Warning: Permanently added '10.128.10.40' (ECDSA) to the list of known hosts. 2018/10/28 12:46:16 fuzzer started 2018/10/28 12:46:18 dialing manager at 10.128.0.26:37113 2018/10/28 12:46:19 syscalls: 1 2018/10/28 12:46:19 code coverage: enabled 2018/10/28 12:46:19 comparison tracing: enabled 2018/10/28 12:46:19 setuid sandbox: enabled 2018/10/28 12:46:19 namespace sandbox: enabled 2018/10/28 12:46:19 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/28 12:46:19 fault injection: enabled 2018/10/28 12:46:19 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/28 12:46:19 net packed injection: enabled 2018/10/28 12:46:19 net device setup: enabled 12:49:29 executing program 0: r0 = socket$inet6(0xa, 0x3, 0x8) setsockopt$inet6_opts(r0, 0x29, 0x39, &(0x7f0000003d80)=@srh={0x0, 0x0, 0x4, 0x0, 0x6}, 0x8) syzkaller login: [ 231.341417] IPVS: ftp: loaded support on port[0] = 21 12:49:30 executing program 1: r0 = getpid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f000064e000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r1, 0x5452, &(0x7f00005ebff8)=0x3f) fcntl$setsig(r1, 0xa, 0x12) fcntl$setownex(r1, 0xf, &(0x7f0000704000)={0x0, r0}) recvmsg(r2, &(0x7f000095cfc8)={&(0x7f0000893ff8)=@sco, 0x80, &(0x7f0000000580), 0x0, &(0x7f0000b30000)}, 0x0) dup2(r1, r2) tkill(r0, 0x15) [ 231.676504] IPVS: ftp: loaded support on port[0] = 21 12:49:30 executing program 2: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000280)='/dev/rfkill\x00', 0x101002, 0x0) r1 = memfd_create(&(0x7f0000033ff3)='\x00', 0x0) write$binfmt_aout(r1, &(0x7f00000004c0)=ANY=[@ANYBLOB="0000001b0003"], 0x6) write$RDMA_USER_CM_CMD_ACCEPT(r1, &(0x7f00000000c0)={0x8, 0x120, 0xfa00, {0x0, {0x0, 0x0, "37c4cc2ab1104442de25bddacbbec5c391af9b7540bbfab7990526a7468a630c7b690f5bdf12795a47729c2a496f9b090ec902b324a5d2e3895ff9d8842c130c25d23e5d886815563881924f1707f46cf429a718a8a912b4af7ae7a62e744e048e0cfc7a35b63f2af0e639529d9a74757e007bbfb28bb4a58c80fef27b0de1517a91e9b97c6459327c2831f536a69a2dbd02e4c298f06943302244792a1724fb9b2050d9dbe6ab1981da79c5c17b82d1c98a1050fe640067f9bb81780aeaaae1c433222c49599e5e57cfef2511d2d0e19f4b746c2c23bb782e3f53cac184929bb37ddb1aac7d85ab298d897217cc61cf577a92ef82fa3c0a59ae4994df97e09c"}}}, 0x128) sendfile(r0, r1, &(0x7f0000000080), 0x800) [ 231.981817] IPVS: ftp: loaded support on port[0] = 21 12:49:30 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) getdents(r1, &(0x7f0000000100)=""/119, 0x3c2) [ 232.434081] IPVS: ftp: loaded support on port[0] = 21 12:49:31 executing program 4: syz_mount_image$reiserfs(&(0x7f0000000100)='reiserfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f0000001740), 0xc801, &(0x7f0000001ec0)=ANY=[]) [ 232.788437] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.805346] bridge0: port 1(bridge_slave_0) entered disabled state [ 232.815724] device bridge_slave_0 entered promiscuous mode [ 232.987167] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.012225] bridge0: port 2(bridge_slave_1) entered disabled state [ 233.022313] device bridge_slave_1 entered promiscuous mode [ 233.129910] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 233.137899] IPVS: ftp: loaded support on port[0] = 21 [ 233.282273] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 12:49:32 executing program 5: syz_mount_image$iso9660(&(0x7f0000000080)='iso9660\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, &(0x7f0000001500), 0x0, &(0x7f00000015c0)={[{@cruft='cruft'}]}) [ 233.472626] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.479261] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.500473] device bridge_slave_0 entered promiscuous mode [ 233.610249] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.642110] bridge0: port 2(bridge_slave_1) entered disabled state [ 233.661375] device bridge_slave_1 entered promiscuous mode [ 233.688880] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 233.716819] IPVS: ftp: loaded support on port[0] = 21 [ 233.821705] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 233.863676] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 233.952197] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 234.114858] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.121255] bridge0: port 1(bridge_slave_0) entered disabled state [ 234.143231] device bridge_slave_0 entered promiscuous mode [ 234.296913] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.313135] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.325817] device bridge_slave_1 entered promiscuous mode [ 234.361010] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 234.419399] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 234.488791] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 234.509853] team0: Port device team_slave_0 added [ 234.537498] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 234.565807] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 234.641329] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 234.667414] team0: Port device team_slave_1 added [ 234.673867] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 234.695137] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 234.806168] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 234.813122] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 234.834946] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 234.885539] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 234.912095] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 234.932532] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.938912] bridge0: port 1(bridge_slave_0) entered disabled state [ 234.953674] device bridge_slave_0 entered promiscuous mode [ 234.988712] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 235.028404] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 235.090235] bridge0: port 2(bridge_slave_1) entered blocking state [ 235.102443] bridge0: port 2(bridge_slave_1) entered disabled state [ 235.109811] device bridge_slave_1 entered promiscuous mode [ 235.133611] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 235.156417] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 235.182979] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 235.206134] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 235.228331] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 235.253006] team0: Port device team_slave_0 added [ 235.261473] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 235.280286] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 235.297162] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 235.308507] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 235.374734] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 235.384168] team0: Port device team_slave_1 added [ 235.393698] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 235.407187] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 235.418028] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 235.537336] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 235.552536] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 235.576193] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 235.583329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 235.609487] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 235.625103] bridge0: port 1(bridge_slave_0) entered blocking state [ 235.631560] bridge0: port 1(bridge_slave_0) entered disabled state [ 235.639876] device bridge_slave_0 entered promiscuous mode [ 235.749552] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 235.767168] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 235.783595] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 235.816422] bridge0: port 2(bridge_slave_1) entered blocking state [ 235.836878] bridge0: port 2(bridge_slave_1) entered disabled state [ 235.844522] device bridge_slave_1 entered promiscuous mode [ 235.855377] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 235.893588] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 235.907468] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 235.933077] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 235.943209] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 235.963921] team0: Port device team_slave_0 added [ 235.973477] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 235.998303] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 236.017296] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 236.049869] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 236.070690] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 236.107671] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 236.123795] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 236.137438] team0: Port device team_slave_1 added [ 236.149077] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.172551] bridge0: port 1(bridge_slave_0) entered disabled state [ 236.179854] device bridge_slave_0 entered promiscuous mode [ 236.254386] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 236.331513] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.338807] bridge0: port 2(bridge_slave_1) entered disabled state [ 236.346634] device bridge_slave_1 entered promiscuous mode [ 236.364238] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 236.377549] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 236.405698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 236.423178] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 236.496442] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 236.510178] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 236.527041] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 236.537998] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 236.560645] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 236.637307] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 236.651787] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 236.668835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 236.684250] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 236.707296] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 236.723234] team0: Port device team_slave_0 added [ 236.736191] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 236.748183] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 236.844626] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.851103] bridge0: port 2(bridge_slave_1) entered forwarding state [ 236.858110] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.864518] bridge0: port 1(bridge_slave_0) entered forwarding state [ 236.873409] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 236.881408] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 236.892811] team0: Port device team_slave_1 added [ 237.042760] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 237.084506] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 237.188466] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 237.223592] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 237.289080] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 237.314153] team0: Port device team_slave_0 added [ 237.320128] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 237.341775] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 237.358867] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 237.383862] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 237.437596] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 237.462154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 237.480375] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 237.498163] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 237.523173] team0: Port device team_slave_1 added [ 237.528244] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 237.539720] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 237.647083] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 237.661843] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 237.680196] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 237.751381] bridge0: port 2(bridge_slave_1) entered blocking state [ 237.757784] bridge0: port 2(bridge_slave_1) entered forwarding state [ 237.764513] bridge0: port 1(bridge_slave_0) entered blocking state [ 237.770874] bridge0: port 1(bridge_slave_0) entered forwarding state [ 237.808154] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 237.823309] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 237.833639] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 237.841543] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 237.866028] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 237.875482] team0: Port device team_slave_0 added [ 237.942435] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 237.949913] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 237.963043] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 238.044927] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 238.066732] team0: Port device team_slave_1 added [ 238.086987] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 238.113237] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 238.123278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 238.193478] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 238.221809] bridge0: port 2(bridge_slave_1) entered blocking state [ 238.228230] bridge0: port 2(bridge_slave_1) entered forwarding state [ 238.234957] bridge0: port 1(bridge_slave_0) entered blocking state [ 238.241324] bridge0: port 1(bridge_slave_0) entered forwarding state [ 238.265170] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 238.342771] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 238.351767] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 238.383965] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 238.457974] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 238.494544] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 238.504872] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 238.624806] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 238.649301] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 238.660613] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 239.016954] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.023366] bridge0: port 2(bridge_slave_1) entered forwarding state [ 239.030026] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.036461] bridge0: port 1(bridge_slave_0) entered forwarding state [ 239.065106] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 239.352277] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 239.565656] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.572116] bridge0: port 2(bridge_slave_1) entered forwarding state [ 239.578779] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.585200] bridge0: port 1(bridge_slave_0) entered forwarding state [ 239.621692] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 239.993637] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.000032] bridge0: port 2(bridge_slave_1) entered forwarding state [ 240.006748] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.013149] bridge0: port 1(bridge_slave_0) entered forwarding state [ 240.053173] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 240.372384] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 240.392797] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 242.194174] 8021q: adding VLAN 0 to HW filter on device bond0 [ 242.629395] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 242.738798] 8021q: adding VLAN 0 to HW filter on device bond0 [ 243.103591] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 243.110029] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 243.122527] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 243.202859] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 243.446572] 8021q: adding VLAN 0 to HW filter on device bond0 [ 243.582448] 8021q: adding VLAN 0 to HW filter on device team0 [ 243.710645] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 243.724612] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 243.735856] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 243.957076] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 244.237306] 8021q: adding VLAN 0 to HW filter on device team0 [ 244.363610] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 244.369885] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 244.386796] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 244.398402] 8021q: adding VLAN 0 to HW filter on device bond0 [ 244.678913] 8021q: adding VLAN 0 to HW filter on device bond0 [ 244.877364] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 244.897179] 8021q: adding VLAN 0 to HW filter on device team0 [ 245.140062] 8021q: adding VLAN 0 to HW filter on device bond0 [ 245.175503] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 245.389905] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 245.404159] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 245.413328] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 245.613857] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 245.680419] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 245.702501] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 245.709695] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 245.966209] 8021q: adding VLAN 0 to HW filter on device team0 [ 246.082843] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 246.089110] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 246.097695] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 246.145841] 8021q: adding VLAN 0 to HW filter on device team0 12:49:45 executing program 0: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='fuse\x00', 0x0, &(0x7f0000000240)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4004}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r1, &(0x7f0000002000), 0x112) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, 0x0}, &(0x7f0000000180)=0xc) chown(&(0x7f00000001c0)='./file0\x00', 0x0, r2) read$FUSE(r1, &(0x7f0000001000), 0x1000) write$FUSE_INIT(r1, &(0x7f0000000100)={0x50, 0x0, 0x1}, 0x50) write$FUSE_ATTR(r1, &(0x7f0000000680)={0x78, 0x0, 0x2, {0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000}}}, 0x78) [ 246.707520] 8021q: adding VLAN 0 to HW filter on device team0 12:49:46 executing program 0: 12:49:46 executing program 2: 12:49:46 executing program 0: 12:49:46 executing program 2: 12:49:46 executing program 0: 12:49:46 executing program 2: [ 248.755345] ISOFS: Unable to identify CD-ROM format. [ 248.823852] ISOFS: Unable to identify CD-ROM format. 12:49:48 executing program 1: ioctl$TCSETSF(0xffffffffffffffff, 0x5404, &(0x7f0000000000)) openat$full(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/full\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x2, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = syz_open_pts(r0, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vga_arbiter\x00', 0x0, 0x0) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f00000002c0)={'veth1_to_team\x00', {0x2, 0x0, @dev}}) write$binfmt_aout(r0, &(0x7f0000000000)=ANY=[], 0x2a3) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x17}) 12:49:48 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x8000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$FIBMAP(r0, 0x1, &(0x7f0000000100)=0x7f) r1 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x64) sendmmsg(r1, &(0x7f00000002c0), 0x4cc, 0x20007ffc) r2 = openat(0xffffffffffffffff, &(0x7f0000000280)='./bus\x00', 0x100, 0x5c) openat(r2, &(0x7f0000000140)='./bus\x00', 0x48100, 0x128) ioctl$TCSETA(0xffffffffffffffff, 0x5406, &(0x7f00000002c0)={0xfffffffffffff000, 0x0, 0x800, 0x5, 0x0, 0x7, 0x2, 0x3}) setrlimit(0x40000000000008, &(0x7f0000000540)) ioctl$LOOP_SET_CAPACITY(r0, 0x4c07) unlink(&(0x7f00000000c0)='./bus\x00') 12:49:48 executing program 2: r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xced806) lsetxattr$security_smack_transmute(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000100)='TRUE', 0x4, 0x1) 12:49:48 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000005c0)={0x0, 0x0}) pipe(&(0x7f0000000440)) write(0xffffffffffffffff, &(0x7f00000001c0), 0xffffffea) clock_gettime(0x0, &(0x7f00000001c0)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)={0x2a}, &(0x7f0000000200)={0x0, r1+30000000}, &(0x7f0000000300)={&(0x7f00000002c0), 0x8}) sendmmsg(r0, &(0x7f0000008600)=[{{0x0, 0x0, &(0x7f0000003140)}}], 0x1, 0x0) 12:49:48 executing program 4: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='oom_adj\x00') pwritev(r0, &(0x7f0000000400)=[{&(0x7f0000000100)="c1", 0x1}], 0x1, 0x400000000000) 12:49:48 executing program 5: socket$nl_route(0x10, 0x3, 0x0) io_setup(0x2, &(0x7f0000000140)=0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) io_submit(r0, 0x1, &(0x7f00000007c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x7, 0x0, r1, &(0x7f0000000180)="3f2f6f2f76b0", 0x6}]) 12:49:48 executing program 4: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net\x00', 0x200002, 0x0) fchdir(r1) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) write$cgroup_subtree(r2, &(0x7f0000000080)={[{0x0, 'pids'}]}, 0x6) fallocate(r2, 0x0, 0x0, 0x800fffa) [ 250.222939] hrtimer: interrupt took 28583 ns 12:49:49 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r1, 0x29, 0x3a, &(0x7f00000000c0)=0x80, 0x4) bind$inet6(r1, &(0x7f000000d000)={0xa, 0x4e20}, 0x1c) setsockopt$inet6_opts(r1, 0x29, 0x3b, &(0x7f0000000040)=@dstopts, 0x8) setsockopt$inet6_opts(r1, 0x29, 0x36, &(0x7f0000000180)=@dstopts, 0x8) connect$inet6(r1, &(0x7f000000cfe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) recvmsg(r1, &(0x7f0000000400)={&(0x7f0000000000)=@nfc, 0x10, &(0x7f0000000080), 0x0, &(0x7f0000000100)=""/128, 0x80}, 0x0) sendmsg(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000002ff0), 0x0, &(0x7f0000000180)}, 0x0) 12:49:49 executing program 5: accept4$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2}, &(0x7f00000000c0)=0x1c, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) getsockopt$packet_int(r0, 0x107, 0xb, &(0x7f0000000080), &(0x7f00000041c0)=0x4) 12:49:49 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_ifreq(r0, 0x891e, &(0x7f00000002c0)={'ip6gretap0\x00', @ifru_data=&(0x7f0000000280)="0c363a3402c00176050cb27a6f2d9789452068165fb2f208bc68e7da4afef7e0"}) 12:49:49 executing program 5: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net\x00', 0x200002, 0x0) fchdir(r1) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000080)=[@text32={0x20, &(0x7f0000000040)="0f350fc7a9008000000f0f64e0111cc4c3f9df4800000f155080c4e31d4a12c766ba420066ed0f323626360fc7aefdc8fc1c0f21ca", 0x35}], 0x1, 0x0, &(0x7f0000000100), 0x0) [ 250.494479] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 12:49:49 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2}, 0x1c) r1 = socket$inet6(0xa, 0x803, 0x5) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000003c0)={@in6={{0xa, 0x0, 0x0, @loopback}}, 0x0, 0x8, 0x0, "a7cdd39773de2dd6a4045751e52c2f868aefaf537936389dd2935273694c8dcf6f614c943663e67f9fc978833dfe20ba70f0f16fa5eb5b7a4c67d2a146111f9b0a0388dc952e1a4d7e4bdf797aeb2279"}, 0x17a) sendto$inet6(r0, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) 12:49:49 executing program 5: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") syz_emit_ethernet(0x140, &(0x7f00000000c0)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x11, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0xd}}, @icmp=@parameter_prob={0x8, 0x8, 0x0, 0x0, 0x14, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local={0xac, 0x70}, @dev}}}}}}, &(0x7f0000000000)) 12:49:49 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540)='/dev/kvm\x00', 0x0, 0x0) memfd_create(&(0x7f0000000140)='*($', 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000480), 0xc, &(0x7f00000001c0)={&(0x7f00000006c0)=ANY=[]}}, 0x0) sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000000), 0xc, &(0x7f00000003c0)={&(0x7f0000000580)=ANY=[]}}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000200)={0x28, 0x8}) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="1200000017020007f22e2f66696c"], 0xe) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000002c0)="b8010000000f01c166b8e2000f00d8b9800000c00f3235004000000f304a0fc75f20c44379608d00000100f22e0f01ca67440ff6143f66ba4000b846c95182ef0f01cf400f01df", 0x47}], 0x26a, 0x0, &(0x7f0000000100), 0xffffffffffffe82) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f00000000c0)={0x0, 0x1}) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f0000000280)=0x7) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000100)=[{0x3, 0xc91}], 0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 251.047697] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 12:49:49 executing program 2: r0 = syz_open_procfs(0x0, &(0x7f0000000040)="6c6f67696e7569640039dad3c444de4a35f0fd223db6aa1e2fdd63c225bbb6450080000000000000b4919c1a04000000000000009b23912e9b96566ebf23618dfdd331fcacfeccdb938974f48d420c49e5b37f94bdb651b9c102659034f419d42f") writev(r0, &(0x7f0000000440)=[{&(0x7f00000001c0)="d4", 0x1}], 0x1) 12:49:49 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop-control\x00', 0x0, 0x0) close(r0) socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_PKTINFO(r0, 0x29, 0x32, &(0x7f00000050c0)={@local}, 0x14) 12:49:49 executing program 5: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") membarrier(0x1, 0x0) 12:49:49 executing program 1: unshare(0x4000400) r0 = openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/attr/current\x00', 0x2, 0x0) sync_file_range(r0, 0x0, 0x0, 0x0) 12:49:49 executing program 3: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") r1 = socket(0xa, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000040)={0x0, 'bridge0\x00', 0x1}, 0xfffffe7d) ioctl(r1, 0x8916, &(0x7f0000000040)) getsockopt$inet6_tcp_int(r0, 0x6, 0x22, &(0x7f0000000080), &(0x7f00000000c0)=0x4) ioctl(r1, 0x8936, &(0x7f0000000000)) 12:49:49 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f00003b9fdc)) ioctl$TCXONC(r0, 0x540a, 0x1) 12:49:49 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1}, 0xc) 12:49:49 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8, 0xe}]}}}]}, 0x3c}}, 0x0) 12:49:49 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f00000005c0)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_UPDELAY={0x8}]}}}]}, 0x3c}}, 0x0) 12:49:49 executing program 3: r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000380)="130000001000ffdde200f49ff60f050000230a", 0x13) 12:49:50 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000140)=0x9) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000280)=0x2) 12:49:50 executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001380)={0x5, 0x5, 0x800, 0x1, 0x0, 0xffffffffffffff9c}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000006300)={r0, &(0x7f0000006340), &(0x7f0000006100), 0x2}, 0x20) 12:49:50 executing program 0: r0 = epoll_create1(0x0) perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x859, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$setownex(r0, 0xf, &(0x7f0000000180)) [ 251.344857] netlink: 'syz-executor2': attribute type 14 has an invalid length. 12:49:50 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000140)=0x9) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000040)=0x1) 12:49:50 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) mmap(&(0x7f0000000000/0x8000)=nil, 0x8000, 0x0, 0x10012, r0, 0x57) [ 251.481179] (unnamed net_device) (uninitialized): Unable to set up delay as MII monitoring is disabled 12:49:50 executing program 2: clone(0x200, &(0x7f0000000080), &(0x7f0000000040), &(0x7f00000000c0), &(0x7f0000000200)) mknod(&(0x7f0000000200)='./file0\x00', 0x1041, 0x0) execve(&(0x7f0000000240)='./file0\x00', &(0x7f0000000300), &(0x7f0000000200)) r0 = syz_open_procfs(0x0, &(0x7f0000000400)='attr/current\x00') write(r0, &(0x7f00000002c0), 0x0) lseek(r0, 0x0, 0x3) clone(0x0, &(0x7f0000000380), &(0x7f00000005c0), &(0x7f0000001880), &(0x7f0000001900)) open$dir(&(0x7f0000000000)='./file0\x00', 0x281, 0x4) 12:49:50 executing program 5: 12:49:50 executing program 4: 12:49:50 executing program 1: 12:49:50 executing program 0: 12:49:50 executing program 5: 12:49:50 executing program 1: 12:49:50 executing program 4: 12:49:50 executing program 3: 12:49:50 executing program 0: 12:49:50 executing program 1: 12:49:50 executing program 3: 12:49:50 executing program 2: 12:49:50 executing program 4: 12:49:50 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'aead\x00', 0x0, 0x0, 'authencesn(sha3-224-generic,cbc-camellia-asm)\x00'}, 0x58) 12:49:50 executing program 0: 12:49:50 executing program 1: 12:49:50 executing program 3: 12:49:50 executing program 1: 12:49:50 executing program 0: 12:49:50 executing program 4: 12:49:50 executing program 3: 12:49:50 executing program 5: 12:49:50 executing program 1: 12:49:50 executing program 2: 12:49:50 executing program 4: 12:49:50 executing program 0: 12:49:51 executing program 5: 12:49:51 executing program 3: 12:49:51 executing program 1: 12:49:51 executing program 2: 12:49:51 executing program 0: 12:49:51 executing program 4: 12:49:51 executing program 1: 12:49:51 executing program 3: 12:49:51 executing program 2: 12:49:51 executing program 5: 12:49:51 executing program 4: 12:49:51 executing program 0: 12:49:51 executing program 3: 12:49:51 executing program 5: 12:49:51 executing program 1: 12:49:51 executing program 2: 12:49:51 executing program 4: 12:49:51 executing program 3: 12:49:51 executing program 1: 12:49:51 executing program 0: 12:49:51 executing program 5: 12:49:51 executing program 2: 12:49:51 executing program 4: 12:49:51 executing program 3: 12:49:51 executing program 1: 12:49:51 executing program 4: 12:49:51 executing program 5: 12:49:51 executing program 0: 12:49:51 executing program 2: 12:49:51 executing program 1: 12:49:51 executing program 3: 12:49:51 executing program 0: 12:49:51 executing program 5: 12:49:51 executing program 2: 12:49:51 executing program 4: 12:49:51 executing program 1: 12:49:51 executing program 3: 12:49:51 executing program 5: 12:49:51 executing program 0: 12:49:52 executing program 4: 12:49:52 executing program 2: 12:49:52 executing program 1: 12:49:52 executing program 3: 12:49:52 executing program 0: 12:49:52 executing program 4: 12:49:52 executing program 2: 12:49:52 executing program 5: 12:49:52 executing program 1: 12:49:52 executing program 2: 12:49:52 executing program 4: 12:49:52 executing program 3: 12:49:52 executing program 0: 12:49:52 executing program 5: 12:49:52 executing program 1: 12:49:52 executing program 4: 12:49:52 executing program 3: 12:49:52 executing program 0: 12:49:52 executing program 2: 12:49:52 executing program 5: r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0) fchmod(r0, 0x0) 12:49:52 executing program 4: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x18}}, &(0x7f0000000440)=""/225, 0x1a, 0xe1}, 0x20) r0 = socket$inet6(0xa, 0x3, 0x1) connect$inet6(r0, &(0x7f0000000180), 0x1c) sendmmsg(r0, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000001600)=[{0xc}], 0xc}}], 0xb, 0x0) 12:49:52 executing program 3: r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xced806) mount(&(0x7f0000000280)=ANY=[], &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)='sockfs\x00', 0x0, &(0x7f00000001c0)='\x00') 12:49:52 executing program 1: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000000), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000080), 0x0, &(0x7f00000003c0)={0x77359400}, 0x8) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x3a, &(0x7f0000000100)) get_robust_list(r0, &(0x7f00000001c0)=&(0x7f0000000180)={&(0x7f00000000c0)={&(0x7f0000000040)}, 0x0, &(0x7f0000000140)}, &(0x7f0000000200)=0x18) 12:49:52 executing program 2: syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000380)='./file0\x00', 0x0, 0x0, &(0x7f0000000680), 0x0, &(0x7f0000000840)={[{@fat=@nfs='nfs'}]}) 12:49:52 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000900)="73746174757300c22322c94f133520785e91ea85ae107cc3819819c263540b1de1ba201e6de4b75a115091eed530aa482e36594601ceb5d169c5baf41b35d8a5a09a82496613d86023865b57ef269f90d304969f68e3541edbb55841bd978f7df53b611b40a44291b5a882208fbb835e54a41310a3b481d5bdbb0981742909a63b7cd1a18d405e5b011bfbe5a4d5bf299447e4c0dd4b63a367211c0078238b509d614100d33a5584aa3b3cb9b89e6e5f84719294d41b27117c47fb4f2b2be475eb25d5f69b6d10cf8422cade570c087b0387f7ea7fa5be8437b32e8083a8953509c5f244464dc657ace304e25d2420c1a55efe4669a0f8c3c9db254d0bd95c7b7729db77e0bdc0ce9f170827eebfe1395abfd8db1260ea8f47464499270816ad06a4d1726358e0355fc2b05329d34efbcdddc8bcd84db257a691ff137a798fae184b9803c866f1c32671b52961894eccae6b2d1b4fc500000000000000000065ddf85561717c6425fda90a23a6e775c95f9a18edd9c847038623cea48412d55604afc6e60b2f6d8a0a330fc1557c9e622b4f12d13c6ecb6256fe75218cacd5177b49be374443de1ab90042a574576a2b90818c1f573a028a395b12d4692f702917ef41112ae6edd2ded1ecfab70da6fa268d4222775dd801425bc2010887bbfb1b658120137df77509f33f3feb5365c2f08ebe233c4c262a1d6e12022dd801baa98459055a6a189bdd50ecb714f02c60b639087d50dfdc72ad72b0aadd68f0b2d227b2ca3c05dfc21fc860fbd392a7e5c127a8b46486c31da5b1f04b2d11f6ddf640305434") setgroups(0x52a, &(0x7f0000000140)) sendfile(r1, r1, &(0x7f0000000000)=0x8000, 0x71c) 12:49:52 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f00000000c0)={0x0, 0xfffffffffffffed0, &(0x7f0000001180)}) 12:49:52 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSWINSZ(r0, 0x5414, &(0x7f0000000080)) [ 254.113266] FAT-fs (loop2): bogus number of reserved sectors 12:49:52 executing program 0: r0 = socket(0x40000000002, 0x3, 0x6) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_ifreq(r0, 0x8923, &(0x7f0000000080)={'lo\x00', @ifru_data=&(0x7f0000000000)="2dcde1d4cb33ab52a02e2a462f1be4be6efe31558a8d13aa702058664ea0a96f"}) 12:49:52 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_int(r0, 0x6, 0x1f, &(0x7f0000000140), &(0x7f0000000180)=0x4) [ 254.158898] FAT-fs (loop2): Can't find a valid FAT filesystem 12:49:52 executing program 4: r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f00000000c0)={0x0, 0xfffffffffffffed0, &(0x7f0000001180)}) 12:49:53 executing program 5: r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000000000)={0xf, 0x0, &(0x7f0000001180)}) [ 254.259132] FAT-fs (loop2): bogus number of reserved sectors [ 254.286788] FAT-fs (loop2): Can't find a valid FAT filesystem 12:49:53 executing program 0: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/mcfilter6\x00') sendfile(r0, r0, &(0x7f0000000000)=0x8000, 0x71c) 12:49:53 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) io_setup(0x2, &(0x7f0000000140)=0x0) io_submit(r2, 0x1, &(0x7f0000000440)=[&(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000700), 0x0, 0x0, 0x0, 0x3, r1}]) 12:49:53 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$ARPT_SO_GET_INFO(r0, 0x0, 0x60, &(0x7f0000000000)={'filter\x00'}, &(0x7f0000000080)=0x44) 12:49:53 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syslog(0x3, &(0x7f00000000c0)=""/147, 0x37a8ec531be3c41f) 12:49:53 executing program 0: rt_sigsuspend(&(0x7f0000000000)={0x6}, 0x8) 12:49:53 executing program 4: r0 = socket$inet6(0x10, 0x2, 0x7) sendmsg(r0, &(0x7f0000002fc8)={&(0x7f0000000080)=@nl, 0x80, &(0x7f0000000100)=[{&(0x7f0000000280)="5500000018007f8500fe01b2a4a28093", 0x10}], 0x1, &(0x7f0000000000)}, 0x0) 12:49:53 executing program 5: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/rt6_stats\x00') sendfile(r0, r0, &(0x7f0000000000)=0x8000, 0x71c) 12:49:53 executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x6, 0x4, 0x400000000004, 0x9}, 0x2c) ioctl$void(r0, 0xc0045878) 12:49:53 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) link(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='./file1/file0\x00') unlink(&(0x7f0000000080)='./file1/file0\x00') 12:49:53 executing program 4: clock_adjtime(0x0, &(0x7f0000000f30)={0xfffffffffffffe03}) 12:49:53 executing program 2: r0 = socket$inet6(0xa, 0x400000000001, 0x0) r1 = dup(r0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback, 0x79}, 0x1c) sendto$inet6(r0, &(0x7f0000e77fff), 0x2bd, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet_tcp_int(r1, 0x6, 0x13, &(0x7f0000000080)=0x1, 0x4) setsockopt$inet_tcp_int(r1, 0x6, 0x18, &(0x7f0000000140), 0x4) r2 = open(&(0x7f0000000000)='./bus\x00', 0x110000141042, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ftruncate(r2, 0x10099b7) sendfile(r0, r2, &(0x7f0000d83ff8), 0x8000fffffffe) connect$unix(r1, &(0x7f0000006780)=@file={0x0, './bus\x00'}, 0x6e) 12:49:53 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) rmdir(&(0x7f0000000000)='./file1\x00') 12:49:53 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000380)='/group.stat\x00', 0x2761, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0xc020660b, 0x400020) 12:49:53 executing program 3: openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={0xffffffffffffffff, &(0x7f0000000600), &(0x7f0000000200)}, 0x20) socketpair(0x80000000001, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r0, &(0x7f0000000080), &(0x7f0000000400)}, 0x20) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f0, &(0x7f0000000300)='0\x00') [ 255.009864] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 12:49:53 executing program 4: r0 = socket$inet6(0xa, 0x200000000000002, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) shutdown(r0, 0x0) 12:49:53 executing program 1: r0 = socket$inet6(0xa, 0x400000000001, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000e77fff), 0x0, 0x0, &(0x7f00008d4fe4)={0xa, 0x0, 0x0, @loopback}, 0x1c) close(r0) io_setup(0x0, &(0x7f0000000100)) socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f00000003c0)=0x0) getpgrp(r1) getdents64(0xffffffffffffffff, &(0x7f0000000100)=""/79, 0x292) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000440)={0x50, 0x0, 0x7, {0x7, 0x1b, 0x6, 0x0, 0x0, 0x8, 0xd01, 0x67}}, 0x50) pipe(&(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_MCAST_LEAVE_GROUP(r2, 0x0, 0x2d, &(0x7f0000000580)={0xff, {{0x2, 0x4e20}}}, 0x88) getdents64(0xffffffffffffffff, &(0x7f0000000000)=""/54, 0xff55) r3 = getpgrp(0xffffffffffffffff) ptrace$poke(0x5, r3, &(0x7f0000000180), 0x8) r4 = openat$tun(0xffffffffffffff9c, &(0x7f00000006c0)='/dev/net/tun\x00', 0x2, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000080)={"0000000000000000000000000200", 0x5002}) r5 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/net/pfkey\x00', 0x40, 0x0) openat$uhid(0xffffffffffffff9c, &(0x7f0000000400)='/dev/uhid\x00', 0x802, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f00000000c0), 0xc, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x1}}, 0x0) r6 = open(&(0x7f0000000640)='./bus\x00', 0x141042, 0x0) ioctl$KDSETKEYCODE(r5, 0x4b4d, &(0x7f0000000340)={0x3, 0xd4}) openat$smack_thread_current(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/attr/current\x00', 0x2, 0x0) ioctl$EVIOCGSW(r0, 0x8040451b, &(0x7f00000004c0)=""/67) ftruncate(r6, 0x2007fff) ioctl$TUNSETOFFLOAD(r6, 0x400454d0, 0x13) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000a00)=ANY=[@ANYBLOB="0000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000400000000000000040000000000000007000000000000000700000000000000000000000000000000000000000000000000000000000000000000007c0b000005000000000000000800000000000000060000000000000081000000000000000000000000000001000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000b31dbc7ecc5820d3000000000000000004000000000000000000000000020000000000000000000000000000000000a4b36c8615489de1a4d0bfd81036782aa3719b7f5edcaf1e3484c5fd1b32eec9c586ec806e6ebb83411f7ac5a8bbb3b178b8d296482de29e23b196c8e792534bcce60ff190a866560a7b346851759d5a468dcde41a36533195b7b3e65b33479040797b0458324deff121356feea1fd0ef65c3570ca6615c1be95efad977c7461d8a3686bda143720add9bcacdb1e319abbfaf72a3738681e212318ebbd037283410000"]) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) write(r8, &(0x7f00000001c0), 0xfffffef3) read(r7, &(0x7f0000000200)=""/250, 0x50c7e3e3) sendfile(r0, r6, &(0x7f0000d83ff8), 0x8000fffffffe) 12:49:54 executing program 0: bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000240)={&(0x7f0000000080)='./file0\x00'}, 0x10) socketpair(0x0, 0x0, 0x0, &(0x7f0000000140)) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @multicast1}, 0x10) getsockopt$llc_int(0xffffffffffffffff, 0x10c, 0x3, &(0x7f0000000200), &(0x7f0000000280)=0x4) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x12, 0x6, 0x4, 0xb42a, 0x0, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000180)={r1, &(0x7f0000000000), &(0x7f0000000140)}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r1, &(0x7f0000000280), &(0x7f00000000c0)=""/70}, 0x18) 12:49:54 executing program 5: r0 = socket$inet6(0xa, 0x200000000000002, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c) sendmmsg(r0, &(0x7f0000002240)=[{{0x0, 0x0, &(0x7f0000000200), 0x0, &(0x7f0000000440)=[{0xc}], 0xc, 0x40}, 0x1ff}], 0x1, 0x0) 12:49:54 executing program 4: r0 = socket$netlink(0x10, 0x3, 0xa) r1 = dup(r0) write$P9_RREAD(r1, &(0x7f0000000000)={0x24, 0x75, 0x0, {0x19, "e50bdcd7a738fe2ae0db116397dd7f4e19aa7bcb442d307c30"}}, 0x24) 12:49:54 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = socket$inet(0x10, 0x2, 0x4) sendmsg(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f000000d000)=[{&(0x7f0000008000)="4c0000001200ff095ffefd956fa283b724a6008c00000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 12:49:54 executing program 3: 12:49:54 executing program 3: r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000080)=0x2, 0x4) r1 = accept4(r0, &(0x7f0000000200)=@ax25, &(0x7f00000005c0)=0x80, 0x80000) r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) r3 = socket(0x40000000015, 0x5, 0x0) getsockopt$inet_sctp6_SCTP_RECVNXTINFO(r1, 0x84, 0x21, &(0x7f0000000600), &(0x7f00000006c0)=0x4) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r2, 0x6, 0x1d, &(0x7f00000001c0)={0x9, 0x7, 0x4, 0x5, 0x401}, 0x14) setsockopt$sock_int(r3, 0x1, 0x23, &(0x7f00000005c0)=0x8a, 0x4) r4 = socket$inet6(0xa, 0x3, 0x800000000000004) ioctl(r4, 0x8912, &(0x7f0000000280)="153f6234488dd25d5c6070") bind$inet(r3, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10) sendto$inet(r3, &(0x7f0000000000), 0x0, 0x0, &(0x7f000069affb)={0x2, 0x0, @loopback}, 0x10) connect$llc(r2, &(0x7f00000000c0)={0x1a, 0x1, 0x5, 0x5, 0xc93, 0x8, @link_local}, 0x10) sendmmsg(r2, &(0x7f0000001380), 0x3fffff1, 0x40) 12:49:54 executing program 4: socket$kcm(0xa, 0x6, 0x0) r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x40000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x100, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x5) openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) r2 = socket$kcm(0x29, 0x7, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f00000003c0)=@generic={0xc, "ddf95228adcb80d455a64ea96b388c597669d14253d4c01472089f2cfd33ee18601957bc7a0ee267debd46825d7baa4d9ff4e47649ba1ba27857ff311486d58cb08b2eb1bed032bbb59941c2626fde700c63a1aa80847916e8d614a8e84b706c2aff16592e209b8b80a7e685e9f9d3aaa59d695e36cb12585ccbda1b29d8"}, 0x80, &(0x7f00000005c0), 0x0, &(0x7f0000000600), 0x0, 0x8001}, 0x20048014) sendmsg$kcm(r2, &(0x7f0000000000)={&(0x7f0000000340)=@in6={0xa, 0x0, 0x0, @ipv4={[], [], @multicast2}, 0x100}, 0x80, &(0x7f0000000400), 0x0, &(0x7f0000000bc0)=ANY=[], 0x0, 0xffffffffffffffff}, 0x800) getpid() recvmsg(0xffffffffffffffff, &(0x7f00000010c0)={&(0x7f0000000f00)=@can, 0x80, &(0x7f0000000f80), 0x0, &(0x7f0000000fc0)=""/230, 0xe6}, 0x40000102) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.stat\x00', 0x0, 0x0) socketpair(0x0, 0x0, 0x5, &(0x7f0000000280)) socketpair(0xd, 0x6, 0xffffffffffffa5e0, &(0x7f0000000200)) openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) socket$kcm(0xa, 0x0, 0x11) getpid() perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x8, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0xd, 0x6, 0x8, &(0x7f0000000080)) r3 = socket$kcm(0xa, 0x2, 0x11) perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$sock_attach_bpf(r3, 0x29, 0x19, &(0x7f0000000380), 0x4) sendmsg$kcm(r3, &(0x7f0000002b80)={&(0x7f00000005c0)=@in6={0xa, 0x4e21, 0x0, @local}, 0x80, &(0x7f00000028c0), 0x0, &(0x7f0000002a00)=ANY=[]}, 0x0) recvmsg(r3, &(0x7f00000029c0)={&(0x7f0000000840)=@l2, 0x80, &(0x7f00000000c0), 0x0, &(0x7f0000002940)=""/122, 0x7a}, 0x2061) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000140)={'syzkaller0\x00'}) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x8914, &(0x7f0000000040)="6c6f00966fd651b959a9644a2c00d2970403dc0d") write$cgroup_pid(0xffffffffffffffff, &(0x7f00000003c0), 0x12) 12:49:54 executing program 5: openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={0xffffffffffffffff, &(0x7f0000000600), &(0x7f0000000200)}, 0x20) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0x80000000001, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r0, &(0x7f0000000080), &(0x7f0000000400)}, 0x20) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f0, &(0x7f0000000300)='0\x00') 12:49:54 executing program 2: bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={0xffffffffffffffff, &(0x7f0000000600), &(0x7f0000000200)}, 0x20) socketpair(0x80000000001, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f0, &(0x7f0000000300)='0\x00') 12:49:54 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f0000000000)={0x40, {{0xa, 0x0, 0x0, @mcast1}}}, 0x108) 12:49:54 executing program 2: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x2}, 0x1c) ioctl$sock_inet_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f0000000080)={'bcsh0\x00', {0x2, 0x0, @loopback}}) sendto$inet6(r2, &(0x7f0000000000), 0xd5e333a58547eec3, 0x80020000001, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000180)="98", 0x1}], 0x1, 0x0) ioctl$int_in(r2, 0x5421, &(0x7f0000000100)=0x1) accept4$inet6(r2, &(0x7f00000003c0)={0xa, 0x0, 0x0, @ipv4={[], [], @rand_addr}}, &(0x7f0000000400)=0x1c, 0x0) splice(r0, 0x0, r2, 0x0, 0xab11, 0x0) [ 256.160103] device lo entered promiscuous mode 12:49:55 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = epoll_create1(0x0) epoll_wait(0xffffffffffffffff, &(0x7f00000004c0), 0x0, 0x200) r3 = socket$inet6(0xa, 0x803, 0x6) ioctl(r3, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000080)) shutdown(r0, 0x0) 12:49:55 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x8000000000000004) r1 = socket$inet6(0xa, 0x803, 0x7) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0a5c2d023c126285718070") writev(r0, &(0x7f00007af000)=[{&(0x7f0000000100)="480000001500190a20ffff7fffffff5602113b850e1de097485e000000fe58a2bc4a03049164643e89720000de213ee23ffbf510040041feff5aff2b000000000000070000000000", 0x48}], 0x1) 12:49:55 executing program 3: getuid() 12:49:55 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000480)={&(0x7f00000000c0), 0xc, &(0x7f0000000200)={&(0x7f00000003c0)=@ipv4_delroute={0x24, 0x19, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, [@RTA_DST={0x8, 0x1, @broadcast}]}, 0x24}}, 0x0) 12:49:55 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) unshare(0x4000400) pread64(r0, &(0x7f0000000100), 0x0, 0x0) 12:49:55 executing program 5: socket$kcm(0xa, 0x6, 0x0) r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x40000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000300)='/dev/net/tun\x00', 0x100, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x5) openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) r2 = socket$kcm(0x29, 0x7, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f00000003c0)=@generic={0xc, "ddf95228adcb80d455a64ea96b388c597669d14253d4c01472089f2cfd33ee18601957bc7a0ee267debd46825d7baa4d9ff4e47649ba1ba27857ff311486d58cb08b2eb1bed032bbb59941c2626fde700c63a1aa80847916e8d614a8e84b706c2aff16592e209b8b80a7e685e9f9d3aaa59d695e36cb12585ccbda1b29d8"}, 0x80, &(0x7f00000005c0), 0x0, &(0x7f0000000600), 0x0, 0x8001}, 0x20048014) sendmsg$kcm(r2, &(0x7f0000000000)={&(0x7f0000000340)=@in6={0xa, 0x0, 0x0, @ipv4={[], [], @multicast2}, 0x100}, 0x80, &(0x7f0000000400), 0x0, &(0x7f0000000bc0)=ANY=[], 0x0, 0xffffffffffffffff}, 0x800) getpid() recvmsg(0xffffffffffffffff, &(0x7f00000010c0)={&(0x7f0000000f00)=@can, 0x80, &(0x7f0000000f80), 0x0, &(0x7f0000000fc0)=""/230, 0xe6}, 0x40000102) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000240)='cpuacct.stat\x00', 0x0, 0x0) socketpair(0x0, 0x0, 0x5, &(0x7f0000000280)) socketpair(0xd, 0x6, 0xffffffffffffa5e0, &(0x7f0000000200)) openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) socket$kcm(0xa, 0x0, 0x11) getpid() perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x8, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0xd, 0x6, 0x8, &(0x7f0000000080)) r3 = socket$kcm(0xa, 0x2, 0x11) perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$sock_attach_bpf(r3, 0x29, 0x19, &(0x7f0000000380), 0x4) sendmsg$kcm(r3, &(0x7f0000002b80)={&(0x7f00000005c0)=@in6={0xa, 0x4e21, 0x0, @local}, 0x80, &(0x7f00000028c0), 0x0, &(0x7f0000002a00)=ANY=[]}, 0x0) recvmsg(r3, &(0x7f00000029c0)={&(0x7f0000000840)=@l2, 0x80, &(0x7f00000000c0), 0x0, &(0x7f0000002940)=""/122, 0x7a}, 0x2061) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000140)={'syzkaller0\x00'}) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x8914, &(0x7f0000000040)="6c6f00966fd651b959a9644a2c00d2970403dc0d") write$cgroup_pid(0xffffffffffffffff, &(0x7f00000003c0), 0x12) ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x8914, &(0x7f0000000680)="6c6f00966f380f64a1e3d75d627d1fa159ad34909d60d298000000202759175d1563ca52dd984f43891be784e2058077d27c448d4b144278cb7548c2ee63bf3c3e591afc1f394f4281891836c571406eb4b673b00000000000080000daefec45ecd549b29bfe8d903f00e9e47e673ac1b2616a96bba7e2c0dcf95108eb167f5411d30d37e62266cf8eab640f747082aed2158e2b63f6bfe1343ea62da563ded7abea1ff873329c5646d518fe0e8f20010000792efc2a82a5a17035c87bf7efabe899eb77238a741c80fcb095a2a7d72c595d45388358f546dc882df5b0b55edb1ab6aa14e2b90d685e4a2dd1ba556e04276c1be06fdbc891251cb5bfb690b4c27f5d2fb3e7c92794cf496fdf0495b506841f483edac504209488eb27d43b367fd9992d1b7c478dd4b925aa51a04b100393e1cce76d8027f0a5ed280da80f26b1f3ff300c82255f928b44b9d9e7f2e4c16923dc8741b9c70d92fa1111b51f039ddd1b6adfac67e3a053d38ae16e97eaf5a0270be9a0f12066aa6ecfb569b664bc920bd5381608b35f3aa4210a79c4260a574d4da8c40b9f016ff4ab26b6170250c3214ea18622d704f1c021edffee24c8398c4230d16444e0495088a2f2599a662424f18196f750acca803a21b49423cb5e9f2703e393b982bfcfc4e3f7034f68f272ca8f66bb2f9f2aaf1a20a5a03f254da58698fa342731c70c3ccc40e88aac2edee4c7f59c6ba43021e91424b3056db56ded0c7493d8a3802759b905bb747cbebc7a0af3f570f89f7e1bd00b1c51") 12:49:55 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc028ae92, &(0x7f0000000000)={0x0, 0x100000001}) 12:49:55 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, r1, 0x0, 0x9, &(0x7f0000000000)='/dev/kvm\x00', 0xffffffffffffffff}, 0x30) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, &(0x7f00000002c0)="b8010000000f01c166b8e2000f00d8b9800000c00f3235004000000f304a0fc75f20c44379608d00000100f22e0f01ca67440ff6143f66ba4000b846c95182ef0f01cf400f01df", 0x47}], 0x26a, 0x0, &(0x7f0000000100), 0xffffffffffffe82) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 12:49:55 executing program 3: mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x4, 0x31, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2, 0x32, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) sendto$inet6(r0, &(0x7f0000000040), 0x0, 0x8001, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @mcast2, 0x9}, 0x1c) read(r0, &(0x7f00000000c0)=""/108, 0x6c) write$binfmt_misc(r0, &(0x7f0000000200)=ANY=[], 0xffdc) read(r0, &(0x7f0000000140)=""/165, 0x1000000eb) 12:49:55 executing program 2: r0 = socket(0x2000000011, 0x3, 0x0) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000000), 0x4) sendto$inet6(r0, &(0x7f0000000200)="0cf4d6ed8e041d521daad424186a9b334d7c95087e0ecc02903e8b3148a9bdae2e9889b6010100006d593b49ed4850f513d95fc0d4ac48a0266c415dc39704a9e4d703754e17840e6d2a610af6a69b6eb7ad9326b942a809426259ff1e0e6ae4dd76e9b3db4fc1def82b24aa7945060000001b9fa9c3c4e9c6a15c8e9ddcbf16946446e22e22f92f4bfe83e82df8ae3138d7e50124126256ca7d6b0c3f056cc8bc819133437098aa246241a1d677f2e199b15e4b1bf352ad4a356e4a0ea414236c0a378ec9bb1cb832a9f7ad3f0690ac9c894f06ca48ced7", 0xd8, 0xfffffffffffffffe, &(0x7f0000000340)={0xa, 0x8100, 0x3, @local}, 0x1c) [ 257.429826] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 257.430324] device lo entered promiscuous mode 12:49:56 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc028ae92, &(0x7f0000000000)={0x0, 0x100000001}) 12:49:56 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={&(0x7f0000000480)={0x10, 0xbb7f, 0x5a6b010000000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)={0x14, 0x22, 0x1}, 0x14}}, 0x0) 12:49:56 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$int_in(r0, 0x800000005452, &(0x7f0000000100)=0xc8) shutdown(r1, 0x1) 12:49:56 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc028ae92, &(0x7f0000000000)={0x0, 0x100000001}) 12:49:56 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) recvmmsg(r0, &(0x7f0000002d80)=[{{&(0x7f0000000000)=@alg, 0x80, &(0x7f0000000100)=[{&(0x7f0000001480)=""/4096, 0x100e}, {&(0x7f0000000240)=""/147, 0x178}], 0x2, &(0x7f0000002740)=""/218, 0xda}}], 0x400000000000086, 0x0, &(0x7f0000002e40)={0x77359400}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080), 0xc, &(0x7f00000000c0)={&(0x7f0000002e80)={0x1c, 0x0, 0x0, 0x0, 0x0, {}, [@generic="d7e7578d2e"]}, 0x1c}}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={&(0x7f0000000400), 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x14, 0x40000000042, 0x105}, 0x3c9}}, 0x0) 12:49:56 executing program 1: bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c) bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2c) 12:49:56 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0xc028ae92, &(0x7f0000000000)={0x0, 0x100000001}) 12:49:57 executing program 5: r0 = socket(0xa, 0x1, 0x0) ioctl(r0, 0x2, &(0x7f0000000000)) 12:49:57 executing program 1: clone(0x210007fa, 0x0, 0xfffffffffffffffe, &(0x7f0000000640), 0xffffffffffffffff) mkdir(&(0x7f0000002900)='./file0\x00', 0x0) mount(&(0x7f00000000c0)=@sg0='/dev/sg0\x00', &(0x7f00000001c0)='./file0\x00', &(0x7f0000000180)='tmpfs\x00', 0x0, &(0x7f0000000280)="39696856e19f645643fa411658f84a74356528397615bafb7c21f28403d1156a1b19d8a9e8086cf84e90e121c2ddc62a6f12e72a9e641c0fa6bce84476390e69ebbe7a5e97fad20b169fb62027a9270f47ef3ad9bd610f11c4ead024928838266f9753e8c6caa004e19d99687b46ce5825b254a6512d4d80c5f45fd56a0584a3b40759a4608898b4ca7cc5d23c452c227339fe4532fd411a89f3cbea1c9d8de100d26ca6e3b22bb57492c5ad3075b3b609111c524e0ca43012426c3a06005ec76efd835d20") r0 = creat(&(0x7f0000000340)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x0) 12:49:57 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(0xffffffffffffffff, 0xc028ae92, &(0x7f0000000000)={0x0, 0x100000001}) 12:49:57 executing program 3: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0a5c3d023c126285718070") timer_create(0x0, &(0x7f0000000180)={0x0, 0x0, 0x1, @thr={&(0x7f0000000040), &(0x7f00000000c0)}}, &(0x7f0000000280)) timer_getoverrun(0x0) 12:49:57 executing program 2: clone(0x0, &(0x7f0000000040), &(0x7f0000000140), &(0x7f0000000100), &(0x7f0000000180)) clock_getres(0x0, &(0x7f0000000280)) 12:49:57 executing program 0: clone(0x2102001fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) wait4(0x0, &(0x7f00000000c0), 0x80000008, &(0x7f00000001c0)) r0 = gettid() timer_create(0x0, &(0x7f0000ee4000)={0x0, 0x14}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f0000e04000)={{0x0, 0x989680}, {0x0, 0x989680}}, &(0x7f0000d64000)) futex(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r0, 0x1000000000012) [ 258.518027] tmpfs: No value for mount option '9ihVdVCAXJt5e(9v|!jةlN!*o*dDv9iz^  ''G:ٽa$8&oSʠ᝙h{FX%TQ-M_jY`|0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) recvmmsg(r0, &(0x7f0000001d00)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000180)=""/179, 0xb3}, {&(0x7f00000000c0)=""/22, 0x16}], 0x2, &(0x7f0000000280)=""/210, 0xd2, 0x44}, 0x16ec}, {{&(0x7f00000006c0)=@l2, 0x80, &(0x7f0000000800), 0x0, &(0x7f0000000840)=""/99, 0x63}}], 0x2, 0x100, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) shutdown(r1, 0x2) 12:50:00 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendto$inet(r0, &(0x7f0000000000)="0300", 0x2, 0x800000000007ffe, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) socketpair$packet(0x11, 0x9049ed9795bf7627, 0x300, &(0x7f00000000c0)) 12:50:00 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = inotify_init1(0x0) fcntl$setown(r1, 0x8, 0xffffffffffffffff) fcntl$getownex(r1, 0x10, &(0x7f0000000080)={0x0, 0x0}) r3 = getpgrp(0xffffffffffffffff) kcmp$KCMP_EPOLL_TFD(r2, r3, 0x7, 0xffffffffffffffff, &(0x7f0000000100)) 12:50:00 executing program 5: r0 = socket(0x40000000002, 0x3, 0x2) sendto$unix(r0, &(0x7f0000000080), 0x0, 0xfffffffffffffffc, &(0x7f0000000280)=@abs, 0x6e) 12:50:00 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000540)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r0, 0xc028ae92, &(0x7f0000000000)={0x0, 0x100000001}) 12:50:00 executing program 3: r0 = socket$inet6(0xa, 0x803, 0x3) ioctl(r0, 0x1000008912, &(0x7f0000000100)="0a5c3d023c126285718070") r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendto$inet(r1, &(0x7f0000000340)="030002", 0x3, 0x800000000008000, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10) sendto$inet(r1, &(0x7f0000000080)='\t\x00', 0x2, 0x0, &(0x7f00000001c0)={0x2, 0x0, @remote}, 0x10) 12:50:00 executing program 2: perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11032, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 12:50:00 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000540)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r0, 0xc028ae92, &(0x7f0000000000)={0x0, 0x100000001}) 12:50:00 executing program 1: r0 = socket(0xa, 0x1, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000000)={0x0, "6e72303db49b2c67c300", 0x2}, 0xfffffe16) ioctl(r0, 0x2, &(0x7f0000000000)) ioctl(r0, 0x8936, &(0x7f0000000000)) 12:50:00 executing program 2: 12:50:00 executing program 5: 12:50:00 executing program 3: 12:50:00 executing program 0: 12:50:00 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000540)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r0, 0xc028ae92, &(0x7f0000000000)={0x0, 0x100000001}) 12:50:00 executing program 2: 12:50:00 executing program 1: 12:50:00 executing program 0: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x6}, 0x4) close(r0) 12:50:00 executing program 5: 12:50:00 executing program 3: 12:50:00 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r1, 0xc028ae92, &(0x7f0000000000)={0x0, 0x100000001}) 12:50:00 executing program 2: 12:50:00 executing program 1: 12:50:00 executing program 5: 12:50:00 executing program 3: 12:50:00 executing program 0: 12:50:00 executing program 1: 12:50:00 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r1, 0xc028ae92, &(0x7f0000000000)={0x0, 0x100000001}) 12:50:00 executing program 5: 12:50:00 executing program 2: 12:50:00 executing program 3: 12:50:00 executing program 0: 12:50:00 executing program 1: 12:50:00 executing program 5: 12:50:00 executing program 2: 12:50:00 executing program 3: 12:50:00 executing program 4: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r1, 0xc028ae92, &(0x7f0000000000)={0x0, 0x100000001}) 12:50:01 executing program 0: 12:50:01 executing program 1: 12:50:01 executing program 5: 12:50:01 executing program 2: 12:50:01 executing program 3: 12:50:01 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000540)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r1, 0xc028ae92, &(0x7f0000000000)={0x0, 0x100000001}) 12:50:01 executing program 0: 12:50:01 executing program 1: 12:50:01 executing program 5: 12:50:01 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000540)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r1, 0xc028ae92, &(0x7f0000000000)={0x0, 0x100000001}) 12:50:01 executing program 2: 12:50:01 executing program 1: 12:50:01 executing program 0: 12:50:01 executing program 3: 12:50:01 executing program 5: 12:50:01 executing program 4: openat$kvm(0xffffffffffffff9c, &(0x7f0000000540)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r1, 0xc028ae92, &(0x7f0000000000)={0x0, 0x100000001}) 12:50:01 executing program 2: 12:50:01 executing program 0: 12:50:01 executing program 5: 12:50:01 executing program 1: 12:50:01 executing program 3: 12:50:01 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r1, 0xc028ae92, &(0x7f0000000000)={0x0, 0x100000001}) 12:50:01 executing program 5: 12:50:01 executing program 0: 12:50:01 executing program 2: 12:50:01 executing program 3: 12:50:01 executing program 1: 12:50:01 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r1, 0xc028ae92, &(0x7f0000000000)={0x0, 0x100000001}) 12:50:01 executing program 0: 12:50:01 executing program 2: 12:50:01 executing program 5: 12:50:01 executing program 1: 12:50:01 executing program 3: 12:50:01 executing program 3: 12:50:01 executing program 2: 12:50:01 executing program 0: 12:50:01 executing program 1: r0 = add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000002c0)={'syz'}, &(0x7f0000000300)="9e", 0x1, 0xfffffffffffffffd) keyctl$set_timeout(0xf, r0, 0x0) 12:50:01 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_buf(r0, 0x1, 0x3b, &(0x7f0000000180)=""/96, &(0x7f0000000340)=0x60) 12:50:01 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(r1, 0xc028ae92, &(0x7f0000000000)={0x0, 0x100000001}) 12:50:02 executing program 3: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000040)={0x0, 0x4000000, {0x0, 0x0, 0x0, 0xb, 0x0, 0xed7}}) 12:50:02 executing program 5: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000000)=@routing, 0x361) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000180)={@empty, @loopback, @dev, 0x8, 0x1, 0x0, 0x0, 0x4}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x10001) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x4800002, 0x4831, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000003bc0)={{{@in6=@ipv4={[], [], @dev}, @in6=@remote}}, {{@in6}, 0x0, @in=@multicast1}}, &(0x7f0000003cc0)=0xe8) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) remap_file_pages(&(0x7f0000004000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x0) clone(0x180000, &(0x7f0000000000)="dd73edfafbd3480a", &(0x7f00000000c0), &(0x7f0000000100), &(0x7f0000000140)) madvise(&(0x7f0000003000/0x4000)=nil, 0x4000, 0x9) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000000240), 0x4) 12:50:02 executing program 0: sigaltstack(&(0x7f0000ff9000/0x4000)=nil, &(0x7f0000000280)) r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_PIE_ON(r0, 0x7005) ioctl$RTC_IRQP_SET(r0, 0x4008700c, 0x1b47) 12:50:02 executing program 1: r0 = add_key$user(&(0x7f0000000280)='user\x00', &(0x7f00000002c0)={'syz'}, &(0x7f0000000300)="9e", 0x1, 0xfffffffffffffffd) keyctl$set_timeout(0xf, r0, 0x0) 12:50:02 executing program 2: syz_open_procfs(0x0, &(0x7f0000000480)='fd\x00') keyctl$unlink(0x9, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000001000000bfa30000000000000703000000feffff7a0af0fff8f722ff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000048007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000140)={r0, 0x1800000000000d00, 0xe, 0x29, &(0x7f0000000440)="b90703e6680d698cb89e40f088a8", &(0x7f00000000c0)=""/41, 0x109}, 0x28) 12:50:02 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(0xffffffffffffffff, 0xc028ae92, &(0x7f0000000000)={0x0, 0x100000001}) [ 263.491284] mmap: syz-executor5 (7955) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. 12:50:02 executing program 3: open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f0000000040)={0x8000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x64) sendmmsg(r0, &(0x7f00000002c0), 0x4cc, 0x20007ffc) 12:50:02 executing program 1: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x5, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x1, @perf_bp={&(0x7f0000000040)}, 0x0, 0x39, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 12:50:02 executing program 0: r0 = syz_open_dev$evdev(&(0x7f0000000040)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCSCLOCKID(r0, 0x400445a0, &(0x7f0000000080)=0x9) 12:50:02 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_TPR_ACCESS_REPORTING(0xffffffffffffffff, 0xc028ae92, &(0x7f0000000000)={0x0, 0x100000001}) [ 263.763895] ODEBUG: object 00000000a13ba355 is on stack 0000000076ae0c08, but NOT annotated. [ 263.776822] WARNING: CPU: 0 PID: 7982 at lib/debugobjects.c:369 __debug_object_init.cold.14+0x51/0xdf [ 263.786176] Kernel panic - not syncing: panic_on_warn set ... [ 263.792060] CPU: 0 PID: 7982 Comm: syz-executor2 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 263.800451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 263.809793] Call Trace: [ 263.812383] dump_stack+0x244/0x39d [ 263.816018] ? dump_stack_print_info.cold.1+0x20/0x20 [ 263.821223] panic+0x2ad/0x55c [ 263.824424] ? add_taint.cold.5+0x16/0x16 [ 263.828572] ? __warn.cold.8+0x5/0x45 [ 263.832378] ? __debug_object_init.cold.14+0x51/0xdf [ 263.837475] __warn.cold.8+0x20/0x45 [ 263.841191] ? __debug_object_init.cold.14+0x51/0xdf [ 263.846303] report_bug+0x254/0x2d0 [ 263.849993] do_error_trap+0x11b/0x200 [ 263.853886] do_invalid_op+0x36/0x40 [ 263.857599] ? __debug_object_init.cold.14+0x51/0xdf [ 263.862729] invalid_op+0x14/0x20 [ 263.866186] RIP: 0010:__debug_object_init.cold.14+0x51/0xdf [ 263.871929] Code: ea 03 80 3c 02 00 75 7c 49 8b 54 24 18 48 89 de 48 c7 c7 c0 f1 40 88 4c 89 85 d0 fd ff ff e8 09 8c d1 fd 4c 8b 85 d0 fd ff ff <0f> 0b e9 09 d6 ff ff 41 83 c4 01 b8 ff ff 37 00 44 89 25 b7 4e 66 [ 263.890824] RSP: 0018:ffff880187e57308 EFLAGS: 00010086 [ 263.896195] RAX: 0000000000000050 RBX: ffff880187e57af8 RCX: ffffc9000627c000 [ 263.903479] RDX: 0000000000000000 RSI: ffffffff816585a5 RDI: 0000000000000005 [ 263.910745] RBP: ffff880187e57560 R08: ffff8801d30fc5f8 R09: ffffed003b5c5008 [ 263.918010] R10: ffffed003b5c5008 R11: ffff8801dae28047 R12: ffff8801879b80c0 [ 263.925280] R13: 00000000000fd340 R14: ffff8801879b80c0 R15: ffff8801d30fc5e8 [ 263.932583] ? vprintk_func+0x85/0x181 [ 263.936472] ? __debug_object_init.cold.14+0x4a/0xdf [ 263.941616] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 263.946196] ? debug_object_free+0x690/0x690 [ 263.950617] ? unwind_get_return_address+0x61/0xa0 [ 263.955553] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 263.960656] ? depot_save_stack+0x292/0x470 [ 263.964984] ? save_stack+0xa9/0xd0 [ 263.968613] ? save_stack+0x43/0xd0 [ 263.972244] ? kasan_kmalloc+0xc7/0xe0 [ 263.976158] ? bpf_test_init.isra.10+0x98/0x100 [ 263.980824] ? zap_class+0x640/0x640 [ 263.984540] ? do_syscall_64+0x1b9/0x820 [ 263.988598] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 263.993964] ? find_held_lock+0x36/0x1c0 [ 263.998052] debug_object_init+0x16/0x20 [ 264.002116] init_timer_key+0xa9/0x480 [ 264.006006] ? init_timer_on_stack_key+0xe0/0xe0 [ 264.010764] ? __might_fault+0x12b/0x1e0 [ 264.014826] ? __lockdep_init_map+0x105/0x590 [ 264.019325] ? __lockdep_init_map+0x105/0x590 [ 264.023823] ? lockdep_init_map+0x9/0x10 [ 264.027884] sock_init_data+0xe1/0xdc0 [ 264.031786] ? sk_stop_timer+0x50/0x50 [ 264.035681] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 264.041216] ? _copy_from_user+0xdf/0x150 [ 264.045371] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 264.050920] ? bpf_test_init.isra.10+0x70/0x100 [ 264.055593] bpf_prog_test_run_skb+0x255/0xc40 [ 264.060178] ? __lock_acquire+0x62f/0x4c20 [ 264.064416] ? bpf_test_finish.isra.9+0x1f0/0x1f0 [ 264.069301] ? __lock_acquire+0x62f/0x4c20 [ 264.073625] ? fput+0x130/0x1a0 [ 264.076914] ? __bpf_prog_get+0x9b/0x290 [ 264.080978] ? bpf_test_finish.isra.9+0x1f0/0x1f0 [ 264.085821] bpf_prog_test_run+0x130/0x1a0 [ 264.090054] __x64_sys_bpf+0x3d8/0x510 [ 264.093937] ? bpf_prog_get+0x20/0x20 [ 264.097748] do_syscall_64+0x1b9/0x820 [ 264.101649] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 264.107011] ? syscall_return_slowpath+0x5e0/0x5e0 [ 264.111953] ? trace_hardirqs_on_caller+0x310/0x310 [ 264.116981] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 264.122009] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 264.128689] ? __switch_to_asm+0x40/0x70 [ 264.132747] ? __switch_to_asm+0x34/0x70 [ 264.136813] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 264.141676] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 264.146861] RIP: 0033:0x457569 [ 264.150064] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 264.168957] RSP: 002b:00007fc60ea88c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 264.176662] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 264.183928] RDX: 0000000000000028 RSI: 0000000020000140 RDI: 000000000000000a [ 264.191192] RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000 [ 264.198459] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc60ea896d4 [ 264.205725] R13: 00000000004bd892 R14: 00000000004cc208 R15: 00000000ffffffff [ 264.213002] [ 264.213009] ====================================================== [ 264.213030] WARNING: possible circular locking dependency detected [ 264.213035] 4.19.0-rc8-next-20181019+ #98 Not tainted [ 264.213041] ------------------------------------------------------ [ 264.213046] syz-executor2/7982 is trying to acquire lock: [ 264.213050] 000000009d39181c ((console_sem).lock){-.-.}, at: down_trylock+0x13/0x70 [ 264.213066] [ 264.213070] but task is already holding lock: [ 264.213074] 0000000055e89f85 (&obj_hash[i].lock){-.-.}, at: __debug_object_init+0x127/0x1290 [ 264.213090] [ 264.213095] which lock already depends on the new lock. [ 264.213098] [ 264.213101] [ 264.213106] the existing dependency chain (in reverse order) is: [ 264.213109] [ 264.213111] -> #3 (&obj_hash[i].lock){-.-.}: [ 264.213127] _raw_spin_lock_irqsave+0x99/0xd0 [ 264.213132] __debug_object_init+0x127/0x1290 [ 264.213137] debug_object_init+0x16/0x20 [ 264.213141] hrtimer_init+0x97/0x490 [ 264.213146] init_dl_task_timer+0x1b/0x50 [ 264.213150] __sched_fork+0x2ae/0x590 [ 264.213154] init_idle+0x75/0x740 [ 264.213158] sched_init+0xb33/0xc02 [ 264.213163] start_kernel+0x4be/0xa2b [ 264.213167] x86_64_start_reservations+0x2e/0x30 [ 264.213172] x86_64_start_kernel+0x76/0x79 [ 264.213177] secondary_startup_64+0xa4/0xb0 [ 264.213179] [ 264.213182] -> #2 (&rq->lock){-.-.}: [ 264.213197] _raw_spin_lock+0x2d/0x40 [ 264.213201] task_fork_fair+0xb0/0x6d0 [ 264.213205] sched_fork+0x443/0xba0 [ 264.213210] copy_process+0x2585/0x8770 [ 264.213214] _do_fork+0x1cb/0x11c0 [ 264.213218] kernel_thread+0x34/0x40 [ 264.213222] rest_init+0x28/0x372 [ 264.213227] arch_call_rest_init+0xe/0x1b [ 264.213240] start_kernel+0x9f0/0xa2b [ 264.213245] x86_64_start_reservations+0x2e/0x30 [ 264.213250] x86_64_start_kernel+0x76/0x79 [ 264.213255] secondary_startup_64+0xa4/0xb0 [ 264.213257] [ 264.213260] -> #1 (&p->pi_lock){-.-.}: [ 264.213279] _raw_spin_lock_irqsave+0x99/0xd0 [ 264.213284] try_to_wake_up+0xd2/0x12e0 [ 264.213288] wake_up_process+0x10/0x20 [ 264.213293] __up.isra.1+0x1c0/0x2a0 [ 264.213296] up+0x13c/0x1c0 [ 264.213301] __up_console_sem+0xbe/0x1b0 [ 264.213306] console_unlock+0x80c/0x1190 [ 264.213310] vprintk_emit+0x391/0x990 [ 264.213314] vprintk_default+0x28/0x30 [ 264.213319] vprintk_func+0x7e/0x181 [ 264.213323] printk+0xa7/0xcf [ 264.213327] do_exit.cold.18+0x57/0x16f [ 264.213332] do_group_exit+0x177/0x440 [ 264.213336] __x64_sys_exit_group+0x3e/0x50 [ 264.213341] do_syscall_64+0x1b9/0x820 [ 264.213346] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 264.213348] [ 264.213351] -> #0 ((console_sem).lock){-.-.}: [ 264.213367] lock_acquire+0x1ed/0x520 [ 264.213371] _raw_spin_lock_irqsave+0x99/0xd0 [ 264.213376] down_trylock+0x13/0x70 [ 264.213381] __down_trylock_console_sem+0xae/0x1f0 [ 264.213385] console_trylock+0x15/0xa0 [ 264.213390] vprintk_emit+0x372/0x990 [ 264.213394] vprintk_default+0x28/0x30 [ 264.213399] vprintk_func+0x7e/0x181 [ 264.213403] printk+0xa7/0xcf [ 264.213408] __debug_object_init.cold.14+0x4a/0xdf [ 264.213412] debug_object_init+0x16/0x20 [ 264.213417] init_timer_key+0xa9/0x480 [ 264.213421] sock_init_data+0xe1/0xdc0 [ 264.213426] bpf_prog_test_run_skb+0x255/0xc40 [ 264.213431] bpf_prog_test_run+0x130/0x1a0 [ 264.213435] __x64_sys_bpf+0x3d8/0x510 [ 264.213440] do_syscall_64+0x1b9/0x820 [ 264.213445] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 264.213448] [ 264.213453] other info that might help us debug this: [ 264.213455] [ 264.213459] Chain exists of: [ 264.213461] (console_sem).lock --> &rq->lock --> &obj_hash[i].lock [ 264.213481] [ 264.213485] Possible unsafe locking scenario: [ 264.213488] [ 264.213492] CPU0 CPU1 [ 264.213497] ---- ---- [ 264.213500] lock(&obj_hash[i].lock); [ 264.213510] lock(&rq->lock); [ 264.213520] lock(&obj_hash[i].lock); [ 264.213529] lock((console_sem).lock); [ 264.213537] [ 264.213541] *** DEADLOCK *** [ 264.213544] [ 264.213548] 1 lock held by syz-executor2/7982: [ 264.213551] #0: 0000000055e89f85 (&obj_hash[i].lock){-.-.}, at: __debug_object_init+0x127/0x1290 [ 264.213570] [ 264.213574] stack backtrace: [ 264.213581] CPU: 0 PID: 7982 Comm: syz-executor2 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 264.213589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 264.213593] Call Trace: [ 264.213597] dump_stack+0x244/0x39d [ 264.213602] ? dump_stack_print_info.cold.1+0x20/0x20 [ 264.213607] ? vprintk_func+0x85/0x181 [ 264.213612] print_circular_bug.isra.35.cold.54+0x1bd/0x27d [ 264.213617] ? save_trace+0xe0/0x290 [ 264.213621] __lock_acquire+0x3399/0x4c20 [ 264.213626] ? mark_held_locks+0x130/0x130 [ 264.213630] ? put_dec+0xf0/0xf0 [ 264.213634] ? mark_held_locks+0x130/0x130 [ 264.213639] ? pointer_string+0x14e/0x1b0 [ 264.213643] ? number+0xca0/0xca0 [ 264.213648] ? print_usage_bug+0xc0/0xc0 [ 264.213652] ? ptr_to_id+0xd0/0x1d0 [ 264.213656] ? dentry_name+0x8f0/0x8f0 [ 264.213660] ? zap_class+0x640/0x640 [ 264.213666] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 264.213670] lock_acquire+0x1ed/0x520 [ 264.213674] ? down_trylock+0x13/0x70 [ 264.213679] ? lock_release+0xa10/0xa10 [ 264.213683] ? trace_hardirqs_off+0xb8/0x310 [ 264.213688] ? vprintk_emit+0x1de/0x990 [ 264.213693] ? trace_hardirqs_on+0x310/0x310 [ 264.213697] ? trace_hardirqs_off+0xb8/0x310 [ 264.213702] ? log_store+0x344/0x4c0 [ 264.213706] ? vprintk_emit+0x372/0x990 [ 264.213711] _raw_spin_lock_irqsave+0x99/0xd0 [ 264.213715] ? down_trylock+0x13/0x70 [ 264.213719] down_trylock+0x13/0x70 [ 264.213724] __down_trylock_console_sem+0xae/0x1f0 [ 264.213729] console_trylock+0x15/0xa0 [ 264.213733] vprintk_emit+0x372/0x990 [ 264.213738] ? wake_up_klogd+0x180/0x180 [ 264.213742] ? zap_class+0x640/0x640 [ 264.213746] ? print_usage_bug+0xc0/0xc0 [ 264.213751] ? find_held_lock+0x36/0x1c0 [ 264.213755] vprintk_default+0x28/0x30 [ 264.213759] vprintk_func+0x7e/0x181 [ 264.213763] printk+0xa7/0xcf [ 264.213767] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 264.213781] __debug_object_init.cold.14+0x4a/0xdf [ 264.213786] ? lockdep_hardirqs_on+0x3bb/0x5b0 [ 264.213791] ? debug_object_free+0x690/0x690 [ 264.213796] ? unwind_get_return_address+0x61/0xa0 [ 264.213801] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 264.213806] ? depot_save_stack+0x292/0x470 [ 264.213810] ? save_stack+0xa9/0xd0 [ 264.213814] ? save_stack+0x43/0xd0 [ 264.213818] ? kasan_kmalloc+0xc7/0xe0 [ 264.213823] ? bpf_test_init.isra.10+0x98/0x100 [ 264.213827] ? zap_class+0x640/0x640 [ 264.213832] ? do_syscall_64+0x1b9/0x820 [ 264.213837] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 264.213842] ? find_held_lock+0x36/0x1c0 [ 264.213846] debug_object_init+0x16/0x20 [ 264.213850] init_timer_key+0xa9/0x480 [ 264.213855] ? init_timer_on_stack_key+0xe0/0xe0 [ 264.213860] ? __might_fault+0x12b/0x1e0 [ 264.213865] ? __lockdep_init_map+0x105/0x590 [ 264.213869] ? __lockdep_init_map+0x105/0x590 [ 264.213874] ? lockdep_init_map+0x9/0x10 [ 264.213878] sock_init_data+0xe1/0xdc0 [ 264.213883] ? sk_stop_timer+0x50/0x50 [ 264.213888] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 264.213893] ? _copy_from_user+0xdf/0x150 [ 264.213898] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 264.213903] ? bpf_test_init.isra.10+0x70/0x100 [ 264.213908] bpf_prog_test_run_skb+0x255/0xc40 [ 264.213912] ? __lock_acquire+0x62f/0x4c20 [ 264.213917] ? bpf_test_finish.isra.9+0x1f0/0x1f0 [ 264.213922] ? __lock_acquire+0x62f/0x4c20 [ 264.213926] ? fput+0x130/0x1a0 [ 264.213931] ? __bpf_prog_get+0x9b/0x290 [ 264.213936] ? bpf_test_finish.isra.9+0x1f0/0x1f0 [ 264.213940] bpf_prog_test_run+0x130/0x1a0 [ 264.213945] __x64_sys_bpf+0x3d8/0x510 [ 264.213949] ? bpf_prog_get+0x20/0x20 [ 264.213954] do_syscall_64+0x1b9/0x820 [ 264.213959] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 264.213964] ? syscall_return_slowpath+0x5e0/0x5e0 [ 264.213969] ? trace_hardirqs_on_caller+0x310/0x310 [ 264.213974] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 264.213981] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 264.213985] ? __switch_to_asm+0x40/0x70 [ 264.213990] ? __switch_to_asm+0x34/0x70 [ 264.213995] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 264.214000] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 264.214004] RIP: 0033:0x457569 [ 264.214019] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 264.214024] RSP: 002b:00007fc60ea88c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 264.214035] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457569 [ 264.214041] RDX: 0000000000000028 RSI: 0000000020000140 RDI: 000000000000000a [ 264.214048] RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000 [ 264.214055] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fc60ea896d4 [ 264.214061] R13: 00000000004bd892 R14: 00000000004cc208 R15: 00000000ffffffff [ 264.214976] Kernel Offset: disabled [ 265.104290] Rebooting in 86400 seconds..