2f65786500000000000409004bddd9de91be10eebf000e0e281ab42fb897c0d554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a984237d092ef1c00b517026f8bd7f2b0436a4c40960ab3f6bc482809f6bd82caa34799193b35445293b992ab5e44573eef5fd0f423a5cfb386f9cc996c6effde7e603fdeab448671b63bec6e9395aabab4d045f1ad982a2a897fafa710be9e681f3c6a45db03d9e6cb58fbec3d8397005f17d6f7afa102ded1837bcb805600000000000000000000") pread64(r0, &(0x7f0000000080), 0xff7c, 0x0) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', &(0x7f00000003c0), &(0x7f0000000500), 0x1000) 21:48:29 executing program 5: 21:48:29 executing program 3: 21:48:29 executing program 2: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x2, 0x0) write$sndseq(r0, &(0x7f0000000000), 0x0) 21:48:29 executing program 0: 21:48:29 executing program 1: 21:48:29 executing program 5: 21:48:29 executing program 3: 21:48:30 executing program 2: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x2, 0x0) write$sndseq(r0, &(0x7f0000000000)=[{0x0, 0x4ec, 0x0, 0x0, @time={0x77359400}, {}, {}, @time=@tick=0x5}], 0x30) 21:48:30 executing program 4: pipe2(&(0x7f0000f14000), 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000280)="2f65786500000000000409004bddd9de91be10eebf000e0e281ab42fb897c0d554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a984237d092ef1c00b517026f8bd7f2b0436a4c40960ab3f6bc482809f6bd82caa34799193b35445293b992ab5e44573eef5fd0f423a5cfb386f9cc996c6effde7e603fdeab448671b63bec6e9395aabab4d045f1ad982a2a897fafa710be9e681f3c6a45db03d9e6cb58fbec3d8397005f17d6f7afa102ded1837bcb805600000000000000000000") pread64(r0, &(0x7f0000000080), 0xff7c, 0x0) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', &(0x7f00000003c0), &(0x7f0000000500), 0x1000) 21:48:30 executing program 3: 21:48:30 executing program 0: 21:48:30 executing program 1: 21:48:30 executing program 2: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x2, 0x0) write$sndseq(r0, &(0x7f0000000000)=[{0x0, 0x4ec, 0x0, 0x0, @time={0x77359400}, {}, {}, @time=@tick=0x5}], 0x30) 21:48:30 executing program 5: r0 = syz_open_dev$sndctrl(&(0x7f0000000740)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0xc0045540, &(0x7f0000000000)) 21:48:30 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x55}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2, 0x2011, r1, 0x0) creat(&(0x7f0000000080)='.\x00', 0x0) 21:48:30 executing program 4: r0 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000280)="2f65786500000000000409004bddd9de91be10eebf000e0e281ab42fb897c0d554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a984237d092ef1c00b517026f8bd7f2b0436a4c40960ab3f6bc482809f6bd82caa34799193b35445293b992ab5e44573eef5fd0f423a5cfb386f9cc996c6effde7e603fdeab448671b63bec6e9395aabab4d045f1ad982a2a897fafa710be9e681f3c6a45db03d9e6cb58fbec3d8397005f17d6f7afa102ded1837bcb805600000000000000000000") pread64(r1, &(0x7f0000000080), 0xff7c, 0x0) execveat(r0, &(0x7f0000000000)='\x00', &(0x7f00000003c0), &(0x7f0000000500), 0x1000) 21:48:30 executing program 2: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x2, 0x0) write$sndseq(r0, &(0x7f0000000000)=[{0x0, 0x4ec, 0x0, 0x0, @time={0x77359400}, {}, {}, @time=@tick=0x5}], 0x30) 21:48:30 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r0, &(0x7f0000000380)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x5, 0x0, "913fa7c292d3d3841feaa73b24735180b4fadafbd0ae8fdf06dc1c0fffaedf7b3cf0239733e29abbc5d501554cc12846eb3ebd34bab758954fc222777a53c4c0a8e473b6e9bb9bd5b5f2ee63c9774539"}, 0xd8) r1 = dup(r0) sendto$inet6(r0, &(0x7f0000e77fff), 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f00000007c0)=0x80, 0x4) ioctl$sock_SIOCSIFBR(0xffffffffffffffff, 0x8941, &(0x7f0000000180)=@generic) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x40000003, 0x0, &(0x7f0000000c80)) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f0000000900)={0x0, @in6={{0xa, 0x4e21, 0x8, @remote}}, [0x8f, 0x0, 0xfff, 0x1f6, 0x5, 0x100000000, 0x1, 0x1, 0x0, 0xbd0, 0x8, 0x0, 0x100000001, 0x0, 0x8765]}, &(0x7f0000000a00)=0x100) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000a40), 0x8) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8937, &(0x7f0000000000)={'bridge_slave_1\x00', @random="01003a1e2410"}) getpeername(0xffffffffffffffff, &(0x7f0000000100)=@hci, &(0x7f0000000580)=0x80) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000340), 0xc, &(0x7f0000000600)={&(0x7f0000000580)=ANY=[]}}, 0x0) r2 = add_key(&(0x7f00000000c0)='pkcs7_test\x00', &(0x7f0000000680)={'syz', 0x0}, &(0x7f0000000700)="7815ff25cf337ecaf76461c9090771e89f21ae42738f0f042bde7fc6df051454ffad40ebc1011f0a193f4623c301f446fe221a2ea644c4aadffcad4c09c3df1b57e39a64b0201ca0a6d8", 0x4a, 0xfffffffffffffffc) keyctl$clear(0x7, r2) dup2(0xffffffffffffffff, 0xffffffffffffffff) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000003c0)={{{@in6=@local, @in=@broadcast}}, {{}, 0x0, @in6=@dev}}, &(0x7f0000000300)=0xe8) openat$fuse(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/fuse\x00', 0x2, 0x0) getsockopt$IP_VS_SO_GET_TIMEOUT(0xffffffffffffffff, 0x0, 0x486, &(0x7f00000004c0), &(0x7f0000000a80)=0xc) setsockopt$XDP_UMEM_FILL_RING(0xffffffffffffffff, 0x11b, 0x5, &(0x7f0000000080), 0x4) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x8, &(0x7f0000000040), 0x4) r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r1, 0xc08c5335, &(0x7f0000000800)={0x0, 0x10000, 0x0, 'queue0\x00'}) ftruncate(0xffffffffffffffff, 0x0) openat(0xffffffffffffffff, &(0x7f00000001c0)='./bus\x00', 0x0, 0x0) io_setup(0x0, &(0x7f00000006c0)) io_cancel(0x0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f00000008c0), 0x0, 0x0, 0x0, 0x0, r3}, &(0x7f0000000540)) ftruncate(r3, 0x2007fff) sendfile(r1, r3, &(0x7f0000d83ff8)=0x54, 0x87ff7) 21:48:30 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'lo\x00'}) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="000000000c000000000000000800010073667100480002000000000000000000000000004000000000000000000000000000000000000000000000f04a0000000000000000000002000000000000000000000000000000"], 0x1}}, 0x0) 21:48:31 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001840)={0x2, 0x70, 0xcb3e, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000180)="2f67726f75702e73746174003c23fb572a1f0294e6f378b41ad54b4d9d9a1f63f8785ad188a7e1c88875e05b18a4cb3a9cd12dcea440d899c22c652b3a471b4a7fa2f3fdf6e034d804e5f0df4b1dee483b157624c59c0100e89e6a357c000000", 0x2761, 0x0) write$cgroup_int(r0, &(0x7f0000000080), 0x297ef) [ 281.099857] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 21:48:31 executing program 3: close(0xffffffffffffffff) socket$alg(0x26, 0x5, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f00000016c0)={0x0, 0x0, @pic={0x0, 0x40bd, 0x34f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f0000000480)='/dev/vcs\x00', 0x4000, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r1, 0x0) mbind(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, &(0x7f0000000000), 0x45, 0x2) write$binfmt_misc(r1, &(0x7f0000000440)={'syz1'}, 0x12000) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)) 21:48:31 executing program 1: r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000000000), 0xe224f3386c95f50d, 0x0, &(0x7f0000000240)={0x77359400}) 21:48:31 executing program 4: r0 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) syz_open_procfs(0x0, &(0x7f0000000280)="2f65786500000000000409004bddd9de91be10eebf000e0e281ab42fb897c0d554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a984237d092ef1c00b517026f8bd7f2b0436a4c40960ab3f6bc482809f6bd82caa34799193b35445293b992ab5e44573eef5fd0f423a5cfb386f9cc996c6effde7e603fdeab448671b63bec6e9395aabab4d045f1ad982a2a897fafa710be9e681f3c6a45db03d9e6cb58fbec3d8397005f17d6f7afa102ded1837bcb805600000000000000000000") pread64(0xffffffffffffffff, &(0x7f0000000080), 0xff7c, 0x0) execveat(r0, &(0x7f0000000000)='\x00', &(0x7f00000003c0), &(0x7f0000000500), 0x1000) 21:48:31 executing program 2: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x2, 0x0) write$sndseq(r0, &(0x7f0000000000)=[{0x10005, 0x0, 0x0, 0x0, @time={0x77359400}, {}, {}, @time=@tick=0x5}], 0x30) 21:48:32 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0x3, &(0x7f00009ff000), &(0x7f00002bf000)='syzkaller\x00', 0x1, 0x405, &(0x7f0000000440)=""/183}, 0x48) r1 = socket$kcm(0x29, 0x1000000000002, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000000200)={0xffffffffffffffff}) close(r2) 21:48:32 executing program 5: r0 = socket$inet(0x2, 0x80006, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000004c0)='bridge_slave_0\x00', 0x10) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @dev}, 0x10) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f00000000c0)={{0x0, 0x8}, {0x0, 0x9}}, &(0x7f0000000080)) tkill(r1, 0x1004000000016) 21:48:32 executing program 2: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x2, 0x0) write$sndseq(r0, &(0x7f0000000000)=[{0x10005, 0x0, 0x0, 0x0, @time={0x77359400}, {}, {}, @time=@tick=0x5}], 0x30) 21:48:32 executing program 4: r0 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) syz_open_procfs(0x0, &(0x7f0000000280)="2f65786500000000000409004bddd9de91be10eebf000e0e281ab42fb897c0d554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a984237d092ef1c00b517026f8bd7f2b0436a4c40960ab3f6bc482809f6bd82caa34799193b35445293b992ab5e44573eef5fd0f423a5cfb386f9cc996c6effde7e603fdeab448671b63bec6e9395aabab4d045f1ad982a2a897fafa710be9e681f3c6a45db03d9e6cb58fbec3d8397005f17d6f7afa102ded1837bcb805600000000000000000000") pread64(0xffffffffffffffff, &(0x7f0000000080), 0xff7c, 0x0) execveat(r0, &(0x7f0000000000)='\x00', &(0x7f00000003c0), &(0x7f0000000500), 0x1000) 21:48:32 executing program 3: close(0xffffffffffffffff) socket$alg(0x26, 0x5, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f00000016c0)={0x0, 0x0, @pic={0x0, 0x40bd, 0x34f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f0000000480)='/dev/vcs\x00', 0x4000, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r1, 0x0) mbind(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, &(0x7f0000000000), 0x45, 0x2) write$binfmt_misc(r1, &(0x7f0000000440)={'syz1'}, 0x12000) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000040)) 21:48:32 executing program 0: r0 = socket$inet6(0xa, 0x400000000001, 0x0) bind$inet6(r0, &(0x7f0000000380)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000200)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x5, 0x0, "913fa7c292d3d3841feaa73b24735180b4fadafbd0ae8fdf06dc1c0fffaedf7b3cf0239733e29abbc5d501554cc12846eb3ebd34bab758954fc222777a53c4c0a8e473b6e9bb9bd5b5f2ee63c9774539"}, 0xd8) r1 = dup(r0) sendto$inet6(r0, &(0x7f0000e77fff), 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f00000007c0)=0x80, 0x4) ioctl$sock_SIOCSIFBR(0xffffffffffffffff, 0x8941, &(0x7f0000000180)=@generic) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x40000003, 0x0, &(0x7f0000000c80)) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f0000000900)={0x0, @in6={{0xa, 0x4e21, 0x8, @remote}}, [0x8f, 0x0, 0xfff, 0x1f6, 0x5, 0x100000000, 0x1, 0x1, 0x0, 0xbd0, 0x8, 0x0, 0x100000001, 0x0, 0x8765]}, &(0x7f0000000a00)=0x100) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000a40), 0x8) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8937, &(0x7f0000000000)={'bridge_slave_1\x00', @random="01003a1e2410"}) getpeername(0xffffffffffffffff, &(0x7f0000000100)=@hci, &(0x7f0000000580)=0x80) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f0000000340), 0xc, &(0x7f0000000600)={&(0x7f0000000580)=ANY=[]}}, 0x0) r2 = add_key(&(0x7f00000000c0)='pkcs7_test\x00', &(0x7f0000000680)={'syz', 0x0}, &(0x7f0000000700)="7815ff25cf337ecaf76461c9090771e89f21ae42738f0f042bde7fc6df051454ffad40ebc1011f0a193f4623c301f446fe221a2ea644c4aadffcad4c09c3df1b57e39a64b0201ca0a6d8", 0x4a, 0xfffffffffffffffc) keyctl$clear(0x7, r2) dup2(0xffffffffffffffff, 0xffffffffffffffff) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000003c0)={{{@in6=@local, @in=@broadcast}}, {{}, 0x0, @in6=@dev}}, &(0x7f0000000300)=0xe8) openat$fuse(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/fuse\x00', 0x2, 0x0) getsockopt$IP_VS_SO_GET_TIMEOUT(0xffffffffffffffff, 0x0, 0x486, &(0x7f00000004c0), &(0x7f0000000a80)=0xc) setsockopt$XDP_UMEM_FILL_RING(0xffffffffffffffff, 0x11b, 0x5, &(0x7f0000000080), 0x4) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x8, &(0x7f0000000040), 0x4) r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r1, 0xc08c5335, &(0x7f0000000800)={0x0, 0x10000, 0x0, 'queue0\x00'}) ftruncate(0xffffffffffffffff, 0x0) openat(0xffffffffffffffff, &(0x7f00000001c0)='./bus\x00', 0x0, 0x0) io_setup(0x0, &(0x7f00000006c0)) io_cancel(0x0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f00000008c0), 0x0, 0x0, 0x0, 0x0, r3}, &(0x7f0000000540)) ftruncate(r3, 0x2007fff) sendfile(r1, r3, &(0x7f0000d83ff8)=0x54, 0x87ff7) 21:48:32 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r1 = accept4(r0, 0x0, &(0x7f0000000100), 0x800) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r2, &(0x7f00000002c0), 0x1000007ffff000) 21:48:32 executing program 1: get_mempolicy(&(0x7f0000000000), &(0x7f0000000080), 0xfd6, &(0x7f0000ffc000/0x4000)=nil, 0x3) 21:48:33 executing program 2: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x2, 0x0) write$sndseq(r0, &(0x7f0000000000)=[{0x10005, 0x0, 0x0, 0x0, @time={0x77359400}, {}, {}, @time=@tick=0x5}], 0x30) 21:48:33 executing program 3: openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000700)='./cgroup/syz0\x00', 0x200002, 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000080), 0x12) 21:48:33 executing program 1: 21:48:34 executing program 4: r0 = memfd_create(&(0x7f00000000c0)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) syz_open_procfs(0x0, &(0x7f0000000280)="2f65786500000000000409004bddd9de91be10eebf000e0e281ab42fb897c0d554fa07424adee901d2da75af1f0200f5ab26d7a071fb35331ce39c5a984237d092ef1c00b517026f8bd7f2b0436a4c40960ab3f6bc482809f6bd82caa34799193b35445293b992ab5e44573eef5fd0f423a5cfb386f9cc996c6effde7e603fdeab448671b63bec6e9395aabab4d045f1ad982a2a897fafa710be9e681f3c6a45db03d9e6cb58fbec3d8397005f17d6f7afa102ded1837bcb805600000000000000000000") pread64(0xffffffffffffffff, &(0x7f0000000080), 0xff7c, 0x0) execveat(r0, &(0x7f0000000000)='\x00', &(0x7f00000003c0), &(0x7f0000000500), 0x1000) 21:48:34 executing program 2: r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x2, 0x0) write$sndseq(r0, &(0x7f0000000000)=[{0x10005, 0x4ec, 0x0, 0x0, @time={0x77359400}, {}, {}, @time}], 0x30) 21:48:34 executing program 1: 21:48:34 executing program 0: 21:48:34 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_SIGNAL_MASK(0xffffffffffffffff, 0x4004ae8b, &(0x7f0000001000)=ANY=[@ANYBLOB="fb"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000300)="f32bb900000000c4a1bdedf4c4427d58eaf23e0f1e410066bad104ecf466460f63ea2e46815ef368000000c4a2318c42000f011a", 0x34}], 0x1, 0x0, &(0x7f0000000000), 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000001000/0x2000)=nil}) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x80000000000005, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 21:48:34 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r1 = accept4(r0, 0x0, &(0x7f0000000100), 0x800) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r2, &(0x7f00000002c0), 0x1000007ffff000) [ 284.435810] ================================================================== [ 284.443252] BUG: KMSAN: uninit-value in vmx_set_constant_host_state+0x1778/0x1830 [ 284.450913] CPU: 0 PID: 8179 Comm: syz-executor3 Not tainted 4.19.0-rc4+ #65 [ 284.458124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 284.467499] Call Trace: [ 284.470131] dump_stack+0x306/0x460 [ 284.473806] ? vmx_set_constant_host_state+0x1778/0x1830 [ 284.479307] kmsan_report+0x1a2/0x2e0 [ 284.483608] __msan_warning+0x7c/0xe0 [ 284.487455] vmx_set_constant_host_state+0x1778/0x1830 [ 284.492777] vmx_create_vcpu+0x3e6f/0x7870 [ 284.497049] ? kmsan_set_origin_inline+0x6b/0x120 [ 284.501931] ? __msan_poison_alloca+0x17a/0x210 [ 284.506816] ? vmx_vm_init+0x340/0x340 [ 284.510758] kvm_arch_vcpu_create+0x25d/0x2f0 [ 284.515282] kvm_vm_ioctl+0x13fd/0x33d0 [ 284.519304] ? __msan_poison_alloca+0x17a/0x210 [ 284.524019] ? do_vfs_ioctl+0x18a/0x2810 [ 284.528115] ? __se_sys_ioctl+0x1da/0x270 [ 284.532294] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 284.537168] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 284.542045] do_vfs_ioctl+0xcf3/0x2810 [ 284.545990] ? security_file_ioctl+0x92/0x200 [ 284.550535] __se_sys_ioctl+0x1da/0x270 [ 284.554602] __x64_sys_ioctl+0x4a/0x70 [ 284.558540] do_syscall_64+0xbe/0x100 [ 284.562392] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 284.567660] RIP: 0033:0x457579 [ 284.570884] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 284.590121] RSP: 002b:00007f9dec9d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 284.597865] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 284.605163] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 284.612473] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 284.619869] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9dec9d16d4 [ 284.627161] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 284.634476] [ 284.636138] Local variable description: ----dt@vmx_set_constant_host_state [ 284.643161] Variable was created at: [ 284.647089] vmx_set_constant_host_state+0x2b0/0x1830 [ 284.652497] vmx_create_vcpu+0x3e6f/0x7870 [ 284.656747] ================================================================== [ 284.664132] Disabling lock debugging due to kernel taint [ 284.669602] Kernel panic - not syncing: panic_on_warn set ... [ 284.669602] [ 284.677183] CPU: 0 PID: 8179 Comm: syz-executor3 Tainted: G B 4.19.0-rc4+ #65 [ 284.685786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 284.695210] Call Trace: [ 284.697844] dump_stack+0x306/0x460 [ 284.701525] panic+0x54c/0xafa [ 284.704812] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 284.710306] kmsan_report+0x2d3/0x2e0 [ 284.714156] __msan_warning+0x7c/0xe0 [ 284.718003] vmx_set_constant_host_state+0x1778/0x1830 [ 284.723333] vmx_create_vcpu+0x3e6f/0x7870 [ 284.727611] ? kmsan_set_origin_inline+0x6b/0x120 [ 284.732493] ? __msan_poison_alloca+0x17a/0x210 [ 284.737212] ? vmx_vm_init+0x340/0x340 [ 284.741490] kvm_arch_vcpu_create+0x25d/0x2f0 [ 284.747008] kvm_vm_ioctl+0x13fd/0x33d0 [ 284.751034] ? __msan_poison_alloca+0x17a/0x210 [ 284.755747] ? do_vfs_ioctl+0x18a/0x2810 [ 284.759852] ? __se_sys_ioctl+0x1da/0x270 [ 284.764033] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 284.768908] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 284.773786] do_vfs_ioctl+0xcf3/0x2810 [ 284.777739] ? security_file_ioctl+0x92/0x200 [ 284.782297] __se_sys_ioctl+0x1da/0x270 [ 284.787013] __x64_sys_ioctl+0x4a/0x70 [ 284.790930] do_syscall_64+0xbe/0x100 [ 284.794770] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 284.799986] RIP: 0033:0x457579 [ 284.803204] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 284.822131] RSP: 002b:00007f9dec9d0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 284.829875] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457579 [ 284.837162] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 284.844454] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 284.851751] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f9dec9d16d4 [ 284.859046] R13: 00000000004bfc18 R14: 00000000004cfca0 R15: 00000000ffffffff [ 284.867653] Kernel Offset: disabled [ 284.871297] Rebooting in 86400 seconds..