[ 60.494084] audit: type=1800 audit(1539232393.531:27): pid=6162 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 62.138014] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 66.044642] random: sshd: uninitialized urandom read (32 bytes read) [ 66.604212] random: sshd: uninitialized urandom read (32 bytes read) [ 68.228983] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.87' (ECDSA) to the list of known hosts. [ 73.991985] random: sshd: uninitialized urandom read (32 bytes read) 2018/10/11 04:33:29 fuzzer started [ 78.814719] random: cc1: uninitialized urandom read (8 bytes read) 2018/10/11 04:33:34 dialing manager at 10.128.0.26:39089 2018/10/11 04:33:34 syscalls: 1 2018/10/11 04:33:34 code coverage: enabled 2018/10/11 04:33:34 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled 2018/10/11 04:33:34 setuid sandbox: enabled 2018/10/11 04:33:34 namespace sandbox: enabled 2018/10/11 04:33:34 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/11 04:33:34 fault injection: enabled 2018/10/11 04:33:34 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/11 04:33:34 net packed injection: /dev/net/tun can't be opened (open /dev/net/tun: cannot allocate memory) 2018/10/11 04:33:34 net device setup: enabled [ 86.094931] random: crng init done 04:35:42 executing program 0: perf_event_open(&(0x7f000001d000)={0x200000002, 0x70, 0x6, 0x108000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f0000000240)=[{&(0x7f0000000380)="1f0000000103193b000007000000068100023b05090003000b004000030058", 0x1f}], 0x1) [ 210.182949] IPVS: ftp: loaded support on port[0] = 21 [ 211.795625] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.802147] bridge0: port 1(bridge_slave_0) entered disabled state [ 211.810998] device bridge_slave_0 entered promiscuous mode [ 211.978782] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.985437] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.994311] device bridge_slave_1 entered promiscuous mode [ 212.146524] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 212.300353] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 212.762008] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 212.915597] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 213.066181] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 213.073558] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 213.224448] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 213.231664] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 04:35:46 executing program 1: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x0, 0x0) fcntl$getflags(r0, 0x40a) [ 213.939206] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 213.947574] team0: Port device team_slave_0 added [ 214.199695] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 214.207913] team0: Port device team_slave_1 added [ 214.365829] IPVS: ftp: loaded support on port[0] = 21 [ 214.449724] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 214.456969] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 214.466396] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 214.691893] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 214.699103] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 214.708274] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 214.901059] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 214.908881] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 214.918199] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 215.125388] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 215.133240] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 215.142640] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 216.724226] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.730733] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.739865] device bridge_slave_0 entered promiscuous mode [ 216.977907] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.984589] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.993693] device bridge_slave_1 entered promiscuous mode [ 217.142837] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 217.385999] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 217.603352] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.609886] bridge0: port 2(bridge_slave_1) entered forwarding state [ 217.617062] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.623598] bridge0: port 1(bridge_slave_0) entered forwarding state [ 217.632928] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 217.982744] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 218.144033] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 218.411326] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 218.610656] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 218.618032] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 218.825682] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 218.833020] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 219.499220] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 219.507678] team0: Port device team_slave_0 added 04:35:52 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, &(0x7f0000000080)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x4, 0x0, &(0x7f00000000c0)=[@enter_looper], 0x1, 0x1009000000000000, &(0x7f0000000700)='+'}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x8, 0x0, &(0x7f0000000500)=[@release={0x40046306, 0x1}], 0x0, 0x0, &(0x7f0000000680)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0x14, 0x0, &(0x7f0000000680)=[@acquire_done], 0x0, 0x0, &(0x7f0000000180)}) [ 219.787857] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 219.796203] team0: Port device team_slave_1 added [ 220.143506] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 220.150640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 220.160686] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 220.444058] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 220.451176] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 220.460742] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 220.776952] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 220.784693] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 220.794138] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 220.794532] IPVS: ftp: loaded support on port[0] = 21 [ 221.086361] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 221.094109] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 221.103363] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 223.610585] bridge0: port 1(bridge_slave_0) entered blocking state [ 223.617288] bridge0: port 1(bridge_slave_0) entered disabled state [ 223.626030] device bridge_slave_0 entered promiscuous mode [ 223.914018] bridge0: port 2(bridge_slave_1) entered blocking state [ 223.920513] bridge0: port 2(bridge_slave_1) entered disabled state [ 223.929542] device bridge_slave_1 entered promiscuous mode [ 224.215738] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 224.478292] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 224.611254] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.617907] bridge0: port 2(bridge_slave_1) entered forwarding state [ 224.625039] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.631515] bridge0: port 1(bridge_slave_0) entered forwarding state [ 224.640595] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 225.228018] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 225.292933] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 225.592833] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 225.917177] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 225.924392] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 226.199947] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 226.207283] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 227.011358] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 227.019656] team0: Port device team_slave_0 added [ 227.323649] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 227.332014] team0: Port device team_slave_1 added [ 227.619017] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 227.626244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 227.635471] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 227.923707] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 227.930850] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 227.940151] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 228.241883] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 228.249651] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 228.259377] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready 04:36:01 executing program 3: perf_event_open(&(0x7f000001d000)={0x200000002, 0x70, 0x6, 0x108000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = gettid() rt_sigprocmask(0x0, &(0x7f0000057ff8)={0xfffffffffffffffe}, 0x0, 0x8) timer_create(0x0, &(0x7f000049efa0)={0x0, 0x14, 0x4, @tid=r0}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f00009c8000)={{}, {0x0, 0x9}}, &(0x7f0000105000)) timer_delete(0x0) [ 228.667500] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 228.675280] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 228.684622] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 229.738409] 8021q: adding VLAN 0 to HW filter on device bond0 [ 230.220808] IPVS: ftp: loaded support on port[0] = 21 [ 231.128791] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 232.452202] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 232.458717] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 232.467094] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 232.967240] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.973835] bridge0: port 2(bridge_slave_1) entered forwarding state [ 232.980820] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.987434] bridge0: port 1(bridge_slave_0) entered forwarding state [ 232.996875] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 233.857074] 8021q: adding VLAN 0 to HW filter on device team0 [ 233.897298] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.904010] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.912964] device bridge_slave_0 entered promiscuous mode [ 233.978913] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 234.388857] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.395703] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.404422] device bridge_slave_1 entered promiscuous mode [ 234.688199] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 234.955510] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 236.155994] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 236.533813] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 236.918430] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 236.925738] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 237.259215] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 237.266502] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 04:36:11 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xad) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d5c6070") getsockopt$inet6_int(r0, 0x29, 0x24, &(0x7f0000534000), &(0x7f0000000180)=0xfe9d) [ 238.311119] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 238.319492] team0: Port device team_slave_0 added [ 238.871074] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 238.879744] team0: Port device team_slave_1 added [ 239.301290] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 239.310683] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 239.320168] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 239.413161] 8021q: adding VLAN 0 to HW filter on device bond0 [ 239.731855] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 239.739348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 239.749130] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 240.103110] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 240.110726] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 240.120202] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 240.506396] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 240.514182] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 240.523369] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 240.601231] IPVS: ftp: loaded support on port[0] = 21 [ 241.128833] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 242.795458] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 242.801904] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 242.810326] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 243.466778] netlink: 'syz-executor0': attribute type 3 has an invalid length. [ 243.551391] netlink: 'syz-executor0': attribute type 3 has an invalid length. 04:36:16 executing program 0: perf_event_open(&(0x7f000001d000)={0x200000002, 0x70, 0x6, 0x108000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f0000000240)=[{&(0x7f0000000380)="1f0000000103193b000007000000068100023b05090003000b004000030058", 0x1f}], 0x1) [ 244.197497] netlink: 'syz-executor0': attribute type 3 has an invalid length. 04:36:17 executing program 0: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000004, 0x5c831, 0xffffffffffffffff, 0x0) mlock2(&(0x7f00008b1000/0x1000)=nil, 0x1000, 0x0) [ 244.483601] 8021q: adding VLAN 0 to HW filter on device team0 [ 245.168216] bridge0: port 1(bridge_slave_0) entered blocking state [ 245.174943] bridge0: port 1(bridge_slave_0) entered disabled state [ 245.183858] device bridge_slave_0 entered promiscuous mode [ 248.024178] clocksource: timekeeping watchdog on CPU1: Marking clocksource 'tsc' as unstable because the skew is too large: [ 248.035654] clocksource: 'acpi_pm' wd_now: fbdaf wd_last: 4f6226 mask: ffffff [ 248.045091] clocksource: 'tsc' cs_now: 8a666ddd43 cs_last: 8883a0b65a mask: ffffffffffffffff [ 248.056337] tsc: Marking TSC unstable due to clocksource watchdog [ 248.076090] TSC found unstable after boot, most likely due to broken BIOS. Use 'tsc=unstable'. [ 248.085081] sched_clock: Marking unstable (248133851864, -57787978)<-(248192145528, -116080829) [ 248.778714] clocksource: Switched to clocksource acpi_pm [ 249.094849] bridge0: port 2(bridge_slave_1) entered blocking state [ 249.101368] bridge0: port 2(bridge_slave_1) entered disabled state [ 249.110382] device bridge_slave_1 entered promiscuous mode [ 249.421573] bridge0: port 2(bridge_slave_1) entered blocking state [ 249.428282] bridge0: port 2(bridge_slave_1) entered forwarding state [ 249.435539] bridge0: port 1(bridge_slave_0) entered blocking state [ 249.442030] bridge0: port 1(bridge_slave_0) entered forwarding state [ 249.450864] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 249.481857] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 249.745720] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 249.826981] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 250.879325] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 251.279069] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 251.731868] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 251.739954] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 252.145437] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 252.152670] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 04:36:25 executing program 5: r0 = semget(0x2, 0x3, 0x0) semctl$IPC_STAT(r0, 0x0, 0x2, &(0x7f0000000000)=""/18) r1 = accept$inet6(0xffffffffffffff9c, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000000080)=0x1c) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(0xffffffffffffffff, 0x84, 0xf, &(0x7f00000000c0)={0x0, @in6={{0xa, 0x4e22, 0x10000, @dev={0xfe, 0x80, [], 0xf}, 0x2}}, 0x1, 0x400, 0x80010000000, 0x0, 0x100000000}, &(0x7f0000000180)=0x98) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f00000001c0)=@assoc_value={r2, 0x3}, &(0x7f0000000200)=0x8) r3 = syz_open_dev$mouse(&(0x7f0000000240)='/dev/input/mouse#\x00', 0x5, 0x80002) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r3, 0x84, 0x73, &(0x7f0000000280)={r2, 0x0, 0x10, 0x13ca, 0x308c}, &(0x7f00000002c0)=0x18) r4 = fcntl$dupfd(r1, 0x406, r3) setsockopt$IP_VS_SO_SET_DEL(r3, 0x0, 0x484, &(0x7f0000000300)={0x2f, @dev={0xac, 0x14, 0x14, 0xe}, 0x4e20, 0x1, 'sed\x00', 0x5, 0x4a985b46, 0xf}, 0x2c) r5 = fcntl$getown(r4, 0x9) ioctl$KVM_X86_SETUP_MCE(r4, 0x4008ae9c, &(0x7f0000000340)={0x13, 0x7, 0xf6}) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r3, 0x84, 0x1b, &(0x7f0000000380)={r2, 0x8a, "f1b7ee7233d07238825a4209453faf36d3778dfad2c757f542c073f26ca43db3e22b8ea695779dab457b88e7fcc0654ae8fa721539905acb6a913e594151560ff2bf4684ca9de80444ee202186604241de5b7e08f74496350a44d1b9e3a6a42cccdb85b7f99cd63fa8dadef44b66521fc8c35dbf20b965270acf70b6b48f5d9d459c30c15afe7f0b0e70"}, &(0x7f0000000440)=0x92) r6 = shmget$private(0x0, 0x3000, 0x0, &(0x7f0000ffa000/0x3000)=nil) shmctl$SHM_LOCK(r6, 0xb) fcntl$setownex(r4, 0xf, &(0x7f0000000480)={0x2, r5}) ioctl$NBD_CLEAR_SOCK(r4, 0xab04) write$P9_RMKNOD(r3, &(0x7f00000004c0)={0x14, 0x13, 0x2, {0x1, 0x3, 0x4}}, 0x14) ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f0000000540)={&(0x7f0000000500)=[0x7, 0x7, 0x9, 0x8], 0x4, 0x0, 0x4, 0x4, 0x1f, 0x4d0248a7, {0x95a, 0x3, 0x8, 0x100, 0x80000000, 0x7ff, 0x7, 0x3, 0x1ff, 0x4, 0x4, 0x7ff, 0x9, 0x5, "8c8746f996fa7d5bd03357ebfc3bb5c92ab52ae8136827368ba9da7ad2d6e8c6"}}) r7 = perf_event_open(&(0x7f00000005c0)={0x5, 0x70, 0x2, 0x80000001, 0x7fff, 0xf303, 0x0, 0x4, 0x64140, 0x1, 0x5, 0x6, 0x100000001, 0x2, 0x0, 0x35, 0x8, 0x800, 0x7, 0x5, 0x3, 0x2, 0x2, 0x1, 0x3, 0xff, 0x5, 0x1, 0x0, 0x10000, 0x8, 0x200, 0x101, 0x4, 0x1, 0x4, 0x6, 0x7ff, 0x0, 0x9, 0x1, @perf_config_ext={0x202000, 0x6a2}, 0x8, 0xffffffffffffffff, 0x8000, 0x6, 0x800, 0x1, 0x9}, r5, 0xb, r3, 0xa) r8 = signalfd(r7, &(0x7f0000000640)={0x401}, 0x8) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000001e80)={'ip6_vti0\x00', 0x0}) sendmsg$can_raw(r4, &(0x7f0000001fc0)={&(0x7f0000001ec0)={0x1d, r9}, 0x10, &(0x7f0000001f80)={&(0x7f0000001f00)=@canfd={{0x4, 0x5892, 0x9, 0x3}, 0x1f, 0x2, 0x0, 0x0, "ff124fc262d90bf2dd63cd4e97c963643ff0c923b0abbb0a60102488f03917384ced0633ce384da313f732ebd2b30f693e929d1b840218ba67e9777a81e64a75"}, 0x48}, 0x1, 0x0, 0x0, 0x1}, 0x40080) clock_settime(0x7, &(0x7f0000002000)={0x0, 0x1c9c380}) mmap(&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x1000001, 0x11, r3, 0x0) fcntl$getown(r7, 0x9) setsockopt$inet6_MRT6_ADD_MIF(r3, 0x29, 0xca, &(0x7f0000002040)={0x1, 0x1, 0x2, 0x7f5, 0x4}, 0xc) ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000002080)={&(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, 0x2000}) signalfd4(r8, &(0x7f00000020c0)={0xd1d2}, 0x8, 0x80800) accept$inet6(r4, &(0x7f0000002100)={0xa, 0x0, 0x0, @ipv4={[], [], @multicast2}}, &(0x7f0000002140)=0x1c) openat$vcs(0xffffffffffffff9c, &(0x7f0000002180)='/dev/vcs\x00', 0x40000, 0x0) [ 252.950142] 8021q: adding VLAN 0 to HW filter on device bond0 [ 253.183092] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 253.191394] team0: Port device team_slave_0 added [ 253.578575] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 253.587014] team0: Port device team_slave_1 added [ 254.067939] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 254.076038] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 254.085233] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 254.409972] IPVS: ftp: loaded support on port[0] = 21 [ 254.491425] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 254.499878] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 254.508868] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 254.693760] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 254.959986] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 254.968064] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 254.977352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 255.315564] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 255.323467] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 255.332743] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 256.061215] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 256.067864] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 256.076328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 04:36:30 executing program 1: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x0, 0x0) fcntl$getflags(r0, 0x40a) 04:36:30 executing program 1: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x0, 0x0) fcntl$getflags(r0, 0x40a) [ 257.706806] 8021q: adding VLAN 0 to HW filter on device team0 [ 257.718578] bridge0: port 1(bridge_slave_0) entered blocking state [ 257.725362] bridge0: port 1(bridge_slave_0) entered disabled state [ 257.734332] device bridge_slave_0 entered promiscuous mode 04:36:31 executing program 1: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x0, 0x0) fcntl$getflags(r0, 0x40a) [ 258.111164] bridge0: port 2(bridge_slave_1) entered blocking state [ 258.117984] bridge0: port 2(bridge_slave_1) entered disabled state [ 258.126659] device bridge_slave_1 entered promiscuous mode [ 258.406441] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 04:36:31 executing program 1: fcntl$getflags(0xffffffffffffffff, 0x40a) [ 258.750948] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 04:36:31 executing program 1: fcntl$getflags(0xffffffffffffffff, 0x40a) 04:36:32 executing program 1: fcntl$getflags(0xffffffffffffffff, 0x40a) [ 259.730148] bridge0: port 2(bridge_slave_1) entered blocking state [ 259.736799] bridge0: port 2(bridge_slave_1) entered forwarding state [ 259.744007] bridge0: port 1(bridge_slave_0) entered blocking state [ 259.750493] bridge0: port 1(bridge_slave_0) entered forwarding state [ 259.759333] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 259.885635] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 260.289183] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 260.416396] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 260.559902] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 260.567230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 260.893305] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 260.900569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 261.771700] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 261.780850] team0: Port device team_slave_0 added [ 262.107568] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 262.116080] team0: Port device team_slave_1 added [ 262.417240] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 262.425967] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 262.435093] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 262.657328] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 262.664723] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 262.673859] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 263.027352] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 263.035425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 263.044601] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 263.380015] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 263.387889] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 263.397142] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 264.847568] 8021q: adding VLAN 0 to HW filter on device bond0 [ 265.526727] binder: 7441 RLIMIT_NICE not set [ 265.609908] binder: 7439:7446 BC_ACQUIRE_DONE u0000000000000000 no match [ 265.719982] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 266.265206] binder_alloc: binder_alloc_mmap_handler: 7439 20001000-20004000 already mapped failed -16 [ 266.296423] binder: 7464 RLIMIT_NICE not set [ 266.312877] binder: BINDER_SET_CONTEXT_MGR already set [ 266.318344] binder: 7439:7446 ioctl 40046207 0 returned -16 [ 266.343031] binder_alloc: 7439: binder_alloc_buf, no vma [ 266.348790] binder: 7439:7464 transaction failed 29189/-3, size 24-8 line 2970 [ 266.352419] binder: 7439:7467 Release 1 refcount change on invalid ref 1 ret -22 [ 266.392645] binder: 7439:7468 BC_ACQUIRE_DONE u0000000000000000 no match [ 266.399763] binder: 7439:7468 unknown command 0 [ 266.404771] binder: 7439:7468 ioctl c0306201 200003c0 returned -22 [ 266.434074] binder: release 7439:7441 transaction 2 out, still active [ 266.454149] binder: send failed reply for transaction 2, target dead [ 266.519177] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 266.525888] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 266.534291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 04:36:39 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, &(0x7f0000000080)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x4, 0x0, &(0x7f00000000c0)=[@enter_looper], 0x1, 0x1009000000000000, &(0x7f0000000700)='+'}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x8, 0x0, &(0x7f0000000500)=[@release={0x40046306, 0x1}], 0x0, 0x0, &(0x7f0000000680)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0x14, 0x0, &(0x7f0000000680)=[@acquire_done], 0x0, 0x0, &(0x7f0000000180)}) [ 266.715955] bridge0: port 2(bridge_slave_1) entered blocking state [ 266.722606] bridge0: port 2(bridge_slave_1) entered forwarding state [ 266.729642] bridge0: port 1(bridge_slave_0) entered blocking state [ 266.736430] bridge0: port 1(bridge_slave_0) entered forwarding state [ 266.745643] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 266.993048] binder: 7481 RLIMIT_NICE not set [ 267.050229] binder: 7480:7487 BC_ACQUIRE_DONE u0000000000000000 no match [ 267.532973] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 267.578676] 8021q: adding VLAN 0 to HW filter on device team0 [ 267.724585] binder: release 7480:7481 transaction 7 out, still active [ 267.731260] binder: undelivered TRANSACTION_COMPLETE [ 267.940013] binder: send failed reply for transaction 7, target dead [ 271.113887] 8021q: adding VLAN 0 to HW filter on device bond0 [ 271.897329] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 272.649985] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 272.656590] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 272.664775] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 04:36:46 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, &(0x7f0000000080)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x4, 0x0, &(0x7f00000000c0)=[@enter_looper], 0x1, 0x1009000000000000, &(0x7f0000000700)='+'}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x8, 0x0, &(0x7f0000000500)=[@release={0x40046306, 0x1}], 0x0, 0x0, &(0x7f0000000680)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0x14, 0x0, &(0x7f0000000680)=[@acquire_done], 0x0, 0x0, &(0x7f0000000180)}) [ 273.121006] binder: 7655 RLIMIT_NICE not set [ 273.175741] binder: 7654:7658 BC_ACQUIRE_DONE u0000000000000000 no match [ 273.480234] 8021q: adding VLAN 0 to HW filter on device team0 [ 273.860477] binder: release 7654:7655 transaction 11 out, still active [ 274.030151] binder: send failed reply for transaction 11, target dead [ 275.746570] 8021q: adding VLAN 0 to HW filter on device bond0 [ 276.317088] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 276.885385] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 276.891805] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 276.900272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 04:36:50 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xad) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d5c6070") getsockopt$inet6_int(r0, 0x29, 0x24, &(0x7f0000534000), &(0x7f0000000180)=0xfe9d) 04:36:50 executing program 0: mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000004, 0x5c831, 0xffffffffffffffff, 0x0) mlock2(&(0x7f00008b1000/0x1000)=nil, 0x1000, 0x0) 04:36:50 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, &(0x7f0000000080)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x4, 0x0, &(0x7f00000000c0)=[@enter_looper], 0x1, 0x1009000000000000, &(0x7f0000000700)='+'}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x8, 0x0, &(0x7f0000000500)=[@release={0x40046306, 0x1}], 0x0, 0x0, &(0x7f0000000680)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0x14, 0x0, &(0x7f0000000680)=[@acquire_done], 0x0, 0x0, &(0x7f0000000180)}) [ 277.429239] binder: 7775 RLIMIT_NICE not set [ 277.500383] binder: 7772:7778 BC_ACQUIRE_DONE u0000000000000000 no match [ 277.582517] hrtimer: interrupt took 322667 ns [ 277.721056] 8021q: adding VLAN 0 to HW filter on device team0 [ 278.198477] binder: release 7772:7775 transaction 15 out, still active [ 278.205349] binder: undelivered TRANSACTION_COMPLETE [ 278.340601] binder: send failed reply for transaction 15, target dead 04:36:54 executing program 5: r0 = socket$inet6_udp(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) 04:36:54 executing program 1: openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x0, 0x0) fcntl$getflags(0xffffffffffffffff, 0x40a) 04:36:54 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, &(0x7f0000000080)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x4, 0x0, &(0x7f00000000c0)=[@enter_looper], 0x1, 0x1009000000000000, &(0x7f0000000700)='+'}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x8, 0x0, &(0x7f0000000500)=[@release={0x40046306, 0x1}], 0x0, 0x0, &(0x7f0000000680)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0x14, 0x0, &(0x7f0000000680)=[@acquire_done], 0x0, 0x0, &(0x7f0000000180)}) 04:36:54 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, &(0x7f0000000080)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x4, 0x0, &(0x7f00000000c0)=[@enter_looper], 0x1, 0x1009000000000000, &(0x7f0000000700)='+'}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x8, 0x0, &(0x7f0000000500)=[@release={0x40046306, 0x1}], 0x0, 0x0, &(0x7f0000000680)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0x14, 0x0, &(0x7f0000000680)=[@acquire_done], 0x0, 0x0, &(0x7f0000000180)}) 04:36:54 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xad) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d5c6070") getsockopt$inet6_int(r0, 0x29, 0x24, &(0x7f0000534000), &(0x7f0000000180)=0xfe9d) 04:36:54 executing program 0: socket$inet6(0xa, 0x1000000000002, 0x0) r0 = socket$inet6(0xa, 0x3, 0x800000000000004) ioctl(r0, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") r1 = socket$inet(0x2, 0x200000002, 0x0) r2 = socket$l2tp(0x18, 0x1, 0x1) r3 = socket$inet6_udp(0xa, 0x2, 0x0) r4 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r4, &(0x7f00005fafd2)=@pppol2tpv3={0x18, 0x1, {0x0, r3, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) connect$l2tp(r2, &(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, r1, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x26) [ 281.706770] binder: 7845 RLIMIT_NICE not set [ 281.707632] binder: 7846 RLIMIT_NICE not set [ 281.763902] binder: 7839:7849 BC_ACQUIRE_DONE u0000000000000000 no match [ 281.769500] binder: BINDER_SET_CONTEXT_MGR already set [ 281.776899] binder: 7842:7846 ioctl 40046207 0 returned -16 [ 281.820225] binder: 7842:7850 Release 1 refcount change on invalid ref 1 ret -22 04:36:54 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00007a0000)={0xffffffffffffffff}) getsockopt$sock_buf(r0, 0x1, 0x1c, &(0x7f00000004c0)=""/170, &(0x7f0000000380)=0xaa) 04:36:54 executing program 1: openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x0, 0x0) fcntl$getflags(0xffffffffffffffff, 0x40a) [ 281.868296] binder: release 7842:7850 transaction 22 out, still active 04:36:55 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xad) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d5c6070") getsockopt$inet6_int(r0, 0x29, 0x24, &(0x7f0000534000), &(0x7f0000000180)=0xfe9d) 04:36:55 executing program 0: r0 = socket$inet(0x2, 0x200000002, 0x0) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r1, &(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, r0, 0x3, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x32) r2 = socket$inet6(0xa, 0x3, 0x800000000000004) ioctl(r2, 0x8912, &(0x7f00000000c0)="15bf6234488dd25d726070") r3 = socket$inet(0x2, 0x200000002, 0x0) r4 = socket$l2tp(0x18, 0x1, 0x1) r5 = socket$inet6_udp(0xa, 0x2, 0x0) r6 = socket$l2tp(0x18, 0x1, 0x1) connect$l2tp(r6, &(0x7f00005fafd2)=@pppol2tpv3={0x18, 0x1, {0x0, r5, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) connect$l2tp(r4, &(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, r3, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x26) 04:36:55 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)="2e2f6367726f757000375bffe5ea3d626b1a071e1937100abcea7c9993655ffc926e3ead1ff101001354be9473035e00c510f3ae890720213984b440d96fbe11e95284bd6870874f9fe768c4bd556399697ac09db80d3f06f66ba30eee17047083ef", 0x200002, 0x0) fchdir(r0) execve(&(0x7f0000000340)='./file0\x00', &(0x7f0000000680), &(0x7f0000000780)) 04:36:55 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x40000000015, 0x5, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f00000007c0), 0x4) getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x2e, &(0x7f0000000a00)=""/187, &(0x7f00000000c0)=0xbb) bind$inet(r0, &(0x7f0000000840)={0x2, 0x4e20, @loopback}, 0x10) readv(r0, &(0x7f0000000540)=[{&(0x7f0000000100)=""/232, 0x200001e8}, {&(0x7f0000000280)=""/130, 0x82}, {&(0x7f0000000340)=""/247, 0xf7}, {&(0x7f0000000440)=""/231, 0xe7}], 0x4) ioctl$KDGKBMODE(0xffffffffffffffff, 0x4b44, &(0x7f0000000080)) sendto$inet(r0, &(0x7f0000000a00), 0xff00, 0x0, &(0x7f000069affb)={0x2, 0x4e20, @loopback}, 0x10) [ 282.439684] binder: release 7839:7845 transaction 19 out, still active 04:36:55 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xad) getsockopt$inet6_int(r0, 0x29, 0x24, &(0x7f0000534000), &(0x7f0000000180)=0xfe9d) 04:36:55 executing program 1: openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x0, 0x0) fcntl$getflags(0xffffffffffffffff, 0x40a) 04:36:55 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, &(0x7f0000000080)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x4, 0x0, &(0x7f00000000c0)=[@enter_looper], 0x1, 0x1009000000000000, &(0x7f0000000700)='+'}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x8, 0x0, &(0x7f0000000500)=[@release={0x40046306, 0x1}], 0x0, 0x0, &(0x7f0000000680)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0x14, 0x0, &(0x7f0000000680)=[@acquire_done], 0x0, 0x0, &(0x7f0000000180)}) 04:36:55 executing program 0: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000001440)={&(0x7f0000000000)={0x10, 0x4170000}, 0x349, &(0x7f0000001400)={&(0x7f0000001040)=@updpolicy={0xb8, 0x19, 0x101, 0x0, 0x0, {{@in=@multicast1, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0xa}}}, 0xb8}}, 0x0) 04:36:55 executing program 2: [ 282.805561] binder: send failed reply for transaction 19, target dead [ 282.812465] binder: send failed reply for transaction 22, target dead 04:36:55 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xad) getsockopt$inet6_int(r0, 0x29, 0x24, &(0x7f0000534000), &(0x7f0000000180)=0xfe9d) 04:36:56 executing program 1: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x0, 0x0) fcntl$getflags(r0, 0x0) [ 283.131554] binder: 7890 RLIMIT_NICE not set 04:36:56 executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x3, &(0x7f00000000c0)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x11, 0x6c}}, &(0x7f00000002c0)='syzkaller\x00', 0x9, 0x4ae, &(0x7f0000000340)=""/207}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x0, 0xe, 0xeb, &(0x7f0000000040)="2504f2ff1f002c6176c5f3343dbe", &(0x7f0000000140)=""/235, 0xeffe}, 0x28) 04:36:56 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(&(0x7f0000000100), &(0x7f000002c000)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x0, &(0x7f0000000180)) mount(&(0x7f0000000100)=ANY=[], &(0x7f0000903000)='./file0\x00', &(0x7f0000000340)='bdev\x00', 0x100000, &(0x7f00000002c0)) mount(&(0x7f0000000180)=ANY=[], &(0x7f0000000080)='.', &(0x7f0000000200)="045b898f73", 0x0, 0x0) mount(&(0x7f0000000000), &(0x7f00000000c0)='.', &(0x7f0000000140)='vxfs\x00', 0x3080, &(0x7f0000000200)) mount(&(0x7f0000000080), &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5010, &(0x7f0000000580)) mount(&(0x7f0000000080), &(0x7f0000187ff8)='.', &(0x7f0000753000)='mslos\x00', 0x5010, &(0x7f0000000580)) clone(0x210007fa, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) mount(&(0x7f0000000140)=ANY=[], &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)="7379736673002a864f4bc00bce1bdb20637213b1e894d120715f9dc1125b042c7226eb0136d9624ea1d23374a660fe5ac173722fd367ad22e8553025a2e8be0bc5514379af7213d32b8d5d06dc8fbf2c849ed9cdefc74b03dfa9cb5a90b28b4b24d7862c3d66fca53167d5424235435a3dbb76bc7d3c42fc2e9c696114a6f888f0da85277683cfc1c4d2bf71c255a3134d64cc3fed8e97798deb8631cbf7682c9fa2ed031465aa191df922f764297cba22a8499d177f49fba940f55bbc8b723fd374f1fed78c8aeec6811d9b5879487387d56594a14c2588274de84fa27610302b3fb54172a8c910a07e7c76ea465aa68402", 0x0, &(0x7f0000000380)="7379736673002a864f4bc00bce1bdb20637213b1e894d120715f9dc1125b042c7226eb0136d9624ea1d23374a660fe5ac173722fd367ad22e8553025a2e8be0bc5514379af7213d32b8d5d06dc8fbf2c849ed9cdefc74b03dfa9cb5a90b28b4b24d7862c3d66fca53167d5424235435a3dbb76bc7d3c42fc2e9c696114a6f888f0da85277683cfc1c4d2bf71c255a3134d64cc3fed8e97798deb8631cbf7682c9fa2ed031465aa191df922f764297cba22a8499d177f49fba940f55bbc8b723fd374f1fed78c8aeec6811d9b5879487387d56594a14c2588274de84fa27610302b3fb54172a8c910a07e7c76ea465aa68402") [ 283.226405] binder: 7887:7893 BC_ACQUIRE_DONE u0000000000000000 no match 04:36:56 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x40000000015, 0x5, 0x0) setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, &(0x7f00000007c0), 0x4) getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x2e, &(0x7f0000000a00)=""/187, &(0x7f00000000c0)=0xbb) bind$inet(r0, &(0x7f0000000840)={0x2, 0x4e20, @loopback}, 0x10) readv(r0, &(0x7f0000000540)=[{&(0x7f0000000100)=""/232, 0x200001e8}, {&(0x7f0000000280)=""/130, 0x82}, {&(0x7f0000000340)=""/247, 0xf7}, {&(0x7f0000000440)=""/231, 0xe7}], 0x4) ioctl$KDGKBMODE(0xffffffffffffffff, 0x4b44, &(0x7f0000000080)) sendto$inet(r0, &(0x7f0000000a00), 0xff00, 0x0, &(0x7f000069affb)={0x2, 0x4e20, @loopback}, 0x10) 04:36:56 executing program 4: r0 = socket$inet6(0xa, 0x3, 0xad) getsockopt$inet6_int(r0, 0x29, 0x24, &(0x7f0000534000), &(0x7f0000000180)=0xfe9d) 04:36:56 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x4170000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f99bfd4f3cd5c99d23997f41ab722338277ea13d5959acb5fd958fb9536a70d76e89572ee9fa3c5ee41c51bbb1e3f60fa3c95e5740f5609d993252dd2c53bfea498451b8cc6962a438fec72634fb5702968a3e3307fd3db23c475be7bbfbbcaac006349053bf9f205da43d645c896dbe183145611346197324454fdc0c9d66d8379b18c672fe135b2a1a9df7156cfbd9322fd6cfa733b849acad6743d63d4581eb96b23e44cf7b5118adc4987fec574ba5f74ae0697a98e64534cc8a8dc731ea729094bc5b61c0543df1763610f3545473c393b58385afa28789f95537c6d5df6755d4a8078f1970443a2f841bbd30a50112b548d353861cff85a890a20564f1e17dc7f985df564fbdc4ebac6a40e05837884e0d8f6842aacbd6bf2dc26b43151df00d460b2da8e657ec6f7586b17506235afbe038b5bf5d92f1ebebd7d23595b2a696cd511f9da2f3a77655afca2"], 0x1}}, 0x0) 04:36:56 executing program 0: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_adjtime(0x0, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x0, 0xc06, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x6}) 04:36:56 executing program 1: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x0, 0x0) fcntl$getflags(r0, 0x0) [ 283.813131] binder: release 7887:7890 transaction 26 out, still active [ 283.819879] binder: undelivered TRANSACTION_COMPLETE 04:36:57 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(&(0x7f0000000100)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(0xffffffffffffffff, 0xc018620b, &(0x7f0000000080)) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000140)={0x4, 0x0, &(0x7f00000000c0)=[@enter_looper], 0x1, 0x1009000000000000, &(0x7f0000000700)='+'}) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000001c0)={0x8, 0x0, &(0x7f0000000500)=[@release={0x40046306, 0x1}], 0x0, 0x0, &(0x7f0000000680)}) 04:36:57 executing program 4: ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="153f6234488dd25d5c6070") getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x24, &(0x7f0000534000), &(0x7f0000000180)=0xfe9d) 04:36:57 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) io_cancel(0x0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000340)="0d2afb615450163525532ab500ae25d66a1020f63a78488abccee470d6afc7cf38bc1020bb9b4758a3a651db2bc267f40ab55a5fba91fd864ad3667e9612e7cb5a8c2a4f84ee07b0027503087883df89ac2da4d34fc67a9e3501998106a79563cf5f0dce9d750532284e2191a1f32c181d6c8eb1888db8d3be5d05d3de9d2b117acb08c3d318f54bf413e54bc4973596f2ade4fbde4fd2eca3967afbe1c50d7ca357042c53b1a1a799fb4103aa78f6564c432e04e52be524a1c9c4c72f46991ca6b0ce783bd753560b5398b818ac091a9e821c620954fefb29a6b176d13440d72a700f0702aabcbd3b41b12c359885e4dc3c3294518b87c7fba45ee12a43a6d1a99c2c8d6b7c4371fecb7a3e8a968c5b367a183322621239f5b14b05ad03fc510ec62d83f87c2282a1b0c21234ed6bf04df23384d2df5caea74f221986aa29590e070389c6de07cda395ab6d8c3adb663af43567f749e20e456da29109257dceae260853130177ea4bedb6682cfaf69802a4f8e084e53809fd4aeebdc19f6bf8967d4b6dc336be9c0c96f0e09d87b665b0a286d73c7c49b03ea085394505369269190a59f450b5ae3e3faa7e25a081bf9bd8f1391455847f536734023ca99db6548f00404621b9828ce61437ae708d8f858d78b3cfd994555ec0060e16db827e3dde900a30d49d5764c21c82ca4bfb89a257a7e742d9718c318ac2f954cc39bdc6dccaa8cf15119cbca8bdd6866493b3504bdc07c06adf4eb5a05b5a87aa0047e47211f8b2239b9d33af8cd32cadfdf606a63fb19a418213a549bd9973833a2396b9e1658b8340f2de491994dc45be0c8dae9dcdc95983ee2f12274260db2ce89135568ab70d7e08626f23a2402efce8dece1c42cc5c8b34b82f5e8d17f3ca2f5513c4b37bcc3ddbaf4f25197f289476adf1dc05ffc1bc096f721587f3845310f1daf20ac5432c4c2641a8febc248ee3c00eec59206eeeebafd7c0b125ba03511ea8a68eae1987accd75f9d5f668c1ba22e24089cefef477df91b9f3d5da81085b8d514bccc5258969440bcaa64c71742c22da6f5a03c141eedfbefe48d7c79fe1a783fa98e3800b87738d6c714a238500f4e0afd4b53ab266806fed1d20813a631fc418de13c1eaa14e59730690c59eca00d41a4db11fc444e5255d086c84276715ae425c57ffbd545675f231f8681760c94d32f1134a3b973d2b44d7821768a8ba3c09490dcb82b9a951b1d8ed366363a96879edca4774b9ad75d0a63d800aae0b5214beeede2de47a42927a82e3172289979692d87ae42ad268abc4a981a27eb07ba3e4068e609f1bdfa1c1cfeb8d052742e954a85171bac8d2b1233af23d09c862ff5b97593ad86540ecac1c5306f516882b73e72385f7bc33ba75616058386e5004bf8d9a000ecf72577a8b3f32abe1658dc815756329ef7d50d0dcdedb8d377bcfc00fb1ff80995de39ec9966377d2e1984f1c62d472bc75ca150f017714003527d08d37c6987bb81e5eabb007c8dcd394f2726920aaa85d704f880f027d5b0b05efea0883876067efa803f6277f0efcf01ccde330471650cabe6ab62ef42a711d4802af06e45513b1a86b3668b485c1fd73295b80231403d95cd8351bd574a21b9c88677a244681a27da33386b1eebcec5640028477a113b616b5a67ad103ee2319d2ca592d446645f183b50f511b7e45fc67f4bd73c65d407cedb87cc25cb1f9f6d3b1b3e0dd6a13e02022d00b250b2e5be6cc116a37f357e0764ba819baca04f7b1c2d2d41dd6b3e30ad80e4915734fc57c960a73235766dccd9c310d9dec2bd1f4629ca4d2ed3a755fbf9ee97a919b3daefa61d7414a839ea21ab50c1e6090b2d7c930496c926b32d7c9245a558a0325c5051658526e8df9dfb40b9519289f5917fbd265b67203bcc1fd3c2457ca6509b12bf762455fafc770a2d8cf030895d49cd86ba3d583c214e2f0b623d5d945d382b51687534231d22aa59987799ea0103514fdce7c88096a2177ff1caa8eefccbb4dab5f49a4890f02cb9a9c5f31184355fe56dbec9445af7ecc06441f35e036630e619659883ec709ec5ec98e25c752c7eaae66c478352db3511b252bd59fc43d486a6156ae1050602bd1dc5e3aca1d3a14b08cadc96ddac48e6d31b1505ddc7295eda43dc99b5c65ac56bfc5b8575553dc352553c41836c75aa2584f8641d323661c6477831174679cc8674b79ec3397e9d3c7172df79ff1a810cc9449d477d55cc1ed7c2707cd932f0192aa5a4990c0c513e6cba9e91938125fedfaa6f0b5cf7a25c1e20643e09b9c8b73a0268a75bbb0ac90c029fe795ed419aab09c57b137704b27199f99d1155905b758fcaad30a484e924072a0dc82316d755b0d90137956bea52becd7927a24f45a27b07ed9d53fd40cc7394d8d06294aa899504de62785466d2bb653b065acc030b53d7de3e66af2b6aa0a31a9fd71a0e48b8b98f1ae470dc36a9dd50e62ce268fc74672272cb86cb1e3f82cb483e7dcbf984a900b1fbe8b52a063e022813f607120d46a30a7ccc3320b82ba1f1174fe723d0ab4bf4a114ffc82934005ee441dfe0a497d1584d747f9ce8a64319738a8ee737ad5d3ffa8530aba6f0e6deb9ac1ca9799418539a831dec42f0a11a5a1791705f91fc526cb38373d3186b7b66a1ffcda2577e4176b1ff7af1d7ca3a03a8605043c64396f1d88eddb43c7a09413e0380b404f2f7b67bab7b985d2709b39b35a415b226fd821a0a100cd6b80918ec6869dfa67a80f4bbb75182fa9988fb6494c248dba2f05cca1196c7700bd2fdef84eb02e24e9bf92291bf1eecb35a01ccf9509fa10ff98fcf146f9dbdd5b4f97f919822c9cce05ab16894c7308f78662ebd11eb6122d74d818b5556d072e7f1e833cf1b18ee509769a78e6e5125eee878380a6000ace3e09621cba4a4ac30b703e8d97055d7ba9f9781375b8c1f4570a6a48d4a90dba5def389da8dfdbc45c681406283d970fe7b03500d4274ad2fc58cc731bf476b41b264d6ea7608b6fbefb603fcf5c4f73a25cf08bfb56684d1258c26f831bf99b4a33d0977bc091e34069a2d17ff06ffb2243e4a01bd2e2b949a4e07481e0b7248b3c5536dec15265a09dcc5eb48bebe334ec086b4beae7a492f07bc02d8eaf3723340d9d7c5b1044351a29e973af0276e0b15c61436af05e914988a9ea08e05b5a0aba42bb8ac0e18fa5d42892b4cd1a48e78e31b89ab85f8cbc0d5427133f1524c45042752306821b7abc12829d90e76c49e4dfefa2fa0d57cac61c8c3e98b56b4fe4c52f3995780bafb738bd24e4f03931c00c27ecf44835ab54ca1830f60bc3b6bce2b14ac723c37d9a318e46d13973c9a01c95d4935eab3928ad51b848b7ce7303d564b54acb115dc9ec4786251d80de5859f1627f9de4bd6d9e49831b9984f159721f3c5c57912f57cdb800307e72912d9e22dff2291ce857154c54c36fa4764e9f0f2940cd530b6f780ec366f0cdbc1a1966e9d3f8061ab4d157d45112ae6d24469dd1a19d0eb2ed55e6a573c6a2422cbdbaf8ffb17fbb202e25d8e87293689e37a40a0b8572718194e939375bc314c274c78dfb5b1b42ff1683b423a63ce8888fff241b49ed5342ab4f8fbb4f61df3969721fbc953864c7e1a03ccc96b40e635157ef6029eb5018774bb1285748946bd5b4fb6f3594db45c133cd237ced2b77b9e7044743e02fc5d7f6b4fefcb6da3f0956ba414d85ae4fb8e8a17345128b7ff6899d02127c2f75195fdf9d522e68ebe9bb7713385395dd70ed51556427e2fa13a33b268a0d234a04a3a6ffc492fd05ce2be031b361fb772b76c6bb8e6dab2fd57efda34f9130ef8052e363ab20d97722c65afc3c26207e8b6c847881171b2bc279f25892f36759832da648f46f9ef91f9c051eb3f5d1217071df40befa72daa77d4cdb3f1a218d9f1e95d30bb57808b90a87c4542a53e60374a05ec398184ba1351af39cf9e7a0b4a16f9758934454d37ae6c8ae3a69137039fec6df846f7db6c58363f1b0624e3a90a2b2ac47106fa6bb474ef27274f903802b0c826202d7276074dcfeda6803d77501e86c637c5d3054a063d4ffed83edea36ca23c0071cb52c5c3c5cc842c1d1557988e08ff76b6f9883aa5adc434c0257f79509a2122d1b2350ef1fe80acd9a94d1428e95e7ef22ff97845b3662ed63349ab2c27a4fdfb718f204f430fb2d067148002e570ec7c4a9125c4f88bade40389b9b311e23afdcd710250e9af00dc51292a2f86070741c24f88f3d4f6106a2074940cde6c811185cf85cb0e34c9eda70a15db2502711fc867075f8287237d9f4e2057882031718e34a55175f99cbf5c7da912c80b332b28a0812f9b6adb8f889f38245c5b78af2a41b84d76027bffa15adc56922b02c38aec434e3acd190741279154615e64814b0c7cdc064f408e33d", 0xc42, 0x0, 0x0, 0x0, 0xffffffffffffff9c}, &(0x7f0000000140)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000040)=ANY=[@ANYBLOB="93e20000001b6d2dfc9da8d48eb5d88cec"], 0x11) getgroups(0x0, &(0x7f00000011c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f000001b000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f00000002c0)="66b99408000066b81e111ee366ba25b5a6000f303681950d00918e66b80b0000000f23c80f21f86635080060000f23f83e0f009125000f381ee594360f320f019dfc32f20f01c98395008800", 0x4c}], 0x1, 0x57, &(0x7f0000000100), 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:36:57 executing program 2: 04:36:57 executing program 1: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x0, 0x0) fcntl$getflags(r0, 0x0) [ 284.145403] binder: send failed reply for transaction 26, target dead [ 284.269492] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 284.391399] binder: 7934 RLIMIT_NICE not set [ 284.415160] ================================================================== [ 284.422419] BUG: KMSAN: uninit-value in vmx_set_constant_host_state+0x1778/0x1830 [ 284.422419] CPU: 1 PID: 7929 Comm: syz-executor5 Not tainted 4.19.0-rc4+ #66 [ 284.422419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 284.443743] Call Trace: [ 284.447602] dump_stack+0x306/0x460 [ 284.447602] ? vmx_set_constant_host_state+0x1778/0x1830 [ 284.456496] kmsan_report+0x1a2/0x2e0 [ 284.456496] __msan_warning+0x7c/0xe0 [ 284.456496] vmx_set_constant_host_state+0x1778/0x1830 [ 284.456496] vmx_create_vcpu+0x3e6f/0x7870 [ 284.472431] ? vmx_vm_init+0x340/0x340 [ 284.472431] kvm_arch_vcpu_create+0x25d/0x2f0 [ 284.472431] kvm_vm_ioctl+0x13fd/0x33d0 [ 284.472431] ? __msan_poison_alloca+0x17a/0x210 [ 284.472431] ? do_vfs_ioctl+0x18a/0x2810 [ 284.472431] ? __se_sys_ioctl+0x1da/0x270 [ 284.472431] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 284.472431] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 284.472431] do_vfs_ioctl+0xcf3/0x2810 04:36:57 executing program 2: 04:36:57 executing program 0: [ 284.472431] ? security_file_ioctl+0x92/0x200 [ 284.472431] __se_sys_ioctl+0x1da/0x270 [ 284.472431] __x64_sys_ioctl+0x4a/0x70 [ 284.472431] do_syscall_64+0xbe/0x100 [ 284.472431] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 284.472431] RIP: 0033:0x457519 [ 284.472431] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 284.548780] RSP: 002b:00007f7663062c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 284.562541] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457519 [ 284.562541] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 284.562541] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 284.562541] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f76630636d4 [ 284.590806] R13: 00000000004bfbb7 R14: 00000000004cfc40 R15: 00000000ffffffff [ 284.590806] [ 284.590806] Local variable description: ----dt@vmx_set_constant_host_state [ 284.590806] Variable was created at: 04:36:57 executing program 1: [ 284.590806] vmx_set_constant_host_state+0x2b0/0x1830 [ 284.590806] vmx_create_vcpu+0x3e6f/0x7870 [ 284.590806] ================================================================== [ 284.627430] Disabling lock debugging due to kernel taint [ 284.627430] Kernel panic - not syncing: panic_on_warn set ... [ 284.627430] [ 284.627430] CPU: 1 PID: 7929 Comm: syz-executor5 Tainted: G B 4.19.0-rc4+ #66 [ 284.627430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 284.627430] Call Trace: 04:36:57 executing program 4: r0 = socket$inet6(0xa, 0x0, 0xad) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d5c6070") getsockopt$inet6_int(r0, 0x29, 0x24, &(0x7f0000534000), &(0x7f0000000180)=0xfe9d) [ 284.627430] dump_stack+0x306/0x460 [ 284.627430] panic+0x54c/0xafa [ 284.627430] ? __msan_metadata_ptr_for_store_1+0x13/0x20 [ 284.627430] kmsan_report+0x2d3/0x2e0 [ 284.627430] __msan_warning+0x7c/0xe0 [ 284.627430] vmx_set_constant_host_state+0x1778/0x1830 [ 284.627430] vmx_create_vcpu+0x3e6f/0x7870 [ 284.627430] ? vmx_vm_init+0x340/0x340 [ 284.627430] kvm_arch_vcpu_create+0x25d/0x2f0 [ 284.627430] kvm_vm_ioctl+0x13fd/0x33d0 [ 284.707399] ? __msan_poison_alloca+0x17a/0x210 [ 284.707399] ? do_vfs_ioctl+0x18a/0x2810 [ 284.707399] ? __se_sys_ioctl+0x1da/0x270 [ 284.707399] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 284.707399] ? vcpu_stat_clear_per_vm+0x420/0x420 [ 284.707399] do_vfs_ioctl+0xcf3/0x2810 [ 284.707399] ? security_file_ioctl+0x92/0x200 [ 284.707399] __se_sys_ioctl+0x1da/0x270 [ 284.743291] __x64_sys_ioctl+0x4a/0x70 [ 284.743291] do_syscall_64+0xbe/0x100 [ 284.743291] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 284.743291] RIP: 0033:0x457519 [ 284.759592] Code: 1d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 284.759592] RSP: 002b:00007f7663062c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 284.759592] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457519 [ 284.759592] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 284.759592] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 284.759592] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f76630636d4 [ 284.759592] R13: 00000000004bfbb7 R14: 00000000004cfc40 R15: 00000000ffffffff [ 284.759592] Kernel Offset: disabled [ 284.759592] Rebooting in 86400 seconds..