[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 15.801788] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 20.330462] random: sshd: uninitialized urandom read (32 bytes read) [ 20.636614] random: sshd: uninitialized urandom read (32 bytes read) [ 21.446363] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.15.198' (ECDSA) to the list of known hosts. [ 26.842056] random: sshd: uninitialized urandom read (32 bytes read) 2018/07/09 00:33:22 fuzzer started [ 28.022193] random: cc1: uninitialized urandom read (8 bytes read) 2018/07/09 00:33:24 dialing manager at 10.128.0.26:37931 2018/07/09 00:33:27 syscalls: 1785 2018/07/09 00:33:27 code coverage: enabled 2018/07/09 00:33:27 comparison tracing: enabled 2018/07/09 00:33:27 setuid sandbox: enabled 2018/07/09 00:33:27 namespace sandbox: enabled 2018/07/09 00:33:27 fault injection: enabled 2018/07/09 00:33:27 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/07/09 00:33:27 net packed injection: enabled [ 33.323901] random: crng init done 00:34:19 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000080)="636c6561725f72656673007edb") writev(r0, &(0x7f0000000000)=[{&(0x7f0000000180)='4', 0x1}], 0x1) 00:34:19 executing program 2: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0x40085112, &(0x7f0000000100)={{0x7fffffff, 0x100000000000b}}) 00:34:19 executing program 7: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_int(r1, 0x6, 0x19, &(0x7f0000000080), &(0x7f0000000100)=0x4) 00:34:19 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = timerfd_create(0x0, 0x0) timerfd_settime(r1, 0x0, &(0x7f0000000000)={{0x2400000000000000}, {0x0, 0x1c9c380}}, &(0x7f000000ffe0)) read(r1, &(0x7f0000a16000)=""/71, 0x47) 00:34:19 executing program 4: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) unlink(&(0x7f0000000400)='./control/file0\x00') r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 00:34:19 executing program 5: r0 = socket$inet(0x10, 0x4000000003, 0x0) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000080)="24000000220007031dfffd946f6105000000000000007d21fe1c4095421ba3a20400ff7e", 0x24}], 0x1}, 0x0) 00:34:19 executing program 1: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$kcm(0x29, 0x5, 0x0) mmap(&(0x7f0000000000/0xd25000)=nil, 0xd25000, 0x0, 0x32, 0xffffffffffffffff, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000000800)) 00:34:19 executing program 6: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000d1c000)=0x2c, 0x4) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @ipv4={[], [0xff, 0xff]}}, 0x1c) connect$inet6(r0, &(0x7f00000000c0)={0xa}, 0x1c) [ 84.926912] IPVS: ftp: loaded support on port[0] = 21 [ 84.932719] IPVS: ftp: loaded support on port[0] = 21 [ 84.961806] IPVS: ftp: loaded support on port[0] = 21 [ 84.968725] IPVS: ftp: loaded support on port[0] = 21 [ 84.982222] IPVS: ftp: loaded support on port[0] = 21 [ 84.990111] IPVS: ftp: loaded support on port[0] = 21 [ 85.009634] IPVS: ftp: loaded support on port[0] = 21 [ 85.012259] IPVS: ftp: loaded support on port[0] = 21 [ 86.623242] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.629663] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.638107] device bridge_slave_0 entered promiscuous mode [ 86.651069] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.657456] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.671193] device bridge_slave_0 entered promiscuous mode [ 86.693945] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.700365] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.715527] device bridge_slave_0 entered promiscuous mode [ 86.739180] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.745591] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.776886] device bridge_slave_1 entered promiscuous mode [ 86.787876] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.794307] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.801760] device bridge_slave_0 entered promiscuous mode [ 86.810524] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.816912] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.827695] device bridge_slave_1 entered promiscuous mode [ 86.835483] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.841879] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.853473] device bridge_slave_0 entered promiscuous mode [ 86.861350] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.867738] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.877511] device bridge_slave_1 entered promiscuous mode [ 86.884528] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.891227] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.899126] device bridge_slave_0 entered promiscuous mode [ 86.906576] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.912945] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.928761] device bridge_slave_0 entered promiscuous mode [ 86.937727] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 86.948236] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 86.956340] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.962852] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.993453] device bridge_slave_1 entered promiscuous mode [ 87.000383] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.006761] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.014241] device bridge_slave_0 entered promiscuous mode [ 87.022306] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.028722] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.037823] device bridge_slave_1 entered promiscuous mode [ 87.046374] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.052760] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.060768] device bridge_slave_1 entered promiscuous mode [ 87.068442] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 87.076904] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 87.084530] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.090918] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.104056] device bridge_slave_1 entered promiscuous mode [ 87.111363] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 87.120338] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 87.128262] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.134650] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.155987] device bridge_slave_1 entered promiscuous mode [ 87.179867] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 87.198776] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 87.206253] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 87.225349] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 87.247318] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 87.267064] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 87.285621] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 87.315851] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 87.327386] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 87.348418] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 87.396342] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 87.408995] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 87.518624] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 87.560586] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 87.584713] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 87.604709] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 87.614458] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 87.649946] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 87.659068] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 87.668152] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 87.706319] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 87.715941] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 87.745869] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 87.780547] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 87.794933] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 87.809167] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 88.034963] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 88.065802] team0: Port device team_slave_0 added [ 88.077914] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 88.091972] team0: Port device team_slave_0 added [ 88.177206] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 88.200660] team0: Port device team_slave_1 added [ 88.210428] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 88.217718] team0: Port device team_slave_1 added [ 88.225519] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 88.233921] team0: Port device team_slave_0 added [ 88.243530] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 88.251694] team0: Port device team_slave_0 added [ 88.264170] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 88.276937] team0: Port device team_slave_0 added [ 88.289621] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 88.297931] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 88.304803] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 88.328343] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 88.352405] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 88.361558] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 88.374847] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 88.382547] team0: Port device team_slave_1 added [ 88.390147] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 88.399361] team0: Port device team_slave_0 added [ 88.406404] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 88.416139] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 88.428774] team0: Port device team_slave_1 added [ 88.439850] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 88.452207] team0: Port device team_slave_0 added [ 88.457571] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 88.471578] team0: Port device team_slave_1 added [ 88.479612] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 88.488493] team0: Port device team_slave_0 added [ 88.493773] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 88.503297] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 88.521847] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 88.530205] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 88.538621] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 88.547058] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 88.554103] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 88.577617] team0: Port device team_slave_1 added [ 88.591803] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 88.605075] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 88.618985] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 88.627596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 88.635353] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 88.643206] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 88.650593] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 88.658252] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 88.666535] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 88.673725] team0: Port device team_slave_1 added [ 88.683163] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 88.691926] team0: Port device team_slave_1 added [ 88.698454] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 88.707344] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 88.715340] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 88.737225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 88.752390] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 88.760736] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 88.770055] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 88.777439] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 88.785564] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 88.794471] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 88.806361] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 88.813467] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 88.820341] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 88.841906] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 88.864517] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 88.879261] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 88.893699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 88.901468] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 88.909056] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 88.916713] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 88.924187] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 88.931753] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 88.939229] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 88.946781] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 88.956236] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 88.964252] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 88.972669] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 88.982654] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 88.989991] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 88.999596] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 89.012636] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 89.027243] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 89.040444] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 89.048423] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 89.057288] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 89.092679] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 89.116570] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 89.124429] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 89.131925] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 89.139614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 89.147759] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 89.155444] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 89.164261] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 89.173470] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 89.184770] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 89.195539] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 89.203047] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 89.210672] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 89.219095] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 89.239567] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 89.270875] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 89.287147] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 89.300141] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 89.307944] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 89.315721] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 89.323418] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 89.331159] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 89.338801] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 89.346535] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 89.354479] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 89.364233] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 89.372063] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 89.380879] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 89.404810] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 89.422746] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 89.431900] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 89.459542] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 89.466942] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 89.488992] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 90.127425] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.133873] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.140712] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.147098] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.160151] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 90.224318] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 90.360337] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.366785] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.373453] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.379853] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.406460] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 90.417843] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.424252] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.430880] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.437293] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.447935] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 90.464526] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.470950] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.477603] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.483980] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.502991] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 90.528711] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.535105] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.541740] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.548110] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.570512] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 90.581761] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.588137] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.594729] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.601065] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.608703] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 90.620965] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.627373] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.634034] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.640423] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.676687] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 90.684473] bridge0: port 2(bridge_slave_1) entered blocking state [ 90.690849] bridge0: port 2(bridge_slave_1) entered forwarding state [ 90.697435] bridge0: port 1(bridge_slave_0) entered blocking state [ 90.703772] bridge0: port 1(bridge_slave_0) entered forwarding state [ 90.711640] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 91.232103] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 91.243429] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 91.265685] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 91.272784] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 91.280152] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 91.287381] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 91.294812] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 94.253416] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.490954] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.539818] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.563183] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.579784] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.623726] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 94.653199] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.670578] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.697735] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.888006] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 94.941531] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 94.960409] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 94.972556] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 94.978871] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 94.988676] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 95.011214] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 95.019137] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 95.049159] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 95.113657] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 95.284104] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 95.290319] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 95.301442] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 95.319962] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 95.326597] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 95.347485] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 95.359390] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 95.368208] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 95.379323] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 95.411906] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.429630] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 95.436557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 95.446278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 95.488752] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 95.497075] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 95.516350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 95.539900] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 95.549362] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 95.556161] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 95.563698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 95.585551] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 95.598902] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 95.718363] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.790926] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.805475] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.814080] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.920518] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.940824] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.967119] 8021q: adding VLAN 0 to HW filter on device team0 00:34:32 executing program 6: r0 = syz_open_dev$binder(&(0x7f0000232ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x4, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@'], 0x0, 0x10000000, &(0x7f0000009000)}) r2 = request_key(&(0x7f0000000000)='rxrpc_s\x00', &(0x7f0000000040)={0x73, 0x79, 0x7a}, &(0x7f0000000080)='/dev/binder#\x00', 0xfffffffffffffffa) keyctl$get_keyring_id(0x0, r2, 0x0) ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0) [ 97.631342] binder: 6456:6457 transaction failed 29189/-22, size 0-0 line 2852 [ 97.678358] binder: undelivered TRANSACTION_ERROR: 29189 [ 97.730165] binder: 6456:6457 transaction failed 29189/-22, size 0-0 line 2852 [ 97.796472] binder: undelivered TRANSACTION_ERROR: 29189 00:34:33 executing program 6: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x807, 0x0) flock(r0, 0x0) 00:34:33 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x21, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0xb49e}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socket$kcm(0x29, 0x748398f12752c227, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000040)="6c6f00966fd651b959a9c84a2c00d2970403dc0d") r1 = socket$kcm(0xa, 0x5, 0x0) socketpair(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x2c) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x8916, &(0x7f0000000000)={r2}) 00:34:33 executing program 1: r0 = socket(0x10, 0x2, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip_vs\x00') perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) semctl$IPC_RMID(0x0, 0x0, 0x0) sendfile(r0, r1, &(0x7f0000000080), 0x81000005) 00:34:33 executing program 3: clone(0x200, &(0x7f0000001900), &(0x7f0000744000), &(0x7f0000001880), &(0x7f0000001900)) mknod(&(0x7f0000000100)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000ee6ff8)='./file0\x00', &(0x7f00000000c0), &(0x7f0000775000)) perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x100000000000857}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x0, &(0x7f0000000180), &(0x7f0000000280), &(0x7f00000002c0), &(0x7f0000000300)) open$dir(&(0x7f0000296ff8)='./file0\x00', 0x27e, 0x0) [ 98.011973] device lo entered promiscuous mode 00:34:33 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") syz_mount_image$msdos(&(0x7f0000000000)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0xe803, 0x1, &(0x7f0000000440)=[{&(0x7f0000010000)="eb3c906d6b66732e6661090a0204010a0200027400f8", 0x16}], 0x0, &(0x7f0000000080)) 00:34:33 executing program 6: perf_event_open(&(0x7f000025c000)={0x2, 0x21, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0xb49e}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socket$kcm(0x29, 0x748398f12752c227, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000040)="6c6f00966fd651b959a9c84a2c00d2970403dc0d") r1 = socket$kcm(0xa, 0x5, 0x0) socketpair(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x2c) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x8916, &(0x7f0000000000)={r2}) 00:34:33 executing program 1: clone(0x200, &(0x7f0000001900), &(0x7f0000744000), &(0x7f0000001880), &(0x7f0000001900)) mknod(&(0x7f0000000100)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000ee6ff8)='./file0\x00', &(0x7f00000000c0), &(0x7f0000775000)) perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x100000000000857}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open$dir(&(0x7f0000296ff8)='./file0\x00', 0x27e, 0x0) [ 98.148550] FAT-fs (loop2): bogus logical sector size 522 [ 98.154177] FAT-fs (loop2): Can't find a valid FAT filesystem [ 98.234069] FAT-fs (loop2): bogus logical sector size 522 [ 98.239811] FAT-fs (loop2): Can't find a valid FAT filesystem 00:34:33 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = getpid() sched_setattr(r1, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x1}, 0x0) r2 = syz_open_pts(r0, 0x0) read(r0, &(0x7f0000000280)=""/1, 0x1) read(r2, &(0x7f00000000c0)=""/106, 0x6a) ioctl$TIOCSETD(r2, 0x5437, &(0x7f0000000000)) 00:34:33 executing program 6: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = timerfd_create(0x0, 0x0) clock_gettime(0x0, &(0x7f0000000140)={0x0, 0x0}) clock_gettime(0x0, &(0x7f0000000200)={0x0, 0x0}) timerfd_settime(r1, 0x1, &(0x7f0000000240)={{0x0, r3+10000000}, {0x0, 0x989680}}, &(0x7f00000002c0)) timerfd_settime(r1, 0x0, &(0x7f0000000180)={{}, {0x0, r2+10000000}}, &(0x7f00000001c0)) 00:34:33 executing program 7: openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x0, 0x0) perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) epoll_create1(0x0) pselect6(0x2e7, &(0x7f0000f33fc0)={0x3ffffd}, &(0x7f0000768000), &(0x7f0000086000), &(0x7f0000349000), &(0x7f0000f14000)={&(0x7f00000000c0), 0x8}) 00:34:33 executing program 5: bpf$MAP_CREATE(0x0, &(0x7f0000000200)={0xe, 0x0, 0x0, 0x1, 0x0, 0x1}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={0xffffffffffffffff, &(0x7f0000000600), &(0x7f0000000200)}, 0x20) socketpair(0x1, 0x1, 0x0, &(0x7f0000000740)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x89f0, &(0x7f0000000300)='0\x00') 00:34:34 executing program 4: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) unlink(&(0x7f0000000400)='./control/file0\x00') r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 00:34:34 executing program 2: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x51}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000001000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000300)="2e36f2ad0f01c866b9800000c00f326635010000000f303666839ad1d3cc0fde0965f20f1022baf80c66b8c6bb4d8366efbafc0cec66b8355900000f23c00f21f86635030001000f23f80fc72e0000ba2000b84e6cef", 0x56}], 0x1, 0x0, &(0x7f00000001c0), 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:34:34 executing program 6: clone(0x0, &(0x7f0000b6b000), &(0x7f0000744000), &(0x7f0000fef000), &(0x7f0000000000)) ioprio_get$pid(0x2, 0x0) 00:34:34 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") syz_emit_ethernet(0x2a, &(0x7f0000000100)={@dev={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa]}, @local={[0xaa, 0xaa, 0xaa, 0xaa, 0xaa], 0xaa}, [], {@mpls_uc={0x8864, {[], @ipv4={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x21, 0x0, 0x0, 0x0, @remote={0xac, 0x14, 0x14, 0xbb}, @remote={0xac, 0x14, 0x14, 0xbb}}, @igmp={0x0, 0x0, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}}}}}}, &(0x7f0000000080)) 00:34:34 executing program 5: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x51}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000001000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000300)="2e36f2ad0f01c866b9800000c00f326635010000000f303666839ad1d3cc0fde0965f20f1022baf80c66b8c6bb4d8366efbafc0cec66b8355900000f23c00f21f86635030001000f23f80fc72e0000ba2000b84e6cef", 0x56}], 0x1, 0x0, &(0x7f00000001c0), 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:34:34 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r3, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047", 0x3b}], 0x1, 0x0, &(0x7f0000000080), 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b00f2ff0001"]) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4188aea7, &(0x7f0000000140)={0x3, 0x0, [0xc0000101, 0x0, 0xc0010015], [0x0, 0x2]}) 00:34:34 executing program 1: clone(0x200, &(0x7f0000001900), &(0x7f0000744000), &(0x7f0000001880), &(0x7f0000001900)) mknod(&(0x7f0000000100)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000ee6ff8)='./file0\x00', &(0x7f00000000c0), &(0x7f0000775000)) perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x100000000000857}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open$dir(&(0x7f0000296ff8)='./file0\x00', 0x27e, 0x0) 00:34:34 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = getpid() sched_setattr(r1, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x1}, 0x0) r2 = syz_open_pts(r0, 0x0) read(r0, &(0x7f0000000280)=""/1, 0x1) read(r2, &(0x7f00000000c0)=""/106, 0x6a) ioctl$TIOCSETD(r2, 0x5437, &(0x7f0000000000)) 00:34:34 executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) r1 = getpid() sched_setattr(r1, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x1}, 0x0) r2 = syz_open_pts(r0, 0x0) read(r0, &(0x7f0000000280)=""/1, 0x1) read(r2, &(0x7f00000000c0)=""/106, 0x6a) ioctl$TIOCSETD(r2, 0x5437, &(0x7f0000000000)) 00:34:34 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r3, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047", 0x3b}], 0x1, 0x0, &(0x7f0000000080), 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b00f2ff0001"]) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4188aea7, &(0x7f0000000140)={0x3, 0x0, [0xc0000101, 0x0, 0xc0010015], [0x0, 0x2]}) 00:34:34 executing program 6: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000300)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0x40085112, &(0x7f0000000180)={{0x8}}) 00:34:34 executing program 5: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x51}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000001000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000300)="2e36f2ad0f01c866b9800000c00f326635010000000f303666839ad1d3cc0fde0965f20f1022baf80c66b8c6bb4d8366efbafc0cec66b8355900000f23c00f21f86635030001000f23f80fc72e0000ba2000b84e6cef", 0x56}], 0x1, 0x0, &(0x7f00000001c0), 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:34:34 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'nr0\x00', 0x2}) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x200031, 0xffffffffffffffff, 0x0) ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f00000002c0)=ANY=[]) 00:34:34 executing program 6: mknod(&(0x7f0000000100)='./file0\x00', 0x1040, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x858, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x0) open$dir(&(0x7f0000296ff8)='./file0\x00', 0x27e, 0x0) 00:34:34 executing program 2: r0 = open(&(0x7f0000000380)='.\x00', 0x0, 0x0) mknodat(r0, &(0x7f0000000e40)='./file1\x00', 0x8000, 0x0) 00:34:34 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r3, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047", 0x3b}], 0x1, 0x0, &(0x7f0000000080), 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b00f2ff0001"]) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4188aea7, &(0x7f0000000140)={0x3, 0x0, [0xc0000101, 0x0, 0xc0010015], [0x0, 0x2]}) 00:34:36 executing program 4: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) unlink(&(0x7f0000000400)='./control/file0\x00') r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 00:34:36 executing program 5: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x51}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000001000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000300)="2e36f2ad0f01c866b9800000c00f326635010000000f303666839ad1d3cc0fde0965f20f1022baf80c66b8c6bb4d8366efbafc0cec66b8355900000f23c00f21f86635030001000f23f80fc72e0000ba2000b84e6cef", 0x56}], 0x1, 0x0, &(0x7f00000001c0), 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:34:36 executing program 2: socket$inet6(0xa, 0x1000000000002, 0x0) r0 = memfd_create(&(0x7f00000000c0)='#em1#+\x00', 0x0) write(r0, &(0x7f0000000040)="0600", 0x2) sendfile(r0, r0, &(0x7f0000001000), 0xffff) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f000002eff0)={0x85c, &(0x7f0000000000)=[{}]}, 0x10) 00:34:36 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r3, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047", 0x3b}], 0x1, 0x0, &(0x7f0000000080), 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b00f2ff0001"]) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4188aea7, &(0x7f0000000140)={0x3, 0x0, [0xc0000101, 0x0, 0xc0010015], [0x0, 0x2]}) 00:34:36 executing program 1: clone(0x200, &(0x7f0000001900), &(0x7f0000744000), &(0x7f0000001880), &(0x7f0000001900)) mknod(&(0x7f0000000100)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000ee6ff8)='./file0\x00', &(0x7f00000000c0), &(0x7f0000775000)) perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x100000000000857}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open$dir(&(0x7f0000296ff8)='./file0\x00', 0x27e, 0x0) 00:34:36 executing program 3: r0 = socket$inet(0x2, 0x1, 0x0) sendto$inet(r0, &(0x7f0000000280), 0x0, 0x200007fd, &(0x7f0000e68000)={0x2}, 0x10) r1 = syz_open_procfs(0x0, &(0x7f0000000880)="6e65742f74637000548e1e85edcdb38f95b7426d2277e1d8a57fc3e425adde573009828379f8f315922310cca80486de1ef9c6f0783a4051ccec5880f51225890a0e16b0b687fb13198e406be3ea40a8da52cbca21f9f91906b063700380a5687ddfc5e8479a561f10552c7ead1b9744e69c4b73c89554a4afb5981da0a05a4a6e8825567b5ebc7f0d8542290101000000000000f4a6bcbe8effea31813950eb683ded3966145e7c1cd12e368ff0fbf9c4e6cf87cb7d48af0d29b3ea5f1e532856d6b25654ba6d57ce76c6e287192e6c236013ecbcbbb42fc3434824a7cd00000000") sendfile(r0, r1, &(0x7f0000000080), 0x80000003) 00:34:36 executing program 0: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0x40085112, &(0x7f0000000100)={{0x5}}) 00:34:36 executing program 6: r0 = eventfd(0x80000001) r1 = getpid() sched_setattr(r1, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x1}, 0x0) r2 = timerfd_create(0x0, 0x0) readv(r2, &(0x7f0000000180)=[{&(0x7f0000000980)=""/230, 0xe6}], 0x1) write$eventfd(r0, &(0x7f00000000c0)=0xffffffffffffff90, 0x8) read$eventfd(r0, &(0x7f0000000000), 0x8) 00:34:36 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000232ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x4, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@'], 0x1, 0x10000000, &(0x7f0000000040)='8'}) 00:34:36 executing program 3: 00:34:36 executing program 5: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x51}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000001000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000300)="2e36f2ad0f01c866b9800000c00f326635010000000f303666839ad1d3cc0fde0965f20f1022baf80c66b8c6bb4d8366efbafc0cec66b8355900000f23c00f21f86635030001000f23f80fc72e0000ba2000b84e6cef", 0x56}], 0x1, 0x0, &(0x7f00000001c0), 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:34:36 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r3, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047", 0x3b}], 0x1, 0x0, &(0x7f0000000080), 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4188aea7, &(0x7f0000000140)={0x3, 0x0, [0xc0000101, 0x0, 0xc0010015], [0x0, 0x2]}) [ 101.018310] binder: 6705:6706 transaction failed 29189/-22, size 0-0 line 2852 00:34:36 executing program 3: [ 101.078280] binder: 6705:6706 ioctl c0306201 20008000 returned -14 00:34:36 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r3, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047", 0x3b}], 0x1, 0x0, &(0x7f0000000080), 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4188aea7, &(0x7f0000000140)={0x3, 0x0, [0xc0000101, 0x0, 0xc0010015], [0x0, 0x2]}) 00:34:36 executing program 5: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x51}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000001000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000300)="2e36f2ad0f01c866b9800000c00f326635010000000f303666839ad1d3cc0fde0965f20f1022baf80c66b8c6bb4d8366efbafc0cec66b8355900000f23c00f21f86635030001000f23f80fc72e0000ba2000b84e6cef", 0x56}], 0x1, 0x0, &(0x7f00000001c0), 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 00:34:36 executing program 3: 00:34:37 executing program 4: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) unlink(&(0x7f0000000400)='./control/file0\x00') r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) close(r0) 00:34:37 executing program 0: 00:34:37 executing program 3: 00:34:37 executing program 5: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x51}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000001000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000300)="2e36f2ad0f01c866b9800000c00f326635010000000f303666839ad1d3cc0fde0965f20f1022baf80c66b8c6bb4d8366efbafc0cec66b8355900000f23c00f21f86635030001000f23f80fc72e0000ba2000b84e6cef", 0x56}], 0x1, 0x0, &(0x7f00000001c0), 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 00:34:37 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r3, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047", 0x3b}], 0x1, 0x0, &(0x7f0000000080), 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4188aea7, &(0x7f0000000140)={0x3, 0x0, [0xc0000101, 0x0, 0xc0010015], [0x0, 0x2]}) 00:34:37 executing program 2: mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$bpf(0x0, &(0x7f0000002100)='./file0\x00', &(0x7f0000002140)='bpf\x00', 0x0, &(0x7f0000002180)) mount$bpf(0x20000000, &(0x7f0000000000)='.\x00', &(0x7f0000000080)='bpf\x00', 0x2001041, &(0x7f0000000040)) 00:34:37 executing program 1: clone(0x200, &(0x7f0000001900), &(0x7f0000744000), &(0x7f0000001880), &(0x7f0000001900)) mknod(&(0x7f0000000100)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000ee6ff8)='./file0\x00', &(0x7f00000000c0), &(0x7f0000775000)) perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x100000000000857}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open$dir(&(0x7f0000296ff8)='./file0\x00', 0x27e, 0x0) 00:34:37 executing program 6: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x2, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'eql\x00', 0x2000093fd}) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x5c831, 0xffffffffffffffff, 0x0) write$binfmt_misc(r0, &(0x7f00000002c0)=ANY=[@ANYBLOB='T'], 0x1) 00:34:37 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r1, 0x5100, &(0x7f0000000100)) 00:34:37 executing program 0: 00:34:37 executing program 6: 00:34:37 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r3, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b00f2ff0001"]) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4188aea7, &(0x7f0000000140)={0x3, 0x0, [0xc0000101, 0x0, 0xc0010015], [0x0, 0x2]}) 00:34:37 executing program 2: 00:34:37 executing program 3: 00:34:37 executing program 6: 00:34:37 executing program 0: 00:34:38 executing program 4: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) unlink(&(0x7f0000000400)='./control/file0\x00') r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) 00:34:38 executing program 5: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x51}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000001000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000300)="2e36f2ad0f01c866b9800000c00f326635010000000f303666839ad1d3cc0fde0965f20f1022baf80c66b8c6bb4d8366efbafc0cec66b8355900000f23c00f21f86635030001000f23f80fc72e0000ba2000b84e6cef", 0x56}], 0x1, 0x0, &(0x7f00000001c0), 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 00:34:38 executing program 2: 00:34:38 executing program 3: 00:34:38 executing program 6: 00:34:38 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r3, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b00f2ff0001"]) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4188aea7, &(0x7f0000000140)={0x3, 0x0, [0xc0000101, 0x0, 0xc0010015], [0x0, 0x2]}) 00:34:38 executing program 0: 00:34:38 executing program 1: 00:34:38 executing program 1: 00:34:38 executing program 6: 00:34:38 executing program 3: 00:34:38 executing program 2: 00:34:38 executing program 0: 00:34:39 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r3, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b00f2ff0001"]) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4188aea7, &(0x7f0000000140)={0x3, 0x0, [0xc0000101, 0x0, 0xc0010015], [0x0, 0x2]}) 00:34:39 executing program 5: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x51}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:34:39 executing program 6: 00:34:40 executing program 4: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) unlink(&(0x7f0000000400)='./control/file0\x00') r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) 00:34:40 executing program 0: 00:34:40 executing program 3: 00:34:40 executing program 2: 00:34:40 executing program 1: 00:34:40 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) socket$inet6(0xa, 0x1000000000002, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047", 0x3b}], 0x1, 0x0, &(0x7f0000000080), 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b00f2ff0001"]) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4188aea7, &(0x7f0000000140)={0x3, 0x0, [0xc0000101, 0x0, 0xc0010015], [0x0, 0x2]}) 00:34:40 executing program 6: 00:34:40 executing program 5: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x51}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000001000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000300)="2e36f2ad0f01c866b9800000c00f326635010000000f303666839ad1d3cc0fde0965f20f1022baf80c66b8c6bb4d8366efbafc0cec66b8355900000f23c00f21f86635030001000f23f80fc72e0000ba2000b84e6cef", 0x56}], 0x1, 0x0, &(0x7f00000001c0), 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) 00:34:40 executing program 6: 00:34:40 executing program 2: 00:34:40 executing program 3: 00:34:40 executing program 1: 00:34:40 executing program 0: 00:34:40 executing program 5: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x51}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000001000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000300)="2e36f2ad0f01c866b9800000c00f326635010000000f303666839ad1d3cc0fde0965f20f1022baf80c66b8c6bb4d8366efbafc0cec66b8355900000f23c00f21f86635030001000f23f80fc72e0000ba2000b84e6cef", 0x56}], 0x1, 0x0, &(0x7f00000001c0), 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) 00:34:40 executing program 1: 00:34:40 executing program 2: 00:34:41 executing program 4: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) unlink(&(0x7f0000000400)='./control/file0\x00') r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x0, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c}) 00:34:41 executing program 3: 00:34:41 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) socket$inet6(0xa, 0x1000000000002, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047", 0x3b}], 0x1, 0x0, &(0x7f0000000080), 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b00f2ff0001"]) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4188aea7, &(0x7f0000000140)={0x3, 0x0, [0xc0000101, 0x0, 0xc0010015], [0x0, 0x2]}) 00:34:41 executing program 6: 00:34:41 executing program 0: 00:34:41 executing program 5: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x51}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000001000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000300)="2e36f2ad0f01c866b9800000c00f326635010000000f303666839ad1d3cc0fde0965f20f1022baf80c66b8c6bb4d8366efbafc0cec66b8355900000f23c00f21f86635030001000f23f80fc72e0000ba2000b84e6cef", 0x56}], 0x1, 0x0, &(0x7f00000001c0), 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_RUN(r0, 0xae80, 0x0) 00:34:41 executing program 1: socket$inet6(0xa, 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000180)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6100) truncate(&(0x7f0000000300)='./bus\x00', 0xa00) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) lseek(r1, 0x0, 0x2) sendfile(r1, r2, &(0x7f0000000040), 0x8000fffffffe) truncate(&(0x7f0000000140)='./bus\x00', 0x0) 00:34:41 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x10000004e20, @multicast1=0xe0000001}, 0x10) connect$inet(r0, &(0x7f0000ccb000)={0x2, 0x4000004e20, @loopback=0x7f000001}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x3, &(0x7f00000011c0)=ANY=[@ANYBLOB="180000000300000000000000000000009500000000000000"], &(0x7f00002bf000)='syzkaller\x00', 0x1, 0xb7, &(0x7f0000000440)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x5, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f00000000c0)={r0, r1}) recvmmsg(r2, &(0x7f0000000dc0)=[{{&(0x7f0000000600)=@ax25, 0x80, &(0x7f0000000800)}}], 0x1, 0x0, &(0x7f0000000f00)) sendmsg(r0, &(0x7f00000002c0)={&(0x7f0000000000)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2={0xff, 0x2, [], 0x1}}}}, 0x80, &(0x7f0000000240)=[{&(0x7f00000001c0)="315f18", 0x3}], 0x1}, 0x0) 00:34:41 executing program 6: 00:34:41 executing program 0: 00:34:41 executing program 3: 00:34:41 executing program 5: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x51}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000001000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000300)="2e36f2ad0f01c866b9800000c00f326635010000000f303666839ad1d3cc0fde0965f20f1022baf80c66b8c6bb4d8366efbafc0cec66b8355900000f23c00f21f86635030001000f23f80fc72e0000ba2000b84e6cef", 0x56}], 0x1, 0x0, &(0x7f00000001c0), 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) [ 106.549000] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 00:34:41 executing program 6: 00:34:41 executing program 3: 00:34:41 executing program 5: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x51}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000001000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000300)="2e36f2ad0f01c866b9800000c00f326635010000000f303666839ad1d3cc0fde0965f20f1022baf80c66b8c6bb4d8366efbafc0cec66b8355900000f23c00f21f86635030001000f23f80fc72e0000ba2000b84e6cef", 0x56}], 0x1, 0x0, &(0x7f00000001c0), 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) 00:34:41 executing program 1: 00:34:43 executing program 4: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) unlink(&(0x7f0000000400)='./control/file0\x00') openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) close(r0) 00:34:43 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) socket$inet6(0xa, 0x1000000000002, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047", 0x3b}], 0x1, 0x0, &(0x7f0000000080), 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b00f2ff0001"]) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4188aea7, &(0x7f0000000140)={0x3, 0x0, [0xc0000101, 0x0, 0xc0010015], [0x0, 0x2]}) 00:34:43 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000232ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = syz_open_dev$binder(&(0x7f0000001000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x34, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x10000000, &(0x7f0000009000)}) 00:34:43 executing program 3: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") syz_mount_image$nfs4(&(0x7f00000000c0)='nfs4\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000540)=[{&(0x7f00000002c0)="60970e71006ebcbafa54895adfe97c991c0a9b98dccb631f955d7c1c03b9450dfc7632b964574a637aaba482a644d4c8ddd06782f858e6822d3864f8000098c396784456f48344cc98f64703e5ad747df75714fc5613c79e80da90826e8e5502b6436b055bf80f90b681c50cdc6497c02f70081f310891c995ff097a7dbf139a7d121712b33a22e1588f6d6b8c26f24e4d3b412c26149e395c97756ed9328eb235d48b2904c4c275b92701d554a07bf2fa04f68951c28a7a4cfec54ba2e9", 0xbe, 0x7ff}], 0x0, &(0x7f0000000600)='\x00') 00:34:43 executing program 6: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000440)={'vlan0\x00', 0xd803}) r1 = socket$nl_route(0x10, 0x3, 0x0) readv(r0, &(0x7f0000000500)=[{&(0x7f0000000480)=""/117, 0x75}], 0x1) sendmsg$nl_route(r1, &(0x7f0000000140)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8, 0x1b}]}, 0x28}, 0x1}, 0x0) 00:34:43 executing program 1: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000280)={@local}, &(0x7f00000002c0)=0x14) r1 = socket$inet_tcp(0x2, 0x1, 0x0) socketpair$inet(0x2, 0x800, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = accept(r3, 0x0, &(0x7f0000000140)) connect$rds(r4, &(0x7f0000000380)={0x2, 0x4e21, @rand_addr=0xda3}, 0x10) getsockopt$IPT_SO_GET_ENTRIES(r2, 0x0, 0x41, &(0x7f0000000480)=ANY=[], &(0x7f0000000040)) r5 = socket$inet6(0xa, 0x1, 0x0) ioctl(r5, 0x4000008912, &(0x7f0000000100)) socket(0x0, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xaa}}, 0x1c) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffff9c, 0x84, 0x77, &(0x7f00000003c0), &(0x7f0000000400)=0x8) sendto$inet(0xffffffffffffffff, &(0x7f00000007c0), 0x0, 0x0, &(0x7f0000000500)={0x2, 0x0, @rand_addr}, 0x10) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000480), &(0x7f00000004c0)=0x8) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000040)=@broute={'broute\x00', 0x20, 0x1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000330], 0x0, &(0x7f0000000000), &(0x7f0000000640)=ANY=[]}, 0x78) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffff9c, 0x84, 0x13, &(0x7f0000000200), &(0x7f00000001c0)=0x8) getsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000380)=ANY=[], &(0x7f0000000240)) bind$inet(r1, &(0x7f0000000100)={0x2, 0x4e20, @rand_addr}, 0x10) socket$inet6(0xa, 0x0, 0x0) setsockopt$inet_tcp_buf(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000380), 0x0) socket$inet6(0xa, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000080), 0x20) bind$inet(0xffffffffffffffff, &(0x7f0000000440)={0x2, 0x0, @local={0xac, 0x14, 0x14, 0xaa}}, 0x10) setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000d4effc)=0x1, 0x4) sendto$inet(r1, &(0x7f000099bf26), 0x0, 0x20000000, &(0x7f0000000340)={0x2, 0x4e20}, 0x10) sendto$inet(r1, &(0x7f00000000c0)="9a", 0x1, 0x4008010, 0x0, 0x0) sendto$inet(r1, &(0x7f00000005c0)="d14898a5d008ffe8abe4b14f76a9e912f639db701243f73de59c5a812924dac0beac2002a472834a662714baa767511a3e2eaf41b05cf651f5c6ec2f62582484023c136e8e1d87dc81bcf6ee30af9ab7a3e5e03c1f90c2d9612521f26f079fd3838806e52a443b8d1787b1cdcd69b61dc545fd8d88c74749", 0x78, 0x1c72796d7506e79e, 0x0, 0x0) 00:34:43 executing program 5: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x51}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000001000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000300)="2e36f2ad0f01c866b9800000c00f326635010000000f303666839ad1d3cc0fde0965f20f1022baf80c66b8c6bb4d8366efbafc0cec66b8355900000f23c00f21f86635030001000f23f80fc72e0000ba2000b84e6cef", 0x56}], 0x1, 0x0, &(0x7f00000001c0), 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) ioctl$KVM_RUN(r1, 0xae80, 0x0) 00:34:43 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) write$P9_RLERRORu(r0, &(0x7f0000000040)={0xd, 0x7}, 0xd) 00:34:43 executing program 2: r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0x40085112, &(0x7f0000000000)={{0x7fffffff, 0x100000000000c}}) 00:34:43 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000001000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000300)="2e36f2ad0f01c866b9800000c00f326635010000000f303666839ad1d3cc0fde0965f20f1022baf80c66b8c6bb4d8366efbafc0cec66b8355900000f23c00f21f86635030001000f23f80fc72e0000ba2000b84e6cef", 0x56}], 0x1, 0x0, &(0x7f00000001c0), 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 107.984631] binder: 6919:6929 got transaction with invalid data ptr [ 108.013626] binder: 6919:6929 transaction failed 29201/-14, size 40-8 line 2986 00:34:43 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000232ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r2 = syz_open_dev$binder(&(0x7f0000001000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x0, 0x20011, r2, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r2, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x21, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f000000afd0)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x10000000, &(0x7f0000009000)}) 00:34:43 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000232ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r1, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") syz_open_dev$binder(&(0x7f0000001000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000008000)={0x34, 0x0, &(0x7f0000004fbc)=ANY=[@ANYBLOB='\x00c@@\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00'], 0x0, 0x10000000, &(0x7f0000009000)}) 00:34:43 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047", 0x3b}], 0x1, 0x0, &(0x7f0000000080), 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b00f2ff0001"]) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4188aea7, &(0x7f0000000140)={0x3, 0x0, [0xc0000101, 0x0, 0xc0010015], [0x0, 0x2]}) [ 108.070298] binder_alloc: binder_alloc_mmap_handler: 6919 20000000-20002000 already mapped failed -16 [ 108.105966] binder: BINDER_SET_CONTEXT_MGR already set [ 108.117648] binder: 6919:6929 ioctl 40046207 0 returned -16 00:34:43 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000001000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000300)="2e36f2ad0f01c866b9800000c00f326635010000000f303666839ad1d3cc0fde0965f20f1022baf80c66b8c6bb4d8366efbafc0cec66b8355900000f23c00f21f86635030001000f23f80fc72e0000ba2000b84e6cef", 0x56}], 0x1, 0x0, &(0x7f00000001c0), 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 108.143794] binder: BINDER_SET_CONTEXT_MGR already set [ 108.156606] binder_alloc: 6919: binder_alloc_buf, no vma [ 108.162279] binder: 6919:6945 transaction failed 29189/-3, size 40-8 line 2967 [ 108.166901] binder: 6951:6952 ioctl 40046207 0 returned -16 [ 108.172935] binder_alloc: 6919: binder_alloc_buf, no vma [ 108.181043] binder: 6956:6959 transaction failed 29189/-3, size 40-8 line 2967 [ 108.200252] binder: undelivered TRANSACTION_ERROR: 29201 [ 108.209319] binder_alloc: 6919: binder_alloc_buf, no vma [ 108.209336] binder: undelivered TRANSACTION_ERROR: 29189 [ 108.214881] binder: 6951:6952 transaction failed 29189/-3, size 0-0 line 2967 [ 108.222900] binder_alloc: binder_alloc_mmap_handler: 6951 20000000-20002000 already mapped failed -16 00:34:43 executing program 0: [ 108.242436] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 108.260239] binder: 6956:6966 transaction failed 29189/-22, size 40-8 line 2852 [ 108.286867] binder: undelivered TRANSACTION_ERROR: 29189 [ 108.288119] binder_alloc: 6951: binder_alloc_buf, no vma 00:34:43 executing program 2: [ 108.297739] binder: undelivered TRANSACTION_ERROR: 29189 [ 108.297898] binder: 6951:6965 transaction failed 29189/-3, size 0-0 line 2967 [ 108.326560] binder: undelivered TRANSACTION_ERROR: 29189 [ 108.333669] binder: undelivered TRANSACTION_ERROR: 29189 [ 108.782746] device lo left promiscuous mode [ 108.792656] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 108.799893] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 108.819839] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 00:34:44 executing program 4: mkdir(&(0x7f00000003c0)='./control\x00', 0x0) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x1, 0x32, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000480)={0xaa}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r1 = creat(&(0x7f0000000040)='./control/file0\x00', 0x0) write$sndseq(r1, &(0x7f0000011fd2)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time={0x77359400}}], 0x30) mkdir(&(0x7f0000000100)='./file0\x00', 0x0) unlink(&(0x7f0000000400)='./control/file0\x00') openat$dsp(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dsp\x00', 0x0, 0x0) close(r0) 00:34:44 executing program 0: 00:34:44 executing program 7: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl(0xffffffffffffffff, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f00000000c0)="c4824da82b66ba2100b801000000efb9270900000f323640a7650f30c4e2899c8e02000000f02046452ef3440f6fb800f0ff7fc42101dbc40f2047", 0x3b}], 0x1, 0x0, &(0x7f0000000080), 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000001e00fb034d564b00f2ff0001"]) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4188aea7, &(0x7f0000000140)={0x3, 0x0, [0xc0000101, 0x0, 0xc0010015], [0x0, 0x2]}) 00:34:44 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000001000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000300)="2e36f2ad0f01c866b9800000c00f326635010000000f303666839ad1d3cc0fde0965f20f1022baf80c66b8c6bb4d8366efbafc0cec66b8355900000f23c00f21f86635030001000f23f80fc72e0000ba2000b84e6cef", 0x56}], 0x1, 0x0, &(0x7f00000001c0), 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:34:44 executing program 3: openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='/group.stat\x00', 0x2761, 0x0) perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0x3e5}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000240)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='bpf\x00', 0x2001001, &(0x7f00000000c0)=ANY=[]) 00:34:44 executing program 2: r0 = socket$inet6(0xa, 0x1000000000002, 0x0) ioctl(r0, 0x8912, &(0x7f0000000280)="025cc83d6d345f8f762070") r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="0000000000004000323f8a059f23923be70d2fa45b7be61260c7da5bde21358531bcec3ab348896d00727035c7f34b63da2b87a51fc2abc6cbc68a977e90ea2bb7224747d9533253"], 0x1) setsockopt$inet6_opts(r1, 0x29, 0x36, &(0x7f0000000080)=@fragment, 0x0) 00:34:44 executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000440)={'vlan0\x00', 0xd803}) ioctl$TUNSETVNETHDRSZ(r0, 0x400454d8, &(0x7f0000000080)=0x7fffffff) r1 = socket$nl_route(0x10, 0x3, 0x0) readv(r0, &(0x7f0000000500)=[{&(0x7f0000000480)=""/117, 0x75}], 0x1) sendmsg$nl_route(r1, &(0x7f0000000140)={&(0x7f00000000c0)={0x10}, 0xc, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3}, [@IFLA_GROUP={0x8, 0x1b}]}, 0x28}, 0x1}, 0x0) 00:34:44 executing program 6: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000180)='memory.high\x00', 0x2, 0x0) io_setup(0x3ff, &(0x7f0000000380)=0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) io_submit(r2, 0x1c2, &(0x7f0000000380)) sendfile(r1, r1, &(0x7f0000000040), 0x1) 00:34:44 executing program 0: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev={0xfe, 0x80}, 0x4}, 0x1c) sendmsg(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000040), 0xba7b}], 0x29a, &(0x7f0000000200)}, 0x0) [ 108.929162] ================================================================== [ 108.936599] BUG: KASAN: slab-out-of-bounds in find_first_bit+0xf7/0x100 [ 108.943425] Read of size 8 at addr ffff8801d710a090 by task syz-executor6/7008 [ 108.950783] [ 108.952445] CPU: 0 PID: 7008 Comm: syz-executor6 Not tainted 4.18.0-rc3-next-20180706+ #1 [ 108.960761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 108.970117] Call Trace: [ 108.972721] dump_stack+0x1c9/0x2b4 00:34:44 executing program 5: perf_event_open(&(0x7f0000000200)={0x0, 0x70, 0x51}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000001000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000300)="2e36f2ad0f01c866b9800000c00f326635010000000f303666839ad1d3cc0fde0965f20f1022baf80c66b8c6bb4d8366efbafc0cec66b8355900000f23c00f21f86635030001000f23f80fc72e0000ba2000b84e6cef", 0x56}], 0x1, 0x0, &(0x7f00000001c0), 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 108.976392] ? dump_stack_print_info.cold.2+0x52/0x52 [ 108.981602] ? printk+0xa7/0xcf [ 108.984891] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 108.989651] ? find_first_bit+0xf7/0x100 [ 108.993735] print_address_description+0x6c/0x20b [ 108.998602] ? find_first_bit+0xf7/0x100 [ 109.002660] kasan_report.cold.7+0x242/0x30d [ 109.007064] __asan_report_load8_noabort+0x14/0x20 [ 109.011999] find_first_bit+0xf7/0x100 [ 109.015889] shrink_slab+0x5d0/0xdb0 [ 109.019604] ? shrink_node_memcg+0xc91/0x18f0 [ 109.024088] ? unregister_memcg_shrinker.isra.39+0x50/0x50 [ 109.029708] ? shrink_active_list+0x1830/0x1830 [ 109.034384] shrink_node+0x429/0x16a0 [ 109.038190] ? shrink_node_memcg+0x18f0/0x18f0 [ 109.042758] ? kvm_clock_read+0x25/0x30 [ 109.046720] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 109.051723] ? ktime_get_raw_ts64+0x4f0/0x4f0 [ 109.056221] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 109.061235] do_try_to_free_pages+0x3e7/0x1290 [ 109.065814] ? shrink_node+0x16a0/0x16a0 [ 109.069877] ? lock_release+0xa30/0xa30 [ 109.073838] ? check_same_owner+0x340/0x340 [ 109.078156] ? lock_downgrade+0x8f0/0x8f0 [ 109.082290] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 109.087809] ? _parse_integer+0x13b/0x190 [ 109.091948] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 109.097473] try_to_free_mem_cgroup_pages+0x49d/0xc90 [ 109.102651] ? pointer_string+0x1b0/0x1b0 [ 109.106781] ? __mutex_lock+0x6c4/0x1680 [ 109.110827] ? try_to_free_pages+0xb80/0xb80 [ 109.115230] ? memparse+0x171/0x1d0 [ 109.118843] ? get_options+0x380/0x380 [ 109.122727] ? kasan_kmalloc+0xc4/0xe0 [ 109.126595] ? __kmalloc+0x14e/0x760 [ 109.130291] ? kernfs_fop_write+0x33d/0x480 [ 109.134593] ? __vfs_write+0x117/0x9f0 [ 109.138477] ? __kernel_write+0x10c/0x370 [ 109.142610] ? write_pipe_buf+0x181/0x240 [ 109.146742] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 109.152262] ? page_counter_memparse+0xb5/0x1e0 [ 109.156915] ? page_counter_set_low+0x180/0x180 [ 109.161567] ? cgroup_control+0x180/0x180 [ 109.165705] memory_high_write+0x283/0x310 [ 109.169924] ? mem_cgroup_css_released+0x140/0x140 [ 109.174849] ? lock_downgrade+0x8f0/0x8f0 [ 109.178980] ? lock_release+0xa30/0xa30 [ 109.182941] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 109.188126] cgroup_file_write+0x31f/0x840 [ 109.192345] ? mem_cgroup_css_released+0x140/0x140 [ 109.197263] ? cgroup_migrate_add_task+0xcd0/0xcd0 [ 109.202183] ? __kmalloc+0x315/0x760 [ 109.205891] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 109.211415] ? cgroup_migrate_add_task+0xcd0/0xcd0 [ 109.216339] kernfs_fop_write+0x2ba/0x480 [ 109.220476] __vfs_write+0x117/0x9f0 [ 109.224173] ? kernfs_fop_open+0x1020/0x1020 [ 109.228567] ? kernel_read+0x120/0x120 [ 109.232523] ? default_file_splice_read+0x864/0xb10 [ 109.237528] ? splice_direct_to_actor+0x6fc/0x8f0 [ 109.242370] ? do_splice_direct+0x2d4/0x420 [ 109.246675] ? do_sendfile+0x62a/0xe20 [ 109.250561] ? __x64_sys_sendfile64+0x15d/0x250 [ 109.255219] ? iter_file_splice_write+0x1010/0x1010 [ 109.260219] ? check_same_owner+0x340/0x340 [ 109.264525] ? cache_grow_end.part.37+0x95/0x170 [ 109.269268] ? rcu_note_context_switch+0x730/0x730 [ 109.274183] __kernel_write+0x10c/0x370 [ 109.278168] write_pipe_buf+0x181/0x240 [ 109.282132] ? do_splice_direct+0x420/0x420 [ 109.286439] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 109.291973] ? splice_from_pipe_next.part.9+0x296/0x340 [ 109.297329] ? __ia32_sys_membarrier+0x150/0x150 [ 109.302082] __splice_from_pipe+0x38e/0x7c0 [ 109.306388] ? do_splice_direct+0x420/0x420 [ 109.310694] splice_from_pipe+0x1ea/0x340 [ 109.314830] ? do_splice_direct+0x420/0x420 [ 109.319132] ? splice_shrink_spd+0xd0/0xd0 [ 109.323354] ? security_file_permission+0x1c2/0x230 [ 109.328366] default_file_splice_write+0x3c/0x90 [ 109.333104] ? generic_splice_sendpage+0x50/0x50 [ 109.337844] direct_splice_actor+0x128/0x190 [ 109.342239] splice_direct_to_actor+0x318/0x8f0 [ 109.346894] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 109.352416] ? pipe_to_sendpage+0x400/0x400 [ 109.356723] ? do_splice_to+0x190/0x190 [ 109.360691] ? security_file_permission+0x1c2/0x230 [ 109.365692] ? rw_verify_area+0x118/0x360 [ 109.369826] do_splice_direct+0x2d4/0x420 [ 109.373971] ? splice_direct_to_actor+0x8f0/0x8f0 [ 109.378802] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 109.384338] ? __sb_start_write+0x17f/0x300 [ 109.388664] do_sendfile+0x62a/0xe20 [ 109.392368] ? do_compat_pwritev64+0x1c0/0x1c0 [ 109.396950] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 109.402470] ? _copy_from_user+0xdf/0x150 [ 109.406605] __x64_sys_sendfile64+0x15d/0x250 [ 109.411087] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 109.415662] ? ksys_ioctl+0x81/0xd0 [ 109.419285] do_syscall_64+0x1b9/0x820 [ 109.423164] ? finish_task_switch+0x1d3/0x870 [ 109.427744] ? syscall_return_slowpath+0x5e0/0x5e0 [ 109.432679] ? syscall_return_slowpath+0x31d/0x5e0 [ 109.437594] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 109.442609] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 109.447439] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 109.452617] RIP: 0033:0x455e29 [ 109.455790] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 109.475056] RSP: 002b:00007f7007650c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 109.482755] RAX: ffffffffffffffda RBX: 00007f70076516d4 RCX: 0000000000455e29 [ 109.490014] RDX: 0000000020000040 RSI: 0000000000000014 RDI: 0000000000000014 [ 109.497278] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 109.504531] R10: 0000000000000001 R11: 0000000000000246 R12: 00000000ffffffff [ 109.511812] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000000 [ 109.519075] [ 109.520696] Allocated by task 4487: [ 109.524311] save_stack+0x43/0xd0 [ 109.527748] kasan_kmalloc+0xc4/0xe0 [ 109.531445] __kmalloc_node+0x47/0x70 [ 109.535229] kvmalloc_node+0x65/0xf0 [ 109.538924] mem_cgroup_css_online+0x169/0x3c0 [ 109.543499] online_css+0x10c/0x350 [ 109.547114] cgroup_apply_control_enable+0x777/0xe90 [ 109.552196] cgroup_mkdir+0x88a/0x1170 [ 109.556067] kernfs_iop_mkdir+0x159/0x1e0 [ 109.560207] vfs_mkdir+0x42e/0x6b0 [ 109.563729] do_mkdirat+0x27b/0x310 [ 109.567359] __x64_sys_mkdir+0x5c/0x80 [ 109.571663] do_syscall_64+0x1b9/0x820 [ 109.575536] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 109.580701] [ 109.582318] Freed by task 4481: [ 109.585582] save_stack+0x43/0xd0 [ 109.589020] __kasan_slab_free+0x11a/0x170 [ 109.593250] kasan_slab_free+0xe/0x10 [ 109.597033] kfree+0xd9/0x260 [ 109.600120] ksys_mount+0xa3/0x140 [ 109.603642] __x64_sys_mount+0xbe/0x150 [ 109.607602] do_syscall_64+0x1b9/0x820 [ 109.611482] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 109.616655] [ 109.618268] The buggy address belongs to the object at ffff8801d710a080 [ 109.618268] which belongs to the cache kmalloc-32 of size 32 [ 109.631255] The buggy address is located 16 bytes inside of [ 109.631255] 32-byte region [ffff8801d710a080, ffff8801d710a0a0) [ 109.642938] The buggy address belongs to the page: [ 109.647849] page:ffffea00075c4280 count:1 mapcount:0 mapping:ffff8801da8001c0 index:0xffff8801d710afc1 [ 109.657275] flags: 0x2fffc0000000100(slab) [ 109.661496] raw: 02fffc0000000100 ffffea0007357688 ffffea00075c43c8 ffff8801da8001c0 [ 109.669364] raw: ffff8801d710afc1 ffff8801d710a000 000000010000003f 0000000000000000 [ 109.677241] page dumped because: kasan: bad access detected [ 109.682943] [ 109.684566] Memory state around the buggy address: [ 109.689476] ffff8801d7109f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 109.696817] ffff8801d710a000: 00 03 fc fc fc fc fc fc 00 07 fc fc fc fc fc fc [ 109.704158] >ffff8801d710a080: 00 00 05 fc fc fc fc fc 00 03 fc fc fc fc fc fc [ 109.711492] ^ [ 109.715376] ffff8801d710a100: 00 00 00 fc fc fc fc fc 00 00 01 fc fc fc fc fc [ 109.722717] ffff8801d710a180: 00 02 fc fc fc fc fc fc 00 02 fc fc fc fc fc fc [ 109.730061] ================================================================== [ 109.738573] Kernel panic - not syncing: panic_on_warn set ... [ 109.738573] [ 109.745966] CPU: 0 PID: 7008 Comm: syz-executor6 Tainted: G B 4.18.0-rc3-next-20180706+ #1 [ 109.755673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 109.765028] Call Trace: [ 109.767624] dump_stack+0x1c9/0x2b4 [ 109.771266] ? dump_stack_print_info.cold.2+0x52/0x52 [ 109.776512] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 109.781282] panic+0x238/0x4e7 [ 109.784481] ? add_taint.cold.5+0x16/0x16 [ 109.788636] ? do_raw_spin_unlock+0xa7/0x2f0 [ 109.793043] ? do_raw_spin_unlock+0xa7/0x2f0 [ 109.797467] ? find_first_bit+0xf7/0x100 [ 109.801537] kasan_end_report+0x47/0x4f [ 109.805552] kasan_report.cold.7+0x76/0x30d [ 109.809902] __asan_report_load8_noabort+0x14/0x20 [ 109.814841] find_first_bit+0xf7/0x100 [ 109.818738] shrink_slab+0x5d0/0xdb0 [ 109.822460] ? shrink_node_memcg+0xc91/0x18f0 [ 109.826973] ? unregister_memcg_shrinker.isra.39+0x50/0x50 [ 109.832612] ? shrink_active_list+0x1830/0x1830 [ 109.837304] shrink_node+0x429/0x16a0 [ 109.841116] ? shrink_node_memcg+0x18f0/0x18f0 [ 109.845713] ? kvm_clock_read+0x25/0x30 [ 109.849698] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 109.854731] ? ktime_get_raw_ts64+0x4f0/0x4f0 [ 109.859251] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 109.864282] do_try_to_free_pages+0x3e7/0x1290 [ 109.868891] ? shrink_node+0x16a0/0x16a0 [ 109.872957] ? lock_release+0xa30/0xa30 [ 109.876936] ? check_same_owner+0x340/0x340 [ 109.881275] ? lock_downgrade+0x8f0/0x8f0 [ 109.885428] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 109.890969] ? _parse_integer+0x13b/0x190 [ 109.895129] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 109.900681] try_to_free_mem_cgroup_pages+0x49d/0xc90 [ 109.905884] ? pointer_string+0x1b0/0x1b0 [ 109.910049] ? __mutex_lock+0x6c4/0x1680 [ 109.914299] ? try_to_free_pages+0xb80/0xb80 [ 109.918724] ? memparse+0x171/0x1d0 [ 109.922360] ? get_options+0x380/0x380 [ 109.926259] ? kasan_kmalloc+0xc4/0xe0 [ 109.930154] ? __kmalloc+0x14e/0x760 [ 109.933877] ? kernfs_fop_write+0x33d/0x480 [ 109.938207] ? __vfs_write+0x117/0x9f0 [ 109.942108] ? __kernel_write+0x10c/0x370 [ 109.946271] ? write_pipe_buf+0x181/0x240 [ 109.950435] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 109.955986] ? page_counter_memparse+0xb5/0x1e0 [ 109.958268] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 109.960662] ? page_counter_set_low+0x180/0x180 [ 109.960676] ? cgroup_control+0x180/0x180 [ 109.960694] memory_high_write+0x283/0x310 [ 109.960710] ? mem_cgroup_css_released+0x140/0x140 [ 109.960724] ? lock_downgrade+0x8f0/0x8f0 [ 109.960738] ? lock_release+0xa30/0xa30 [ 109.960756] ? __sanitizer_cov_trace_switch+0x53/0x90 [ 109.960769] cgroup_file_write+0x31f/0x840 [ 109.960781] ? mem_cgroup_css_released+0x140/0x140 [ 109.960795] ? cgroup_migrate_add_task+0xcd0/0xcd0 [ 109.960810] ? __kmalloc+0x315/0x760 [ 109.960822] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 109.960838] ? cgroup_migrate_add_task+0xcd0/0xcd0 [ 109.960851] kernfs_fop_write+0x2ba/0x480 [ 109.960867] __vfs_write+0x117/0x9f0 [ 109.960884] ? kernfs_fop_open+0x1020/0x1020 [ 110.038877] ? kernel_read+0x120/0x120 [ 110.042758] ? default_file_splice_read+0x864/0xb10 [ 110.047776] ? splice_direct_to_actor+0x6fc/0x8f0 [ 110.052605] ? do_splice_direct+0x2d4/0x420 [ 110.056911] ? do_sendfile+0x62a/0xe20 [ 110.060780] ? __x64_sys_sendfile64+0x15d/0x250 [ 110.065435] ? iter_file_splice_write+0x1010/0x1010 [ 110.070448] ? check_same_owner+0x340/0x340 [ 110.074760] ? cache_grow_end.part.37+0x95/0x170 [ 110.079510] ? rcu_note_context_switch+0x730/0x730 [ 110.084423] __kernel_write+0x10c/0x370 [ 110.088383] write_pipe_buf+0x181/0x240 [ 110.092440] ? do_splice_direct+0x420/0x420 [ 110.096758] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 110.102283] ? splice_from_pipe_next.part.9+0x296/0x340 [ 110.107633] ? __ia32_sys_membarrier+0x150/0x150 [ 110.112374] __splice_from_pipe+0x38e/0x7c0 [ 110.116697] ? do_splice_direct+0x420/0x420 [ 110.121005] splice_from_pipe+0x1ea/0x340 [ 110.125153] ? do_splice_direct+0x420/0x420 [ 110.129469] ? splice_shrink_spd+0xd0/0xd0 [ 110.133699] ? security_file_permission+0x1c2/0x230 [ 110.138702] default_file_splice_write+0x3c/0x90 [ 110.143439] ? generic_splice_sendpage+0x50/0x50 [ 110.148197] direct_splice_actor+0x128/0x190 [ 110.152599] splice_direct_to_actor+0x318/0x8f0 [ 110.157263] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 110.162795] ? pipe_to_sendpage+0x400/0x400 [ 110.167104] ? do_splice_to+0x190/0x190 [ 110.171062] ? security_file_permission+0x1c2/0x230 [ 110.176071] ? rw_verify_area+0x118/0x360 [ 110.180214] do_splice_direct+0x2d4/0x420 [ 110.184359] ? splice_direct_to_actor+0x8f0/0x8f0 [ 110.189186] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 110.194710] ? __sb_start_write+0x17f/0x300 [ 110.199020] do_sendfile+0x62a/0xe20 [ 110.203116] ? do_compat_pwritev64+0x1c0/0x1c0 [ 110.207684] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 110.213215] ? _copy_from_user+0xdf/0x150 [ 110.217350] __x64_sys_sendfile64+0x15d/0x250 [ 110.221839] ? __ia32_sys_sendfile+0x2a0/0x2a0 [ 110.226402] ? ksys_ioctl+0x81/0xd0 [ 110.230020] do_syscall_64+0x1b9/0x820 [ 110.233890] ? finish_task_switch+0x1d3/0x870 [ 110.238368] ? syscall_return_slowpath+0x5e0/0x5e0 [ 110.243280] ? syscall_return_slowpath+0x31d/0x5e0 [ 110.248197] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 110.253214] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 110.258048] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 110.263228] RIP: 0033:0x455e29 [ 110.266398] Code: 1d ba fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 eb b9 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 110.285578] RSP: 002b:00007f7007650c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 110.293286] RAX: ffffffffffffffda RBX: 00007f70076516d4 RCX: 0000000000455e29 [ 110.300539] RDX: 0000000020000040 RSI: 0000000000000014 RDI: 0000000000000014 [ 110.307799] RBP: 000000000072bea0 R08: 0000000000000000 R09: 0000000000000000 [ 110.315051] R10: 0000000000000001 R11: 0000000000000246 R12: 00000000ffffffff [ 110.322311] R13: 00000000004c1113 R14: 00000000004d1540 R15: 0000000000000000 [ 110.330078] Dumping ftrace buffer: [ 110.333602] (ftrace buffer empty) [ 110.337307] Kernel Offset: disabled [ 110.340923] Rebooting in 86400 seconds..