[info] Using makefile-style concurrent boot in runlevel 2. [ 24.365573] audit: type=1800 audit(1540735250.857:21): pid=5413 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="bootlogs" dev="sda1" ino=2419 res=0 [....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.92' (ECDSA) to the list of known hosts. 2018/10/28 14:00:59 fuzzer started 2018/10/28 14:01:01 dialing manager at 10.128.0.26:37113 2018/10/28 14:01:01 syscalls: 1 2018/10/28 14:01:01 code coverage: enabled 2018/10/28 14:01:01 comparison tracing: enabled 2018/10/28 14:01:01 setuid sandbox: enabled 2018/10/28 14:01:01 namespace sandbox: enabled 2018/10/28 14:01:01 Android sandbox: /sys/fs/selinux/policy does not exist 2018/10/28 14:01:01 fault injection: enabled 2018/10/28 14:01:01 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/10/28 14:01:01 net packed injection: enabled 2018/10/28 14:01:01 net device setup: enabled 14:04:12 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(&(0x7f0000000400)=ANY=[], &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='tmpfs\x00', 0x0, &(0x7f00000002c0)) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) mkdir(&(0x7f0000000080)='./file0/file1\x00', 0x0) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r1}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r1, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) syzkaller login: [ 226.110514] IPVS: ftp: loaded support on port[0] = 21 14:04:12 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = socket$inet6(0xa, 0x806, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000140)=0x78, 0x4) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000340)='yeah\x00', 0x5) sendto$inet(r0, &(0x7f0000a88f88), 0xfffffffffffffe6e, 0x20000000, &(0x7f0000e68000)={0x2, 0x4004e23, @local}, 0x10) [ 226.407495] IPVS: ftp: loaded support on port[0] = 21 14:04:13 executing program 2: r0 = gettid() r1 = syz_open_procfs(r0, &(0x7f0000000040)='limits\x00') exit(0x0) sendfile(r1, r1, &(0x7f0000000140)=0x400, 0x1) [ 226.788138] IPVS: ftp: loaded support on port[0] = 21 14:04:13 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f0000000280)={0x77, 0x0, [0x40000020], [0xc1]}) [ 227.157366] IPVS: ftp: loaded support on port[0] = 21 [ 227.445256] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.468012] bridge0: port 1(bridge_slave_0) entered disabled state [ 227.475495] device bridge_slave_0 entered promiscuous mode 14:04:14 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x1) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) r1 = dup2(r0, r0) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000100)={&(0x7f0000000040)='./file0\x00', r1}, 0x10) sendmmsg(r0, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000001600)=[{0xc}], 0xc}}], 0xb, 0x0) [ 227.626940] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.647062] bridge0: port 2(bridge_slave_1) entered disabled state [ 227.659074] device bridge_slave_1 entered promiscuous mode [ 227.792794] IPVS: ftp: loaded support on port[0] = 21 [ 227.823752] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 228.013058] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 14:04:14 executing program 5: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhost-vsock\x00', 0x2, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000040)=0x1) [ 228.259607] bridge0: port 1(bridge_slave_0) entered blocking state [ 228.266195] bridge0: port 1(bridge_slave_0) entered disabled state [ 228.281444] device bridge_slave_0 entered promiscuous mode [ 228.442291] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 228.456590] bridge0: port 2(bridge_slave_1) entered blocking state [ 228.474312] IPVS: ftp: loaded support on port[0] = 21 [ 228.480208] bridge0: port 2(bridge_slave_1) entered disabled state [ 228.488395] device bridge_slave_1 entered promiscuous mode [ 228.592223] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 228.637994] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 228.744209] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 229.056866] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.078095] bridge0: port 1(bridge_slave_0) entered disabled state [ 229.086530] device bridge_slave_0 entered promiscuous mode [ 229.169015] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 229.218708] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 229.226303] team0: Port device team_slave_0 added [ 229.242269] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.265825] bridge0: port 2(bridge_slave_1) entered disabled state [ 229.279875] device bridge_slave_1 entered promiscuous mode [ 229.376058] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 229.383655] team0: Port device team_slave_1 added [ 229.390174] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 229.399736] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 229.427078] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.434499] bridge0: port 1(bridge_slave_0) entered disabled state [ 229.449868] device bridge_slave_0 entered promiscuous mode [ 229.500018] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 229.509364] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 229.534737] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 229.565665] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 229.606928] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.635644] bridge0: port 2(bridge_slave_1) entered disabled state [ 229.647409] device bridge_slave_1 entered promiscuous mode [ 229.695853] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 229.768138] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 229.841512] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 229.861278] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 229.879488] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 229.887630] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 229.959262] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 229.981752] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 230.030282] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 230.042051] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 230.094414] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 230.133831] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 230.158280] team0: Port device team_slave_0 added [ 230.189920] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 230.196809] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 230.243906] bridge0: port 1(bridge_slave_0) entered blocking state [ 230.255588] bridge0: port 1(bridge_slave_0) entered disabled state [ 230.278299] device bridge_slave_0 entered promiscuous mode [ 230.294417] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 230.308589] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 230.315944] team0: Port device team_slave_1 added [ 230.340060] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 230.354466] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 230.412974] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 230.455761] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 230.480907] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 230.497103] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 230.529956] bridge0: port 2(bridge_slave_1) entered blocking state [ 230.536530] bridge0: port 2(bridge_slave_1) entered disabled state [ 230.546791] device bridge_slave_1 entered promiscuous mode [ 230.595539] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 230.626161] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 230.695366] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 230.702900] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 230.719201] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 230.779587] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 230.792921] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 230.802010] team0: Port device team_slave_0 added [ 230.814500] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 230.833178] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 230.858966] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 230.939667] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 230.947085] team0: Port device team_slave_1 added [ 230.991918] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.009005] bridge0: port 1(bridge_slave_0) entered disabled state [ 231.016452] device bridge_slave_0 entered promiscuous mode [ 231.047633] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 231.068548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 231.083384] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 231.145340] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.157424] bridge0: port 2(bridge_slave_1) entered disabled state [ 231.177270] device bridge_slave_1 entered promiscuous mode [ 231.185797] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 231.195804] team0: Port device team_slave_0 added [ 231.204001] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 231.225330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 231.241046] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 231.265077] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 231.312019] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 231.330494] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 231.338250] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 231.345658] team0: Port device team_slave_1 added [ 231.378943] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 231.388554] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 231.418267] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 231.428127] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 231.451264] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 231.478920] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 231.495191] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 231.525465] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 231.545047] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 231.568781] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 231.604431] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 231.618323] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 231.629600] bridge0: port 2(bridge_slave_1) entered blocking state [ 231.636107] bridge0: port 2(bridge_slave_1) entered forwarding state [ 231.643069] bridge0: port 1(bridge_slave_0) entered blocking state [ 231.649489] bridge0: port 1(bridge_slave_0) entered forwarding state [ 231.700619] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 231.724780] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 231.829233] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 231.836388] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 231.844591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 231.854946] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 231.964940] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 231.973177] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 231.987312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 231.995837] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 232.038531] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 232.139510] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 232.155533] team0: Port device team_slave_0 added [ 232.188755] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 232.198078] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 232.254682] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 232.275026] team0: Port device team_slave_1 added [ 232.301431] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 232.319416] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 232.376364] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.382790] bridge0: port 2(bridge_slave_1) entered forwarding state [ 232.389516] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.395926] bridge0: port 1(bridge_slave_0) entered forwarding state [ 232.424637] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 232.435145] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 232.449721] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 232.457651] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 232.589301] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 232.667459] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 232.699325] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 232.707294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 232.753530] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 232.761766] team0: Port device team_slave_0 added [ 232.827945] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 232.835531] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 232.845018] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 232.873678] bridge0: port 2(bridge_slave_1) entered blocking state [ 232.880101] bridge0: port 2(bridge_slave_1) entered forwarding state [ 232.886778] bridge0: port 1(bridge_slave_0) entered blocking state [ 232.893213] bridge0: port 1(bridge_slave_0) entered forwarding state [ 232.916869] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 232.939153] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 232.946496] team0: Port device team_slave_1 added [ 232.998218] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 233.011095] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 233.132082] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 233.142665] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 233.158687] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 233.237073] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 233.259016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 233.271307] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 233.358755] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 233.366210] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 233.374902] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 233.484118] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 233.498119] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 233.508805] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 233.619389] bridge0: port 2(bridge_slave_1) entered blocking state [ 233.625814] bridge0: port 2(bridge_slave_1) entered forwarding state [ 233.632532] bridge0: port 1(bridge_slave_0) entered blocking state [ 233.638976] bridge0: port 1(bridge_slave_0) entered forwarding state [ 233.650136] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 234.008825] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 234.267854] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.274268] bridge0: port 2(bridge_slave_1) entered forwarding state [ 234.280985] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.287356] bridge0: port 1(bridge_slave_0) entered forwarding state [ 234.311737] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 234.962010] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.968460] bridge0: port 2(bridge_slave_1) entered forwarding state [ 234.975126] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.981558] bridge0: port 1(bridge_slave_0) entered forwarding state [ 235.015411] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 235.037955] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 235.045182] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 236.973800] 8021q: adding VLAN 0 to HW filter on device bond0 [ 237.448989] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 237.641936] 8021q: adding VLAN 0 to HW filter on device bond0 [ 237.958868] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 237.965052] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 237.972539] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 238.097765] 8021q: adding VLAN 0 to HW filter on device bond0 [ 238.208482] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 238.448805] 8021q: adding VLAN 0 to HW filter on device team0 [ 238.544131] 8021q: adding VLAN 0 to HW filter on device bond0 [ 238.628498] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 238.818487] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 238.824708] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 238.844803] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 239.079555] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 239.148772] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 239.154964] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 239.168621] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 239.209356] 8021q: adding VLAN 0 to HW filter on device bond0 [ 239.370662] 8021q: adding VLAN 0 to HW filter on device team0 [ 239.598923] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 239.605320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 239.628878] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 239.662710] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 239.733733] 8021q: adding VLAN 0 to HW filter on device team0 [ 239.981400] 8021q: adding VLAN 0 to HW filter on device bond0 [ 240.095092] 8021q: adding VLAN 0 to HW filter on device team0 [ 240.114837] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 240.128957] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 240.139955] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 240.502778] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 240.649189] 8021q: adding VLAN 0 to HW filter on device team0 [ 240.960317] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 240.968256] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 240.975351] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 14:04:27 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(&(0x7f0000000400)=ANY=[], &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='tmpfs\x00', 0x0, &(0x7f00000002c0)) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) mkdir(&(0x7f0000000080)='./file0/file1\x00', 0x0) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r1}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r1, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) [ 241.468224] 8021q: adding VLAN 0 to HW filter on device team0 14:04:28 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(&(0x7f0000000400)=ANY=[], &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='tmpfs\x00', 0x0, &(0x7f00000002c0)) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) mkdir(&(0x7f0000000080)='./file0/file1\x00', 0x0) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r1}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r1, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:28 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(&(0x7f0000000400)=ANY=[], &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='tmpfs\x00', 0x0, &(0x7f00000002c0)) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) mkdir(&(0x7f0000000080)='./file0/file1\x00', 0x0) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r1}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r1, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:28 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(&(0x7f0000000400)=ANY=[], &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='tmpfs\x00', 0x0, &(0x7f00000002c0)) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) mkdir(&(0x7f0000000080)='./file0/file1\x00', 0x0) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r1}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:28 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(&(0x7f0000000400)=ANY=[], &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='tmpfs\x00', 0x0, &(0x7f00000002c0)) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) mkdir(&(0x7f0000000080)='./file0/file1\x00', 0x0) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r1}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:28 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(&(0x7f0000000400)=ANY=[], &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='tmpfs\x00', 0x0, &(0x7f00000002c0)) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) mkdir(&(0x7f0000000080)='./file0/file1\x00', 0x0) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r1}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:28 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(&(0x7f0000000400)=ANY=[], &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='tmpfs\x00', 0x0, &(0x7f00000002c0)) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) mkdir(&(0x7f0000000080)='./file0/file1\x00', 0x0) chown(&(0x7f00000000c0)='./file0\x00', r1, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) [ 242.759138] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 14:04:29 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(&(0x7f0000000400)=ANY=[], &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='tmpfs\x00', 0x0, &(0x7f00000002c0)) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) mkdir(&(0x7f0000000080)='./file0/file1\x00', 0x0) chown(&(0x7f00000000c0)='./file0\x00', r1, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:29 executing program 2: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000240)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) write$FUSE_NOTIFY_POLL(r0, &(0x7f00000003c0)={0x18}, 0x18) 14:04:29 executing program 1: r0 = perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x200000002, 0x70, 0x5, 0x108000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, r0, 0x0) 14:04:29 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f0000000280)={0x77, 0x0, [0x40000020], [0xc1]}) 14:04:29 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(&(0x7f0000000400)=ANY=[], &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='tmpfs\x00', 0x0, &(0x7f00000002c0)) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) mkdir(&(0x7f0000000080)='./file0/file1\x00', 0x0) chown(&(0x7f00000000c0)='./file0\x00', r1, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:29 executing program 4: r0 = syz_open_dev$loop(&(0x7f00000004c0)='/dev/loop#\x00', 0x0, 0x100082) getsockopt$IPT_SO_GET_REVISION_MATCH(r0, 0x0, 0x42, &(0x7f0000000580)={'TPROXY\x00'}, &(0x7f00000005c0)=0x1e) ioctl$LOOP_CLR_FD(0xffffffffffffffff, 0x4c01) ioctl$LOOP_SET_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff) creat(&(0x7f0000000700)='./bus\x00', 0x0) sendmsg$IPVS_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000180)={&(0x7f0000000980)=ANY=[]}}, 0x0) close(r0) open(&(0x7f000000fffa)='./bus\x00', 0x0, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000007e00), 0x136a88c8311572c, 0x0) 14:04:29 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$EVIOCGPROP(0xffffffffffffffff, 0xc004743e, &(0x7f00000003c0)=""/246) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) socket(0x840000000002, 0x3, 0xff) r1 = getpid() sched_getscheduler(r1) clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) sched_setscheduler(r1, 0x7, &(0x7f0000000580)=0x7) syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vga_arbiter\x00', 0x0, 0x0) syz_mount_image$f2fs(&(0x7f0000000240)='f2fs\x00', &(0x7f0000000340)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000000c0)="1020f5f20100070009000000030000000c0000000900000001000000020000000000000000300000000000000e00000016000000020000000200000002000000020000000e000000000400000004000000080000000c00000010000000140000030000000100000002", 0x69, 0x1400}], 0x0, &(0x7f0000000280)=ANY=[]) [ 243.489074] hrtimer: interrupt took 37033 ns [ 243.494399] kauditd_printk_skb: 9 callbacks suppressed [ 243.494413] audit: type=1804 audit(1540735469.987:31): pid=7172 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor4" name="/root/syzkaller-testdir817792351/syzkaller.bYILUF/1/bus" dev="sda1" ino=16543 res=1 14:04:30 executing program 4: perf_event_open(&(0x7f000001d000)={0x200000002, 0x70, 0x6, 0x108000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1000000000002, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000600)={'ip_vti0\x00', 0x201e}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'ip_vti0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000140)={@ipv4={[], [], @remote}, 0x0, r2}) sendto(r0, &(0x7f0000000040), 0x0, 0x0, &(0x7f00000000c0)=@generic={0xa, "a268d051afbb30b9923e133c4f56259c85a08979aa34c5e1f0eb820d62d5b0cc4faf74f741cba4496bcce0b430f1a59cf4b0969164bfc3019718e2cecf7aea450e50c1f6c3411889c8b9aefdcf069642a4897d1ae6f8749697df253a8bcfae046f8b9741ca762548255274875d3f737894f8e5c23221b0087c41ad03467a"}, 0x80) 14:04:30 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(&(0x7f0000000400)=ANY=[], &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='tmpfs\x00', 0x0, &(0x7f00000002c0)) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r1}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r1, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) [ 243.593885] audit: type=1804 audit(1540735469.987:32): pid=7181 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor4" name="/root/syzkaller-testdir817792351/syzkaller.bYILUF/1/bus" dev="sda1" ino=16543 res=1 14:04:30 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000001000)='/dev/sg#\x00', 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2) ioctl$SG_EMULATED_HOST(r0, 0x2203, &(0x7f00000001c0)) 14:04:30 executing program 2: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000007c0)={&(0x7f0000000000)={0x10, 0x34000}, 0xc, &(0x7f0000000040)={&(0x7f0000000440)=@allocspi={0xf8, 0x12, 0x31d, 0x0, 0x0, {{{@in6, @in6=@ipv4={[], [], @multicast2}}, {@in6}}}}, 0xf8}}, 0x0) [ 243.645543] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0) 14:04:30 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f0000000280)={0x77, 0x0, [0x40000020], [0xc1]}) [ 243.709048] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 243.715151] audit: type=1804 audit(1540735469.987:33): pid=7172 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor4" name="/root/syzkaller-testdir817792351/syzkaller.bYILUF/1/bus" dev="sda1" ino=16543 res=1 [ 243.744346] attempt to access beyond end of device 14:04:30 executing program 4: socket$inet6_udp(0xa, 0x2, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000180)=[{}], 0x1) setsockopt$IP_VS_SO_SET_FLUSH(0xffffffffffffffff, 0x0, 0x485, 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) getsockopt$inet_int(r1, 0x0, 0xe, &(0x7f0000000040), &(0x7f0000000100)=0x4) 14:04:30 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(&(0x7f0000000400)=ANY=[], &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='tmpfs\x00', 0x0, &(0x7f00000002c0)) socket(0x10, 0x2, 0x0) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:30 executing program 1: perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0) semtimedop(0x0, &(0x7f0000000140)=[{0x0, 0x9, 0x1800}], 0x1, &(0x7f0000000200)={0x0, 0x989680}) [ 243.783449] netlink: 232 bytes leftover after parsing attributes in process `syz-executor2'. [ 243.808092] loop5: rw=12288, want=8200, limit=20 [ 243.826089] attempt to access beyond end of device [ 243.848256] loop5: rw=12288, want=12296, limit=20 14:04:30 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x3, 0x9, &(0x7f0000000100)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x41}, @call={0x85, 0x0, 0x0, 0x52}, @alu={0x0, 0x0, 0x0, 0xb}]}, &(0x7f0000000180)='GPL\x00', 0x401, 0xe5, &(0x7f0000000340)=""/229, 0x41100, 0x1, [], 0x0, 0xf}, 0x48) syz_mount_image$ext4(&(0x7f00000000c0)='ext2\x00', &(0x7f0000000200)='./file1\x00', 0x0, 0x1, &(0x7f0000000300)=[{&(0x7f0000000040)="400000000200000019000000dc0100002c000000010000000000000014000000002000000020000040000000000000003d5cbe5a0000ffff53ef", 0x3a, 0x400}], 0x0, &(0x7f0000000000)) 14:04:30 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0xc008ae88, &(0x7f0000000280)={0x77, 0x0, [0x40000000]}) [ 243.883706] F2FS-fs (loop5): Failed to get valid F2FS checkpoint [ 243.904487] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 243.924700] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock 14:04:30 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(&(0x7f0000000400)=ANY=[], &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='tmpfs\x00', 0x0, &(0x7f00000002c0)) socket(0x10, 0x2, 0x0) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) [ 243.958432] attempt to access beyond end of device [ 243.977510] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 243.979662] loop5: rw=12288, want=8200, limit=20 [ 244.020241] EXT4-fs (loop3): fragment/cluster size (1073741824) != block size (1024) [ 244.021501] attempt to access beyond end of device [ 244.037284] loop5: rw=12288, want=12296, limit=20 [ 244.044652] F2FS-fs (loop5): Failed to get valid F2FS checkpoint 14:04:30 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$EVIOCGPROP(0xffffffffffffffff, 0xc004743e, &(0x7f00000003c0)=""/246) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) socket(0x840000000002, 0x3, 0xff) r1 = getpid() sched_getscheduler(r1) clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) sched_setscheduler(r1, 0x7, &(0x7f0000000580)=0x7) syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vga_arbiter\x00', 0x0, 0x0) syz_mount_image$f2fs(&(0x7f0000000240)='f2fs\x00', &(0x7f0000000340)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000000c0)="1020f5f20100070009000000030000000c0000000900000001000000020000000000000000300000000000000e00000016000000020000000200000002000000020000000e000000000400000004000000080000000c00000010000000140000030000000100000002", 0x69, 0x1400}], 0x0, &(0x7f0000000280)=ANY=[]) 14:04:30 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000000080)=0xb4, 0x4) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f0000000000)={0x1, &(0x7f00000002c0)=[{0x6}]}, 0x10) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) shutdown(r0, 0x0) 14:04:30 executing program 1: r0 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0) write(r0, &(0x7f0000000600)="34fd98aa1d0e7adec937a5f331a75f487934f50242a0751944936972896c29a5068c8ecba1aa0a4e2a631b5180e1fbde79f4502dc4c4a1fba9dcd9ed83e639aefa1b87631c33d1a82cb0c0035676ddfeb0fe7984d7519b0f839d497fc9d64ef14d1de22220ff2623df4950134b9fb734a52adad95f131cce3672a9d7d7b400d2c62810b5f20351639330948107bf8d4534a03ac389455c54d8eb4d609b3e858b7213b38eb01f0eeaba3739ae927916e28da6a79a3fd5e32d30ab30bf959d4596e5ffbff6789a650b9e7d248d1ba849012336a4f3ef8fab07a8f5b81bb0bc45b2174538315ca12b7c723b2157562564a8a1f19d28179f8c565448e0e921b8c3e6fc4adaafa8b929ad077f633325b6a6f71a586cabc4883e03e19315f946b277858593a7367e232202fe9ad656c6768a1517da7f0498b48cb078e929fb11db0cc551f754bffc4859dd89a396915cc809b07d448573098409ea21371056f67ef4114ec10547f498d24513fe594308bf022868ad21e85bba811942fdc45161a1a8a7fe00d5c6b05ed7954f631bbd12a5c9a5cfa5965e0595de608b04ebe02b3fcbf3b9f57807a1a7ad8528992e2ec65949da2f4a0478dfd3ae52639c15d8aeaa351da6d393b58c772168fae604d097fef4d6b9360eb169a0b0ee70cdc22435a003e68698f61b3b63b1f51011bc8f4ef944c1de821785f670124a1c6ed18335d63412", 0x200) 14:04:30 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) io_setup(0x9, &(0x7f0000000080)=0x0) io_submit(r3, 0x30b, &(0x7f0000001700)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000080), 0x10}]) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$FUSE_OPEN(r5, &(0x7f0000000000)={0x20}, 0x20) tee(r4, r2, 0x8, 0x0) 14:04:30 executing program 2: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fuse\x00', 0x2, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000004f000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000100)="26410f300f01c90f06643e400f01c9420f758e000000002ef3400fb8e566baf80cb8ac8abd80ef66bafc0cedd2fe0f01ca66ba4000ec", 0x36}], 0x1, 0x0, &(0x7f0000000180), 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text16={0x10, &(0x7f0000000500)="670f381e64bf07baf80c66b870f0e58166efbafc0c66b80000000066ef06dd55000f81a46b650f01c92e0f2386660f3a17889d6e00660f11e5660f3a0cb85930dd", 0x41}], 0xaaaaaaaaaaaacb2, 0x0, &(0x7f0000000040), 0x0) ioctl$RNDCLEARPOOL(0xffffffffffffffff, 0x5206, &(0x7f0000000000)=0xc86) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000002000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, &(0x7f00000001c0)="0f0f280dbaf80c66b8561eac8666efbafc0cecd8d80f01720cbad10466ed26900f019d848066b92902000066b80800000066ba000000000f300f01d10f013b", 0x3f}], 0x1, 0x0, &(0x7f0000000300), 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 14:04:30 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(&(0x7f0000000400)=ANY=[], &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='tmpfs\x00', 0x0, &(0x7f00000002c0)) socket(0x10, 0x2, 0x0) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:30 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000100)='clear_refs\x00') mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1, 0x18032, 0xffffffffffffffff, 0x0) write$binfmt_aout(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00'], 0x1) [ 244.420656] audit: type=1800 audit(1540735470.917:34): pid=7254 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor1" name="file0" dev="sda1" ino=16543 res=0 14:04:30 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(&(0x7f0000000400)=ANY=[], &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='tmpfs\x00', 0x0, &(0x7f00000002c0)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r0}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r0, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) [ 244.531092] kvm [7246]: vcpu0, guest rIP: 0x102 disabled perfctr wrmsr: 0xc1 data 0x2d42 14:04:31 executing program 1: creat(&(0x7f0000001140)='./file0\x00', 0x0) lsetxattr$security_selinux(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='security.selinux\x00', &(0x7f0000000080)='system_u:object_r:gpg_agent_exec_t:s0\x00', 0x26, 0x0) lstat(&(0x7f00000005c0)='./file0\x00', &(0x7f0000000700)) mount$bpf(0x20000000, &(0x7f0000000280)='./file0\x00', &(0x7f0000000580)='bpf\x00', 0x2001001, &(0x7f00000009c0)=ANY=[]) mount(&(0x7f0000000040)=ANY=[], &(0x7f00000000c0)='./file0\x00', &(0x7f00000002c0)='btrfs\x00', 0x2200060, 0x0) 14:04:31 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(&(0x7f0000000400)=ANY=[], &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='tmpfs\x00', 0x0, &(0x7f00000002c0)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r0}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r0, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:31 executing program 4: r0 = socket$inet(0x10, 0x3, 0xc) sendmsg(r0, &(0x7f0000011fc8)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407031dfffd946fa2837f0000000009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) [ 244.573755] kvm [7246]: vcpu0, guest rIP: 0x102 disabled perfctr wrmsr: 0xc2 data 0x404 [ 244.602747] kvm [7246]: vcpu0, guest rIP: 0x102 ignored wrmsr: 0x11e data 0xe76 [ 244.643450] kvm [7246]: vcpu0, guest rIP: 0x102 disabled perfctr wrmsr: 0x186 data 0x1210 [ 244.652269] kvm [7246]: vcpu0, guest rIP: 0x102 disabled perfctr wrmsr: 0x187 data 0x3070 [ 244.658902] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0) 14:04:31 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'sit0\x00', &(0x7f0000000200)=ANY=[@ANYBLOB='\n']}) [ 244.757782] EXT4-fs (sda1): re-mounted. Opts: (null) [ 244.760095] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 244.810665] EXT4-fs (sda1): re-mounted. Opts: (null) [ 244.810939] attempt to access beyond end of device [ 244.831935] loop5: rw=12288, want=8200, limit=20 [ 244.839708] attempt to access beyond end of device [ 244.845415] loop5: rw=12288, want=12296, limit=20 [ 244.852001] F2FS-fs (loop5): Failed to get valid F2FS checkpoint [ 244.864702] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 244.872808] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 244.881233] attempt to access beyond end of device [ 244.901521] loop5: rw=12288, want=8200, limit=20 [ 244.916062] attempt to access beyond end of device [ 244.924200] loop5: rw=12288, want=12296, limit=20 [ 244.930079] F2FS-fs (loop5): Failed to get valid F2FS checkpoint 14:04:31 executing program 5: 14:04:31 executing program 4: 14:04:31 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(&(0x7f0000000400)=ANY=[], &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='tmpfs\x00', 0x0, &(0x7f00000002c0)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r0}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r0, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:31 executing program 3: 14:04:31 executing program 1: creat(&(0x7f0000001140)='./file0\x00', 0x0) lsetxattr$security_selinux(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='security.selinux\x00', &(0x7f0000000080)='system_u:object_r:gpg_agent_exec_t:s0\x00', 0x26, 0x0) lstat(&(0x7f00000005c0)='./file0\x00', &(0x7f0000000700)) mount$bpf(0x20000000, &(0x7f0000000280)='./file0\x00', &(0x7f0000000580)='bpf\x00', 0x2001001, &(0x7f00000009c0)=ANY=[]) mount(&(0x7f0000000040)=ANY=[], &(0x7f00000000c0)='./file0\x00', &(0x7f00000002c0)='btrfs\x00', 0x2200060, 0x0) 14:04:31 executing program 2: 14:04:31 executing program 4: [ 245.052331] EXT4-fs (sda1): re-mounted. Opts: (null) 14:04:31 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f00000000c0)={'bridge_slave_0\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000080)={'bridge_slave_0\x00', 0x2000000c0ffffff}) 14:04:31 executing program 3: r0 = socket(0x20000000000000a, 0x2, 0x0) getsockopt$sock_buf(r0, 0x1, 0x19, &(0x7f0000b56f40)=""/192, &(0x7f0000004ffc)=0xc0) 14:04:31 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r1}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r1, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:31 executing program 5: 14:04:31 executing program 1: creat(&(0x7f0000001140)='./file0\x00', 0x0) lsetxattr$security_selinux(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='security.selinux\x00', &(0x7f0000000080)='system_u:object_r:gpg_agent_exec_t:s0\x00', 0x26, 0x0) lstat(&(0x7f00000005c0)='./file0\x00', &(0x7f0000000700)) mount$bpf(0x20000000, &(0x7f0000000280)='./file0\x00', &(0x7f0000000580)='bpf\x00', 0x2001001, &(0x7f00000009c0)=ANY=[]) mount(&(0x7f0000000040)=ANY=[], &(0x7f00000000c0)='./file0\x00', &(0x7f00000002c0)='btrfs\x00', 0x2200060, 0x0) 14:04:31 executing program 4: 14:04:31 executing program 0: r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r1}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r1, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:31 executing program 5: [ 245.222968] bridge0: port 1(bridge_slave_0) entered disabled state [ 245.251452] EXT4-fs (sda1): re-mounted. Opts: (null) [ 245.264706] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready 14:04:31 executing program 3: [ 245.299154] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 245.307049] bridge0: port 1(bridge_slave_0) entered blocking state [ 245.313703] bridge0: port 1(bridge_slave_0) entered forwarding state 14:04:31 executing program 4: 14:04:31 executing program 1: creat(&(0x7f0000001140)='./file0\x00', 0x0) lsetxattr$security_selinux(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='security.selinux\x00', &(0x7f0000000080)='system_u:object_r:gpg_agent_exec_t:s0\x00', 0x26, 0x0) lstat(&(0x7f00000005c0)='./file0\x00', &(0x7f0000000700)) mount$bpf(0x20000000, &(0x7f0000000280)='./file0\x00', &(0x7f0000000580)='bpf\x00', 0x2001001, &(0x7f00000009c0)=ANY=[]) mount(&(0x7f0000000040)=ANY=[], &(0x7f00000000c0)='./file0\x00', &(0x7f00000002c0)='btrfs\x00', 0x2200060, 0x0) 14:04:31 executing program 0: r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r1}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r1, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) [ 245.376605] bridge0: port 1(bridge_slave_0) entered disabled state [ 245.428153] bridge0: port 1(bridge_slave_0) entered blocking state [ 245.434650] bridge0: port 1(bridge_slave_0) entered forwarding state [ 245.485419] EXT4-fs (sda1): re-mounted. Opts: (null) 14:04:32 executing program 2: 14:04:32 executing program 5: 14:04:32 executing program 4: 14:04:32 executing program 3: 14:04:32 executing program 0: r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r1}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r1, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:32 executing program 1: creat(&(0x7f0000001140)='./file0\x00', 0x0) lsetxattr$security_selinux(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='security.selinux\x00', &(0x7f0000000080)='system_u:object_r:gpg_agent_exec_t:s0\x00', 0x26, 0x0) lstat(&(0x7f00000005c0)='./file0\x00', &(0x7f0000000700)) mount(&(0x7f0000000040)=ANY=[], &(0x7f00000000c0)='./file0\x00', &(0x7f00000002c0)='btrfs\x00', 0x2200060, 0x0) 14:04:32 executing program 5: 14:04:32 executing program 4: 14:04:32 executing program 3: 14:04:32 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r1}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r1, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:32 executing program 1: creat(&(0x7f0000001140)='./file0\x00', 0x0) lsetxattr$security_selinux(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='security.selinux\x00', &(0x7f0000000080)='system_u:object_r:gpg_agent_exec_t:s0\x00', 0x26, 0x0) mount$bpf(0x20000000, &(0x7f0000000280)='./file0\x00', &(0x7f0000000580)='bpf\x00', 0x2001001, &(0x7f00000009c0)=ANY=[]) mount(&(0x7f0000000040)=ANY=[], &(0x7f00000000c0)='./file0\x00', &(0x7f00000002c0)='btrfs\x00', 0x2200060, 0x0) 14:04:32 executing program 2: 14:04:32 executing program 5: 14:04:32 executing program 4: 14:04:32 executing program 3: [ 245.813168] EXT4-fs (sda1): re-mounted. Opts: (null) 14:04:32 executing program 2: 14:04:32 executing program 5: 14:04:32 executing program 4: 14:04:32 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r1}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r1, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:32 executing program 1: creat(&(0x7f0000001140)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f0000000280)='./file0\x00', &(0x7f0000000580)='bpf\x00', 0x2001001, &(0x7f00000009c0)=ANY=[]) mount(&(0x7f0000000040)=ANY=[], &(0x7f00000000c0)='./file0\x00', &(0x7f00000002c0)='btrfs\x00', 0x2200060, 0x0) 14:04:32 executing program 5: 14:04:32 executing program 2: 14:04:32 executing program 3: 14:04:32 executing program 4: 14:04:32 executing program 2: 14:04:32 executing program 1: lsetxattr$security_selinux(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='security.selinux\x00', &(0x7f0000000080)='system_u:object_r:gpg_agent_exec_t:s0\x00', 0x26, 0x0) mount$bpf(0x20000000, &(0x7f0000000280)='./file0\x00', &(0x7f0000000580)='bpf\x00', 0x2001001, &(0x7f00000009c0)=ANY=[]) mount(&(0x7f0000000040)=ANY=[], &(0x7f00000000c0)='./file0\x00', &(0x7f00000002c0)='btrfs\x00', 0x2200060, 0x0) 14:04:32 executing program 5: 14:04:32 executing program 4: 14:04:32 executing program 3: 14:04:32 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r1}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r1, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:32 executing program 5: 14:04:32 executing program 4: 14:04:32 executing program 1: creat(&(0x7f0000001140)='./file0\x00', 0x0) lsetxattr$security_selinux(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='security.selinux\x00', &(0x7f0000000080)='system_u:object_r:gpg_agent_exec_t:s0\x00', 0x26, 0x0) mount$bpf(0x20000000, &(0x7f0000000280)='./file0\x00', &(0x7f0000000580)='bpf\x00', 0x0, &(0x7f00000009c0)=ANY=[]) mount(&(0x7f0000000040)=ANY=[], &(0x7f00000000c0)='./file0\x00', &(0x7f00000002c0)='btrfs\x00', 0x2200060, 0x0) 14:04:32 executing program 2: 14:04:32 executing program 3: 14:04:32 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r1}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r1, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:32 executing program 5: 14:04:32 executing program 4: 14:04:33 executing program 2: 14:04:33 executing program 1: creat(&(0x7f0000001140)='./file0\x00', 0x0) lsetxattr$security_selinux(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='security.selinux\x00', &(0x7f0000000080)='system_u:object_r:gpg_agent_exec_t:s0\x00', 0x26, 0x0) mount$bpf(0x20000000, &(0x7f0000000280)='./file0\x00', &(0x7f0000000580)='bpf\x00', 0x2001001, &(0x7f00000009c0)=ANY=[]) mount(&(0x7f0000000040)=ANY=[], &(0x7f00000000c0)='./file0\x00', &(0x7f00000002c0)='btrfs\x00', 0x0, 0x0) 14:04:33 executing program 3: 14:04:33 executing program 5: 14:04:33 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r1}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r1, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:33 executing program 2: 14:04:33 executing program 4: [ 246.636274] Filesystem requires source device 14:04:33 executing program 5: 14:04:33 executing program 3: 14:04:33 executing program 2: 14:04:33 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r1}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r1, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:33 executing program 4: 14:04:33 executing program 5: 14:04:33 executing program 2: 14:04:33 executing program 1: 14:04:33 executing program 4: 14:04:33 executing program 5: 14:04:33 executing program 2: 14:04:33 executing program 1: 14:04:33 executing program 3: 14:04:33 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r0}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r0, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:33 executing program 5: 14:04:33 executing program 4: 14:04:33 executing program 1: 14:04:33 executing program 2: 14:04:33 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r0}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r0, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:33 executing program 3: 14:04:33 executing program 5: 14:04:33 executing program 1: 14:04:33 executing program 4: 14:04:33 executing program 2: 14:04:33 executing program 3: 14:04:33 executing program 4: 14:04:33 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r0}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r0, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:33 executing program 1: 14:04:33 executing program 5: 14:04:33 executing program 3: 14:04:33 executing program 2: 14:04:33 executing program 1: 14:04:34 executing program 4: 14:04:34 executing program 5: 14:04:34 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [], {}, [], {0x10, 0x1}}, 0x24, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r1, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:34 executing program 1: 14:04:34 executing program 3: 14:04:34 executing program 2: 14:04:34 executing program 4: 14:04:34 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [], {}, [], {0x10, 0x1}}, 0x24, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r1, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:34 executing program 5: 14:04:34 executing program 3: 14:04:34 executing program 1: 14:04:34 executing program 2: 14:04:34 executing program 4: 14:04:34 executing program 5: 14:04:34 executing program 3: 14:04:34 executing program 2: 14:04:34 executing program 1: 14:04:34 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [], {}, [], {0x10, 0x1}}, 0x24, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r1, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:34 executing program 5: 14:04:34 executing program 2: 14:04:34 executing program 3: r0 = socket$inet(0x10, 0x3, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f000000da40)=[{{0x0, 0x0, &(0x7f0000003580), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="3f000000000080"], 0x7}}], 0x1, 0x0) ioctl$sock_ifreq(r0, 0x89f1, &(0x7f0000000040)={'ip6gre0\x00', @ifru_data=&(0x7f00000000c0)="a325d3c91116bf66fed2b246a94500aa6593352d29be1746fd84168b6ef37b32"}) 14:04:34 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x5) connect$inet6(r0, &(0x7f0000000040), 0x1c) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000000)=0x548, 0x4) recvmmsg(r0, &(0x7f0000000b40)=[{{&(0x7f0000000080)=@alg, 0x80, &(0x7f0000000440)=[{&(0x7f0000000280)=""/220, 0xdc}], 0x1, &(0x7f0000000480)=""/144, 0x90}}], 0x1, 0x0, &(0x7f0000000c00)) write$binfmt_elf64(r0, &(0x7f0000000400)=ANY=[], 0x0) 14:04:34 executing program 5: 14:04:34 executing program 2: 14:04:34 executing program 1: 14:04:34 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r1, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:34 executing program 4: 14:04:34 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000007c0)={&(0x7f0000000000)={0x10, 0x34000}, 0xc, &(0x7f0000000040)={&(0x7f0000000440)=@allocspi={0xf8, 0x16, 0x31d, 0x0, 0x0, {{{@in6, @in6=@ipv4={[], [], @multicast2}}, {@in6, 0x0, 0x33}}}}, 0xf8}}, 0x0) 14:04:34 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) r1 = socket(0x840000000002, 0x3, 0xff) connect$inet(r0, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) lsetxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@random={'osx.', "2f6578650000c10000000000e9ff0700000000000054fa07424adee916d2da75afe70b35a0fd6a1f0200f5ab26d7a071fb35331ce39c5a6568641006d7c0206a74e333265300"}, &(0x7f00000001c0)='systemem1^wlan0\x00', 0x10, 0x2) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x25, &(0x7f0000000140)=0x40, 0x4) r2 = syz_open_procfs(0x0, &(0x7f0000000200)="2f6578650000c10000000000e9ff0700000000000054fa07424adee916d2da75afe70b35a0fd6a1f0200f5ab26d7a071fb35331ce39c5a6568641006d7c0206a74e33326530000000000000000000000") sendfile(r1, r2, &(0x7f0000000180), 0x100000001) 14:04:34 executing program 5: r0 = perf_event_open(&(0x7f0000000100)={0x20000000000001, 0x62, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000000, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x2}, 0x100000, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = perf_event_open(&(0x7f0000000080)={0x400000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f00000001c0), 0xfffffef3) read(r2, &(0x7f0000000200)=""/250, 0x50c7e3e3) write$P9_RRENAMEAT(r2, &(0x7f00000001c0)={0x7, 0x4b, 0x2}, 0x7) pipe(&(0x7f0000000040)) 14:04:34 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r0, &(0x7f00000001c0), 0x0, 0x200007ff, &(0x7f0000deaff0)={0x2, 0x0, @loopback}, 0x10) 14:04:34 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x800000000000004) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d5c6070") r1 = socket$inet6(0xa, 0x805, 0x0) connect$inet6(r1, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) 14:04:34 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r1, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:34 executing program 3: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000007c0)={&(0x7f0000000000)={0x10, 0x34000}, 0xc, &(0x7f0000000040)={&(0x7f0000000440)=@allocspi={0xf8, 0x16, 0x31d, 0x0, 0x0, {{{@in6, @in6=@ipv4={[], [], @multicast2}}, {@in6, 0x0, 0x33}}}}, 0xf8}}, 0x0) 14:04:35 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000180)={r2, 0x0, 0x3}) 14:04:35 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000001c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="0a0775b005e381e5b3b60ced5c54dbb7", 0x10) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000340), 0x1, &(0x7f0000000100)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x492492492492582, 0x0) recvmmsg(r1, &(0x7f0000004000)=[{{&(0x7f0000000280)=@rc, 0x80, &(0x7f0000000640)=[{&(0x7f0000000380)=""/153, 0x99}], 0x1}}], 0x1, 0x0, 0x0) 14:04:35 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r1, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:35 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes)\x00'}, 0x58) bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'jitterentropy_rng\x00'}, 0x58) 14:04:35 executing program 2: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000001340), 0xc, &(0x7f0000000180)={&(0x7f00000013c0)={0x1c, 0x0, 0x0, 0x70bd25, 0x25dfdbfd, {}, [@typed={0x8, 0x0, @fd}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x0) mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000002640)={&(0x7f00000024c0), 0xc, &(0x7f0000002600)={&(0x7f0000002540)={0x44, 0x0, 0x200, 0x70bd25, 0x0, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x2}, @NBD_ATTR_TIMEOUT={0xc}, @NBD_ATTR_SIZE_BYTES={0xc}, @NBD_ATTR_SIZE_BYTES={0xc}]}, 0x44}}, 0x4000) mount(&(0x7f0000000100)=ANY=[], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)='proc\x00', 0x0, &(0x7f00000001c0)) ioctl$TIOCMSET(0xffffffffffffffff, 0x5418, &(0x7f0000000140)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open$dir(&(0x7f0000001380)='./file0\x00', 0x0, 0x0) getdents64(r0, &(0x7f00000002c0)=""/4096, 0x1000) 14:04:35 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r1}]}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r1, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:35 executing program 1: r0 = socket(0x1, 0x2, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070") r2 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, r2) [ 248.824249] proc: Unknown parameter '@' [ 248.902042] proc: Unknown parameter '@' 14:04:35 executing program 5: 14:04:35 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0x4018aebd) 14:04:35 executing program 2: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000eed000)={0x2, 0x4e21, @multicast2}, 0x10) r1 = socket$inet6_udp(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x5e21}, 0x1c) syz_emit_ethernet(0x423, &(0x7f000018f000)={@broadcast, @empty=[0x0, 0x0, 0x14], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x415, 0x0, 0x0, 0x0, 0x11, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}, @multicast1}, @dccp={{0x0, 0x4e21, 0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, "d73cde", 0x0, "f53475"}, "b441d632cdbbcb211363807aec73d3883762a61dc02d349bfa3ac974b987aa7fb97eb324d594fbbb77bab759418aa8d451d921e8f5d2cf2b08292111701192e97cac366dd3eb2e0fb039e58314ef4709c5f3556db6a1ab6b4fb2bdd83cdc26e8395ec4984ec3faf71a611d1569545d654cded93be827a85188b803c19c1b56aab522862a718b81e512b49690994d3425e33bd93f0e744c66a083c1f9f1bd7bb8f9e123c08f3f041ed3fdc058136cf0071a47cc0e38720a12e11e842a7b5b26dff07f578fdb9a7b14662a625c1ee76c41ccb2b1fc6376aa718e1067b9e4af511ef5b360dbfad326108bb033db193dab27974eb8c462739eaee51d87f31c516e7e391073770da3202e02c41a7277c847df24bd5b0a7ab6e252f3c8ebf00688cc55311d887e8bfd95a7f4c6a126af3fe26714ddb869c66d18f870631bbd497e8a06881b754ecdcdd0dcffc51cd52a6b560f8d64b63a1674745edc5f53b18a8ffcc5c2fbc4d2bbcc2faf3c189d9b36c0655d1394f5c127ec86b8a764a87b546c2b6ac37d0a8ec3edd7cda6f930570763dbdc0640d219749bd57c7c89eaadfdae41d654a46b17be069a32a7d94d29b612fbe61b8bd11a2d10ba5d4ac7014fc0465c3f144598bd1f913343e7293711040eee0ae8df1e49f04ed1037d4b742aed0e932116060aaf6b985238d2e10fb5b11d19d7801befed4833287d96a85a7cdd9e211a672760335655576fc0fa0336621c2b2b1018ef71bb5077c67ee5fa8d479d6776013363e98b1f1213712be7e47549b6035459008c509f0f983130a451531381ee3c1ab9e1cbb8e558b56ca1a70939389addc5f9632b37ff3f634abb504bb0be0a51649683f6e29588c15cda40255e173328681884ffef6729e9058c5623e1401fdcc7b8cb5623a8fd725fbeea05fc417c44e46500619218dff7c70aa068994c58883cada505a2aa85b6620dfe9c45b707c9aa1222b86972eae564b28a05ddfa3545df231fde2707d4bf67dc6ba41daba91dee8081e5c7e2bcfbebebd42d5ab8a32d6e098fd57233e3b813dc0d772134775def451823b7fef2bc93da01722cd613b9a3db7e2d4c51fb7b56006ee9cea53b62343599a56167388d45247f9289fb1cab67a7cb0c3665ddf1e1411875b4de3428b32fc6603691a023d8e4cb93c667acb7b535fb5f77af9a49640cbe8ffe3a193cf4df1b556a67cb753c60bdf978b871aa513c07074c6602037ebc32199290e3c7ac6f103ad9358951ad4de0c8f1b34951b0e6a48295975cf08b2c3c95064855fc95317e386f1c18608d1d08699003c998b93332cd316f17a5139d350cbfa9dabc3f77c4197a0186e50913978e980a7a028e7ccdeee718af028200e94a6b3a0ec93ba14b0c64dfaf3967e230d8cf876f26287d436ebc9588b52b43f2380836bfe3"}}}}}, 0x0) 14:04:35 executing program 3: 14:04:35 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r1}]}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r1, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:35 executing program 1: r0 = socket(0x1, 0x2, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070") r2 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, r2) 14:04:36 executing program 3: 14:04:36 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r1}]}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r1, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:36 executing program 1: r0 = socket(0x1, 0x2, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070") r2 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, r2) 14:04:36 executing program 2: 14:04:36 executing program 5: 14:04:36 executing program 4: r0 = perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xe78f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0xfffffffffffffffc, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, &(0x7f0000000080)="dc4501a048a12b6d4942f56fb0f4b5cb", 0x10) 14:04:36 executing program 3: 14:04:36 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r1}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:36 executing program 1: r0 = socket(0x1, 0x2, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070") r2 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, r2) 14:04:36 executing program 5: 14:04:36 executing program 2: 14:04:36 executing program 3: 14:04:36 executing program 4: 14:04:36 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r1}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:36 executing program 4: 14:04:36 executing program 5: 14:04:36 executing program 2: 14:04:36 executing program 1: r0 = socket(0x1, 0x2, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070") dup2(r0, 0xffffffffffffffff) 14:04:36 executing program 3: 14:04:36 executing program 5: 14:04:36 executing program 2: 14:04:36 executing program 4: 14:04:36 executing program 3: 14:04:36 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r1}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:36 executing program 1: r0 = socket(0x1, 0x2, 0x0) socket$inet6(0xa, 0x1000000000002, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, r1) 14:04:36 executing program 2: 14:04:36 executing program 3: 14:04:36 executing program 5: 14:04:36 executing program 4: 14:04:36 executing program 0: 14:04:36 executing program 1: r0 = socket(0x1, 0x2, 0x0) socket$inet6(0xa, 0x1000000000002, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, r1) 14:04:36 executing program 2: 14:04:36 executing program 5: 14:04:36 executing program 1: r0 = socket(0x1, 0x2, 0x0) socket$inet6(0xa, 0x1000000000002, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, r1) 14:04:36 executing program 4: 14:04:36 executing program 0: 14:04:36 executing program 3: 14:04:37 executing program 5: 14:04:37 executing program 4: 14:04:37 executing program 2: 14:04:37 executing program 3: 14:04:37 executing program 0: 14:04:37 executing program 1: r0 = socket(0x1, 0x2, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070") r1 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, r1) 14:04:37 executing program 5: 14:04:37 executing program 3: 14:04:37 executing program 2: 14:04:37 executing program 4: 14:04:37 executing program 0: 14:04:37 executing program 1: r0 = socket(0x1, 0x2, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070") r1 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, r1) 14:04:37 executing program 5: 14:04:37 executing program 2: 14:04:37 executing program 4: 14:04:37 executing program 0: 14:04:37 executing program 3: 14:04:37 executing program 1: r0 = socket(0x1, 0x2, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070") r1 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, r1) 14:04:37 executing program 2: 14:04:37 executing program 5: 14:04:37 executing program 3: 14:04:37 executing program 2: 14:04:37 executing program 4: 14:04:37 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070") r1 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(0xffffffffffffffff, r1) 14:04:37 executing program 0: 14:04:37 executing program 5: 14:04:37 executing program 3: 14:04:37 executing program 0: 14:04:37 executing program 1: r0 = socket(0x0, 0x2, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070") r2 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, r2) 14:04:37 executing program 2: 14:04:37 executing program 4: 14:04:37 executing program 5: 14:04:37 executing program 0: 14:04:37 executing program 2: 14:04:37 executing program 4: 14:04:37 executing program 3: 14:04:37 executing program 2: 14:04:37 executing program 0: 14:04:37 executing program 1: r0 = socket(0x1, 0x0, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070") r2 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, r2) 14:04:38 executing program 4: 14:04:38 executing program 5: 14:04:38 executing program 2: 14:04:38 executing program 3: 14:04:38 executing program 0: 14:04:38 executing program 4: 14:04:38 executing program 5: 14:04:38 executing program 1: r0 = socket(0x1, 0x2, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070") r2 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, r2) 14:04:38 executing program 3: 14:04:38 executing program 0: 14:04:38 executing program 2: 14:04:38 executing program 4: 14:04:38 executing program 5: 14:04:38 executing program 2: 14:04:38 executing program 0: 14:04:38 executing program 1: r0 = socket(0x1, 0x2, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070") r2 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, r2) 14:04:38 executing program 4: 14:04:38 executing program 3: 14:04:38 executing program 5: 14:04:38 executing program 2: 14:04:38 executing program 0: 14:04:38 executing program 4: 14:04:38 executing program 1: r0 = socket(0x1, 0x2, 0x0) r1 = socket$inet6(0xa, 0x0, 0x0) ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070") r2 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, r2) 14:04:38 executing program 3: 14:04:38 executing program 0: 14:04:38 executing program 5: 14:04:38 executing program 2: 14:04:38 executing program 4: 14:04:38 executing program 3: 14:04:38 executing program 0: 14:04:38 executing program 5: 14:04:38 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) bind$netlink(r0, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc) r1 = accept4(r0, 0x0, &(0x7f00000000c0), 0x80000) sendmsg$nl_generic(r0, &(0x7f0000000200)={&(0x7f0000000480)={0x10, 0xbb7f}, 0xc, &(0x7f0000000440)={&(0x7f00000004c0)={0x1c, 0x22, 0x1, 0x0, 0x80000000, {0x4}, [@typed={0x8, 0xc, @pid}]}, 0x1c}}, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)="2f02726f75702e7374617000", 0x2761, 0x0) r2 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000040), 0x2, 0x0) write(r2, &(0x7f0000000380)='v', 0x1) sendfile(r2, r2, &(0x7f0000000240), 0x8000) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)=""/161, 0xa1}], 0x1, &(0x7f0000001380)=""/127, 0x7f}, 0x2002) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000100)={0x0, 0xf36}, &(0x7f0000000140)=0x8) 14:04:38 executing program 1: r0 = socket(0x1, 0x2, 0x0) socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070") r1 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, r1) 14:04:38 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)) epoll_wait(r1, &(0x7f00000004c0)=[{}], 0x1, 0x0) 14:04:38 executing program 2: r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)="636c6561725f72656673000e26f4219411c8d7870771d49f76") bind$inet6(0xffffffffffffffff, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) socket$netlink(0x10, 0x3, 0x0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000440)={{{@in6=@ipv4={[], [], @broadcast}, @in6=@ipv4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@mcast2}, 0x0, @in6=@ipv4={[], [], @rand_addr}}}, &(0x7f0000000540)=0xe8) ioctl$EVIOCSABS0(0xffffffffffffffff, 0x401845c0, &(0x7f0000000380)={0x0, 0x400, 0x7, 0xbe80, 0xffffffff, 0x5}) stat(&(0x7f0000000580)='./file0\x00', &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) chown(&(0x7f0000000400)='./file0\x00', r1, r2) ioctl$TCGETA(r0, 0x5405, &(0x7f0000000340)) r3 = syz_open_procfs(0x0, &(0x7f0000000200)='schedstat\x00') perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x4, &(0x7f00000002c0), 0x0) sendfile(r0, r3, &(0x7f0000000700), 0x1) sendmsg(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000100)=@ethernet={0x0, @remote}, 0x80, &(0x7f0000000280), 0x0, &(0x7f00000002c0)}, 0x0) 14:04:38 executing program 5: syz_mount_image$f2fs(&(0x7f0000000000)='f2fs\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x1, &(0x7f00000000c0)=[{&(0x7f0000010400)="1020f5f20100070009000000030000000c0000000900000001000000020000000000000000300000000000000e00000016000000020000000200000002000000020000000e000000000400000004000000080000000c00000010000000140000030000000100000002", 0x69, 0x1400}], 0x0, &(0x7f00000001c0)) 14:04:38 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x801, 0x0) io_setup(0xc01, &(0x7f0000000200)=0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(0xffffffffffffffff, 0x402c5342, &(0x7f0000000140)={0x1ff, 0x0, 0x0, {0x0, 0x989680}}) io_submit(r1, 0x1400, &(0x7f0000000240)=[&(0x7f0000000280)={0x8378010000010ca2, 0x0, 0x0, 0x800000000001, 0x0, r0, &(0x7f0000000140), 0x2}]) [ 252.470722] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0) 14:04:39 executing program 1: r0 = socket(0x1, 0x2, 0x0) socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070") r1 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, r1) 14:04:39 executing program 3: r0 = getpgrp(0xffffffffffffffff) prctl$setptracer(0x59616d61, r0) [ 252.516817] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 252.541056] attempt to access beyond end of device [ 252.551038] loop5: rw=12288, want=8200, limit=20 [ 252.583662] attempt to access beyond end of device 14:04:39 executing program 2: fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) openat$hwrng(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/hwrng\x00', 0x10080, 0x0) r0 = open(&(0x7f0000000440)='./file0\x00', 0x708fd0ae9c9e3b76, 0x21) ioctl$TIOCGPGRP(r0, 0x540f, &(0x7f0000000380)=0x0) r2 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x2, 0x9, 0x0, 0x0, 0x81, 0x0, 0x0, 0x693a, 0x1f, 0x0, 0x7, 0x0, 0x0, 0x0, 0xdc69, 0xffff, 0x0, 0xbeb9, 0x2, 0x4a04, 0x105, 0x3, 0x1, 0x1, 0x8, 0xd6, 0x6, 0x0, 0x8, 0x6, 0x1, 0x100000000, 0x6, 0x40, 0x8, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x800}, 0x0, 0x3, 0x101, 0x6, 0x8, 0x7, 0x100000000}, r1, 0xb, r2, 0x0) r3 = semget(0xffffffffffffffff, 0x0, 0x244) semctl$GETNCNT(r3, 0x4, 0xe, &(0x7f0000000240)=""/199) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003840)=[{{&(0x7f0000003980)=@rc, 0x80, &(0x7f0000002b80)=[{&(0x7f0000001880)=""/190, 0xbe}], 0x1, &(0x7f0000002c00)=""/125, 0x7d}}], 0x1, 0x0, &(0x7f0000000080)) perf_event_open(&(0x7f00000001c0)={0x0, 0x70, 0x7fffffff, 0x0, 0x0, 0x8, 0x0, 0x4, 0x22, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x5, 0x8, 0x0, 0x0, 0x94d, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x1}, 0x0, 0x0, 0x0, 0x3, 0x554fe7de}, r1, 0x0, 0xffffffffffffffff, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/fib_trie\x00') preadv(r4, &(0x7f00000017c0), 0x1d0, 0x1f000000) 14:04:39 executing program 1: r0 = socket(0x1, 0x2, 0x0) socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070") r1 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, r1) [ 252.607736] loop5: rw=12288, want=12296, limit=20 [ 252.625517] F2FS-fs (loop5): Failed to get valid F2FS checkpoint 14:04:39 executing program 3: r0 = socket$inet6(0xa, 0x8000000000000003, 0x6) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$inet(0x2, 0x6000000000000001, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000140)=@nat={'nat\x00', 0x3c1, 0x2, 0x90, [0x20000660], 0x0, &(0x7f0000000000), &(0x7f0000000600)=[{}, {}, {}]}, 0x108) [ 252.660445] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 252.713295] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 252.729178] attempt to access beyond end of device [ 252.736468] loop5: rw=12288, want=8200, limit=20 [ 252.748663] attempt to access beyond end of device 14:04:39 executing program 1: r0 = socket(0x1, 0x2, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x0, &(0x7f0000000080)="153f6234488dd25d766070") r2 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, r2) [ 252.759869] loop5: rw=12288, want=12296, limit=20 [ 252.766040] F2FS-fs (loop5): Failed to get valid F2FS checkpoint [ 252.778781] kernel msg: ebtables bug: please report to author: Chains don't start at beginning [ 252.862104] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 252.923638] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 252.967359] attempt to access beyond end of device [ 252.985344] loop5: rw=12288, want=8200, limit=20 [ 252.991609] attempt to access beyond end of device [ 252.996723] loop5: rw=12288, want=12296, limit=20 [ 253.002195] F2FS-fs (loop5): Failed to get valid F2FS checkpoint [ 253.009124] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 253.016225] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 253.024718] attempt to access beyond end of device [ 253.030077] loop5: rw=12288, want=8200, limit=20 [ 253.035003] attempt to access beyond end of device [ 253.040358] loop5: rw=12288, want=12296, limit=20 [ 253.045310] F2FS-fs (loop5): Failed to get valid F2FS checkpoint 14:04:39 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={&(0x7f0000000040), 0xc, &(0x7f00000001c0)={&(0x7f0000000140)=@bridge_getlink={0x20, 0x12, 0x1}, 0x20}}, 0x0) 14:04:39 executing program 1: r0 = socket(0x1, 0x2, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x0, &(0x7f0000000080)="153f6234488dd25d766070") r2 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, r2) 14:04:39 executing program 3: r0 = socket$inet6(0xa, 0x8000000000000003, 0x6) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$inet(0x2, 0x6000000000000001, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000140)=@nat={'nat\x00', 0x3c1, 0x2, 0x90, [0x20000660], 0x0, &(0x7f0000000000), &(0x7f0000000600)=[{}, {}, {}]}, 0x108) 14:04:39 executing program 5: r0 = socket$kcm(0xa, 0x1, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f0000000180)=@in6={0xa, 0x0, 0x0, @ipv4}, 0x80, &(0x7f00000000c0)}, 0x24000001) 14:04:39 executing program 4: sched_setaffinity(0x0, 0x7, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = gettid() clone(0x2e828903, &(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000140), &(0x7f0000000040)) tkill(r0, 0x8000000000000014) [ 253.254237] kernel msg: ebtables bug: please report to author: Chains don't start at beginning 14:04:49 executing program 0: r0 = socket$inet6(0xa, 0x1040000000002, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={"6c6f00ec08562fe8b02b434e00"}) sendmsg$nl_route(r1, &(0x7f0000000040)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="000000002c01b1000c001100aaaaaaaaaa000000"], 0x1}}, 0x0) 14:04:49 executing program 5: ioctl$SNDRV_TIMER_IOCTL_GPARAMS(0xffffffffffffffff, 0x40485404, &(0x7f0000000200)={{0x0, 0x0, 0x80}}) syz_open_dev$sndseq(&(0x7f0000000040)='/dev/snd/seq\x00', 0x0, 0x101801) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f000002b000)={0x0, 0x0, 0x0, "9ede7a8c5ae95ec8672c93340f643a664f13eeab65c0322901dc6bd36cde2c51f01b7f0b014f9f91eeb7c37c7240f476c8d753d000aa8faf8fb574dbcfa6dc4d"}) ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f00000024c0)={'vcan0\x00', {0x2, 0x4e21, @local}}) r0 = getpid() rt_sigqueueinfo(r0, 0x15, &(0x7f0000000140)={0x0, 0x9000}) ioctl$GIO_CMAP(0xffffffffffffffff, 0x4b70, &(0x7f0000002480)) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_MP_STATE(0xffffffffffffffff, 0x4004ae99, &(0x7f00000001c0)) r2 = socket$inet6(0xa, 0x2, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO(0xffffffffffffffff, 0x402c5342, &(0x7f0000000380)={0x0, 0x0, 0x0, {}, 0x0, 0x5}) inotify_init1(0x0) connect$inet6(r2, &(0x7f0000002740)={0xa, 0x0, 0x0, @dev, 0x4}, 0x79) sendmmsg(r2, &(0x7f0000007e00), 0x136a88c8311572c, 0xb605) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff) write$P9_RREADDIR(r1, &(0x7f0000002500)=ANY=[], 0x0) 14:04:49 executing program 1: r0 = socket(0x1, 0x2, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x0, &(0x7f0000000080)="153f6234488dd25d766070") r2 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, r2) 14:04:49 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000140), 0xffffffffffffffff) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.stat\x00', 0x0, 0x0) write$P9_RLERRORu(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x7, 0x0, {{0x4, 'user'}}}, 0x11) io_setup(0x6, &(0x7f0000000180)=0x0) io_submit(r2, 0x1, &(0x7f0000000740)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000040)}]) io_getevents(r2, 0x4, 0x110, &(0x7f0000d83f60)=[{}, {}], &(0x7f00005cfff0)={0x4000000000001, 0x7}) io_destroy(r2) 14:04:49 executing program 3: r0 = socket$inet6(0xa, 0x8000000000000003, 0x6) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$inet(0x2, 0x6000000000000001, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000140)=@nat={'nat\x00', 0x3c1, 0x2, 0x90, [0x20000660], 0x0, &(0x7f0000000000), &(0x7f0000000600)=[{}, {}, {}]}, 0x108) 14:04:49 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x151) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x131f64) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f00000001c0), 0xffffffffffffffff) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000000)={@dev, 0x0, 0x2}, 0x20) getsockopt$ARPT_SO_GET_INFO(r1, 0x0, 0x60, &(0x7f0000000140)={'filter\x00'}, &(0x7f0000000040)=0x44) 14:04:49 executing program 1: r0 = socket(0x1, 0x2, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000080)) r2 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, r2) [ 263.195956] kernel msg: ebtables bug: please report to author: Chains don't start at beginning 14:04:49 executing program 3: r0 = socket$inet6(0xa, 0x8000000000000003, 0x6) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$inet(0x2, 0x6000000000000001, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000140)=@nat={'nat\x00', 0x3c1, 0x2, 0x90, [0x20000660], 0x0, &(0x7f0000000000), &(0x7f0000000600)=[{}, {}, {}]}, 0x108) 14:04:49 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)) r0 = semget$private(0x0, 0x8, 0x0) semop(r0, &(0x7f0000000080)=[{}], 0x43) semctl$GETNCNT(r0, 0x0, 0xe, &(0x7f00000001c0)=""/205) 14:04:49 executing program 1: r0 = socket(0x1, 0x2, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000080)) r2 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, r2) [ 263.332458] kernel msg: ebtables bug: please report to author: Chains don't start at beginning 14:04:49 executing program 2: syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000500)="8da4363a00000000000000000000004d01000000000000000000000000000000ecf6f2a2299748aeb81e1b00920efd9a000001000000000001000000000000005f42485266535f4dd2f873574f257e0a01e2a6a02f5e071383fa5a669a53f2fe9eb4eb7918628af41b035fd98372e7c2a6", 0x71, 0x10000}], 0x0, &(0x7f0000000140)) 14:04:49 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000dc9ff0)={0x2, 0x4e20, @broadcast}, 0x10) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffff9c, 0x84, 0x13, &(0x7f0000000640)={0x0, 0x6}, &(0x7f0000000680)=0x8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000540)={r1, 0xdd, "dbe6159af1cb7e0b579e0308b35f2c511e8370636501acd66676a229ef032843cdd852be66cd4eb94ca076ffb844e6d9ac9ddace3e6038ddd71a617be3db8c3aade9e72945b90c468fa4f164741eb638ed54ebb862123e257ae3de3473308b30d85a35131d70dd645519068a8119e229622c3db9d74968d700135964988f21a775f952494017fc569ce129da68866198ddb9cf7699644d35c56db06edb36ad3f1c9379c1bb025fb237f4f4933f688eea45e1748a00fadb3264c4257700c486a0d8984bcf9581f195f785f17eb461003c0bd656ad4858fa5f9024294ce4"}, &(0x7f0000001a00)=0xe5) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000001a40)={r2, 0x40000000000, 0x10}, 0xc) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000080)='highspeed\x00', 0xa) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000017c0)={0x81, 0x6, 0x6, 0x0, 0x0, [{r3, 0x0, 0x6}, {r0, 0x0, 0x4}, {r0, 0x0, 0x800}, {r0}, {r0, 0x0, 0x3}, {r0, 0x0, 0x9}]}) setsockopt$inet_tcp_int(r0, 0x6, 0x12, &(0x7f0000000400)=0x2, 0x4) sendto$inet(r0, &(0x7f00000001c0), 0x0, 0x20400001, &(0x7f0000001480)={0x2, 0x4000004e20, @broadcast}, 0x10) clock_gettime(0x0, &(0x7f0000000340)) r4 = accept(0xffffffffffffffff, &(0x7f00000006c0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast1}}}, &(0x7f0000000740)=0x80) getpeername$inet6(r4, &(0x7f0000000780)={0xa, 0x0, 0x0, @ipv4={[], [], @multicast1}}, &(0x7f00000007c0)=0x1c) r5 = socket$can_raw(0x1d, 0x3, 0x1) accept4(r5, &(0x7f0000001580)=@sco, &(0x7f0000001600)=0x80, 0x80800) r6 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) setsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, &(0x7f0000000040)='ip_vti0\x00', 0x10) sendto$llc(r6, &(0x7f0000001a80)="514f987fd5c76232a7bf0f47fa2ff715748032d500f1c708ddfd34b62c6cd988414520ae22e16adbfc058d5214b613d3f4dcb071225abc5422a6c355656ea33c2779b1880b2ff760893432204709f9ab263383fb3dc193f2f1178e1810c560c0b66a1f5f23b6216a59a324fe79c629a1b5a6461299c6c1c0f279705414bf7a9fedc0c02a45f83fd8533ca3771465cc7f71c7cf27deeee95cf2658ef668593d37bd", 0xa1, 0x0, &(0x7f0000000000)={0x1a, 0x300, 0x0, 0x0, 0x10000003, 0x1, @local}, 0x10) 14:04:49 executing program 3: r0 = socket$inet6(0xa, 0x8000000000000003, 0x6) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000140)=@nat={'nat\x00', 0x3c1, 0x2, 0x90, [0x20000660], 0x0, &(0x7f0000000000), &(0x7f0000000600)=[{}, {}, {}]}, 0x108) [ 263.414339] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 263.414339] The task syz-executor0 (8011) triggered the difference, watch for misbehavior. 14:04:50 executing program 1: r0 = socket(0x1, 0x2, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000080)) r2 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, r2) [ 263.496084] BTRFS: device fsid ecf6f2a2-2997-48ae-b81e-1b00920efd9a devid 0 transid 756082810144684242 /dev/loop2 14:04:50 executing program 5: 14:04:50 executing program 3: r0 = socket$inet6(0xa, 0x8000000000000003, 0x6) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000140)=@nat={'nat\x00', 0x3c1, 0x2, 0x90, [0x20000660], 0x0, &(0x7f0000000000), &(0x7f0000000600)=[{}, {}, {}]}, 0x108) 14:04:50 executing program 1: r0 = socket(0x1, 0x2, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488d") r2 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, r2) 14:04:50 executing program 4: 14:04:50 executing program 2: 14:04:50 executing program 5: 14:04:50 executing program 0: 14:04:50 executing program 1: r0 = socket(0x1, 0x2, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488d") r2 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, r2) 14:04:50 executing program 3: r0 = socket$inet6(0xa, 0x8000000000000003, 0x6) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000140)=@nat={'nat\x00', 0x3c1, 0x2, 0x90, [0x20000660], 0x0, &(0x7f0000000000), &(0x7f0000000600)=[{}, {}, {}]}, 0x108) 14:04:50 executing program 5: 14:04:50 executing program 2: 14:04:50 executing program 4: 14:04:50 executing program 2: 14:04:50 executing program 5: 14:04:50 executing program 4: 14:04:50 executing program 3: socket$inet6(0xa, 0x8000000000000003, 0x6) r0 = socket$inet(0x2, 0x6000000000000001, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000140)=@nat={'nat\x00', 0x3c1, 0x2, 0x90, [0x20000660], 0x0, &(0x7f0000000000), &(0x7f0000000600)=[{}, {}, {}]}, 0x108) 14:04:50 executing program 2: 14:04:50 executing program 1: r0 = socket(0x1, 0x2, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488d") r2 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, r2) 14:04:50 executing program 0: 14:04:50 executing program 5: 14:04:50 executing program 4: [ 264.409626] kernel msg: ebtables bug: please report to author: Chains don't start at beginning 14:04:50 executing program 0: 14:04:51 executing program 5: 14:04:51 executing program 3: socket$inet6(0xa, 0x8000000000000003, 0x6) r0 = socket$inet(0x2, 0x6000000000000001, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000140)=@nat={'nat\x00', 0x3c1, 0x2, 0x90, [0x20000660], 0x0, &(0x7f0000000000), &(0x7f0000000600)=[{}, {}, {}]}, 0x108) 14:04:51 executing program 1: r0 = socket(0x1, 0x2, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d76") r2 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, r2) 14:04:51 executing program 2: [ 264.563846] kernel msg: ebtables bug: please report to author: Chains don't start at beginning 14:04:51 executing program 0: 14:04:51 executing program 4: 14:04:51 executing program 5: 14:04:51 executing program 2: 14:04:51 executing program 1: r0 = socket(0x1, 0x2, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d76") r2 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, r2) 14:04:51 executing program 3: socket$inet6(0xa, 0x8000000000000003, 0x6) r0 = socket$inet(0x2, 0x6000000000000001, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000140)=@nat={'nat\x00', 0x3c1, 0x2, 0x90, [0x20000660], 0x0, &(0x7f0000000000), &(0x7f0000000600)=[{}, {}, {}]}, 0x108) 14:04:51 executing program 4: 14:04:51 executing program 0: 14:04:51 executing program 5: [ 264.776293] kernel msg: ebtables bug: please report to author: Chains don't start at beginning 14:04:51 executing program 4: 14:04:51 executing program 2: 14:04:51 executing program 3: ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r0 = socket$inet(0x2, 0x6000000000000001, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000140)=@nat={'nat\x00', 0x3c1, 0x2, 0x90, [0x20000660], 0x0, &(0x7f0000000000), &(0x7f0000000600)=[{}, {}, {}]}, 0x108) 14:04:51 executing program 1: r0 = socket(0x1, 0x2, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d76") r2 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, r2) 14:04:51 executing program 0: 14:04:51 executing program 5: 14:04:51 executing program 2: 14:04:51 executing program 4: [ 265.010317] kernel msg: ebtables bug: please report to author: Chains don't start at beginning 14:04:51 executing program 0: 14:04:51 executing program 1: r0 = socket(0x1, 0x2, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d7660") r2 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, r2) 14:04:51 executing program 4: 14:04:51 executing program 3: ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r0 = socket$inet(0x2, 0x6000000000000001, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000140)=@nat={'nat\x00', 0x3c1, 0x2, 0x90, [0x20000660], 0x0, &(0x7f0000000000), &(0x7f0000000600)=[{}, {}, {}]}, 0x108) 14:04:51 executing program 5: 14:04:51 executing program 2: 14:04:51 executing program 4: 14:04:51 executing program 0: 14:04:51 executing program 1: r0 = socket(0x1, 0x2, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d7660") r2 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, r2) [ 265.232170] kernel msg: ebtables bug: please report to author: Chains don't start at beginning 14:04:51 executing program 5: 14:04:51 executing program 2: 14:04:51 executing program 0: 14:04:51 executing program 3: ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r0 = socket$inet(0x2, 0x6000000000000001, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000140)=@nat={'nat\x00', 0x3c1, 0x2, 0x90, [0x20000660], 0x0, &(0x7f0000000000), &(0x7f0000000600)=[{}, {}, {}]}, 0x108) 14:04:51 executing program 4: 14:04:51 executing program 1: r0 = socket(0x1, 0x2, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d7660") r2 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, r2) 14:04:51 executing program 5: 14:04:52 executing program 0: 14:04:52 executing program 2: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000380)='/dev/fuse\x00', 0x2, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) r1 = syz_open_dev$mouse(&(0x7f00000001c0)='/dev/input/mouse#\x00', 0x0, 0x0) mount$9p_fd(0x8000a0, &(0x7f0000000180)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000240)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x665}, 0x14) [ 265.516359] kernel msg: ebtables bug: please report to author: Chains don't start at beginning 14:04:52 executing program 4: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'gretap0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000040)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000500)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_IFNAME={0x14, 0x4, 'ip6_vti0\x00'}, @IFLA_ADDRESS={0xc, 0x1, @dev}]}, 0x40}}, 0x0) 14:04:52 executing program 1: r0 = socket(0x1, 0x2, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070") r2 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) dup2(r0, r2) 14:04:52 executing program 5: r0 = socket(0xa, 0x2400000001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000034000)={0x7fffffff, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88) getsockopt$inet6_buf(r0, 0x29, 0x10000000000030, &(0x7f0000034000)=""/144, &(0x7f00000000c0)=0xfffffffffffffe3e) 14:04:52 executing program 3: r0 = socket$inet6(0xa, 0x0, 0x6) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$inet(0x2, 0x6000000000000001, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000140)=@nat={'nat\x00', 0x3c1, 0x2, 0x90, [0x20000660], 0x0, &(0x7f0000000000), &(0x7f0000000600)=[{}, {}, {}]}, 0x108) 14:04:52 executing program 0: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) getpid() rt_tgsigqueueinfo(0x0, 0x0, 0x0, &(0x7f0000000100)) r1 = syz_open_procfs(0x0, &(0x7f0000000900)="2f6578650000c10000000000e9ff0700000000000054fa07424adee916d2da75afe70b35a0fd6a1f0200f5ab26d7a071fb35331ce39c5a6568641006d7c0206a74e33326530000000000000000000000") r2 = creat(&(0x7f0000000700)='./bus\x00', 0x0) sendfile(r2, r1, 0x0, 0x1000) [ 265.664988] netlink: 'syz-executor4': attribute type 4 has an invalid length. [ 265.700014] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. 14:04:52 executing program 1: r0 = socket(0x1, 0x2, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070") r2 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) dup2(r0, r2) 14:04:52 executing program 5: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mount(&(0x7f0000000400)=ANY=[], &(0x7f0000000040)='./file0\x00', &(0x7f0000000280)='tmpfs\x00', 0x0, &(0x7f00000002c0)) socket(0x10, 0x2, 0x0) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) [ 265.732039] kernel msg: ebtables bug: please report to author: Chains don't start at beginning [ 265.743840] netlink: 'syz-executor4': attribute type 4 has an invalid length. [ 265.763381] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. 14:04:52 executing program 3: r0 = socket$inet6(0xa, 0x0, 0x6) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$inet(0x2, 0x6000000000000001, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000140)=@nat={'nat\x00', 0x3c1, 0x2, 0x90, [0x20000660], 0x0, &(0x7f0000000000), &(0x7f0000000600)=[{}, {}, {}]}, 0x108) 14:04:52 executing program 0 (fault-call:5 fault-nth:0): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r1}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r1, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:52 executing program 4: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'gretap0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000040)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000500)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_IFNAME={0x14, 0x4, 'ip6_vti0\x00'}, @IFLA_ADDRESS={0xc, 0x1, @dev}]}, 0x40}}, 0x0) 14:04:52 executing program 5 (fault-call:3 fault-nth:0): creat(&(0x7f0000001140)='./file0\x00', 0x0) lsetxattr$security_selinux(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='security.selinux\x00', &(0x7f0000000080)='system_u:object_r:gpg_agent_exec_t:s0\x00', 0x26, 0x0) mount$bpf(0x20000000, &(0x7f0000000280)='./file0\x00', &(0x7f0000000580)='bpf\x00', 0x2001001, &(0x7f00000009c0)=ANY=[]) mount(&(0x7f0000000040)=ANY=[], &(0x7f00000000c0)='./file0\x00', &(0x7f00000002c0)='btrfs\x00', 0x2200060, 0x0) [ 265.955278] FAULT_INJECTION: forcing a failure. [ 265.955278] name failslab, interval 1, probability 0, space 0, times 1 [ 265.971104] netlink: 'syz-executor4': attribute type 4 has an invalid length. [ 265.980327] FAULT_INJECTION: forcing a failure. [ 265.980327] name failslab, interval 1, probability 0, space 0, times 1 [ 265.990167] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 265.996295] CPU: 0 PID: 8215 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 266.014846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 266.024209] Call Trace: [ 266.026903] dump_stack+0x244/0x39d [ 266.030550] ? dump_stack_print_info.cold.1+0x20/0x20 [ 266.035830] ? zap_class+0x640/0x640 [ 266.039628] ? perf_trace_sched_process_exec+0x860/0x860 [ 266.045200] should_fail.cold.4+0xa/0x17 [ 266.049280] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 266.054178] kernel msg: ebtables bug: please report to author: Chains don't start at beginning [ 266.054463] ? get_pid_task+0xd6/0x1a0 [ 266.067087] ? find_held_lock+0x36/0x1c0 [ 266.071164] ? find_held_lock+0x36/0x1c0 [ 266.075270] ? ptr_to_user+0x418/0x560 [ 266.079179] ? perf_trace_sched_process_exec+0x860/0x860 [ 266.084677] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 266.089659] __should_failslab+0x124/0x180 [ 266.093954] should_failslab+0x9/0x14 [ 266.097796] kmem_cache_alloc+0x2be/0x730 [ 266.101956] ? __lock_is_held+0xb5/0x140 [ 266.106094] getname_flags+0xd0/0x590 [ 266.109956] user_path_at_empty+0x2d/0x50 [ 266.114148] path_setxattr+0xd6/0x230 [ 266.117969] ? setxattr+0x450/0x450 [ 266.121645] ? trace_hardirqs_on+0xbd/0x310 [ 266.126014] ? __ia32_sys_read+0xb0/0xb0 [ 266.130132] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 266.135504] ? trace_hardirqs_off_caller+0x300/0x300 [ 266.140625] __x64_sys_lsetxattr+0xc1/0x150 [ 266.145004] do_syscall_64+0x1b9/0x820 [ 266.148906] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 266.154280] ? syscall_return_slowpath+0x5e0/0x5e0 [ 266.159214] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 266.164103] ? trace_hardirqs_on_caller+0x310/0x310 [ 266.169132] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 266.174158] ? prepare_exit_to_usermode+0x291/0x3b0 [ 266.179205] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 266.184060] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 266.189251] RIP: 0033:0x457569 [ 266.192452] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 266.211363] RSP: 002b:00007ff0c134bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 266.219081] RAX: ffffffffffffffda RBX: 00007ff0c134bc90 RCX: 0000000000457569 [ 266.226355] RDX: 00000000200002c0 RSI: 00000000200004c0 RDI: 00000000200001c0 [ 266.233630] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 266.233644] R10: 000000000000000c R11: 0000000000000246 R12: 00007ff0c134c6d4 [ 266.233652] R13: 00000000004c2718 R14: 00000000004d3918 R15: 0000000000000004 [ 266.257553] CPU: 0 PID: 8221 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 266.265983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 266.275333] Call Trace: [ 266.275356] dump_stack+0x244/0x39d [ 266.275377] ? dump_stack_print_info.cold.1+0x20/0x20 [ 266.275399] ? get_pid_task+0xd6/0x1a0 [ 266.290718] should_fail.cold.4+0xa/0x17 [ 266.294799] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 266.299917] ? __f_unlock_pos+0x19/0x20 [ 266.303903] ? lock_downgrade+0x900/0x900 [ 266.308086] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 266.313624] ? proc_fail_nth_write+0x9e/0x210 [ 266.318130] ? proc_cwd_link+0x1d0/0x1d0 [ 266.322182] ? find_held_lock+0x36/0x1c0 [ 266.326298] ? host_store_raid_offload_debug+0x2b8/0x300 [ 266.331761] ? perf_trace_sched_process_exec+0x860/0x860 [ 266.337197] ? __lock_is_held+0xb5/0x140 [ 266.341253] __should_failslab+0x124/0x180 [ 266.345498] should_failslab+0x9/0x14 [ 266.349294] __kmalloc_track_caller+0x2d1/0x760 [ 266.353954] ? strncpy_from_user+0x5a0/0x5a0 [ 266.358351] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 266.363886] ? strndup_user+0x77/0xd0 [ 266.367675] memdup_user+0x2c/0xa0 [ 266.371207] strndup_user+0x77/0xd0 [ 266.374861] ksys_mount+0x3c/0x140 [ 266.378409] __x64_sys_mount+0xbe/0x150 [ 266.382402] do_syscall_64+0x1b9/0x820 [ 266.386280] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 266.391631] ? syscall_return_slowpath+0x5e0/0x5e0 [ 266.396579] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 266.401448] ? trace_hardirqs_on_caller+0x310/0x310 [ 266.406454] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 266.411461] ? prepare_exit_to_usermode+0x291/0x3b0 [ 266.416479] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 266.421328] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 266.426503] RIP: 0033:0x457569 [ 266.429695] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 266.448586] RSP: 002b:00007f162eec7c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 266.456280] RAX: ffffffffffffffda RBX: 00007f162eec7c90 RCX: 0000000000457569 [ 266.463535] RDX: 00000000200002c0 RSI: 00000000200000c0 RDI: 0000000020000040 [ 266.470796] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 266.478075] R10: 0000000002200060 R11: 0000000000000246 R12: 00007f162eec86d4 [ 266.485341] R13: 00000000004c289b R14: 00000000004d3c78 R15: 0000000000000004 14:04:55 executing program 4: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'gretap0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000040)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000500)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_IFNAME={0x14, 0x4, 'ip6_vti0\x00'}, @IFLA_ADDRESS={0xc, 0x1, @dev}]}, 0x40}}, 0x0) 14:04:55 executing program 1: r0 = socket(0x1, 0x2, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070") r2 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x0) dup2(r0, r2) 14:04:55 executing program 3: r0 = socket$inet6(0xa, 0x0, 0x6) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$inet(0x2, 0x6000000000000001, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000140)=@nat={'nat\x00', 0x3c1, 0x2, 0x90, [0x20000660], 0x0, &(0x7f0000000000), &(0x7f0000000600)=[{}, {}, {}]}, 0x108) 14:04:55 executing program 0 (fault-call:5 fault-nth:1): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r1}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r1, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:55 executing program 2: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000380)='/dev/fuse\x00', 0x2, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) r1 = syz_open_dev$mouse(&(0x7f00000001c0)='/dev/input/mouse#\x00', 0x0, 0x0) mount$9p_fd(0x8000a0, &(0x7f0000000180)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000240)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x665}, 0x14) 14:04:55 executing program 5 (fault-call:3 fault-nth:1): creat(&(0x7f0000001140)='./file0\x00', 0x0) lsetxattr$security_selinux(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='security.selinux\x00', &(0x7f0000000080)='system_u:object_r:gpg_agent_exec_t:s0\x00', 0x26, 0x0) mount$bpf(0x20000000, &(0x7f0000000280)='./file0\x00', &(0x7f0000000580)='bpf\x00', 0x2001001, &(0x7f00000009c0)=ANY=[]) mount(&(0x7f0000000040)=ANY=[], &(0x7f00000000c0)='./file0\x00', &(0x7f00000002c0)='btrfs\x00', 0x2200060, 0x0) [ 268.730913] FAULT_INJECTION: forcing a failure. [ 268.730913] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 268.732360] FAULT_INJECTION: forcing a failure. [ 268.732360] name failslab, interval 1, probability 0, space 0, times 0 [ 268.742787] CPU: 0 PID: 8233 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 268.742799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 268.742805] Call Trace: [ 268.742833] dump_stack+0x244/0x39d [ 268.742858] ? dump_stack_print_info.cold.1+0x20/0x20 [ 268.742887] ? mark_held_locks+0x130/0x130 [ 268.742921] should_fail.cold.4+0xa/0x17 [ 268.770477] kernel msg: ebtables bug: please report to author: Chains don't start at beginning [ 268.771898] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 268.771919] ? zap_class+0x640/0x640 [ 268.809132] ? zap_class+0x640/0x640 [ 268.809174] ? mark_held_locks+0x130/0x130 [ 268.809193] ? find_held_lock+0x36/0x1c0 [ 268.817158] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 268.826803] ? _parse_integer+0x134/0x180 [ 268.830969] ? zap_class+0x640/0x640 [ 268.834693] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 268.840254] ? _kstrtoull+0x188/0x250 [ 268.844067] ? _parse_integer+0x180/0x180 [ 268.848225] ? zap_class+0x640/0x640 [ 268.851959] ? lock_release+0xa10/0xa10 [ 268.855940] ? perf_trace_sched_process_exec+0x860/0x860 [ 268.861450] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 268.867015] ? should_fail+0x22d/0xd01 [ 268.870916] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 268.876115] __alloc_pages_nodemask+0x34b/0xdd0 [ 268.880836] ? __alloc_pages_slowpath+0x2dd0/0x2dd0 [ 268.885861] ? find_held_lock+0x36/0x1c0 [ 268.889946] ? find_held_lock+0x36/0x1c0 [ 268.894044] ? trace_hardirqs_off+0xb8/0x310 [ 268.898470] cache_grow_begin+0xa5/0x8c0 [ 268.902544] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 268.908097] ? check_preemption_disabled+0x48/0x280 [ 268.913128] kmem_cache_alloc+0x66b/0x730 [ 268.917297] ? __lock_is_held+0xb5/0x140 [ 268.921371] getname_flags+0xd0/0x590 [ 268.925187] user_path_at_empty+0x2d/0x50 [ 268.929357] path_setxattr+0xd6/0x230 [ 268.933165] ? setxattr+0x450/0x450 [ 268.936800] ? trace_hardirqs_on+0xbd/0x310 [ 268.941127] ? __ia32_sys_read+0xb0/0xb0 [ 268.945196] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 268.950577] ? trace_hardirqs_off_caller+0x300/0x300 [ 268.955701] __x64_sys_lsetxattr+0xc1/0x150 [ 268.960036] do_syscall_64+0x1b9/0x820 [ 268.963934] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 268.969305] ? syscall_return_slowpath+0x5e0/0x5e0 [ 268.974275] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 268.979128] ? trace_hardirqs_on_caller+0x310/0x310 [ 268.984153] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 268.989177] ? prepare_exit_to_usermode+0x291/0x3b0 [ 268.994256] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 268.999112] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 269.004312] RIP: 0033:0x457569 [ 269.007515] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 269.026421] RSP: 002b:00007ff0c134bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 269.034174] RAX: ffffffffffffffda RBX: 00007ff0c134bc90 RCX: 0000000000457569 [ 269.041482] RDX: 00000000200002c0 RSI: 00000000200004c0 RDI: 00000000200001c0 [ 269.048792] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 269.056066] R10: 000000000000000c R11: 0000000000000246 R12: 00007ff0c134c6d4 [ 269.063337] R13: 00000000004c2718 R14: 00000000004d3918 R15: 0000000000000004 [ 269.070634] CPU: 1 PID: 8235 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 14:04:55 executing program 3: r0 = socket$inet6(0xa, 0x8000000000000003, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$inet(0x2, 0x6000000000000001, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000140)=@nat={'nat\x00', 0x3c1, 0x2, 0x90, [0x20000660], 0x0, &(0x7f0000000000), &(0x7f0000000600)=[{}, {}, {}]}, 0x108) [ 269.072072] netlink: 'syz-executor4': attribute type 4 has an invalid length. [ 269.079219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 269.079225] Call Trace: [ 269.079249] dump_stack+0x244/0x39d [ 269.079271] ? dump_stack_print_info.cold.1+0x20/0x20 [ 269.079292] ? mark_held_locks+0xc7/0x130 [ 269.111439] should_fail.cold.4+0xa/0x17 [ 269.115517] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 269.120657] ? __bpf_trace_preemptirq_template+0x30/0x30 14:04:55 executing program 1: socket(0x1, 0x2, 0x0) r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070") r1 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(0xffffffffffffffff, r1) [ 269.125669] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 269.126112] ? retint_kernel+0x1b/0x2d [ 269.126130] ? trace_hardirqs_on+0x310/0x310 [ 269.126153] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 269.154016] ? find_held_lock+0x36/0x1c0 [ 269.158181] ? ahci_init_one+0x4b8/0x407b [ 269.158212] ? perf_trace_sched_process_exec+0x860/0x860 [ 269.167815] ? lock_release+0xa10/0xa10 [ 269.167830] ? perf_trace_sched_process_exec+0x860/0x860 [ 269.167855] __should_failslab+0x124/0x180 14:04:55 executing program 0 (fault-call:5 fault-nth:2): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r1}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r1, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) [ 269.167875] should_failslab+0x9/0x14 [ 269.167895] __kmalloc_track_caller+0x2d1/0x760 [ 269.189979] ? strncpy_from_user+0x5a0/0x5a0 [ 269.194402] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 269.199959] ? strndup_user+0x77/0xd0 [ 269.203772] memdup_user+0x2c/0xa0 [ 269.207329] strndup_user+0x77/0xd0 [ 269.210968] ksys_mount+0x73/0x140 [ 269.214525] __x64_sys_mount+0xbe/0x150 [ 269.218523] do_syscall_64+0x1b9/0x820 [ 269.222435] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 269.227815] ? syscall_return_slowpath+0x5e0/0x5e0 [ 269.232757] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 269.237621] ? trace_hardirqs_on_caller+0x310/0x310 [ 269.242661] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 269.242681] ? prepare_exit_to_usermode+0x291/0x3b0 [ 269.242704] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 269.242729] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 269.242746] RIP: 0033:0x457569 [ 269.252795] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 269.252805] RSP: 002b:00007f162eec7c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 269.252821] RAX: ffffffffffffffda RBX: 00007f162eec7c90 RCX: 0000000000457569 [ 269.252831] RDX: 00000000200002c0 RSI: 00000000200000c0 RDI: 0000000020000040 [ 269.252840] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 269.252856] R10: 0000000002200060 R11: 0000000000000246 R12: 00007f162eec86d4 [ 269.301732] FAULT_INJECTION: forcing a failure. [ 269.301732] name failslab, interval 1, probability 0, space 0, times 0 [ 269.307273] R13: 00000000004c289b R14: 00000000004d3c78 R15: 0000000000000004 [ 269.350635] kernel msg: ebtables bug: please report to author: Chains don't start at beginning [ 269.366295] CPU: 0 PID: 8252 Comm: syz-executor0 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 269.374721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 269.384078] Call Trace: [ 269.386678] dump_stack+0x244/0x39d [ 269.390326] ? dump_stack_print_info.cold.1+0x20/0x20 [ 269.395527] ? find_held_lock+0x36/0x1c0 [ 269.399619] should_fail.cold.4+0xa/0x17 [ 269.403694] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 269.408829] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 269.414390] ? trace_hardirqs_on+0x310/0x310 [ 269.418821] ? zap_class+0x640/0x640 [ 269.422546] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 269.428218] ? find_held_lock+0x36/0x1c0 [ 269.432291] ? __lock_is_held+0xb5/0x140 [ 269.436369] ? perf_trace_sched_process_exec+0x860/0x860 [ 269.441845] ? __isolate_free_page+0x610/0x610 [ 269.446439] __should_failslab+0x124/0x180 [ 269.450685] should_failslab+0x9/0x14 [ 269.454493] kmem_cache_alloc+0x2be/0x730 [ 269.458661] __d_alloc+0xc8/0xb90 [ 269.462126] ? shrink_dcache_for_umount+0x2b0/0x2b0 [ 269.467338] ? print_usage_bug+0xc0/0xc0 [ 269.471471] ? ima_match_policy+0x848/0x1560 [ 269.475892] ? print_usage_bug+0xc0/0xc0 [ 269.479958] ? check_preemption_disabled+0x48/0x280 [ 269.484983] ? print_usage_bug+0xc0/0xc0 [ 269.489052] ? __lock_acquire+0x62f/0x4c20 [ 269.493295] ? zap_class+0x640/0x640 [ 269.497022] d_alloc+0x96/0x380 [ 269.500322] ? __d_alloc+0xb90/0xb90 [ 269.504044] ? __lock_is_held+0xb5/0x140 [ 269.508116] d_alloc_parallel+0x15a/0x1f40 [ 269.512361] ? mark_held_locks+0x130/0x130 [ 269.516616] ? __d_lookup_rcu+0xaa0/0xaa0 [ 269.520768] ? zap_class+0x640/0x640 [ 269.524510] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 269.530048] ? zap_class+0x640/0x640 [ 269.533773] ? zap_class+0x640/0x640 [ 269.537670] ? find_held_lock+0x36/0x1c0 [ 269.541763] ? __lockdep_init_map+0x105/0x590 [ 269.546264] ? __lockdep_init_map+0x105/0x590 [ 269.550783] ? lockdep_init_map+0x9/0x10 [ 269.554861] ? __init_waitqueue_head+0x9e/0x150 [ 269.559542] ? init_wait_entry+0x1c0/0x1c0 [ 269.563788] ? lock_acquire+0x1ed/0x520 [ 269.567767] __lookup_slow+0x1e6/0x540 [ 269.571668] ? vfs_unlink+0x510/0x510 [ 269.575491] ? path_init+0x1ed0/0x1ed0 [ 269.579451] ? privileged_wrt_inode_uidgid+0x68/0xd0 [ 269.584574] lookup_slow+0x57/0x80 [ 269.588132] walk_component+0x92b/0x2590 [ 269.592213] ? inode_permission+0xb2/0x560 [ 269.596457] ? pick_link+0xaf0/0xaf0 [ 269.600181] ? walk_component+0x2590/0x2590 [ 269.604526] ? save_stack+0xa9/0xd0 [ 269.608161] ? kasan_slab_alloc+0x12/0x20 [ 269.612307] ? kmem_cache_alloc+0x12e/0x730 [ 269.616628] ? getname_flags+0xd0/0x590 [ 269.620603] ? user_path_at_empty+0x2d/0x50 [ 269.624929] path_lookupat.isra.43+0x212/0xc00 [ 269.629514] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 269.634708] ? path_parentat.isra.41+0x160/0x160 [ 269.639484] ? usercopy_warn+0x110/0x110 [ 269.643554] ? check_preemption_disabled+0x48/0x280 [ 269.648597] filename_lookup+0x26a/0x520 [ 269.652665] ? nd_jump_link+0x1d0/0x1d0 [ 269.656653] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 269.662200] ? digsig_verify+0x1530/0x1530 [ 269.666465] ? kmem_cache_alloc+0x33a/0x730 [ 269.670816] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 269.676366] ? getname_flags+0x26e/0x590 [ 269.680456] user_path_at_empty+0x40/0x50 [ 269.684628] path_setxattr+0xd6/0x230 [ 269.688453] ? setxattr+0x450/0x450 [ 269.692090] ? trace_hardirqs_on+0xbd/0x310 [ 269.696416] ? __ia32_sys_read+0xb0/0xb0 [ 269.700482] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 269.705848] ? trace_hardirqs_off_caller+0x300/0x300 [ 269.710964] __x64_sys_lsetxattr+0xc1/0x150 [ 269.715292] do_syscall_64+0x1b9/0x820 [ 269.719194] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 269.724570] ? syscall_return_slowpath+0x5e0/0x5e0 [ 269.729520] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 269.734369] ? trace_hardirqs_on_caller+0x310/0x310 [ 269.739394] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 269.744415] ? prepare_exit_to_usermode+0x291/0x3b0 [ 269.749444] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 269.754301] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 269.759492] RIP: 0033:0x457569 [ 269.762696] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 14:04:55 executing program 5 (fault-call:3 fault-nth:2): creat(&(0x7f0000001140)='./file0\x00', 0x0) lsetxattr$security_selinux(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='security.selinux\x00', &(0x7f0000000080)='system_u:object_r:gpg_agent_exec_t:s0\x00', 0x26, 0x0) mount$bpf(0x20000000, &(0x7f0000000280)='./file0\x00', &(0x7f0000000580)='bpf\x00', 0x2001001, &(0x7f00000009c0)=ANY=[]) mount(&(0x7f0000000040)=ANY=[], &(0x7f00000000c0)='./file0\x00', &(0x7f00000002c0)='btrfs\x00', 0x2200060, 0x0) 14:04:55 executing program 4: pipe(&(0x7f0000bbc000)={0xffffffffffffffff, 0xffffffffffffffff}) rt_sigprocmask(0x0, &(0x7f0000072ff8)={0x7fffffff}, &(0x7f00000000c0), 0x8) r2 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) removexattr(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000340)=ANY=[]) fcntl$setstatus(r0, 0x4, 0x2000) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) r4 = open(&(0x7f00000004c0)='./file0/file0\x00', 0xa800, 0xe6) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) ioctl$sock_kcm_SIOCKCMUNATTACH(r4, 0x89e1, &(0x7f0000000180)={r3}) sendto$inet(r3, &(0x7f0000000000), 0xa4, 0x200007fe, &(0x7f0000e68000)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendfile(r2, r3, &(0x7f00000002c0), 0x9) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f00000015c0)="766574683100000000ffffffffffef00", 0xb) setsockopt$IP_VS_SO_SET_FLUSH(r3, 0x0, 0x485, 0x0, 0x0) writev(r3, &(0x7f0000001400)=[{&(0x7f00000013c0)='8', 0x1}], 0x1) sendmsg(r3, &(0x7f0000000700)={&(0x7f0000000100)=@vsock={0x28, 0x0, 0x0, @reserved}, 0x80, &(0x7f0000000640), 0x0, &(0x7f0000002600)}, 0x0) ioctl$sock_SIOCGSKNS(r4, 0x894c, &(0x7f0000000340)=0x5031) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f0000000540)={0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000580)=0x18) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000040)='tunl0\x00', 0x10) r5 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv4/vs/sync_sock_size\x00', 0x2, 0x0) setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000200)='htcp\x00', 0x5) sendto$inet(r3, &(0x7f0000000000), 0xfffffffffffffe4e, 0xc0, &(0x7f00000000c0)={0x2, 0x0, @empty=0xe000000}, 0x6) io_setup(0x2, &(0x7f0000000100)=0x0) preadv(r5, &(0x7f0000000b00)=[{&(0x7f0000000600)=""/161, 0xa1}, {&(0x7f0000000740)=""/234, 0xea}, {&(0x7f0000000480)=""/34, 0x1b6}, {&(0x7f0000000840)=""/206, 0xce}, {&(0x7f0000000940)=""/214, 0xfffffffffffffefe}, {&(0x7f00000006c0)=""/23, 0x17}, {&(0x7f0000000a40)=""/162, 0xa2}], 0x7, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x3, &(0x7f00000005c0)=0x8000000000040, 0xffffffffffffff82) io_submit(r6, 0x1, &(0x7f0000000400)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000040)='n', 0x1}]) r7 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000300)='IPVS\x00') sendmsg$IPVS_CMD_NEW_SERVICE(r0, &(0x7f0000000440)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000b80)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=r7, @ANYBLOB="000425bd7000fcdbdf2501000000080005000200000008000600080000000800040019c821cc436dfed108000b0073697000080004004e200000080004004a2000cb14000300ff010000000000000000000000000001080009001000000008000b00736970000c0007000000000002000000b96a10ad45841ca3feb7879e2619066edaa38408574ff7b0345874dff9103d3fa83c2e799c4bdc8be1335ed92b74b52466e873543509193459cd6e579ff2923ec3a5dc68d9686071323c087e7a461045be21228db2e4653b77374daffeb1de49ec0a94fa542e364fd9b65eb28c2a68ea766bdec54501c79e96295c190d2e"], 0x78}, 0x1, 0x0, 0x0, 0x3bc6d0a49ed2cd65}, 0x4) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, &(0x7f0000000500)=0x3f, 0x4) 14:04:56 executing program 1: r0 = socket(0x1, 0x2, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070") syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, 0xffffffffffffffff) [ 269.781601] RSP: 002b:00007ff0c134bc78 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 269.789328] RAX: ffffffffffffffda RBX: 00007ff0c134bc90 RCX: 0000000000457569 [ 269.796597] RDX: 00000000200002c0 RSI: 00000000200004c0 RDI: 00000000200001c0 [ 269.803883] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 269.811152] R10: 000000000000000c R11: 0000000000000246 R12: 00007ff0c134c6d4 [ 269.818423] R13: 00000000004c2718 R14: 00000000004d3918 R15: 0000000000000004 14:04:56 executing program 2: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000380)='/dev/fuse\x00', 0x2, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) r1 = syz_open_dev$mouse(&(0x7f00000001c0)='/dev/input/mouse#\x00', 0x0, 0x0) mount$9p_fd(0x8000a0, &(0x7f0000000180)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000240)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x665}, 0x14) 14:04:56 executing program 3: r0 = socket$inet6(0xa, 0x8000000000000003, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$inet(0x2, 0x6000000000000001, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000140)=@nat={'nat\x00', 0x3c1, 0x2, 0x90, [0x20000660], 0x0, &(0x7f0000000000), &(0x7f0000000600)=[{}, {}, {}]}, 0x108) 14:04:56 executing program 1 (fault-call:4 fault-nth:0): r0 = socket(0x1, 0x2, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070") r2 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, r2) [ 269.940868] FAULT_INJECTION: forcing a failure. [ 269.940868] name failslab, interval 1, probability 0, space 0, times 0 [ 269.985684] CPU: 1 PID: 8271 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 269.994140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 270.003512] Call Trace: [ 270.003542] dump_stack+0x244/0x39d [ 270.003582] ? dump_stack_print_info.cold.1+0x20/0x20 [ 270.003616] should_fail.cold.4+0xa/0x17 [ 270.019044] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 270.024242] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 270.029186] ? kasan_check_read+0x11/0x20 14:04:56 executing program 2: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000380)='/dev/fuse\x00', 0x2, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) r1 = syz_open_dev$mouse(&(0x7f00000001c0)='/dev/input/mouse#\x00', 0x0, 0x0) mount$9p_fd(0x8000a0, &(0x7f0000000180)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000240)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x665}, 0x14) [ 270.033358] ? mark_held_locks+0x130/0x130 [ 270.037640] ? find_held_lock+0x36/0x1c0 [ 270.041741] ? perf_trace_sched_process_exec+0x860/0x860 [ 270.047207] ? save_stack+0x43/0xd0 [ 270.050844] ? kasan_kmalloc+0xc7/0xe0 [ 270.054755] __should_failslab+0x124/0x180 [ 270.059012] should_failslab+0x9/0x14 [ 270.062830] kmem_cache_alloc+0x2be/0x730 [ 270.066989] ? find_held_lock+0x36/0x1c0 [ 270.071095] getname_flags+0xd0/0x590 [ 270.074914] user_path_at_empty+0x2d/0x50 [ 270.079090] do_mount+0x180/0x1d90 [ 270.079108] ? lock_release+0xa10/0xa10 [ 270.079122] ? perf_trace_sched_process_exec+0x860/0x860 [ 270.079142] ? copy_mount_string+0x40/0x40 [ 270.079172] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 270.079189] ? _copy_from_user+0xdf/0x150 [ 270.079208] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 270.079225] ? copy_mount_options+0x315/0x430 [ 270.079238] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 270.079255] ksys_mount+0x12d/0x140 [ 270.079271] __x64_sys_mount+0xbe/0x150 [ 270.079291] do_syscall_64+0x1b9/0x820 14:04:56 executing program 0 (fault-call:5 fault-nth:3): mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r1}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r1, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) [ 270.079307] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 270.079326] ? syscall_return_slowpath+0x5e0/0x5e0 [ 270.079341] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 270.079360] ? trace_hardirqs_on_caller+0x310/0x310 [ 270.079386] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 270.079405] ? prepare_exit_to_usermode+0x291/0x3b0 [ 270.079426] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 270.079448] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 270.079461] RIP: 0033:0x457569 [ 270.079479] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 270.098381] kernel msg: ebtables bug: please report to author: Chains don't start at beginning [ 270.102176] RSP: 002b:00007f162eec7c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 270.102193] RAX: ffffffffffffffda RBX: 00007f162eec7c90 RCX: 0000000000457569 [ 270.102202] RDX: 00000000200002c0 RSI: 00000000200000c0 RDI: 0000000020000040 [ 270.102217] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 14:04:56 executing program 1: r0 = socket(0x1, 0x2, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070") r2 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, r2) [ 270.173537] R10: 0000000002200060 R11: 0000000000000246 R12: 00007f162eec86d4 [ 270.173547] R13: 00000000004c289b R14: 00000000004d3c78 R15: 0000000000000004 14:04:56 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000001280)={0x26, 'aead\x00', 0x0, 0x0, 'gcm_base(cfb(twofish-asm),ghash-clmulni)\x00'}, 0x58) socketpair(0x1f, 0xa, 0xd7a3, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$TCXONC(r1, 0x540a, 0xffffffffffff7fff) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000), 0x10) 14:04:56 executing program 3: r0 = socket$inet6(0xa, 0x8000000000000003, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r1 = socket$inet(0x2, 0x6000000000000001, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000140)=@nat={'nat\x00', 0x3c1, 0x2, 0x90, [0x20000660], 0x0, &(0x7f0000000000), &(0x7f0000000600)=[{}, {}, {}]}, 0x108) 14:04:56 executing program 2: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000380)='/dev/fuse\x00', 0x2, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) r1 = syz_open_dev$mouse(&(0x7f00000001c0)='/dev/input/mouse#\x00', 0x0, 0x0) mount$9p_fd(0x8000a0, &(0x7f0000000180)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000240)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 270.410384] kernel msg: ebtables bug: please report to author: Chains don't start at beginning 14:04:56 executing program 5 (fault-call:3 fault-nth:3): creat(&(0x7f0000001140)='./file0\x00', 0x0) lsetxattr$security_selinux(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='security.selinux\x00', &(0x7f0000000080)='system_u:object_r:gpg_agent_exec_t:s0\x00', 0x26, 0x0) mount$bpf(0x20000000, &(0x7f0000000280)='./file0\x00', &(0x7f0000000580)='bpf\x00', 0x2001001, &(0x7f00000009c0)=ANY=[]) mount(&(0x7f0000000040)=ANY=[], &(0x7f00000000c0)='./file0\x00', &(0x7f00000002c0)='btrfs\x00', 0x2200060, 0x0) 14:04:56 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r1}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r1, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:56 executing program 1: r0 = socket(0x1, 0x2, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl$sock_inet_SIOCDELRT(r0, 0x890c, &(0x7f00000000c0)={0x7, {0x2, 0x4e20}, {0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x20}}, {0x2, 0x4e22, @broadcast}, 0x20, 0x2, 0x1ff, 0xffffffffffffff81, 0x9a, &(0x7f0000000040)='tunl0\x00', 0xa89c, 0x3, 0x2e46}) ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070") r2 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, r2) 14:04:56 executing program 2: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000380)='/dev/fuse\x00', 0x2, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) mount$9p_fd(0x8000a0, &(0x7f0000000180)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000240)={'trans=fd,', {'rfdno'}, 0x2c, {'wfdno', 0x3d, r0}}) 14:04:57 executing program 3: socket$inet6(0xa, 0x8000000000000003, 0x6) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r0 = socket$inet(0x2, 0x6000000000000001, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000140)=@nat={'nat\x00', 0x3c1, 0x2, 0x90, [0x20000660], 0x0, &(0x7f0000000000), &(0x7f0000000600)=[{}, {}, {}]}, 0x108) [ 270.518975] 9pnet: Insufficient options for proto=fd 14:04:57 executing program 1: r0 = socket(0x1, 0x2, 0x0) socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000040)="153f6234488dd25d766070") r1 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, r1) 14:04:57 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r1}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r1, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security/capability\x00', &(0x7f00000002c0), 0xc, 0x0) [ 270.559712] kernel msg: ebtables bug: please report to author: Chains don't start at beginning [ 270.579945] FAULT_INJECTION: forcing a failure. [ 270.579945] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 270.591773] CPU: 1 PID: 8328 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 270.591785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 270.591791] Call Trace: [ 270.591817] dump_stack+0x244/0x39d [ 270.591843] ? dump_stack_print_info.cold.1+0x20/0x20 [ 270.591865] ? mark_held_locks+0x130/0x130 [ 270.591894] should_fail.cold.4+0xa/0x17 [ 270.629343] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 270.634475] ? mark_held_locks+0x130/0x130 [ 270.638730] ? mark_held_locks+0x130/0x130 [ 270.638752] ? print_usage_bug+0xc0/0xc0 [ 270.638781] ? find_held_lock+0x36/0x1c0 [ 270.638809] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 14:04:57 executing program 1: r0 = socket(0x1, 0x2, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070") r2 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) r3 = dup2(r0, r2) r4 = getgid() ioctl$TUNSETGROUP(r3, 0x400454ce, r4) [ 270.638822] ? should_fail+0x22d/0xd01 [ 270.638838] ? lock_downgrade+0x900/0x900 [ 270.638852] ? check_preemption_disabled+0x48/0x280 [ 270.638867] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 270.638886] ? rcu_read_unlock_special+0x1c0/0x1c0 [ 270.638905] __alloc_pages_nodemask+0x34b/0xdd0 [ 270.638926] ? __alloc_pages_slowpath+0x2dd0/0x2dd0 [ 270.638950] ? find_held_lock+0x36/0x1c0 [ 270.638972] ? skcipher_walk_complete+0x78/0x740 [ 270.698396] ? trace_hardirqs_off+0xb8/0x310 [ 270.702830] cache_grow_begin+0xa5/0x8c0 14:04:57 executing program 2: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000380)='/dev/fuse\x00', 0x2, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x0, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000001c0)='/dev/input/mouse#\x00', 0x0, 0x0) mount$9p_fd(0x8000a0, &(0x7f0000000180)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000240)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) [ 270.706908] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 270.712461] ? check_preemption_disabled+0x48/0x280 [ 270.717488] kmem_cache_alloc+0x66b/0x730 [ 270.721649] ? find_held_lock+0x36/0x1c0 [ 270.725739] getname_flags+0xd0/0x590 [ 270.729575] user_path_at_empty+0x2d/0x50 [ 270.733747] do_mount+0x180/0x1d90 [ 270.737304] ? lock_release+0xa10/0xa10 [ 270.741293] ? perf_trace_sched_process_exec+0x860/0x860 [ 270.746799] ? copy_mount_string+0x40/0x40 [ 270.751066] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 270.756613] ? _copy_from_user+0xdf/0x150 [ 270.756635] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 270.756654] ? copy_mount_options+0x315/0x430 [ 270.756675] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 270.776404] ksys_mount+0x12d/0x140 [ 270.780060] __x64_sys_mount+0xbe/0x150 [ 270.784057] do_syscall_64+0x1b9/0x820 [ 270.787954] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 270.793331] ? syscall_return_slowpath+0x5e0/0x5e0 [ 270.798354] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 270.803217] ? trace_hardirqs_on_caller+0x310/0x310 [ 270.808245] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 270.813274] ? prepare_exit_to_usermode+0x291/0x3b0 [ 270.818310] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 270.823174] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 270.828382] RIP: 0033:0x457569 [ 270.831598] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 270.850529] RSP: 002b:00007f162eec7c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 270.850546] RAX: ffffffffffffffda RBX: 00007f162eec7c90 RCX: 0000000000457569 [ 270.850556] RDX: 00000000200002c0 RSI: 00000000200000c0 RDI: 0000000020000040 [ 270.850575] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 270.850585] R10: 0000000002200060 R11: 0000000000000246 R12: 00007f162eec86d4 [ 270.850594] R13: 00000000004c289b R14: 00000000004d3c78 R15: 0000000000000004 [ 270.876476] EXT4-fs (sda1): re-mounted. Opts: (null) 14:04:57 executing program 4: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000380)='/dev/fuse\x00', 0x2, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x0, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) r1 = syz_open_dev$mouse(&(0x7f00000001c0)='/dev/input/mouse#\x00', 0x0, 0x0) mount$9p_fd(0x8000a0, &(0x7f0000000180)='./file0\x00', &(0x7f00000003c0)='9p\x00', 0x0, &(0x7f0000000240)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 14:04:57 executing program 3: socket$inet6(0xa, 0x8000000000000003, 0x6) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r0 = socket$inet(0x2, 0x6000000000000001, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000140)=@nat={'nat\x00', 0x3c1, 0x2, 0x90, [0x20000660], 0x0, &(0x7f0000000000), &(0x7f0000000600)=[{}, {}, {}]}, 0x108) 14:04:57 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r1}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r1, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:57 executing program 1: r0 = socket(0x4, 0x2, 0x0) socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8914, &(0x7f00000001c0)="153f6234488dd25d766070c59209837ecb00343425e6742c0b2065e29bc34a75066eff3d366a343406afde405bbb388917813e53b346ce4df8a52b512e226619664b553cde9761820a9f3f797d4b26d6bd25054f17655f851a88645821692b8dec28f5bf66316591bb33") r1 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) dup2(r0, r1) 14:04:57 executing program 5 (fault-call:3 fault-nth:4): creat(&(0x7f0000001140)='./file0\x00', 0x0) lsetxattr$security_selinux(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='security.selinux\x00', &(0x7f0000000080)='system_u:object_r:gpg_agent_exec_t:s0\x00', 0x26, 0x0) mount$bpf(0x20000000, &(0x7f0000000280)='./file0\x00', &(0x7f0000000580)='bpf\x00', 0x2001001, &(0x7f00000009c0)=ANY=[]) mount(&(0x7f0000000040)=ANY=[], &(0x7f00000000c0)='./file0\x00', &(0x7f00000002c0)='btrfs\x00', 0x2200060, 0x0) [ 271.024050] kernel msg: ebtables bug: please report to author: Chains don't start at beginning [ 271.054691] FAULT_INJECTION: forcing a failure. [ 271.054691] name failslab, interval 1, probability 0, space 0, times 0 [ 271.082945] CPU: 0 PID: 8366 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 271.091420] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 271.100778] Call Trace: [ 271.103388] dump_stack+0x244/0x39d [ 271.107035] ? dump_stack_print_info.cold.1+0x20/0x20 [ 271.112238] ? filename_lookup+0x39a/0x520 [ 271.116480] ? user_path_at_empty+0x40/0x50 [ 271.120813] ? do_mount+0x180/0x1d90 [ 271.124574] ? ksys_mount+0x12d/0x140 [ 271.128386] ? do_syscall_64+0x1b9/0x820 [ 271.132465] should_fail.cold.4+0xa/0x17 [ 271.136544] ? fault_create_debugfs_attr+0x1f0/0x1f0 [ 271.141665] ? mntput+0x74/0xa0 [ 271.144969] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 271.150524] ? check_preemption_disabled+0x48/0x280 [ 271.155582] ? rcu_lockdep_current_cpu_online+0x1a4/0x210 [ 271.161138] ? find_held_lock+0x36/0x1c0 [ 271.165313] ? set_node_addr+0x438/0xae0 [ 271.169407] ? filename_lookup+0x39f/0x520 [ 271.173672] ? perf_trace_sched_process_exec+0x860/0x860 [ 271.179140] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 271.179166] __should_failslab+0x124/0x180 [ 271.179186] should_failslab+0x9/0x14 [ 271.179207] kmem_cache_alloc_trace+0x2d7/0x750 [ 271.197460] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 271.203064] vfs_new_fs_context+0x5e/0x77c [ 271.207321] do_mount+0xb70/0x1d90 [ 271.210884] ? lock_release+0xa10/0xa10 [ 271.214893] ? copy_mount_string+0x40/0x40 [ 271.219162] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 271.224714] ? _copy_from_user+0xdf/0x150 [ 271.228880] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 271.234427] ? copy_mount_options+0x315/0x430 [ 271.238935] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 271.244485] ksys_mount+0x12d/0x140 [ 271.244504] __x64_sys_mount+0xbe/0x150 [ 271.244525] do_syscall_64+0x1b9/0x820 [ 271.252117] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 271.252137] ? syscall_return_slowpath+0x5e0/0x5e0 [ 271.252157] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 271.271138] ? trace_hardirqs_on_caller+0x310/0x310 [ 271.276175] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 271.281215] ? prepare_exit_to_usermode+0x291/0x3b0 [ 271.286251] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 271.291112] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 271.296313] RIP: 0033:0x457569 [ 271.299524] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 271.318436] RSP: 002b:00007f162eec7c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 271.326149] RAX: ffffffffffffffda RBX: 00007f162eec7c90 RCX: 0000000000457569 14:04:57 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r1}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r1, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:57 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r1}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r1, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)="73656375726974792e6361706162696c697479ff", &(0x7f00000002c0), 0xc, 0x0) 14:04:57 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r1}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r1, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)='security.capability\x00', &(0x7f00000002c0), 0xc, 0x0) 14:04:57 executing program 0: mkdir(&(0x7f0000000300)='./file0\x00', 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000400)='system.posix_acl_access\x00', &(0x7f0000000100)={{}, {}, [{0x2, 0x0, r1}], {}, [], {0x10, 0x1}}, 0x2c, 0x0) chown(&(0x7f00000000c0)='./file0\x00', r1, 0x0) lsetxattr$security_capability(&(0x7f00000001c0)='./file0/file1\x00', &(0x7f00000004c0)="73656375726974792e6361706162696c697479ff", &(0x7f00000002c0), 0xc, 0x0) 14:04:57 executing program 3: socket$inet6(0xa, 0x8000000000000003, 0x6) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="153f6234488dd25d766070") r0 = socket$inet(0x2, 0x6000000000000001, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000140)=@nat={'nat\x00', 0x3c1, 0x2, 0x90, [0x20000660], 0x0, &(0x7f0000000000), &(0x7f0000000600)=[{}, {}, {}]}, 0x108) [ 271.333426] RDX: 00000000200002c0 RSI: 00000000200000c0 RDI: 0000000020000040 [ 271.340713] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 271.347990] R10: 0000000002200060 R11: 0000000000000246 R12: 00007f162eec86d4 [ 271.355268] R13: 00000000004c289b R14: 00000000004d3c78 R15: 0000000000000004 [ 271.368460] BUG: unable to handle kernel paging request at fffffffffffffff4 [ 271.375615] PGD 926d067 P4D 926d067 PUD 926f067 PMD 0 14:04:57 executing program 1: r0 = socket(0x1, 0x2, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r0, 0x810c5701, &(0x7f00000001c0)) ioctl(r1, 0x8912, &(0x7f0000000080)="153f6234488dd25d766070") r2 = syz_open_dev$ndb(&(0x7f0000000000)='/dev/nbd#\x00', 0xffffffffffffffff, 0x80) r3 = dup2(r0, r2) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x66, &(0x7f0000000040)={0x0, 0x40}, &(0x7f00000000c0)=0x8) setsockopt$inet_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000180), 0x4) getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000100)={r4, 0x8}, &(0x7f0000000140)=0x3d1) ioctl$RTC_WIE_ON(r2, 0x700f) [ 271.380909] Oops: 0000 [#1] PREEMPT SMP KASAN [ 271.385424] CPU: 1 PID: 8366 Comm: syz-executor5 Not tainted 4.19.0-rc8-next-20181019+ #98 [ 271.386766] kernel msg: ebtables bug: please report to author: Chains don't start at beginning [ 271.393840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 271.393862] RIP: 0010:do_mount+0xb98/0x1d90 [ 271.393877] Code: 06 00 48 89 c2 48 89 c3 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 8a 11 00 00 48 b8 00 00 00 00 00 fc ff df <4c> 8b 33 49 8d 7e 18 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 5e 11 [ 271.393885] RSP: 0018:ffff880182fe7c28 EFLAGS: 00010246 [ 271.440612] RAX: dffffc0000000000 RBX: fffffffffffffff4 RCX: ffffc9000bee6000 [ 271.447884] RDX: 1ffffffffffffffe RSI: ffffffff81e011ec RDI: 0000000000000282 [ 271.455175] RBP: ffff880182fe7db0 R08: ffff880183298400 R09: ffffed003b5e5b4f [ 271.458232] kobject: 'loop3' (0000000069161878): kobject_uevent_env [ 271.462441] R10: ffffed003b5e5b4f R11: ffff8801daf2da7b R12: ffff8801d2ee4a30 [ 271.476099] R13: ffff8801c9fe8b00 R14: ffff8801c9fe8b00 R15: 0000000000000000 [ 271.483381] FS: 00007f162eec8700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000 [ 271.484743] kobject: 'loop3' (0000000069161878): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 271.492120] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 271.492130] CR2: fffffffffffffff4 CR3: 00000001d889b000 CR4: 00000000001406e0 [ 271.492142] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 271.492150] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 271.492155] Call Trace: [ 271.492179] ? lock_release+0xa10/0xa10 [ 271.509263] kobject: 'loop1' (00000000cb719a34): kobject_uevent_env [ 271.514775] ? copy_mount_string+0x40/0x40 [ 271.514800] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 271.522222] kobject: 'loop1' (00000000cb719a34): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 271.529343] ? _copy_from_user+0xdf/0x150 [ 271.529361] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 271.529382] ? copy_mount_options+0x315/0x430 [ 271.529396] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 271.529415] ksys_mount+0x12d/0x140 [ 271.532440] kobject: 'loop3' (0000000069161878): kobject_uevent_env [ 271.535978] __x64_sys_mount+0xbe/0x150 [ 271.535998] do_syscall_64+0x1b9/0x820 [ 271.536018] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 271.542495] kobject: 'loop3' (0000000069161878): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 271.546633] ? syscall_return_slowpath+0x5e0/0x5e0 [ 271.546668] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 271.552634] kobject: 'loop1' (00000000cb719a34): kobject_uevent_env [ 271.561625] ? trace_hardirqs_on_caller+0x310/0x310 [ 271.561642] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 271.561659] ? prepare_exit_to_usermode+0x291/0x3b0 [ 271.561678] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 271.565883] kobject: 'loop1' (00000000cb719a34): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 271.571357] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 271.571375] RIP: 0033:0x457569 [ 271.571392] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 271.571405] RSP: 002b:00007f162eec7c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 271.580547] kobject: 'loop0' (00000000b7d1d2b2): kobject_uevent_env [ 271.581415] RAX: ffffffffffffffda RBX: 00007f162eec7c90 RCX: 0000000000457569 [ 271.581424] RDX: 00000000200002c0 RSI: 00000000200000c0 RDI: 0000000020000040 [ 271.581433] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 271.581447] R10: 0000000002200060 R11: 0000000000000246 R12: 00007f162eec86d4 [ 271.585115] kobject: 'loop0' (00000000b7d1d2b2): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 271.591450] R13: 00000000004c289b R14: 00000000004d3c78 R15: 0000000000000004 [ 271.591464] Modules linked in: [ 271.591475] CR2: fffffffffffffff4 [ 271.591489] ---[ end trace cadbc27fff7356cf ]--- [ 271.591509] RIP: 0010:do_mount+0xb98/0x1d90 [ 271.591526] Code: 06 00 48 89 c2 48 89 c3 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 80 3c 02 00 0f 85 8a 11 00 00 48 b8 00 00 00 00 00 fc ff df <4c> 8b 33 49 8d 7e 18 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 5e 11 [ 271.781091] RSP: 0018:ffff880182fe7c28 EFLAGS: 00010246 [ 271.786439] RAX: dffffc0000000000 RBX: fffffffffffffff4 RCX: ffffc9000bee6000 [ 271.793696] RDX: 1ffffffffffffffe RSI: ffffffff81e011ec RDI: 0000000000000282 [ 271.800948] RBP: ffff880182fe7db0 R08: ffff880183298400 R09: ffffed003b5e5b4f [ 271.808209] R10: ffffed003b5e5b4f R11: ffff8801daf2da7b R12: ffff8801d2ee4a30 [ 271.815492] R13: ffff8801c9fe8b00 R14: ffff8801c9fe8b00 R15: 0000000000000000 [ 271.822748] FS: 00007f162eec8700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000 [ 271.830974] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 271.836841] CR2: fffffffffffffff4 CR3: 00000001d889b000 CR4: 00000000001406e0 [ 271.844097] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 271.851349] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 271.858606] Kernel panic - not syncing: Fatal exception [ 271.864899] Kernel Offset: disabled [ 271.868526] Rebooting in 86400 seconds..