[info] Using makefile-style concurrent boot in runlevel 2. [ 24.496833] audit: type=1800 audit(1540339593.006:21): pid=5427 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0 [ 24.526478] audit: type=1800 audit(1540339593.026:22): pid=5427 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="motd" dev="sda1" ino=2447 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.2' (ECDSA) to the list of known hosts. 2018/10/24 00:06:44 fuzzer started 2018/10/24 00:06:47 dialing manager at 10.128.0.26:43795 2018/10/24 00:06:47 syscalls: 1 2018/10/24 00:06:47 code coverage: enabled 2018/10/24 00:06:47 comparison tracing: enabled 2018/10/24 00:06:47 setuid sandbox: enabled 2018/10/24 00:06:47 namespace sandbox: enabled 2018/10/24 00:06:47 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/24 00:06:47 fault injection: enabled 2018/10/24 00:06:47 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/24 00:06:47 net packed injection: enabled 2018/10/24 00:06:47 net device setup: enabled 00:09:42 executing program 0: r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x0, &(0x7f0000007000)={{}, {0x0, 0x5}}, &(0x7f0000002000)) readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000040)=""/8, 0x8}], 0x1) syzkaller login: [ 214.103071] IPVS: ftp: loaded support on port[0] = 21 00:09:42 executing program 1: r0 = openat$urandom(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/urandom\x00', 0x2a080, 0x0) fcntl$setstatus(r0, 0x4, 0x0) [ 214.394647] IPVS: ftp: loaded support on port[0] = 21 00:09:43 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000000)=0x9) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) read(r0, &(0x7f0000000040)=""/56, 0x38) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5412, &(0x7f00000004c0)) [ 214.702846] IPVS: ftp: loaded support on port[0] = 21 00:09:43 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000480)='/dev/ptmx\x00', 0x1, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6b}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000300)='./file0\x00', 0x0) write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="0004063fc900000017000000050000008c010000040000000000000045a90f3d09876e6d0cd4e191a1f98937702d8f9523b12ed90920a91c8275dd4b2691490dc3559414d05501b55217cdf5424294335b7189c3003b2cbdae69c72000000000000000710e13"], 0x66) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)) r1 = syz_open_pts(r0, 0x0) r2 = dup2(r1, r1) ioctl$TCXONC(r2, 0x540a, 0x3) [ 215.210466] IPVS: ftp: loaded support on port[0] = 21 00:09:44 executing program 4: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ppoll(&(0x7f0000000140)=[{r0}], 0x1, &(0x7f0000000180)={0x77359400}, &(0x7f0000000040), 0x8) close(r0) close(r1) [ 215.592573] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.623459] bridge0: port 1(bridge_slave_0) entered disabled state [ 215.647899] IPVS: ftp: loaded support on port[0] = 21 [ 215.658201] device bridge_slave_0 entered promiscuous mode [ 215.776704] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.786350] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.793971] device bridge_slave_1 entered promiscuous mode [ 215.918435] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 216.014633] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 00:09:44 executing program 5: r0 = socket(0x11, 0x2, 0x1) bind(r0, &(0x7f00005a2000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) [ 216.362195] IPVS: ftp: loaded support on port[0] = 21 [ 216.365955] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.376084] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.389535] device bridge_slave_0 entered promiscuous mode [ 216.497050] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 216.524696] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.538678] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.546086] device bridge_slave_1 entered promiscuous mode [ 216.664269] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 216.696751] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 216.702836] ip (5757) used greatest stack depth: 16184 bytes left [ 216.820083] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.826892] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.834245] device bridge_slave_0 entered promiscuous mode [ 216.873815] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 216.962338] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.979796] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.988698] device bridge_slave_1 entered promiscuous mode [ 217.085526] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 217.244467] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 217.262297] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 217.350030] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 217.377435] team0: Port device team_slave_0 added [ 217.445373] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 217.476690] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 217.484124] team0: Port device team_slave_1 added [ 217.570924] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.585272] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.594079] device bridge_slave_0 entered promiscuous mode [ 217.616129] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 217.639358] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 217.711655] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.731606] bridge0: port 2(bridge_slave_1) entered disabled state [ 217.739846] device bridge_slave_1 entered promiscuous mode [ 217.762466] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 217.807640] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 217.879071] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 217.887726] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 217.896082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 217.915712] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 218.000216] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 218.011009] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 218.023057] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 218.070463] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 218.085012] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 218.121527] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.142440] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.161779] device bridge_slave_0 entered promiscuous mode [ 218.169733] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 218.198055] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 218.206185] team0: Port device team_slave_0 added [ 218.260898] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.287758] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.295272] device bridge_slave_1 entered promiscuous mode [ 218.318313] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 218.325783] team0: Port device team_slave_1 added [ 218.428760] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 218.477675] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 218.488069] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 218.496139] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 218.518963] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 218.552988] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 218.568825] team0: Port device team_slave_0 added [ 218.585316] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 218.608608] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 218.616583] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 218.626305] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 218.669887] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.677190] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.684917] device bridge_slave_0 entered promiscuous mode [ 218.700138] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 218.719150] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 218.747419] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 218.765489] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 218.806732] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 218.814164] team0: Port device team_slave_1 added [ 218.830312] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.847094] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.867762] device bridge_slave_1 entered promiscuous mode [ 218.881781] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 218.908998] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 218.920775] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 218.962118] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 218.999723] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 219.031752] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 219.055041] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 219.082657] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 219.096761] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 219.107468] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 219.133192] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 219.158119] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 219.209322] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 219.224476] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 219.245870] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 219.281887] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 219.360250] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 219.377279] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 219.385236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 219.446761] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 219.453648] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 219.501143] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.507674] bridge0: port 2(bridge_slave_1) entered forwarding state [ 219.514581] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.521007] bridge0: port 1(bridge_slave_0) entered forwarding state [ 219.540552] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 219.552636] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 219.561979] team0: Port device team_slave_0 added [ 219.579585] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 219.613737] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 219.667844] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 219.731874] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 219.757597] team0: Port device team_slave_1 added [ 219.773625] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 219.906075] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 219.949429] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 219.957377] team0: Port device team_slave_0 added [ 219.989959] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 220.026734] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 220.086584] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 220.093823] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 220.102266] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 220.145374] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 220.177389] team0: Port device team_slave_1 added [ 220.193728] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 220.222804] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 220.233174] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 220.270700] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 220.300951] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 220.317153] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 220.392263] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 220.417216] team0: Port device team_slave_0 added [ 220.438063] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 220.445697] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 220.467193] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 220.531776] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.538212] bridge0: port 2(bridge_slave_1) entered forwarding state [ 220.544903] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.551859] bridge0: port 1(bridge_slave_0) entered forwarding state [ 220.572725] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 220.589355] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 220.615214] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 220.637148] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 220.646110] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 220.655372] team0: Port device team_slave_1 added [ 220.730423] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 220.755465] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 220.771137] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 220.802403] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 220.935099] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 221.047062] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 221.067727] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 221.082690] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 221.092071] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 221.119985] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.126424] bridge0: port 2(bridge_slave_1) entered forwarding state [ 221.133089] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.139509] bridge0: port 1(bridge_slave_0) entered forwarding state [ 221.149540] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 221.221117] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 221.246768] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 221.254769] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 221.845739] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.852179] bridge0: port 2(bridge_slave_1) entered forwarding state [ 221.858898] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.865262] bridge0: port 1(bridge_slave_0) entered forwarding state [ 221.888001] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 221.996803] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.003200] bridge0: port 2(bridge_slave_1) entered forwarding state [ 222.009902] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.016273] bridge0: port 1(bridge_slave_0) entered forwarding state [ 222.025631] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 222.136746] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 222.144050] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 222.167386] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 222.592881] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.599326] bridge0: port 2(bridge_slave_1) entered forwarding state [ 222.605994] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.612438] bridge0: port 1(bridge_slave_0) entered forwarding state [ 222.636744] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 223.146524] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 224.793299] 8021q: adding VLAN 0 to HW filter on device bond0 [ 225.294508] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 225.768128] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 225.774298] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 225.786833] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 225.818255] 8021q: adding VLAN 0 to HW filter on device bond0 [ 226.200004] 8021q: adding VLAN 0 to HW filter on device team0 [ 226.218021] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 226.291641] 8021q: adding VLAN 0 to HW filter on device bond0 [ 226.678882] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 226.693125] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 226.701202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 226.740412] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 226.988357] 8021q: adding VLAN 0 to HW filter on device bond0 [ 227.029013] 8021q: adding VLAN 0 to HW filter on device bond0 [ 227.175575] 8021q: adding VLAN 0 to HW filter on device team0 [ 227.267269] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 227.273426] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 227.292845] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 227.452757] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 227.485985] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 227.656778] 8021q: adding VLAN 0 to HW filter on device team0 [ 227.698561] 8021q: adding VLAN 0 to HW filter on device bond0 [ 227.889502] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 227.897065] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 227.904155] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 227.967206] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 227.973354] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 227.981683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 228.207195] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 228.294376] 8021q: adding VLAN 0 to HW filter on device team0 [ 228.461195] 8021q: adding VLAN 0 to HW filter on device team0 [ 228.730022] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 228.736313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 228.745743] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 00:09:57 executing program 0: r0 = socket(0x10, 0x80003, 0xc) write(r0, &(0x7f00000000c0)="1f0000000202fffffd3b54c007110005e193f60cb24da2fa6cd370ec00f305", 0x1f) [ 229.166771] netlink: 11 bytes leftover after parsing attributes in process `syz-executor0'. 00:09:57 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)="2e2f6367726f75700000000000db887974a9d4b8049e206606a808fcfe3dd31291f786cee92a2ed9cc0eeb0f6e1b21700557d7d321c616f2a69f975e5d5807683103cf48516fd96063603193e1cc3109ac8eeb3489d6a5d86eea6fc66adc6c92378d49", 0x200002, 0x0) fchdir(r1) r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) getdents64(r2, &(0x7f0000000040)=""/127, 0x7f) [ 229.266822] 8021q: adding VLAN 0 to HW filter on device team0 00:09:57 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket(0xa, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000200)=@nat={'nat\x00', 0x19, 0x0, 0x90, [0x20000140, 0x0, 0x0, 0x20000170, 0x200001a0], 0x0, &(0x7f0000000040), &(0x7f0000000140)=ANY=[@ANYBLOB="0000000000000000000000000000000000000000000000000000d075761d170330e8000000000000feffffff00df000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff00000000000000000000000000000000007f0000000000000000000000000000000000000000000000000000ffffffff00000000"]}, 0x108) [ 229.391360] kernel msg: ebtables bug: please report to author: nentries does not equal the nr of entries in the chain 00:09:58 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$inet6_MCAST_LEAVE_GROUP(0xffffffffffffffff, 0x29, 0x2d, &(0x7f00000000c0)={0x0, {{0xa, 0x4e23, 0x401, @loopback}}}, 0x88) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'dummy0\x00', 0x8601}) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000080)=@req={0x1ff, 0x4, 0x9, 0x800}, 0x10) 00:09:58 executing program 0: r0 = memfd_create(&(0x7f0000000380)='cpuacct.usage_percpu\x00', 0x0) clone(0x0, &(0x7f0000000040), &(0x7f0000000100), &(0x7f0000c35ffc), &(0x7f0000000140)) ftruncate(r0, 0x0) 00:09:58 executing program 0: perf_event_open$cgroup(&(0x7f0000000500)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000280)}}, 0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0xe, &(0x7f0000000080)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d64050000000000650404000104000004040000f2000000b7050000230000006a0a00feca70a8d78500000036000000b7000000000000009500000000000000"], &(0x7f0000000340)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe, 0xb5, &(0x7f0000000100)="14de39349d3a8ce1d12d0d94d720", &(0x7f0000000380)=""/181, 0x8001}, 0x28) bpf$PROG_LOAD(0x5, &(0x7f0000011080)={0x0, 0x0, &(0x7f0000000340)=@raw, &(0x7f0000000380)='GPL\x00'}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x4, 0x0, 0xffffffffffffff9c}, 0x2c) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) 00:09:58 executing program 1: gettid() perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000014f88)={0x1, 0x70}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0xe, &(0x7f0000000080)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d64050000000000650404000104000004040000f2000000b7050000230000006a0a00feca70a8d78500000036000000b7000000000000009500000000000000"], &(0x7f0000000340)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe, 0xb5, &(0x7f0000000100)="14de39349d3a8ce1d12d0d94d720", &(0x7f0000000380)=""/181}, 0x28) bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x9, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff9c}, 0x2c) [ 230.197609] hrtimer: interrupt took 31463 ns 00:09:58 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/mcfilter6\x00') readv(r0, &(0x7f0000000000)=[{&(0x7f0000000200)=""/181, 0xb5}], 0x1) 00:09:59 executing program 2: io_setup(0x8, &(0x7f0000000140)=0x0) io_cancel(r0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000001140)}, &(0x7f00000001c0)) 00:09:59 executing program 3: r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000080)='.\x00', 0xfe) creat(&(0x7f0000000000)='./bus\x00', 0x0) 00:09:59 executing program 1: r0 = socket$inet6(0xa, 0x80003, 0x800001000000006) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r1, 0x1, 0x10, &(0x7f0000000040)=0x5, 0x4) bind$unix(r2, &(0x7f0000000180)=@file={0x1, './file0\x00'}, 0x6e) connect$unix(r1, &(0x7f0000000100)=@file={0x1, './file0\x00'}, 0x6e) 00:10:00 executing program 2: io_setup(0x8, &(0x7f0000000140)=0x0) io_cancel(r0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000001140)}, &(0x7f00000001c0)) 00:10:00 executing program 5: r0 = syz_open_dev$evdev(&(0x7f00000002c0)='/dev/input/event#\x00', 0x0, 0x5) write$binfmt_elf64(r0, &(0x7f00000000c0)=ANY=[], 0xffffffe8) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) getresuid(&(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000200)) fsetxattr$security_capability(0xffffffffffffffff, &(0x7f00000000c0)='security.capability\x00', &(0x7f0000000240)=@v3={0x3000000, [{0x9}, {0x0, 0x9}]}, 0x18, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000280)) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/if_inet6\x00') execveat(r1, &(0x7f0000000000)='./file0\x00', &(0x7f0000000100), &(0x7f0000000180), 0x0) 00:10:00 executing program 0: perf_event_open$cgroup(&(0x7f0000000500)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000280)}}, 0xffffffffffffff9c, 0x0, 0xffffffffffffff9c, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0xe, &(0x7f0000000080)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d64050000000000650404000104000004040000f2000000b7050000230000006a0a00feca70a8d78500000036000000b7000000000000009500000000000000"], &(0x7f0000000340)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r0, 0x0, 0xe, 0xb5, &(0x7f0000000100)="14de39349d3a8ce1d12d0d94d720", &(0x7f0000000380)=""/181, 0x8001}, 0x28) bpf$PROG_LOAD(0x5, &(0x7f0000011080)={0x0, 0x0, &(0x7f0000000340)=@raw, &(0x7f0000000380)='GPL\x00'}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x4, 0x0, 0xffffffffffffff9c}, 0x2c) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) 00:10:00 executing program 4: r0 = memfd_create(&(0x7f0000000380)='cpuacct.usage_percpu\x00', 0x0) unshare(0x20000000) clone(0x0, &(0x7f0000000040), &(0x7f0000000100), &(0x7f0000c35ffc), &(0x7f0000000140)) ioprio_set$pid(0x30000000002, 0x0, 0x800004000) ftruncate(r0, 0x8) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) wait4(0x0, 0x0, 0x0, &(0x7f00000002c0)) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000001c0)) io_setup(0x0, &(0x7f00000003c0)) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) 00:10:00 executing program 1: getpgrp(0xffffffffffffffff) 00:10:00 executing program 3: add_key$keyring(&(0x7f0000000480)='keyring\x00', &(0x7f00000004c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffd) 00:10:00 executing program 1: openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/cache_bypass\x00', 0x2, 0x0) 00:10:00 executing program 3: socketpair$inet_tcp(0x2, 0x1, 0x0, &(0x7f0000000100)) 00:10:00 executing program 2: r0 = socket$netlink(0x10, 0x3, 0xb) write(r0, &(0x7f0000000000), 0x0) 00:10:00 executing program 1: mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x100000c, 0x31, 0xffffffffffffffff, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) readv(r0, &(0x7f0000000000)=[{&(0x7f0000000100)=""/125, 0x7d}], 0x1) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$IP_VS_SO_SET_ZERO(r0, 0x0, 0x48f, &(0x7f00000000c0)={0x0, @loopback, 0x0, 0x0, 'lc\x00'}, 0x2c) 00:10:00 executing program 2: r0 = socket(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x40000000000001a, &(0x7f0000000300), 0x4) 00:10:00 executing program 3: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x40000000859, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f000002b000)='./file0\x00', 0x0) creat(&(0x7f0000002500)='./file0/bus\x00', 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000740)={{{@in=@multicast2, @in=@dev}}, {{@in6=@mcast1}, 0x0, @in6=@ipv4={[], [], @rand_addr}}}, &(0x7f0000000840)=0xe8) chown(&(0x7f00000000c0)='./file0/bus\x00', 0x0, 0x0) 00:10:00 executing program 0: r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000400)={'vcan0\x00', 0x0}) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f00000000c0)=0x2, 0x3e6) bind$xdp(r2, &(0x7f0000000240)={0x2c, 0x0, r1, 0x12}, 0x10) 00:10:01 executing program 5: syz_emit_ethernet(0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd60d4b36b00031100fe8000000000000000000000020000aa00000000000000000000ffff7f0000010000ffffffff000000000000000000000000000000000001bb98c917f27d69d8e9009540000000000000008ba2bc67b2e33d4e2107de2c58ac6055acda482642fa6a5c9901f233c2a0f4902d61cecccfb6c82f59da22536731812d70513989edf11106589eefd53a402fe43b27b229793f7df154240ed78021d065e86f89a5fceb8ec37716b28011b429490bca62079074b9d415e13a834908d6539fc4f91166d3d01eb0048f5e28bd18567c403400d8754f52477c2287408999d528bd1a898cc433c7868c78e9a67bd8cbebef7fc51c4be073506e581e30ad06f26d78be4865246058c4db5de397e67895894a0f77754f9c9d8b6529ec975636"], &(0x7f0000000040)) 00:10:01 executing program 4: clock_gettime(0xb, &(0x7f0000000680)) 00:10:01 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DAEMON(r0, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000200)={0x3c, r1, 0x531, 0x0, 0x0, {0x9}, [@IPVS_CMD_ATTR_DAEMON={0x28, 0x3, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'syzkaller1\x00'}, @IPVS_DAEMON_ATTR_STATE={0x8}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8}]}]}, 0x3c}}, 0x0) 00:10:01 executing program 2: syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x43b9, 0x0) 00:10:01 executing program 3: syz_emit_ethernet(0x4a, &(0x7f0000000240)={@link_local, @empty, [], {@ipv4={0x800, {{0x5, 0x4, 0x800e, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x4, 0x0, @empty, @broadcast}, @udp={0x0, 0x0, 0x28}}}}}, &(0x7f0000000380)) 00:10:01 executing program 0: r0 = socket$inet6(0xa, 0x3, 0xde) ioctl(r0, 0x8912, &(0x7f00000000c0)="153f6234488dd25d766070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4) connect$inet6(r1, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000006580)='tls\x00', 0x95d59845436eab44) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000100), 0x28) sendto$inet6(r1, &(0x7f00000002c0)="b7", 0x1, 0x8000, &(0x7f0000000340)={0xa, 0x0, 0x0, @mcast1}, 0x1c) connect(r1, &(0x7f0000000140)=@un=@file={0x0, './file0\x00'}, 0x80) sendmmsg(r1, &(0x7f0000005f00)=[{{&(0x7f0000004980)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000001500), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000001a010000010000007d00000000000000"], 0x18}}], 0x1, 0x0) connect(r1, &(0x7f0000000540)=@in6={0xa, 0x0, 0x0, @dev, 0x3}, 0x80) write$cgroup_type(r1, &(0x7f00000003c0)='threaded\x00', 0xfffffeec) [ 233.399827] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x2 [ 233.418006] IPVS: Unknown mcast interface: syzkaller1 [ 233.432487] IPVS: Unknown mcast interface: syzkaller1 00:10:01 executing program 5: r0 = socket(0x840000000015, 0x805, 0x0) getsockopt(r0, 0x114, 0x2711, &(0x7f0000af0fe7)=""/13, &(0x7f000033bffc)=0x29) 00:10:01 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000100), 0x10) r1 = socket(0xa, 0x1, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000000040)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_mreqn(r0, 0x0, 0x0, &(0x7f00000002c0)={@local={0xac, 0x8}, @dev}, 0x3) 00:10:02 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x46, &(0x7f00000000c0), 0x375) sendto$inet6(r0, &(0x7f0000000100), 0xd14b, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x0, 0x0, @loopback}, 0x1c) 00:10:02 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001500)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_inet_SIOCGIFNETMASK(0xffffffffffffffff, 0x891b, &(0x7f0000000140)={'bond0\x00', {0x2, 0x0, @broadcast}}) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000040), 0x4) ioctl$sock_inet_SIOCGIFNETMASK(0xffffffffffffffff, 0x891b, &(0x7f0000000100)={'ip_vti0\x00', {0x2, 0x0, @multicast2}}) r1 = dup2(r0, r0) ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, &(0x7f00000000c0)) write$P9_RWRITE(0xffffffffffffffff, &(0x7f0000000000)={0xb}, 0xb) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0x7, &(0x7f0000000080), 0x10) ioctl$int_in(r1, 0x5421, &(0x7f0000000200)) [ 233.464513] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x2 00:10:02 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001500)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000040), 0x4) r1 = dup2(r0, r0) ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, &(0x7f00000000c0)) write$P9_RXATTRCREATE(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KIOCSOUND(0xffffffffffffffff, 0x4b2f, 0x0) write$P9_RCLUNK(r1, &(0x7f0000000000)={0x7}, 0x7) 00:10:02 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001500)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000040), 0x4) r1 = dup2(r0, r0) ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, &(0x7f00000000c0)) ioctl$sock_SIOCGSKNS(0xffffffffffffffff, 0x894c, &(0x7f0000000200)=0x7) ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, &(0x7f0000000240)) write$P9_RXATTRCREATE(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) flistxattr(0xffffffffffffffff, &(0x7f0000000100)=""/166, 0xa6) ioctl$FIONREAD(r1, 0x541b, &(0x7f0000000000)) 00:10:02 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001500)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_inet_SIOCGIFNETMASK(0xffffffffffffffff, 0x891b, &(0x7f0000000140)={'bond0\x00', {0x2, 0x0, @broadcast}}) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000040), 0x4) ioctl$sock_inet_SIOCGIFNETMASK(0xffffffffffffffff, 0x891b, &(0x7f0000000100)={'ip_vti0\x00', {0x2, 0x0, @multicast2}}) r1 = dup2(r0, r0) ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, &(0x7f00000000c0)) write$P9_RWRITE(r1, &(0x7f0000000000)={0xb}, 0xb) 00:10:02 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00'], 0x1) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) write$cgroup_pid(r2, &(0x7f0000000200), 0x7) 00:10:02 executing program 1: r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000400)={'vcan0\x00', 0x0}) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_TX_RING(r2, 0x11b, 0x3, &(0x7f00000000c0)=0x2, 0x3e6) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/17, 0x10000, 0x1000}, 0x18) setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000200)=0x8, 0x4) setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f00000002c0)=0x100, 0x308) bind$xdp(r2, &(0x7f0000000240)={0x2c, 0x6, r1}, 0x10) 00:10:02 executing program 3: r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/net/tun\x00', 0x2, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000680)={"030000000000af00", 0x1000e803}) write$binfmt_aout(r0, &(0x7f0000000700)={{0x0, 0x0, 0x0, 0x126, 0x2d3}}, 0x20) 00:10:02 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f00000003c0)="0f20c035100000000f22c0c4c1f87766baf80cb8aedf018fef66bafc0c66ed0f01ef8149000f00000036f30f2000c4c37962530782670fc75b39643e2e0f01cf66baf80cb86c5fbb8aef66bafc0c66b8e07166ef", 0x54}], 0x1, 0x0, &(0x7f0000000040), 0xfffffffffffff29) timer_create(0x0, &(0x7f0000000300)={0x0, 0x0, 0x0, @thr={&(0x7f00000004c0), &(0x7f0000000040)="240fa2"}}, &(0x7f0000000240)) setsockopt$bt_l2cap_L2CAP_OPTIONS(0xffffffffffffffff, 0x6, 0x1, &(0x7f0000000000)={0x0, 0x0, 0x6}, 0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) write$binfmt_aout(0xffffffffffffffff, &(0x7f00000005c0), 0x20) read(0xffffffffffffffff, &(0x7f00000004c0)=""/244, 0xfffffea0) [ 233.853541] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 00:10:02 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000380), 0xffffffffffffffff) clock_adjtime(0x0, &(0x7f0000000280)) 00:10:02 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000940)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, &(0x7f0000000000)) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000001900)=ANY=[]) ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000540)=0x1) 00:10:02 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0) wait4(0x0, &(0x7f0000000040), 0x0, &(0x7f00000000c0)) alarm(0x0) 00:10:02 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001500)={0xffffffffffffffff}) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000040), 0x4) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, &(0x7f00000000c0)) write$P9_RXATTRCREATE(0xffffffffffffffff, &(0x7f0000000080)={0x7}, 0x7) ioctl$KIOCSOUND(0xffffffffffffffff, 0x4b2f, 0x0) write$P9_RCLUNK(r0, &(0x7f0000000100)={0x7}, 0x611) 00:10:02 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendto$unix(r0, &(0x7f0000000180), 0x0, 0x44094, 0x0, 0x385) 00:10:02 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) rt_sigpending(&(0x7f0000000040), 0x8) 00:10:02 executing program 1: r0 = gettid() r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) wait4(r0, &(0x7f0000000000), 0x0, &(0x7f00000000c0)) 00:10:02 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f00000003c0)="0f20c035100000000f22c0c4c1f87766baf80cb8aedf018fef66bafc0c66ed0f01ef8149000f00000036f30f2000c4c37962530782670fc75b39643e2e0f01cf66baf80cb86c5fbb8aef66bafc0c66b8e07166ef", 0x54}], 0x1, 0x0, &(0x7f0000000040), 0xfffffffffffff29) timer_create(0x0, &(0x7f0000000300)={0x0, 0x0, 0x0, @thr={&(0x7f00000004c0), &(0x7f0000000040)="240fa2"}}, &(0x7f0000000240)) setsockopt$bt_l2cap_L2CAP_OPTIONS(0xffffffffffffffff, 0x6, 0x1, &(0x7f0000000000)={0x0, 0x0, 0x6}, 0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) write$binfmt_aout(0xffffffffffffffff, &(0x7f00000005c0), 0x20) read(0xffffffffffffffff, &(0x7f00000004c0)=""/244, 0xfffffea0) 00:10:02 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x3000011, 0x32, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:10:02 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f0000000340)}], 0x1) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x131f64) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff) sync() setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x0, 0x485, 0x0, 0x0) 00:10:02 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/l2cap\x00') 00:10:02 executing program 0: perf_event_open(&(0x7f000001d000)={0x200000002, 0x70, 0x5, 0x108000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040)='/dev/rtc0\x00', 0x80000, 0x0) ioctl$RTC_UIE_ON(r0, 0x7003) 00:10:03 executing program 1: perf_event_open(&(0x7f000001d000)={0x200000002, 0x70, 0x5, 0x108000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f00000006c0)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000000)={0x4, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x4000200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={0xffffffffffffffff, 0x0, 0x0, 0xf3, &(0x7f0000000380), &(0x7f0000000280)=""/243, 0x0, 0x8}, 0x28) mount(&(0x7f00008deff8), &(0x7f0000343ff8)='./file0\x00', &(0x7f000015bffc)='nfs\x00', 0x0, &(0x7f0000000000)) 00:10:03 executing program 5: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x1, &(0x7f0000527ff8), 0x2, 0x0) mlock(&(0x7f0000945000/0x4000)=nil, 0x4000) mbind(&(0x7f0000126000/0x3000)=nil, 0x3321a8df32ee8487, 0x0, &(0x7f000016e000), 0x5, 0x0) 00:10:03 executing program 3: r0 = syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x0, 0x1100082) r1 = memfd_create(&(0x7f0000000000)='/dev/loop#\x00', 0x0) ioctl$EVIOCGABS0(r1, 0x80184540, &(0x7f0000000040)=""/86) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000200)='\'', 0x1}], 0x1, 0x1081806) getpid() ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, &(0x7f0000000100), 0xffffffff) sendfile(r0, r0, &(0x7f0000000240), 0x2000005) 00:10:03 executing program 0: r0 = socket$inet6(0xa, 0x80003, 0x800000000000006) ioctl(r0, 0x8912, &(0x7f0000000280)="313f6234488dd25d766070") unshare(0x8020000) r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00') setns(r1, 0x0) 00:10:03 executing program 1: clone(0x0, 0x0, 0xfffffffffffffffe, &(0x7f0000000380), 0xffffffffffffffff) statfs(&(0x7f0000000000)='./file0\x00', &(0x7f00000003c0)=""/4096) 00:10:03 executing program 5: 00:10:03 executing program 5: 00:10:03 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f00000003c0)="0f20c035100000000f22c0c4c1f87766baf80cb8aedf018fef66bafc0c66ed0f01ef8149000f00000036f30f2000c4c37962530782670fc75b39643e2e0f01cf66baf80cb86c5fbb8aef66bafc0c66b8e07166ef", 0x54}], 0x1, 0x0, &(0x7f0000000040), 0xfffffffffffff29) timer_create(0x0, &(0x7f0000000300)={0x0, 0x0, 0x0, @thr={&(0x7f00000004c0), &(0x7f0000000040)="240fa2"}}, &(0x7f0000000240)) setsockopt$bt_l2cap_L2CAP_OPTIONS(0xffffffffffffffff, 0x6, 0x1, &(0x7f0000000000)={0x0, 0x0, 0x6}, 0xc) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) write$binfmt_aout(0xffffffffffffffff, &(0x7f00000005c0), 0x20) read(0xffffffffffffffff, &(0x7f00000004c0)=""/244, 0xfffffea0) 00:10:03 executing program 1: 00:10:03 executing program 0: 00:10:03 executing program 5: 00:10:03 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f0000000340)}], 0x1) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x131f64) clone(0x2102001ff9, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff) sync() setsockopt$IP_VS_SO_SET_FLUSH(r1, 0x0, 0x485, 0x0, 0x0) 00:10:03 executing program 1: openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='io.stat\x00', 0x26e1, 0x0) write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, 0x0, {0x7, 0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff8}}, 0x50) ioctl$FS_IOC_FSSETXATTR(r1, 0x40086602, &(0x7f0000000140)) socketpair$inet_udplite(0x2, 0x2, 0x88, &(0x7f0000000600)) write$cgroup_int(0xffffffffffffffff, &(0x7f00000000c0), 0xfffffcee) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) socket$inet6(0xa, 0x0, 0x0) r2 = socket$inet6(0xa, 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000480)=0x0) ioctl$sock_SIOCSPGRP(r0, 0x8902, &(0x7f0000000500)=r3) r4 = dup(r2) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000000), &(0x7f0000000240)=0x14) bind$inet6(r2, &(0x7f0000000440)={0xa, 0x4e20}, 0x1c) sendto$inet6(r4, &(0x7f00000007c0), 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000540)=0x450, 0xfffffffffffffe8f) gettid() ioprio_get$pid(0x0, 0x0) ioctl$sock_FIOGETOWN(r4, 0x8903, &(0x7f0000000400)) perf_event_open(&(0x7f0000000380)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0)}}, 0x0, 0x0, 0xffffffffffffff9c, 0x0) ioctl$EVIOCGABS20(0xffffffffffffffff, 0x80184560, &(0x7f0000000280)=""/218) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) r5 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) socketpair$inet_udplite(0x2, 0x2, 0x88, &(0x7f0000000580)) ftruncate(r5, 0x280080) sendfile(r4, r5, &(0x7f0000d83ff8), 0x2008000fffffffe) 00:10:03 executing program 0: [ 235.502410] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 235.536608] syz-executor3 (7386) used greatest stack depth: 15880 bytes left 00:10:04 executing program 3: 00:10:04 executing program 5: 00:10:04 executing program 0: 00:10:04 executing program 5: 00:10:04 executing program 0: 00:10:04 executing program 3: 00:10:04 executing program 5: 00:10:04 executing program 0: 00:10:04 executing program 4: 00:10:04 executing program 2: 00:10:04 executing program 2: 00:10:04 executing program 0: 00:10:04 executing program 5: 00:10:04 executing program 3: 00:10:04 executing program 4: 00:10:04 executing program 1: 00:10:04 executing program 2: 00:10:04 executing program 4: 00:10:04 executing program 5: 00:10:04 executing program 3: 00:10:04 executing program 0: 00:10:05 executing program 2: 00:10:05 executing program 0: 00:10:05 executing program 5: 00:10:05 executing program 4: 00:10:05 executing program 1: 00:10:05 executing program 3: 00:10:05 executing program 4: 00:10:05 executing program 0: 00:10:05 executing program 2: 00:10:05 executing program 1: 00:10:05 executing program 3: 00:10:05 executing program 5: 00:10:05 executing program 4: 00:10:05 executing program 0: 00:10:05 executing program 5: 00:10:05 executing program 3: 00:10:05 executing program 1: 00:10:05 executing program 2: 00:10:05 executing program 4: 00:10:05 executing program 0: 00:10:05 executing program 3: perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) futex(&(0x7f0000000ffc), 0x85, 0x0, &(0x7f00000000c0)={0xffff, 0x4}, &(0x7f0000000ffc), 0xfffffffffffffffe) 00:10:05 executing program 2: 00:10:05 executing program 5: 00:10:05 executing program 1: 00:10:05 executing program 4: 00:10:05 executing program 0: 00:10:05 executing program 5: 00:10:05 executing program 1: 00:10:05 executing program 2: [ 237.112762] futex_wake_op: syz-executor3 tries to shift op by -1; fix this program 00:10:05 executing program 4: 00:10:05 executing program 0: [ 237.177982] futex_wake_op: syz-executor3 tries to shift op by -1; fix this program 00:10:05 executing program 5: 00:10:05 executing program 3: 00:10:05 executing program 4: 00:10:05 executing program 2: 00:10:05 executing program 1: 00:10:05 executing program 0: 00:10:05 executing program 5: 00:10:05 executing program 3: 00:10:05 executing program 5: 00:10:06 executing program 2: 00:10:06 executing program 4: 00:10:06 executing program 1: 00:10:06 executing program 0: 00:10:06 executing program 3: 00:10:06 executing program 4: 00:10:06 executing program 2: 00:10:06 executing program 1: 00:10:06 executing program 0: 00:10:06 executing program 5: 00:10:06 executing program 4: 00:10:06 executing program 3: 00:10:06 executing program 0: 00:10:06 executing program 2: 00:10:06 executing program 1: 00:10:06 executing program 3: 00:10:06 executing program 5: 00:10:06 executing program 4: 00:10:06 executing program 0: 00:10:06 executing program 2: 00:10:06 executing program 1: 00:10:06 executing program 3: 00:10:06 executing program 5: 00:10:06 executing program 2: 00:10:06 executing program 4: 00:10:06 executing program 0: 00:10:06 executing program 1: 00:10:06 executing program 3: 00:10:06 executing program 4: 00:10:06 executing program 0: 00:10:06 executing program 2: 00:10:06 executing program 5: 00:10:06 executing program 3: 00:10:06 executing program 4: 00:10:06 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000040)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000001940)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) ioctl$BLKIOOPT(0xffffffffffffffff, 0x1279, &(0x7f00000000c0)) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00004edfd0)={0x5, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0b6300000e"]}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000007000)={0x2, 0x0, &(0x7f0000005fd4)=ANY=[@ANYBLOB="1163"], 0x0, 0x0, &(0x7f00004ee64e)}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) read$eventfd(0xffffffffffffffff, &(0x7f0000000080), 0x8) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000efd0)={0x0, 0x0, &(0x7f0000000040), 0x1, 0xfdfd, &(0x7f0000000340)='\x00'}) 00:10:06 executing program 1: r0 = epoll_create1(0x0) close(r0) signalfd(0xffffffffffffffff, &(0x7f0000000080), 0x8) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) ppoll(&(0x7f0000000100)=[{r0}], 0x1, &(0x7f00000001c0)={0x0, r1+30000000}, &(0x7f0000000200), 0x8) signalfd4(r0, &(0x7f0000000000), 0x8, 0x0) 00:10:06 executing program 5: clone(0x3102001ffb, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) r0 = gettid() wait4(0x0, &(0x7f00000002c0), 0x80000000, &(0x7f0000000340)) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1b) tkill(r0, 0x1d) ptrace$cont(0x1f, r0, 0x0, 0x0) 00:10:06 executing program 0: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x10, 0x3, 0xc) sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="24000000030307031dfffd946ff20c0020200a0009000100021d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) 00:10:06 executing program 3: lookup_dcookie(0x401, &(0x7f0000000280)=""/200, 0xc8) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f00000001c0)={0x0, 0x14, 0x0, r0}) fcntl$F_GET_RW_HINT(r1, 0x40b, &(0x7f0000000100)) connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e20, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000480)=ANY=[@ANYBLOB="b7020000fe000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001000000b7030000000000006a0a00fe000000008500000012000000b7000000000000009500000000000000"], &(0x7f0000000340)='ser\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r2, 0x0, 0xe, 0xd7, &(0x7f0000000840)="16131a4abd08284a2535e4f83499", &(0x7f0000000380)=""/215, 0x24c}, 0x28) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000540)='/dev/rtc0\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_MOD(r3, 0x3, 0xffffffffffffffff, &(0x7f0000000500)={0x2ba6bc08a7c3421c}) 00:10:07 executing program 4: socket$nl_generic(0x10, 0x3, 0x10) keyctl$join(0x1, &(0x7f0000000300)={'syz', 0x3}) lstat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setfsgid(r0) ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, &(0x7f0000000340)=""/180) timer_create(0x7, &(0x7f00000004c0)={0x0, 0x37, 0x4, @thr={&(0x7f00000005c0)="45e4d7cb3d36c8bc5b2c554366262f0aaa49c02a6465f844a3d57109f877bcc49ac854fae35d5ba966a61961721d4921dcf508fc530e732e85ded6deb33ad40efa6cd888a846e3ec221cb0b9d81648a2fc06d896e2ae0f1570c3bb522b8b7bf37f4b1022465bb554f4443858d66091ef6b806ff54befb198abf080220891b94f884495dfcf2813bb3ab83b89941b94f4c9cd71929174ccd2b1722620d18594e2ee870442100bddea82d109902bcf20e35aa7c3640003c9ee70862db98242e95dbfc8004d974a185027ebd0295396687f6a22566ab8c08e305410d69c3664a63f2a7f82ac3da7b925d3cb3c4e1304f3b7cdbed719dc73d5b3549c", &(0x7f00000006c0)="5b2bcd1a0fdc85f7845f7f94caac2ec58a7f71d7d3e5c6993d869c18b236dbf1a6e101595a920677f95931909b609702c5030575e48318219f9f161ed1fbf7ac41edd55c95a1219c7d530f656eb9235c74e31f07fdffae1c4431a9c47e14254df20fdcb452ecc468f9eac4"}}, &(0x7f0000000740)=0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000a00)='/dev/null\x00', 0x400, 0x0) write$P9_RREADDIR(r2, &(0x7f0000000a40)={0xe4, 0x29, 0x2, {0xffffffff, [{{0x80, 0x1}, 0xb2c1, 0xfffffffffffff000, 0x7, './file0'}, {{0x1, 0x1, 0x8}, 0xac, 0x8, 0x7, './file1'}, {{0xa0, 0x1}, 0x3, 0x9, 0x7, './file0'}, {{0x80, 0x4, 0x5}, 0x5, 0x7fffffff, 0x7, './file0'}, {{0x71, 0x0, 0x2}, 0x10001, 0x2, 0x7, './file0'}, {{0x0, 0x3, 0x6}, 0x5, 0x1, 0x7, './file0'}, {{0x4, 0x1, 0x5}, 0xa11, 0xfd3, 0x7, './file0'}]}}, 0xe4) timer_delete(r1) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) getrlimit(0x6, &(0x7f0000000900)) vmsplice(0xffffffffffffffff, &(0x7f0000000540), 0xb9, 0x0) ioctl$EVIOCSABS0(r4, 0x401845c0, &(0x7f0000000080)={0xfffffffffffffffd}) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000440)={0xffffffffffffffff, 0x28, &(0x7f0000000400)={0x0, 0x0}}, 0x10) ioctl$TIOCPKT(r2, 0x5420, &(0x7f0000000b80)=0x1) write$P9_RLOPEN(r3, &(0x7f0000000880)={0x18, 0xd, 0x3, {{0x80, 0x4, 0x7}, 0xffffffffffff0e4b}}, 0x18) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000480)={r5, 0x51}, 0xc) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = getpgrp(0xffffffffffffffff) openat$uhid(0xffffffffffffff9c, &(0x7f0000000b40)='/dev/uhid\x00', 0x2, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000000580)=0x6, 0x4) mprotect(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002) ioctl$TUNSETPERSIST(r4, 0x400454cb, 0x0) syz_open_procfs$namespace(r6, &(0x7f00000007c0)='ns/net\x00') getpeername(r4, &(0x7f0000000280)=@hci, &(0x7f0000000240)=0x36a) io_setup(0x0, &(0x7f0000000180)) clone(0x1000000070024104, &(0x7f0000000780)="60eb8e60ad79eb0277580b71695ae542ad1ed11cacaf10317f60c0e7cd79c98122e72f2c952fbb46f062b940290a66e1d2b97ab3f4f5393e", &(0x7f0000000200), &(0x7f00000001c0), &(0x7f0000000940)="f3fb973e6d716e1b34197b16e9d562162a51367ea8004acee335b7bf3a754dfc6bb63c5464e244378658817152ac9638eb8fee31164475ffbfdd2e4cb7cc02da967a000a3a669df8ab6bad81c21b021a72d50604ee162519db40ec752e4d7fa3a8cbe1d5ec70e5d6b92b68e4ea90483ca24ed8ad931b9f6241f843e00923d25fe466eba9147992bdfb9bc2c068ab0553238d2e491edceb9f5833f0f018cf745ad5837ca36f39507c35782559a1235d7c43272d9de5654e4030ed2b90bf78") perf_event_open(&(0x7f0000000040)={0x1, 0x70}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) writev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000800)="480000001500197f09004b0101048c590188ffffcf5d3474bc9240e10520613057fff7e07900e0413ff26bb452cf9e8a62bf5b3b8c3cfe5f0028213ee20600d4ff5bffff00c7e5ed", 0x48}], 0x1) ioctl$TUNATTACHFILTER(r3, 0x401054d5, &(0x7f00000008c0)={0x4, &(0x7f0000000100)=[{0xc76, 0xff, 0x1, 0x7f}, {0x8, 0xffffffff, 0x100000001, 0x3}, {0xffff, 0x46, 0x5, 0x3ff}, {0xfffffffffffffff7, 0x4, 0x5, 0x2}]}) [ 238.467781] binder: 7635:7636 ERROR: BC_REGISTER_LOOPER called without request [ 238.487775] binder: 7635:7636 unknown command 14 [ 238.506904] binder: 7635:7636 ioctl c0306201 204edfd0 returned -22 00:10:07 executing program 1: r0 = epoll_create1(0x0) close(r0) signalfd(0xffffffffffffffff, &(0x7f0000000080), 0x8) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) ppoll(&(0x7f0000000100)=[{r0}], 0x1, &(0x7f00000001c0)={0x0, r1+30000000}, &(0x7f0000000200), 0x8) signalfd4(r0, &(0x7f0000000000), 0x8, 0x0) 00:10:07 executing program 5: socketpair$unix(0x1, 0x2000080000000005, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f00000016c0)={&(0x7f00000002c0), 0xc, &(0x7f0000001680)={&(0x7f0000000100)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000fcffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004b00000000000000000000000000000000000000000000000000000000000000000000d19c2a1acee640d9700ec3a0af499ec495f480f51845ad5ca26f8a8123acfa77b329c94cefa309ba95e87b7f72415185bc3622dfe0ebdde955bc848487f991e530e10a0e2bd25a1e4ca3f0ac17c32b702f7c67adc0680c8c6063c000ade8ff4734d41b305772b8045ed9fed8fa7c3897d877c5d80a3a5b33a532b537cd62de2fa73cd02cf7c04708e232ec5f017c64de4d1c0b3b777ca709f0a4055cb1d56c27d3729caf877685c19783be35f3b88a3587411cf2f662173f8f139e90f13f191dc4254004aaa413f79c804fda963940b13f187979b498578aeb84727d43df3611203f27ddd0ebbe6bea"], 0x1}}, 0x0) [ 238.539153] binder: 7635:7655 unknown command 25361 00:10:07 executing program 0: socket$nl_generic(0x10, 0x3, 0x10) keyctl$join(0x1, &(0x7f0000000300)={'syz', 0x3}) lstat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setfsgid(r0) ioctl$EVIOCGKEYCODE_V2(0xffffffffffffffff, 0x80284504, &(0x7f0000000340)=""/180) timer_create(0x7, &(0x7f00000004c0)={0x0, 0x37, 0x4, @thr={&(0x7f00000005c0)="45e4d7cb3d36c8bc5b2c554366262f0aaa49c02a6465f844a3d57109f877bcc49ac854fae35d5ba966a61961721d4921dcf508fc530e732e85ded6deb33ad40efa6cd888a846e3ec221cb0b9d81648a2fc06d896e2ae0f1570c3bb522b8b7bf37f4b1022465bb554f4443858d66091ef6b806ff54befb198abf080220891b94f884495dfcf2813bb3ab83b89941b94f4c9cd71929174ccd2b1722620d18594e2ee870442100bddea82d109902bcf20e35aa7c3640003c9ee70862db98242e95dbfc8004d974a185027ebd0295396687f6a22566ab8c08e305410d69c3664a63f2a7f82ac3da7b925d3cb3c4e1304f3b7cdbed719dc73d5b3549c", &(0x7f00000006c0)="5b2bcd1a0fdc85f7845f7f94caac2ec58a7f71d7d3e5c6993d869c18b236dbf1a6e101595a920677f95931909b609702c5030575e48318219f9f161ed1fbf7ac41edd55c95a1219c7d530f656eb9235c74e31f07fdffae1c4431a9c47e14254df20fdcb452ecc468f9eac4"}}, &(0x7f0000000740)=0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000a00)='/dev/null\x00', 0x400, 0x0) write$P9_RREADDIR(r2, &(0x7f0000000a40)={0xe4, 0x29, 0x2, {0xffffffff, [{{0x80, 0x1}, 0xb2c1, 0xfffffffffffff000, 0x7, './file0'}, {{0x1, 0x1, 0x8}, 0xac, 0x8, 0x7, './file1'}, {{0xa0, 0x1}, 0x3, 0x9, 0x7, './file0'}, {{0x80, 0x4, 0x5}, 0x5, 0x7fffffff, 0x7, './file0'}, {{0x71, 0x0, 0x2}, 0x10001, 0x2, 0x7, './file0'}, {{0x0, 0x3, 0x6}, 0x5, 0x1, 0x7, './file0'}, {{0x4, 0x1, 0x5}, 0xa11, 0xfd3, 0x7, './file0'}]}}, 0xe4) timer_delete(r1) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) getrlimit(0x6, &(0x7f0000000900)) vmsplice(0xffffffffffffffff, &(0x7f0000000540), 0xb9, 0x0) ioctl$EVIOCSABS0(r4, 0x401845c0, &(0x7f0000000080)={0xfffffffffffffffd}) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000440)={0xffffffffffffffff, 0x28, &(0x7f0000000400)={0x0, 0x0}}, 0x10) ioctl$TIOCPKT(r2, 0x5420, &(0x7f0000000b80)=0x1) write$P9_RLOPEN(r3, &(0x7f0000000880)={0x18, 0xd, 0x3, {{0x80, 0x4, 0x7}, 0xffffffffffff0e4b}}, 0x18) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000480)={r5, 0x51}, 0xc) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = getpgrp(0xffffffffffffffff) openat$uhid(0xffffffffffffff9c, &(0x7f0000000b40)='/dev/uhid\x00', 0x2, 0x0) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000000580)=0x6, 0x4) mprotect(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002) ioctl$TUNSETPERSIST(r4, 0x400454cb, 0x0) syz_open_procfs$namespace(r6, &(0x7f00000007c0)='ns/net\x00') io_setup(0x0, &(0x7f0000000180)) clone(0x1000000070024104, &(0x7f0000000780)="60eb8e60ad79eb0277580b71695ae542ad1ed11cacaf10317f60c0e7cd79c98122e72f2c952fbb46f062b940290a66e1d2b97ab3f4f5393e", &(0x7f0000000200), &(0x7f00000001c0), &(0x7f0000000940)="f3fb973e6d716e1b34197b16e9d562162a51367ea8004acee335b7bf3a754dfc6bb63c5464e244378658817152ac9638eb8fee31164475ffbfdd2e4cb7cc02da967a000a3a669df8ab6bad81c21b021a72d50604ee162519db40ec752e4d7fa3a8cbe1d5ec70e5d6b92b68e4ea90483ca24ed8ad931b9f6241f843e00923d25fe466eba9147992bdfb9bc2c068ab0553238d2e491edceb9f5833f0f018cf745ad5837ca36f39507c35782559a1235d7c43272d9de5654e4030ed2b90bf78") perf_event_open(&(0x7f0000000040)={0x1, 0x70}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) writev(0xffffffffffffffff, &(0x7f0000000080)=[{&(0x7f0000000800)="480000001500197f09004b0101048c590188ffffcf5d3474bc9240e10520613057fff7e07900e0413ff26bb452cf9e8a62bf5b3b8c3cfe5f0028213ee20600d4ff5bffff00c7e5ed", 0x48}], 0x1) ioctl$TUNATTACHFILTER(r3, 0x401054d5, &(0x7f00000008c0)={0x4, &(0x7f0000000100)=[{0xc76, 0xff, 0x1, 0x7f}, {0x8, 0xffffffff, 0x100000001, 0x3}, {0xffff, 0x46, 0x5, 0x3ff}, {0xfffffffffffffff7, 0x4, 0x5, 0x2}]}) [ 238.579579] binder: 7635:7655 ioctl c0306201 20007000 returned -22 [ 238.703430] ODEBUG: object 00000000f479e4a1 is on stack 00000000fd334952, but NOT annotated. [ 238.715455] WARNING: CPU: 1 PID: 7664 at lib/debugobjects.c:369 __debug_object_init.cold.14+0x51/0xdf [ 238.724813] Kernel panic - not syncing: panic_on_warn set ... [ 238.730700] CPU: 1 PID: 7664 Comm: syz-executor3 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 238.739128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 238.748474] Call Trace: [ 238.751071] dump_stack+0x244/0x39d [ 238.754699] ? dump_stack_print_info.cold.1+0x20/0x20 [ 238.759896] panic+0x2ad/0x55c [ 238.763086] ? add_taint.cold.5+0x16/0x16 [ 238.767238] ? __warn.cold.8+0x5/0x45 [ 238.771048] ? __debug_object_init.cold.14+0x51/0xdf [ 238.776154] __warn.cold.8+0x20/0x45 [ 238.779872] ? __debug_object_init.cold.14+0x51/0xdf [ 238.784980] report_bug+0x254/0x2d0 [ 238.788672] do_error_trap+0x11b/0x200 [ 238.792571] do_invalid_op+0x36/0x40 [ 238.796284] ? __debug_object_init.cold.14+0x51/0xdf [ 238.801433] invalid_op+0x14/0x20 [ 238.804888] RIP: 0010:__debug_object_init.cold.14+0x51/0xdf [ 238.810596] Code: ea 03 80 3c 02 00 75 7c 49 8b 54 24 18 48 89 de 48 c7 c7 c0 f1 40 88 4c 89 85 d0 fd ff ff e8 09 8c d1 fd 4c 8b 85 d0 fd ff ff <0f> 0b e9 09 d6 ff ff 41 83 c4 01 b8 ff ff 37 00 44 89 25 b7 4e 66 [ 238.829493] RSP: 0018:ffff880180a37308 EFLAGS: 00010086 [ 238.834863] RAX: 0000000000000050 RBX: ffff880180a37af8 RCX: ffffc900082b8000 [ 238.842128] RDX: 0000000000000000 RSI: ffffffff816585a5 RDI: 0000000000000005 [ 238.849393] RBP: ffff880180a37560 R08: ffff8801cc5a7b38 R09: ffffed003b5e5008 [ 238.856659] R10: ffffed003b5e5008 R11: ffff8801daf28047 R12: ffff880180a2c680 [ 238.863923] R13: 00000000000e74c0 R14: ffff880180a2c680 R15: ffff8801cc5a7b28 [ 238.871206] ? vprintk_func+0x85/0x181 [ 238.875102] ? __debug_object_init.cold.14+0x4a/0xdf [ 238.880205] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 238.884794] ? debug_object_free+0x690/0x690 [ 238.889204] ? unwind_get_return_address+0x61/0xa0 [ 238.894138] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 238.899245] ? depot_save_stack+0x292/0x470 [ 238.903573] ? save_stack+0xa9/0xd0 [ 238.907206] ? save_stack+0x43/0xd0 [ 238.910830] ? kasan_kmalloc+0xc7/0xe0 [ 238.914719] ? bpf_test_init.isra.10+0x98/0x100 [ 238.919389] ? zap_class+0x640/0x640 [ 238.923101] ? do_syscall_64+0x1b9/0x820 [ 238.927160] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 238.932529] ? find_held_lock+0x36/0x1c0 [ 238.936601] debug_object_init+0x16/0x20 [ 238.940671] init_timer_key+0xa9/0x480 [ 238.944567] ? init_timer_on_stack_key+0xe0/0xe0 [ 238.949323] ? __might_fault+0x12b/0x1e0 [ 238.953387] ? __lockdep_init_map+0x105/0x590 [ 238.957886] ? __lockdep_init_map+0x105/0x590 [ 238.962384] ? lockdep_init_map+0x9/0x10 [ 238.966448] sock_init_data+0xe1/0xdc0 [ 238.970332] ? sk_stop_timer+0x50/0x50 [ 238.974228] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 238.979764] ? _copy_from_user+0xdf/0x150 [ 238.983915] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 238.989451] ? bpf_test_init.isra.10+0x70/0x100 [ 238.994121] bpf_prog_test_run_skb+0x255/0xc40 [ 238.998710] ? __lock_acquire+0x62f/0x4c20 [ 239.002946] ? bpf_test_finish.isra.9+0x1f0/0x1f0 [ 239.007789] ? __lock_acquire+0x62f/0x4c20 [ 239.012113] ? fput+0x130/0x1a0 [ 239.015414] ? __bpf_prog_get+0x9b/0x290 [ 239.019479] ? bpf_test_finish.isra.9+0x1f0/0x1f0 [ 239.024323] bpf_prog_test_run+0x130/0x1a0 [ 239.028565] __x64_sys_bpf+0x3d8/0x510 [ 239.032455] ? bpf_prog_get+0x20/0x20 [ 239.036271] do_syscall_64+0x1b9/0x820 [ 239.040167] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 239.045530] ? syscall_return_slowpath+0x5e0/0x5e0 [ 239.050466] ? trace_hardirqs_on_caller+0x310/0x310 [ 239.055484] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 239.060502] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 239.067170] ? __switch_to_asm+0x40/0x70 [ 239.071230] ? __switch_to_asm+0x34/0x70 [ 239.075296] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 239.080143] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 239.085331] RIP: 0033:0x457569 [ 239.088528] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 239.107427] RSP: 002b:00007f8ac6e4cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 239.115129] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 239.122392] RDX: 0000000000000028 RSI: 0000000020000140 RDI: 000000000000000a [ 239.129661] RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000 [ 239.136929] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8ac6e4d6d4 [ 239.144196] R13: 00000000004bd892 R14: 00000000004cc208 R15: 00000000ffffffff [ 239.151496] [ 239.151503] ====================================================== [ 239.151509] WARNING: possible circular locking dependency detected [ 239.151514] 4.19.0-rc8-next-20181019+ #98 Not tainted [ 239.151520] ------------------------------------------------------ [ 239.151526] syz-executor3/7664 is trying to acquire lock: [ 239.151530] 00000000f14ea0e6 ((console_sem).lock){-.-.}, at: down_trylock+0x13/0x70 [ 239.151551] [ 239.151556] but task is already holding lock: [ 239.151560] 000000003e1740a6 (&obj_hash[i].lock){-.-.}, at: __debug_object_init+0x127/0x1290 [ 239.151577] [ 239.151582] which lock already depends on the new lock. [ 239.151585] [ 239.151588] [ 239.151594] the existing dependency chain (in reverse order) is: [ 239.151596] [ 239.151599] -> #3 (&obj_hash[i].lock){-.-.}: [ 239.151615] _raw_spin_lock_irqsave+0x99/0xd0 [ 239.151620] __debug_object_init+0x127/0x1290 [ 239.151625] debug_object_init+0x16/0x20 [ 239.151630] hrtimer_init+0x97/0x490 [ 239.151635] init_dl_task_timer+0x1b/0x50 [ 239.151639] __sched_fork+0x2ae/0x590 [ 239.151644] init_idle+0x75/0x740 [ 239.151648] sched_init+0xb33/0xc02 [ 239.151653] start_kernel+0x4be/0xa2b [ 239.151658] x86_64_start_reservations+0x2e/0x30 [ 239.151663] x86_64_start_kernel+0x76/0x79 [ 239.151668] secondary_startup_64+0xa4/0xb0 [ 239.151670] [ 239.151673] -> #2 (&rq->lock){-.-.}: [ 239.151688] _raw_spin_lock+0x2d/0x40 [ 239.151693] task_fork_fair+0xb0/0x6d0 [ 239.151697] sched_fork+0x443/0xba0 [ 239.151702] copy_process+0x2585/0x8770 [ 239.151706] _do_fork+0x1cb/0x11c0 [ 239.151711] kernel_thread+0x34/0x40 [ 239.151715] rest_init+0x28/0x372 [ 239.151720] arch_call_rest_init+0xe/0x1b [ 239.151725] start_kernel+0x9f0/0xa2b [ 239.151730] x86_64_start_reservations+0x2e/0x30 [ 239.151735] x86_64_start_kernel+0x76/0x79 [ 239.151740] secondary_startup_64+0xa4/0xb0 [ 239.151742] [ 239.151745] -> #1 (&p->pi_lock){-.-.}: [ 239.151761] _raw_spin_lock_irqsave+0x99/0xd0 [ 239.151766] try_to_wake_up+0xd2/0x12e0 [ 239.151770] wake_up_process+0x10/0x20 [ 239.151775] __up.isra.1+0x1c0/0x2a0 [ 239.151779] up+0x13c/0x1c0 [ 239.151783] __up_console_sem+0xbe/0x1b0 [ 239.151788] console_unlock+0x80c/0x1190 [ 239.151793] vprintk_emit+0x391/0x990 [ 239.151797] vprintk_default+0x28/0x30 [ 239.151802] vprintk_func+0x7e/0x181 [ 239.151806] printk+0xa7/0xcf [ 239.151811] do_exit.cold.18+0x57/0x16f [ 239.151815] do_group_exit+0x177/0x440 [ 239.151820] __x64_sys_exit_group+0x3e/0x50 [ 239.151825] do_syscall_64+0x1b9/0x820 [ 239.151830] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 239.151833] [ 239.151835] -> #0 ((console_sem).lock){-.-.}: [ 239.151851] lock_acquire+0x1ed/0x520 [ 239.151856] _raw_spin_lock_irqsave+0x99/0xd0 [ 239.151861] down_trylock+0x13/0x70 [ 239.151866] __down_trylock_console_sem+0xae/0x1f0 [ 239.151871] console_trylock+0x15/0xa0 [ 239.151875] vprintk_emit+0x372/0x990 [ 239.151880] vprintk_default+0x28/0x30 [ 239.151885] vprintk_func+0x7e/0x181 [ 239.151889] printk+0xa7/0xcf [ 239.151894] __debug_object_init.cold.14+0x4a/0xdf [ 239.151899] debug_object_init+0x16/0x20 [ 239.151903] init_timer_key+0xa9/0x480 [ 239.151908] sock_init_data+0xe1/0xdc0 [ 239.151913] bpf_prog_test_run_skb+0x255/0xc40 [ 239.151918] bpf_prog_test_run+0x130/0x1a0 [ 239.151923] __x64_sys_bpf+0x3d8/0x510 [ 239.151927] do_syscall_64+0x1b9/0x820 [ 239.151933] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 239.151935] [ 239.151941] other info that might help us debug this: [ 239.151943] [ 239.151947] Chain exists of: [ 239.151950] (console_sem).lock --> &rq->lock --> &obj_hash[i].lock [ 239.151970] [ 239.151974] Possible unsafe locking scenario: [ 239.151977] [ 239.151982] CPU0 CPU1 [ 239.151987] ---- ---- [ 239.151990] lock(&obj_hash[i].lock); [ 239.152006] lock(&rq->lock); [ 239.152017] lock(&obj_hash[i].lock); [ 239.152026] lock((console_sem).lock); [ 239.152042] [ 239.152045] *** DEADLOCK *** [ 239.152048] [ 239.152053] 1 lock held by syz-executor3/7664: [ 239.152056] #0: 000000003e1740a6 (&obj_hash[i].lock){-.-.}, at: __debug_object_init+0x127/0x1290 [ 239.152075] [ 239.152079] stack backtrace: [ 239.152087] CPU: 1 PID: 7664 Comm: syz-executor3 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 239.152095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 239.152099] Call Trace: [ 239.152103] dump_stack+0x244/0x39d [ 239.152109] ? dump_stack_print_info.cold.1+0x20/0x20 [ 239.152114] ? vprintk_func+0x85/0x181 [ 239.152119] print_circular_bug.isra.35.cold.54+0x1bd/0x27d [ 239.152124] ? save_trace+0xe0/0x290 [ 239.152129] __lock_acquire+0x3399/0x4c20 [ 239.152133] ? mark_held_locks+0x130/0x130 [ 239.152137] ? put_dec+0xf0/0xf0 [ 239.152142] ? mark_held_locks+0x130/0x130 [ 239.152147] ? pointer_string+0x14e/0x1b0 [ 239.152151] ? number+0xca0/0xca0 [ 239.152156] ? update_load_avg+0x2470/0x2470 [ 239.152161] ? print_usage_bug+0xc0/0xc0 [ 239.152165] ? ptr_to_id+0xd0/0x1d0 [ 239.152170] ? dentry_name+0x8f0/0x8f0 [ 239.152175] ? pick_next_task_fair+0xa35/0x1c90 [ 239.152179] ? zap_class+0x640/0x640 [ 239.152185] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 239.152190] lock_acquire+0x1ed/0x520 [ 239.152194] ? down_trylock+0x13/0x70 [ 239.152199] ? lock_release+0xa10/0xa10 [ 239.152204] ? trace_hardirqs_off+0xb8/0x310 [ 239.152208] ? vprintk_emit+0x1de/0x990 [ 239.152213] ? trace_hardirqs_on+0x310/0x310 [ 239.152218] ? trace_hardirqs_off+0xb8/0x310 [ 239.152223] ? log_store+0x344/0x4c0 [ 239.152227] ? vprintk_emit+0x372/0x990 [ 239.152232] _raw_spin_lock_irqsave+0x99/0xd0 [ 239.152237] ? down_trylock+0x13/0x70 [ 239.152241] down_trylock+0x13/0x70 [ 239.152246] __down_trylock_console_sem+0xae/0x1f0 [ 239.152251] console_trylock+0x15/0xa0 [ 239.152255] vprintk_emit+0x372/0x990 [ 239.152260] ? wake_up_klogd+0x180/0x180 [ 239.152264] ? zap_class+0x640/0x640 [ 239.152269] ? __switch_to_asm+0x34/0x70 [ 239.152273] ? __switch_to_asm+0x40/0x70 [ 239.152278] ? print_usage_bug+0xc0/0xc0 [ 239.152283] ? __switch_to_asm+0x40/0x70 [ 239.152287] ? find_held_lock+0x36/0x1c0 [ 239.152292] vprintk_default+0x28/0x30 [ 239.152296] vprintk_func+0x7e/0x181 [ 239.152300] printk+0xa7/0xcf [ 239.152305] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 239.152311] __debug_object_init.cold.14+0x4a/0xdf [ 239.152316] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 239.152321] ? debug_object_free+0x690/0x690 [ 239.152326] ? unwind_get_return_address+0x61/0xa0 [ 239.152331] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 239.152336] ? depot_save_stack+0x292/0x470 [ 239.152340] ? save_stack+0xa9/0xd0 [ 239.152345] ? save_stack+0x43/0xd0 [ 239.152349] ? kasan_kmalloc+0xc7/0xe0 [ 239.152354] ? bpf_test_init.isra.10+0x98/0x100 [ 239.152359] ? zap_class+0x640/0x640 [ 239.152363] ? do_syscall_64+0x1b9/0x820 [ 239.152369] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 239.152374] ? find_held_lock+0x36/0x1c0 [ 239.152378] debug_object_init+0x16/0x20 [ 239.152383] init_timer_key+0xa9/0x480 [ 239.152388] ? init_timer_on_stack_key+0xe0/0xe0 [ 239.152393] ? __might_fault+0x12b/0x1e0 [ 239.152398] ? __lockdep_init_map+0x105/0x590 [ 239.152403] ? __lockdep_init_map+0x105/0x590 [ 239.152407] ? lockdep_init_map+0x9/0x10 [ 239.152412] sock_init_data+0xe1/0xdc0 [ 239.152416] ? sk_stop_timer+0x50/0x50 [ 239.152422] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 239.152427] ? _copy_from_user+0xdf/0x150 [ 239.152432] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 239.152438] ? bpf_test_init.isra.10+0x70/0x100 [ 239.152443] bpf_prog_test_run_skb+0x255/0xc40 [ 239.152447] ? __lock_acquire+0x62f/0x4c20 [ 239.152453] ? bpf_test_finish.isra.9+0x1f0/0x1f0 [ 239.152457] ? __lock_acquire+0x62f/0x4c20 [ 239.152462] ? fput+0x130/0x1a0 [ 239.152466] ? __bpf_prog_get+0x9b/0x290 [ 239.152471] ? bpf_test_finish.isra.9+0x1f0/0x1f0 [ 239.152476] bpf_prog_test_run+0x130/0x1a0 [ 239.152481] __x64_sys_bpf+0x3d8/0x510 [ 239.152485] ? bpf_prog_get+0x20/0x20 [ 239.152490] do_syscall_64+0x1b9/0x820 [ 239.152495] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 239.152501] ? syscall_return_slowpath+0x5e0/0x5e0 [ 239.152506] ? trace_hardirqs_on_caller+0x310/0x310 [ 239.152511] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 239.152518] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 239.152522] ? __switch_to_asm+0x40/0x70 [ 239.152527] ? __switch_to_asm+0x34/0x70 [ 239.152532] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 239.152538] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 239.152546] RIP: 0033:0x457569 [ 239.152561] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 239.152567] RSP: 002b:00007f8ac6e4cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 239.152578] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 239.152585] RDX: 0000000000000028 RSI: 0000000020000140 RDI: 000000000000000a [ 239.152592] RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000 [ 239.152599] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f8ac6e4d6d4 [ 239.152606] R13: 00000000004bd892 R14: 00000000004cc208 R15: 00000000ffffffff [ 239.153446] Kernel Offset: disabled [ 240.064216] Rebooting in 86400 seconds..