[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 29.702917] kauditd_printk_skb: 7 callbacks suppressed [ 29.702928] audit: type=1800 audit(1545267996.401:29): pid=5945 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 29.735791] audit: type=1800 audit(1545267996.411:30): pid=5945 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.157' (ECDSA) to the list of known hosts. 2018/12/20 01:06:46 fuzzer started 2018/12/20 01:06:49 dialing manager at 10.128.0.26:36039 2018/12/20 01:06:49 syscalls: 1 2018/12/20 01:06:49 code coverage: enabled 2018/12/20 01:06:49 comparison tracing: enabled 2018/12/20 01:06:49 setuid sandbox: enabled 2018/12/20 01:06:49 namespace sandbox: enabled 2018/12/20 01:06:49 Android sandbox: /sys/fs/selinux/policy does not exist 2018/12/20 01:06:49 fault injection: enabled 2018/12/20 01:06:49 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2018/12/20 01:06:49 net packet injection: enabled 2018/12/20 01:06:49 net device setup: enabled 01:09:12 executing program 0: syz_emit_ethernet(0x1, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaff000000000086dd60b409000438000000000000000000000000ffffe0000002050200000000000000000200000000013a8690780009040060b680fa0000000000000000000000eafffffefffffbffff00000000000000000000ffffac14ffbb"], 0x0) syzkaller login: [ 185.681396] IPVS: ftp: loaded support on port[0] = 21 01:09:12 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) tgkill(0x0, 0x0, 0x0) [ 185.990242] IPVS: ftp: loaded support on port[0] = 21 01:09:12 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_emit_ethernet(0x1, &(0x7f0000000700)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd60c22df7001000a7dacd50d3d4eec507000000d800fe80000000000000007000e800000000fe8000000000000000000000000000aa000029"], 0x0) [ 186.340413] IPVS: ftp: loaded support on port[0] = 21 01:09:13 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x0, @broadcast}, 0x10) setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, 0x0, 0x0) sendto$inet(r0, 0x0, 0x7f, 0x400200007fe, &(0x7f0000000080)={0x2, 0x10084e23, @local}, 0x10) [ 186.636036] IPVS: ftp: loaded support on port[0] = 21 01:09:13 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 187.108505] IPVS: ftp: loaded support on port[0] = 21 01:09:14 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) semctl$SETVAL(0x0, 0x0, 0x10, 0x0) [ 187.540563] IPVS: ftp: loaded support on port[0] = 21 [ 187.687155] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.694140] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.702162] device bridge_slave_0 entered promiscuous mode [ 187.787720] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.794176] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.817577] device bridge_slave_1 entered promiscuous mode [ 187.994435] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 188.139405] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 188.148069] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.154540] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.169870] device bridge_slave_0 entered promiscuous mode [ 188.303025] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.328677] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.336140] device bridge_slave_1 entered promiscuous mode [ 188.454576] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 188.542032] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 188.608992] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 188.631990] bridge0: port 1(bridge_slave_0) entered blocking state [ 188.648704] bridge0: port 1(bridge_slave_0) entered disabled state [ 188.672107] device bridge_slave_0 entered promiscuous mode [ 188.692036] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 188.856703] bridge0: port 2(bridge_slave_1) entered blocking state [ 188.863093] bridge0: port 2(bridge_slave_1) entered disabled state [ 188.879489] device bridge_slave_1 entered promiscuous mode [ 189.014683] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 189.056882] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 189.071341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 189.140381] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 189.175860] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 189.187685] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.197125] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.216935] device bridge_slave_0 entered promiscuous mode [ 189.309356] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 189.356405] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.396721] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.409903] device bridge_slave_1 entered promiscuous mode [ 189.491494] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 189.505698] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 189.539369] team0: Port device team_slave_0 added [ 189.546257] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 189.571866] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 189.587817] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.594213] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.617709] device bridge_slave_0 entered promiscuous mode [ 189.645617] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 189.682951] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 189.699530] team0: Port device team_slave_1 added [ 189.718579] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 189.764215] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 189.790628] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 189.824380] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.833220] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.846235] device bridge_slave_0 entered promiscuous mode [ 189.853929] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.862486] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.879955] device bridge_slave_1 entered promiscuous mode [ 189.942405] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 189.956647] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 189.968357] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 189.988228] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 190.004408] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.012863] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.023809] device bridge_slave_1 entered promiscuous mode [ 190.031932] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 190.056721] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 190.079477] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 190.092257] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 190.102185] team0: Port device team_slave_0 added [ 190.109910] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 190.130928] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 190.163500] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 190.183316] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 190.196021] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 190.205785] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 190.227329] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 190.236472] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.247149] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.277541] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 190.284880] team0: Port device team_slave_1 added [ 190.301698] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 190.352011] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 190.389286] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 190.397529] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 190.405469] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.438665] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 190.513806] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 190.538303] team0: Port device team_slave_0 added [ 190.558174] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 190.566172] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 190.583082] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 190.625702] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 190.647201] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 190.679550] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 190.697045] team0: Port device team_slave_1 added [ 190.706286] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 190.733529] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 190.743695] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 190.757963] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 190.788088] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 190.843963] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 190.867211] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.877359] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 190.904564] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 190.943893] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 190.979287] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 191.045240] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 191.066709] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 191.076404] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 191.098283] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 191.107455] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 191.116107] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 191.129676] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 191.185321] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 191.196410] team0: Port device team_slave_0 added [ 191.204279] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 191.217577] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 191.225580] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 191.282680] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 191.300044] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 191.321494] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 191.342747] team0: Port device team_slave_1 added [ 191.350063] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 191.364599] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 191.375731] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 191.398000] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 191.413620] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.469011] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 191.475886] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 191.495684] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 191.590809] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 191.675126] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 191.687471] team0: Port device team_slave_0 added [ 191.697200] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 191.710952] team0: Port device team_slave_0 added [ 191.728543] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 191.747644] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 191.773101] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 191.811628] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 191.822319] team0: Port device team_slave_1 added [ 191.832388] bridge0: port 2(bridge_slave_1) entered blocking state [ 191.838917] bridge0: port 2(bridge_slave_1) entered forwarding state [ 191.845890] bridge0: port 1(bridge_slave_0) entered blocking state [ 191.852335] bridge0: port 1(bridge_slave_0) entered forwarding state [ 191.861291] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 191.882268] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 191.898320] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 191.909879] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 191.948447] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 191.955852] team0: Port device team_slave_1 added [ 191.992619] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 192.003181] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 192.080663] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 192.105460] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 192.137112] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 192.161214] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 192.177088] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 192.197225] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 192.222730] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 192.237335] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 192.267113] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 192.323889] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 192.348313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 192.358779] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 192.377011] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 192.384192] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 192.404067] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 192.442461] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 192.467462] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.473843] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.480590] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.487002] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.515645] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 192.522392] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 192.530396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 192.569962] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 192.587782] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 192.595744] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 192.886902] bridge0: port 2(bridge_slave_1) entered blocking state [ 192.893277] bridge0: port 2(bridge_slave_1) entered forwarding state [ 192.899997] bridge0: port 1(bridge_slave_0) entered blocking state [ 192.906382] bridge0: port 1(bridge_slave_0) entered forwarding state [ 192.929281] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 192.997823] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 193.005069] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 193.589727] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.596130] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.602865] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.609264] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.644091] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 194.006916] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 194.087718] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.094088] bridge0: port 2(bridge_slave_1) entered forwarding state [ 194.100812] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.107264] bridge0: port 1(bridge_slave_0) entered forwarding state [ 194.133963] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 194.143299] bridge0: port 2(bridge_slave_1) entered blocking state [ 194.149774] bridge0: port 2(bridge_slave_1) entered forwarding state [ 194.156451] bridge0: port 1(bridge_slave_0) entered blocking state [ 194.162880] bridge0: port 1(bridge_slave_0) entered forwarding state [ 194.170521] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 195.026979] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 195.046270] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 197.268539] 8021q: adding VLAN 0 to HW filter on device bond0 [ 197.506207] 8021q: adding VLAN 0 to HW filter on device bond0 [ 197.730676] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 198.001406] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 198.225445] 8021q: adding VLAN 0 to HW filter on device bond0 [ 198.283992] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 198.296698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 198.311931] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 198.537501] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 198.543738] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 198.577099] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 198.603475] 8021q: adding VLAN 0 to HW filter on device bond0 [ 198.715353] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 198.754204] 8021q: adding VLAN 0 to HW filter on device team0 [ 198.945770] 8021q: adding VLAN 0 to HW filter on device team0 [ 199.151945] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 199.217629] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 199.224695] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 199.237574] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 199.500648] 8021q: adding VLAN 0 to HW filter on device bond0 [ 199.558309] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 199.564485] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 199.573072] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 199.620536] 8021q: adding VLAN 0 to HW filter on device bond0 [ 199.726960] 8021q: adding VLAN 0 to HW filter on device team0 [ 199.866751] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 199.993873] 8021q: adding VLAN 0 to HW filter on device team0 [ 200.144518] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 200.285029] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 200.300268] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 200.309596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 200.618930] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 200.625196] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 200.647894] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 200.767621] 8021q: adding VLAN 0 to HW filter on device team0 [ 201.064450] 8021q: adding VLAN 0 to HW filter on device team0 01:09:28 executing program 0: clone(0x0, 0x0, 0x0, 0x0, 0x0) name_to_handle_at(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 01:09:28 executing program 0: getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000600)={{{@in6=@remote, @in=@dev}}, {{@in6=@loopback}, 0x0, @in6=@mcast2}}, 0x0) accept4(0xffffffffffffff9c, 0x0, &(0x7f0000001480), 0x0) getpeername$packet(0xffffffffffffffff, 0x0, &(0x7f0000001500)) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffff9c, 0x29, 0x23, &(0x7f0000001600)={{{@in=@multicast2, @in6=@loopback}}, {{@in6=@ipv4}, 0x0, @in=@broadcast}}, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) sendmsg$TEAM_CMD_PORT_LIST_GET(0xffffffffffffffff, 0x0, 0x0) r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$eventfd(r0, &(0x7f0000000080), 0xfffffe5e) sched_setattr(0x0, &(0x7f0000000000)={0x0, 0x6, 0x0, 0x0, 0x0, 0x8000000009917, 0x400000000000fffd}, 0x0) ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f0000000140)) fallocate(r0, 0x0, 0x0, 0x6) 01:09:28 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x26, &(0x7f0000000180)=ANY=[@ANYBLOB="b400000000000000fe000000000000009500000000000000e1a5b414deb03971e2efb69fe1d460c82fb84594c44298c9c809653eb7b7a56dec55cf1eb0028b71cec25e2086fb808880000000d573b0317a7abe3aeb7009c48c182851b742da069f9c6365823ee6b8ca40b39af3afdbe683c87b64894d3aebb3ca374f7301d1eb91d86864878bb354c98ad0f383e6842795cad78373e486704ea936e99c6fe89493b19446c50f1999d2302d9cc5106ea9e39d0638c5cbff5f8ffa27c3a01a334da6e2dec660ca5ba43da18965ef65294d0e84b7a1806e3aea1b9b48bf9d38e9e229b2f240b39026ea2b85fb74450e873d7b88e3e51f0713d69749f93fae2987ef6fa68d154f752aa68bced2b15d7459cd7be03bf28690e2ccf12007181d004f92dba940d1ba2a911efb8eb431985d1ee49e6421bdc0"], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195}, 0x48) 01:09:28 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x14, 0x6, 0x1, 0x1ffffffd}, 0x14}}, 0x0) 01:09:29 executing program 1: r0 = socket$inet6(0xa, 0x2000000000000001, 0x8010000000000084) bind$inet6(r0, &(0x7f00002aafe4)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x2) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r1, &(0x7f0000000100)='F', 0x1, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f00000002c0)={0x0, @in={{0xa, 0x0, @dev}}, 0x68000000, 0x0, 0x0, 0x0, 0xd}, 0x98) bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) [ 202.422268] sctp: failed to load transform for md5: -4 01:09:29 executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x8, 0xe, &(0x7f0000000140)=ANY=[@ANYBLOB="b702000000000000bf230000000000000702000000feff0caf13c037ae2343ad0861c56e33be8fff7a0af0fff8ffffff79a4f0ff00000000b70600000000ee012d6405000000000065040400010000000704000001000000b7040000000000006a0a00fe00000000850000001a000000"], 0x0}, 0x48) 01:09:29 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ioctl$TIOCLINUX5(0xffffffffffffffff, 0x541c, 0x0) fcntl$getown(0xffffffffffffffff, 0x9) r1 = syz_open_procfs(0x0, 0x0) sendfile(r1, r1, &(0x7f00000000c0)=0x202, 0xdd) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000003880)={0x0, 0x989680}) ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000300)) stat(0x0, 0x0) getresgid(0x0, 0x0, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) getuid() getgid() getpgrp(0xffffffffffffffff) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) fstat(r2, 0x0) getpgrp(0xffffffffffffffff) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000006c40), &(0x7f0000006c80)=0xc) 01:09:29 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) r1 = open(&(0x7f00000002c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r1, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000100)='/exe\x00\x00\x00\x00\x00\x04\t\x00K\xdd\xd9\xf1\x91\xbe\x10\xee\xbf\x00\x0e\xe9\xff\a\x00\x00\x00\x00\x00\x00T\xfa\aBJ\xde\xe9\x16\xd2\xdau\xaf\xe7\v5\xa0\xfdj\x1f\x02\x00\xf5\xab&\xd7\xa0q\xfb53\x1c\xe3\x9cZehd\x10r\x1e\xe2\xdbjt\xe33&S') fcntl$setstatus(r2, 0x4, 0x7ffb) r3 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) fcntl$setstatus(r3, 0x4, 0x6100) ftruncate(r3, 0x48204) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x8000fffffffe) pread64(r2, &(0x7f0000002000)=""/4096, 0x1000, 0x0) 01:09:29 executing program 1: syz_mount_image$nfs(&(0x7f0000000180)='nfs\x00', &(0x7f00000001c0)='./file1\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 01:09:29 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000802, &(0x7f0000000100)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10) dup2(r0, r0) sendto$inet(r0, &(0x7f00000000c0)="81", 0x1, 0x0, 0x0, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_ifreq(r1, 0x8937, &(0x7f0000000040)={'syz_tun\x00\x00\x00N\x00', @ifru_map={0x1}}) [ 203.554208] FAT-fs (loop4): bogus number of reserved sectors [ 203.560978] FAT-fs (loop4): Can't find a valid FAT filesystem [ 203.614494] FAT-fs (loop4): bogus number of reserved sectors [ 203.620925] FAT-fs (loop4): Can't find a valid FAT filesystem 01:09:30 executing program 4: 01:09:30 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x2, &(0x7f000039a000)=[{0x20}, {0x6}]}, 0x10) sendmmsg(r0, &(0x7f0000000040), 0x324fad809d5a9cf, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) 01:09:30 executing program 1: seccomp(0x1, 0x0, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0xfffffffffffffff7}]}) open(&(0x7f0000000100)='./file0\x00', 0x142, 0x0) chmod(&(0x7f0000000640)='./file0\x00', 0x0) 01:09:30 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000802, &(0x7f0000000100)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10) dup2(r0, r0) sendto$inet(r0, &(0x7f00000000c0)="81", 0x1, 0x0, 0x0, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_ifreq(r1, 0x8937, &(0x7f0000000040)={'syz_tun\x00\x00\x00N\x00', @ifru_map={0x1}}) 01:09:30 executing program 0: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x803, 0x9) r0 = memfd_create(&(0x7f0000000400)='\xe87y\xd8\x0e\xfaE\xbb\x7fH\xbe\xbc\x95\x87\v\xd0\xcd9\xbd(0\xeeG\xaf\xe7\xb3?\xc7x\xbd\xe2R\xc5\r.', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x1) r2 = dup2(r1, r0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00'}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(0xffffffffffffffff, 0xc08c5334, &(0x7f00000001c0)={0xf48b, 0x0, 0x0, 'queue1\x00'}) write$sndseq(r0, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}], 0xffffff76) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r2, 0xc08c5336, 0x0) ioctl$DRM_IOCTL_RM_CTX(0xffffffffffffffff, 0xc0086421, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) fstatfs(0xffffffffffffffff, 0x0) clock_settime(0x0, 0x0) nanosleep(&(0x7f0000000040)={0x0, 0x1c9c380}, 0x0) r3 = epoll_create(0x7f) dup2(0xffffffffffffffff, r3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)) 01:09:30 executing program 5: 01:09:30 executing program 5: [ 203.738656] audit: type=1326 audit(1545268170.441:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7733 comm="syz-executor1" exe="/root/syz-executor1" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a4ca code=0xffff0000 01:09:30 executing program 4: 01:09:30 executing program 3: 01:09:30 executing program 5: 01:09:30 executing program 4: 01:09:30 executing program 3: 01:09:30 executing program 5: 01:09:30 executing program 2: 01:09:31 executing program 3: 01:09:31 executing program 4: 01:09:31 executing program 5: 01:09:31 executing program 2: 01:09:31 executing program 1: 01:09:31 executing program 0: [ 204.505855] audit: type=1326 audit(1545268171.201:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7733 comm="syz-executor1" exe="/root/syz-executor1" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45a4ca code=0xffff0000 01:09:31 executing program 3: 01:09:31 executing program 0: 01:09:31 executing program 4: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) sched_setscheduler(0x0, 0x1, &(0x7f00000001c0)=0x4) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = inotify_init1(0x0) fcntl$setown(r1, 0x8, 0xffffffffffffffff) fcntl$getownex(r1, 0x10, &(0x7f0000000040)={0x0, 0x0}) ptrace$setopts(0x4206, r2, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x8, &(0x7f00000000c0)) tkill(r0, 0x1000000000016) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) 01:09:31 executing program 2: 01:09:31 executing program 5: 01:09:31 executing program 1: 01:09:31 executing program 3: 01:09:31 executing program 0: 01:09:31 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt(r0, 0x8000000000000001, 0x10000000000009, &(0x7f0000003f00)="890528e4", 0x4) setsockopt$inet6_tcp_int(r0, 0x6, 0x4, &(0x7f00000000c0)=0x2be, 0x4) 01:09:31 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(hmac(sha256-generic))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) 01:09:31 executing program 1: r0 = syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x0, 0x0) r1 = memfd_create(&(0x7f00000000c0)='\x00\x00\x8c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000040)='\'', 0x1}], 0x1, 0x81806) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socketpair$unix(0x1, 0x40100000005, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendfile(r2, r0, 0x0, 0x2000005) ioctl$LOOP_CLR_FD(r0, 0x4c01) 01:09:31 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'cryptd(hmac(sha256-generic))\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$FOU_CMD_DEL(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000003c0)={0x0}}, 0x0) 01:09:31 executing program 0: 01:09:31 executing program 4: 01:09:31 executing program 4: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = semget$private(0x0, 0x20000000103, 0xffffffffffffffff) semop(r1, &(0x7f0000000100)=[{0x0, 0xfffffffffffefffc}], 0x1) syz_genetlink_get_family_id$tipc(0x0) sendmsg$TIPC_CMD_GET_NETID(0xffffffffffffffff, 0x0, 0x80) semop(r1, &(0x7f0000000000)=[{0x0, 0x7}], 0x1) 01:09:31 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) io_setup(0x25c, &(0x7f0000000100)=0x0) eventfd(0x0) io_submit(r1, 0x1, &(0x7f00000003c0)=[&(0x7f0000000280)={0x0, 0x0, 0x0, 0x2, 0x0, r0, 0x0}]) 01:09:31 executing program 0: clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000240)=@nat={'nat\x00', 0x19, 0x3, 0x3d8, [0x200003c0, 0x0, 0x0, 0x20000500, 0x20000768], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff01000000050000002000000000607465716c3000000000000000000000007665746831000000000000000000000076657468305f746f5f626f6e6400000062707130000000000000000000000000efed44c946460002ff00ffffffffffffffffffffffffff00000070000000d800000010010000415544495400000000000000000000000000000000000000000000000000000008000000000000000000000000000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff00000000736e61740000000000000000000000000000000000000000000000000000000010000000000000000180c20000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff020000001100000009000000a2f56263736630000000000000000000000076657468305f746f5f626f6e6400000069726c616e3000000000000000000000697036746e6c3000000000000000000000000000000000ffff0000000180c20000020000ffffff00000070000000a8000000f00000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000ffffffff000000004552524f5200000000000000000000000000000000000000000000000000000020000000000000000f5a2457c1e85b2302a41a5729b92b0e805fdc8ba80ee1827db344173b180000030000000000000000007665746830000000000000000000000062707130000000000000000000000000626f6e6430000000000000000000000073797a6b616c6c657231000000000000aaaaaaaaaabb00000000ff000180c20000000000000000000000e000000018010000480100007374700000000000000000000000b6aad74e00000000000000000000000000004800000000000000000000004b007f0000010180c200000e0000ffff000000000300000007000000040001000000000000000000ffffff004e244e23ffff030007000300030005000000030008000400736e6174000000000000000000000000000000000000000000000000000000001000000000000000ffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000003000000feffffff00000000"]}, 0x450) 01:09:31 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) read(r0, &(0x7f0000000000)=""/11, 0xb) ioctl$sock_SIOCGIFCONF(r1, 0x8912, &(0x7f0000000140)) syz_execute_func(&(0x7f0000000180)="3666440f9bf56664400f9f3241c3c4e2c9975842c4c27d794e003e0f11581010198c7f7fcd04af6e0f01db") 01:09:31 executing program 3: r0 = syz_open_procfs(0x0, &(0x7f0000000480)='net/ip_mr_vif\x00') sendfile(r0, r0, &(0x7f0000000140)=0x202, 0xd9) [ 205.157220] x_tables: eb_tables: snat target: used from hooks PREROUTING, but only usable from POSTROUTING [ 205.167450] x_tables: eb_tables: snat target: used from hooks PREROUTING, but only usable from POSTROUTING 01:09:31 executing program 0: clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000240)=@nat={'nat\x00', 0x19, 0x3, 0x3d8, [0x200003c0, 0x0, 0x0, 0x20000500, 0x20000768], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff01000000050000002000000000607465716c3000000000000000000000007665746831000000000000000000000076657468305f746f5f626f6e6400000062707130000000000000000000000000efed44c946460002ff00ffffffffffffffffffffffffff00000070000000d800000010010000415544495400000000000000000000000000000000000000000000000000000008000000000000000000000000000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff00000000736e61740000000000000000000000000000000000000000000000000000000010000000000000000180c20000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff020000001100000009000000a2f56263736630000000000000000000000076657468305f746f5f626f6e6400000069726c616e3000000000000000000000697036746e6c3000000000000000000000000000000000ffff0000000180c20000020000ffffff00000070000000a8000000f00000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000ffffffff000000004552524f5200000000000000000000000000000000000000000000000000000020000000000000000f5a2457c1e85b2302a41a5729b92b0e805fdc8ba80ee1827db344173b180000030000000000000000007665746830000000000000000000000062707130000000000000000000000000626f6e6430000000000000000000000073797a6b616c6c657231000000000000aaaaaaaaaabb00000000ff000180c20000000000000000000000e000000018010000480100007374700000000000000000000000b6aad74e00000000000000000000000000004800000000000000000000004b007f0000010180c200000e0000ffff000000000300000007000000040001000000000000000000ffffff004e244e23ffff030007000300030005000000030008000400736e6174000000000000000000000000000000000000000000000000000000001000000000000000ffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000003000000feffffff00000000"]}, 0x450) [ 205.260536] x_tables: eb_tables: snat target: used from hooks PREROUTING, but only usable from POSTROUTING 01:09:32 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x4) ioctl(r0, 0x1000008912, &(0x7f0000000140)="0a5c2d023c126285718070") r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00001fefe4), 0x1c) 01:09:32 executing program 0: clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000240)=@nat={'nat\x00', 0x19, 0x3, 0x3d8, [0x200003c0, 0x0, 0x0, 0x20000500, 0x20000768], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff01000000050000002000000000607465716c3000000000000000000000007665746831000000000000000000000076657468305f746f5f626f6e6400000062707130000000000000000000000000efed44c946460002ff00ffffffffffffffffffffffffff00000070000000d800000010010000415544495400000000000000000000000000000000000000000000000000000008000000000000000000000000000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff00000000736e61740000000000000000000000000000000000000000000000000000000010000000000000000180c20000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff020000001100000009000000a2f56263736630000000000000000000000076657468305f746f5f626f6e6400000069726c616e3000000000000000000000697036746e6c3000000000000000000000000000000000ffff0000000180c20000020000ffffff00000070000000a8000000f00000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000ffffffff000000004552524f5200000000000000000000000000000000000000000000000000000020000000000000000f5a2457c1e85b2302a41a5729b92b0e805fdc8ba80ee1827db344173b180000030000000000000000007665746830000000000000000000000062707130000000000000000000000000626f6e6430000000000000000000000073797a6b616c6c657231000000000000aaaaaaaaaabb00000000ff000180c20000000000000000000000e000000018010000480100007374700000000000000000000000b6aad74e00000000000000000000000000004800000000000000000000004b007f0000010180c200000e0000ffff000000000300000007000000040001000000000000000000ffffff004e244e23ffff030007000300030005000000030008000400736e6174000000000000000000000000000000000000000000000000000000001000000000000000ffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000003000000feffffff00000000"]}, 0x450) 01:09:32 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f0000000080)={{0x2, 0x0, @rand_addr=0x1}, {0x0, @dev}, 0x18, {0x2, 0x0, @remote}, 'ip6gre0\x00'}) 01:09:32 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt(r0, 0x8000000000000001, 0x10000000000009, &(0x7f0000003f00)="890528e4", 0x4) setsockopt$inet6_tcp_int(r0, 0x6, 0x4, &(0x7f00000000c0)=0x2be, 0x4) 01:09:32 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r0, 0x8953, &(0x7f0000000180)={{0x2, 0x0, @local}, {0x0, @link_local}, 0x8, {0x2, 0x0, @remote}}) [ 205.732302] x_tables: eb_tables: snat target: used from hooks PREROUTING, but only usable from POSTROUTING 01:09:32 executing program 4: add_key(&(0x7f0000000080)='id_legacy\x00', &(0x7f00000000c0)={'syz', 0x2}, &(0x7f0000000100)='\a', 0x1, 0xfffffffffffffffc) 01:09:32 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_open_procfs(0x0, &(0x7f0000000340)='net/ip6_flowlabel\x00n\xc01\x14\x894X\xed\xc1\xc9\xd8\xdcK\r\x8d\xae\x98&@\xd0\xe6\xbbQ\xd7\xffYn\x1c\x92\xde\x0e\xaa1\x91\x98\xe9\x1f\nMCi|+\xcdw\xf0\x176Z\xf1`\xac\xf3;\xd6d2\xeb\xe5\f\x0e\x8b\xda\xf7\xfc9\xfe\xff4\xef\'\xa19q\x93\"\x7fG3\xc1E\xe6e6\xc6\xc2u\x11% \xe7+0\x97\x84;\\\xda\xc4\x80\xc3\xb18N\xbfY%\x05\xf8\x85\x89\xfc\xd2\xd7') sendfile(r0, r2, &(0x7f0000000100)=0x202, 0x24e) 01:09:32 executing program 1: syz_emit_ethernet(0x2a, &(0x7f0000000100)={@local, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @remote, @local={0xac, 0x223}}, @igmp={0x0, 0x0, 0x0, @multicast1}}}}}, 0x0) 01:09:32 executing program 0: clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000240)=@nat={'nat\x00', 0x19, 0x3, 0x3d8, [0x200003c0, 0x0, 0x0, 0x20000500, 0x20000768], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff01000000050000002000000000607465716c3000000000000000000000007665746831000000000000000000000076657468305f746f5f626f6e6400000062707130000000000000000000000000efed44c946460002ff00ffffffffffffffffffffffffff00000070000000d800000010010000415544495400000000000000000000000000000000000000000000000000000008000000000000000000000000000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff00000000736e61740000000000000000000000000000000000000000000000000000000010000000000000000180c20000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff020000001100000009000000a2f56263736630000000000000000000000076657468305f746f5f626f6e6400000069726c616e3000000000000000000000697036746e6c3000000000000000000000000000000000ffff0000000180c20000020000ffffff00000070000000a8000000f00000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000ffffffff000000004552524f5200000000000000000000000000000000000000000000000000000020000000000000000f5a2457c1e85b2302a41a5729b92b0e805fdc8ba80ee1827db344173b180000030000000000000000007665746830000000000000000000000062707130000000000000000000000000626f6e6430000000000000000000000073797a6b616c6c657231000000000000aaaaaaaaaabb00000000ff000180c20000000000000000000000e000000018010000480100007374700000000000000000000000b6aad74e00000000000000000000000000004800000000000000000000004b007f0000010180c200000e0000ffff000000000300000007000000040001000000000000000000ffffff004e244e23ffff030007000300030005000000030008000400736e6174000000000000000000000000000000000000000000000000000000001000000000000000ffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000003000000feffffff00000000"]}, 0x450) [ 205.931093] x_tables: eb_tables: snat target: used from hooks PREROUTING, but only usable from POSTROUTING 01:09:32 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) read(r0, &(0x7f0000000000)=""/11, 0xb) ioctl$sock_SIOCGIFCONF(r1, 0x8912, &(0x7f0000000140)) syz_execute_func(&(0x7f0000000180)="3666440f9bf56664400f9f3241c3c4e2c9975842c4c27d794e003e0f11581010198c7f7fcd04af6e0f01db") 01:09:32 executing program 4: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) r1 = syz_open_procfs(0x0, &(0x7f0000000340)='net/ip6_flowlabel\x00n\xc01\x14\x894X\xed\xc1\xc9\xd8\xdcK\r\x8d\xae\x98&@\xd0\xe6\xbbQ\xd7\xffYn\x1c\x92\xde\x0e\xaa1\x91\x98\xe9\x1f\nMCi|+\xcdw\xf0\x176Z\xf1`\xac\xf3;\xd6d2\xeb\xe5\f\x0e\x8b\xda\xf7\xfc9\xfe\xff4\xef\'\xa19q\x93\"\x7fG3\xc1E\xe6e6\xc6\xc2u\x11% \xe7+0\x97\x84;\\\xda\xc4\x80\xc3\xb18N\xbfY%\x05\xf8\x85\x89\xfc\xd2\xd7') sendfile(r0, r1, &(0x7f0000000100)=0x202, 0x24e) 01:09:32 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r0) setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) getsockopt$sock_buf(r2, 0x1, 0x1f, &(0x7f0000000100)=""/182, &(0x7f0000000000)=0xb6) 01:09:32 executing program 1: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000480)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.sched_relax_domain_level\x00', 0x2, 0x0) sendfile(r1, r1, 0x0, 0x7ffff000) 01:09:32 executing program 0: clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000240)=@nat={'nat\x00', 0x19, 0x3, 0x3d8, [0x200003c0, 0x0, 0x0, 0x20000500, 0x20000768], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff01000000050000002000000000607465716c3000000000000000000000007665746831000000000000000000000076657468305f746f5f626f6e6400000062707130000000000000000000000000efed44c946460002ff00ffffffffffffffffffffffffff00000070000000d800000010010000415544495400000000000000000000000000000000000000000000000000000008000000000000000000000000000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff00000000736e61740000000000000000000000000000000000000000000000000000000010000000000000000180c20000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff020000001100000009000000a2f56263736630000000000000000000000076657468305f746f5f626f6e6400000069726c616e3000000000000000000000697036746e6c3000000000000000000000000000000000ffff0000000180c20000020000ffffff00000070000000a8000000f00000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000ffffffff000000004552524f5200000000000000000000000000000000000000000000000000000020000000000000000f5a2457c1e85b2302a41a5729b92b0e805fdc8ba80ee1827db344173b180000030000000000000000007665746830000000000000000000000062707130000000000000000000000000626f6e6430000000000000000000000073797a6b616c6c657231000000000000aaaaaaaaaabb00000000ff000180c20000000000000000000000e000000018010000480100007374700000000000000000000000b6aad74e00000000000000000000000000004800000000000000000000004b007f0000010180c200000e0000ffff000000000300000007000000040001000000000000000000ffffff004e244e23ffff030007000300030005000000030008000400736e6174000000000000000000000000000000000000000000000000000000001000000000000000ffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000003000000feffffff00000000"]}, 0x450) 01:09:32 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000240)=@nat={'nat\x00', 0x19, 0x3, 0x3d8, [0x200003c0, 0x0, 0x0, 0x20000500, 0x20000768], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff01000000050000002000000000607465716c3000000000000000000000007665746831000000000000000000000076657468305f746f5f626f6e6400000062707130000000000000000000000000efed44c946460002ff00ffffffffffffffffffffffffff00000070000000d800000010010000415544495400000000000000000000000000000000000000000000000000000008000000000000000000000000000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff00000000736e61740000000000000000000000000000000000000000000000000000000010000000000000000180c20000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff020000001100000009000000a2f56263736630000000000000000000000076657468305f746f5f626f6e6400000069726c616e3000000000000000000000697036746e6c3000000000000000000000000000000000ffff0000000180c20000020000ffffff00000070000000a8000000f00000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000ffffffff000000004552524f5200000000000000000000000000000000000000000000000000000020000000000000000f5a2457c1e85b2302a41a5729b92b0e805fdc8ba80ee1827db344173b180000030000000000000000007665746830000000000000000000000062707130000000000000000000000000626f6e6430000000000000000000000073797a6b616c6c657231000000000000aaaaaaaaaabb00000000ff000180c20000000000000000000000e000000018010000480100007374700000000000000000000000b6aad74e00000000000000000000000000004800000000000000000000004b007f0000010180c200000e0000ffff000000000300000007000000040001000000000000000000ffffff004e244e23ffff030007000300030005000000030008000400736e6174000000000000000000000000000000000000000000000000000000001000000000000000ffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000003000000feffffff00000000"]}, 0x450) [ 206.160688] x_tables: eb_tables: snat target: used from hooks PREROUTING, but only usable from POSTROUTING 01:09:33 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt(r0, 0x8000000000000001, 0x10000000000009, &(0x7f0000003f00)="890528e4", 0x4) setsockopt$inet6_tcp_int(r0, 0x6, 0x4, &(0x7f00000000c0)=0x2be, 0x4) 01:09:33 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x910, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) readahead(r0, 0x0, 0x0) 01:09:33 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup\x00', 0x200002, 0x0) fchdir(r1) creat(&(0x7f0000000080)='./file1\x00', 0x0) 01:09:33 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x910, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) getsockopt(r1, 0x3, 0x0, 0x0, 0x0) 01:09:33 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000240)=@nat={'nat\x00', 0x19, 0x3, 0x3d8, [0x200003c0, 0x0, 0x0, 0x20000500, 0x20000768], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff01000000050000002000000000607465716c3000000000000000000000007665746831000000000000000000000076657468305f746f5f626f6e6400000062707130000000000000000000000000efed44c946460002ff00ffffffffffffffffffffffffff00000070000000d800000010010000415544495400000000000000000000000000000000000000000000000000000008000000000000000000000000000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff00000000736e61740000000000000000000000000000000000000000000000000000000010000000000000000180c20000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff020000001100000009000000a2f56263736630000000000000000000000076657468305f746f5f626f6e6400000069726c616e3000000000000000000000697036746e6c3000000000000000000000000000000000ffff0000000180c20000020000ffffff00000070000000a8000000f00000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000ffffffff000000004552524f5200000000000000000000000000000000000000000000000000000020000000000000000f5a2457c1e85b2302a41a5729b92b0e805fdc8ba80ee1827db344173b180000030000000000000000007665746830000000000000000000000062707130000000000000000000000000626f6e6430000000000000000000000073797a6b616c6c657231000000000000aaaaaaaaaabb00000000ff000180c20000000000000000000000e000000018010000480100007374700000000000000000000000b6aad74e00000000000000000000000000004800000000000000000000004b007f0000010180c200000e0000ffff000000000300000007000000040001000000000000000000ffffff004e244e23ffff030007000300030005000000030008000400736e6174000000000000000000000000000000000000000000000000000000001000000000000000ffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000003000000feffffff00000000"]}, 0x450) 01:09:33 executing program 1: clone(0x84007ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mknod(&(0x7f0000000340)='./file0\x00', 0x10001040, 0x0) execve(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x7, 0x5c831, 0xffffffffffffffff, 0x0) io_setup(0x0, &(0x7f0000a8aff8)) [ 206.641484] x_tables: eb_tables: snat target: used from hooks PREROUTING, but only usable from POSTROUTING 01:09:33 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) read(r0, &(0x7f0000000000)=""/11, 0xb) ioctl$sock_SIOCGIFCONF(r1, 0x8912, &(0x7f0000000140)) syz_execute_func(&(0x7f0000000180)="3666440f9bf56664400f9f3241c3c4e2c9975842c4c27d794e003e0f11581010198c7f7fcd04af6e0f01db") 01:09:33 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f00000001c0)='./bus\x00', 0x0) write$cgroup_subtree(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="42805832ac520b21c67dbec51009f5c2df2001163d24d078f136f05a82ca8733d9c83ac0fc90de3f4430f90a6e0f06bce2dc753a5100000000000000047c6d83720e627737aa176b24c9ab1a8655e99d1f138c03d097c464590d27492964f635edb34f7a1971eae7d84d4b5a4075187e14665da87e94eceb289a3311729551299242219ce60349a04ba6cf6076a469c88037e09c335bcd794e01857d624c40b51f6aee8ea798b2c7cd478d881a606dcf9329445fa1f983d55a16929a628bba4b98a7030a7192ce2a1f5a7b1b0f03349dcf61518181"], 0xd5) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x8000fffffffe) r3 = open(&(0x7f0000000040)='./bus\x00', 0x4000, 0x0) pread64(r3, &(0x7f0000005000)=""/4096, 0x1000, 0x0) 01:09:33 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000480)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 01:09:33 executing program 0: clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000240)=@nat={'nat\x00', 0x19, 0x3, 0x3d8, [0x200003c0, 0x0, 0x0, 0x20000500, 0x20000768], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff01000000050000002000000000607465716c3000000000000000000000007665746831000000000000000000000076657468305f746f5f626f6e6400000062707130000000000000000000000000efed44c946460002ff00ffffffffffffffffffffffffff00000070000000d800000010010000415544495400000000000000000000000000000000000000000000000000000008000000000000000000000000000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff00000000736e61740000000000000000000000000000000000000000000000000000000010000000000000000180c20000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff020000001100000009000000a2f56263736630000000000000000000000076657468305f746f5f626f6e6400000069726c616e3000000000000000000000697036746e6c3000000000000000000000000000000000ffff0000000180c20000020000ffffff00000070000000a8000000f00000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000ffffffff000000004552524f5200000000000000000000000000000000000000000000000000000020000000000000000f5a2457c1e85b2302a41a5729b92b0e805fdc8ba80ee1827db344173b180000030000000000000000007665746830000000000000000000000062707130000000000000000000000000626f6e6430000000000000000000000073797a6b616c6c657231000000000000aaaaaaaaaabb00000000ff000180c20000000000000000000000e000000018010000480100007374700000000000000000000000b6aad74e00000000000000000000000000004800000000000000000000004b007f0000010180c200000e0000ffff000000000300000007000000040001000000000000000000ffffff004e244e23ffff030007000300030005000000030008000400736e6174000000000000000000000000000000000000000000000000000000001000000000000000ffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000003000000feffffff00000000"]}, 0x450) 01:09:33 executing program 0: clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, 0x0, 0x450) [ 206.926936] binder_alloc: 7956: binder_alloc_buf, no vma [ 206.946936] binder: 7956:7957 transaction failed 29189/-3, size 24-8 line 2989 [ 206.963783] binder: BINDER_SET_CONTEXT_MGR already set [ 206.969652] binder: 7956:7962 ioctl 40046207 0 returned -16 01:09:33 executing program 0: clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000240)=@nat={'nat\x00', 0x19, 0x3, 0x0, [0x200003c0, 0x0, 0x0, 0x20000500, 0x20000768], 0x0, 0x0}, 0x450) [ 206.976438] binder_alloc: 7956: binder_alloc_buf, no vma [ 206.992709] binder: 7956:7957 transaction failed 29189/-3, size 24-8 line 2989 [ 207.043280] kernel msg: ebtables bug: please report to author: Wrong len argument 01:09:34 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r0, &(0x7f00000000c0)=ANY=[], 0x7fffffff) recvfrom(r1, &(0x7f0000000180)=""/184, 0xfffffffffffffd84, 0x10100, 0x0, 0xfffffffffffffd51) getgid() socket(0x0, 0x1, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) 01:09:34 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt(r0, 0x8000000000000001, 0x10000000000009, &(0x7f0000003f00)="890528e4", 0x4) setsockopt$inet6_tcp_int(r0, 0x6, 0x4, &(0x7f00000000c0)=0x2be, 0x4) 01:09:34 executing program 0: clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000240)=@nat={'nat\x00', 0x19, 0x3, 0x0, [0x200003c0, 0x0, 0x0, 0x20000500, 0x20000768], 0x0, 0x0}, 0x450) 01:09:34 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000480)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r1, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 01:09:34 executing program 0: clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000240)=@nat={'nat\x00', 0x19, 0x3, 0x0, [0x200003c0, 0x0, 0x0, 0x20000500, 0x20000768], 0x0, 0x0}, 0x450) [ 207.447400] kernel msg: ebtables bug: please report to author: Wrong len argument [ 207.463843] binder_alloc: 7976: binder_alloc_buf, no vma [ 207.472487] binder: 7976:7978 transaction failed 29189/-3, size 24-8 line 2989 01:09:34 executing program 1: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000840)=""/148, 0x94}], 0x1, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) vmsplice(r0, &(0x7f0000000000), 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/route\x00') preadv(r2, &(0x7f0000000700), 0x31f, 0x10400003) [ 207.515365] kernel msg: ebtables bug: please report to author: Wrong len argument 01:09:34 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) read(r0, &(0x7f0000000000)=""/11, 0xb) ioctl$sock_SIOCGIFCONF(r1, 0x8912, &(0x7f0000000140)) syz_execute_func(&(0x7f0000000180)="3666440f9bf56664400f9f3241c3c4e2c9975842c4c27d794e003e0f11581010198c7f7fcd04af6e0f01db") 01:09:34 executing program 3: socketpair$unix(0x1, 0x100000000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$netlink(0x10, 0x3, 0xd) 01:09:34 executing program 0: clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000240)=@nat={'nat\x00', 0x19, 0x3, 0x0, [0x200003c0, 0x0, 0x0, 0x20000500, 0x20000768], 0x0, 0x0, &(0x7f00000003c0)=ANY=[]}, 0x78) 01:09:34 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r0, &(0x7f00000000c0)=ANY=[], 0x7fffffff) recvfrom(r1, &(0x7f0000000180)=""/184, 0xfffffffffffffd84, 0x10100, 0x0, 0xfffffffffffffd51) getgid() socket(0x0, 0x1, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) 01:09:34 executing program 0: clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000240)=@nat={'nat\x00', 0x19, 0x3, 0x0, [0x200003c0, 0x0, 0x0, 0x20000500, 0x20000768], 0x0, 0x0, &(0x7f00000003c0)=ANY=[]}, 0x78) 01:09:34 executing program 3: rt_sigprocmask(0x0, &(0x7f0000000040)={0xfffffffffffffff8}, 0x0, 0x8) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x12) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$cont(0x1f, r0, 0x0, 0x0) ptrace$cont(0x9, r0, 0x0, 0x2) [ 207.770177] kernel msg: ebtables bug: please report to author: Entries_size never zero 01:09:34 executing program 0: clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000240)=@nat={'nat\x00', 0x19, 0x3, 0x0, [0x200003c0, 0x0, 0x0, 0x20000500, 0x20000768], 0x0, 0x0, &(0x7f00000003c0)=ANY=[]}, 0x78) [ 207.841061] kernel msg: ebtables bug: please report to author: Entries_size never zero [ 207.902792] kernel msg: ebtables bug: please report to author: Entries_size never zero 01:09:34 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$inet6_tcp_int(r0, 0x6, 0x4, &(0x7f00000000c0)=0x2be, 0x4) 01:09:34 executing program 3: lsetxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000100)='/dev/uinput\x00', 0x0, 0x0) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x5501, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x3, 0x0) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, 0x0) dup3(r0, r1, 0x0) 01:09:34 executing program 0: clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000240)=@nat={'nat\x00', 0x19, 0x3, 0x0, [0x200003c0, 0x0, 0x0, 0x20000500, 0x20000768], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB]}, 0x78) 01:09:35 executing program 0: clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000240)=@nat={'nat\x00', 0x19, 0x3, 0x1ec, [0x200003c0, 0x0, 0x0, 0x20000500, 0x20000768], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff01000000050000002000000000607465716c3000000000000000000000007665746831000000000000000000000076657468305f746f5f626f6e6400000062707130000000000000000000000000efed44c946460002ff00ffffffffffffffffffffffffff00000070000000d800000010010000415544495400000000000000000000000000000000000000000000000000000008000000000000000000000000000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff00000000736e61740000000000000000000000000000000000000000000000000000000010000000000000000180c20000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff020000001100000009000000a2f56263736630000000000000000000000076657468305f746f5f626f6e6400000069726c616e3000000000000000000000697036746e6c3000000000000000000000000000000000ffff0000000180c20000020000ffffff00000070000000a8000000f00000006172707265706c7900000000"]}, 0x264) [ 208.306740] kernel msg: ebtables bug: please report to author: Entries_size never zero [ 208.354915] kernel msg: ebtables bug: please report to author: entries_size too small 01:09:35 executing program 1: pread64(0xffffffffffffffff, 0x0, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) read(r0, &(0x7f0000000200)=""/250, 0x50c7e3e3) chmod(0x0, 0x0) r2 = socket$inet6(0xa, 0x0, 0x0) ioctl$EVIOCGPHYS(0xffffffffffffffff, 0x80404507, &(0x7f00000001c0)=""/17) r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) write$FUSE_WRITE(r0, 0x0, 0x0) ioctl$KDSKBSENT(r1, 0x4b49, 0x0) exit(0x43b) ioctl$int_out(0xffffffffffffffff, 0x5460, 0x0) ioctl$TIOCCBRK(r3, 0x5428) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8000000}) 01:09:35 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) socket$inet_icmp_raw(0x2, 0x3, 0x1) read(r0, &(0x7f0000000000)=""/11, 0xb) syz_execute_func(&(0x7f0000000180)="3666440f9bf56664400f9f3241c3c4e2c9975842c4c27d794e003e0f11581010198c7f7fcd04af6e0f01db") 01:09:35 executing program 0: clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000240)=@nat={'nat\x00', 0x19, 0x3, 0x2e2, [0x200003c0, 0x0, 0x0, 0x20000500, 0x20000768], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff01000000050000002000000000607465716c3000000000000000000000007665746831000000000000000000000076657468305f746f5f626f6e6400000062707130000000000000000000000000efed44c946460002ff00ffffffffffffffffffffffffff00000070000000d800000010010000415544495400000000000000000000000000000000000000000000000000000008000000000000000000000000000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff00000000736e61740000000000000000000000000000000000000000000000000000000010000000000000000180c20000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff020000001100000009000000a2f56263736630000000000000000000000076657468305f746f5f626f6e6400000069726c616e3000000000000000000000697036746e6c3000000000000000000000000000000000ffff0000000180c20000020000ffffff00000070000000a8000000f00000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000ffffffff000000004552524f5200000000000000000000000000000000000000000000000000000020000000000000000f5a2457c1e85b2302a41a5729b92b0e805fdc8ba80ee1827db344173b180000030000000000000000007665746830000000000000000000000062707130000000000000000000000000626f6e6430000000000000000000000073797a6b616c6c657231000000000000aaaaaaaaaabb00000000ff000180c20000000000000000000000e000000018010000480100007374700000000000000000000000b6aad74e"]}, 0x35a) 01:09:35 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000100)='/dev/uinput\x00', 0x0, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x3, 0x0) dup3(r0, r1, 0x0) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, 0x0) 01:09:35 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r0, &(0x7f00000000c0)=ANY=[], 0x7fffffff) recvfrom(r1, &(0x7f0000000180)=""/184, 0xfffffffffffffd84, 0x10100, 0x0, 0xfffffffffffffd51) getgid() socket(0x0, 0x1, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) 01:09:35 executing program 0: clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000240)=@nat={'nat\x00', 0x19, 0x3, 0x2e2, [0x200003c0, 0x0, 0x0, 0x20000500, 0x20000768], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff01000000050000002000000000607465716c3000000000000000000000007665746831000000000000000000000076657468305f746f5f626f6e6400000062707130000000000000000000000000efed44c946460002ff00ffffffffffffffffffffffffff00000070000000d800000010010000415544495400000000000000000000000000000000000000000000000000000008000000000000000000000000000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff00000000736e61740000000000000000000000000000000000000000000000000000000010000000000000000180c20000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff020000001100000009000000a2f56263736630000000000000000000000076657468305f746f5f626f6e6400000069726c616e3000000000000000000000697036746e6c3000000000000000000000000000000000ffff0000000180c20000020000ffffff00000070000000a8000000f00000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000ffffffff000000004552524f5200000000000000000000000000000000000000000000000000000020000000000000000f5a2457c1e85b2302a41a5729b92b0e805fdc8ba80ee1827db344173b180000030000000000000000007665746830000000000000000000000062707130000000000000000000000000626f6e6430000000000000000000000073797a6b616c6c657231000000000000aaaaaaaaaabb00000000ff000180c20000000000000000000000e000000018010000480100007374700000000000000000000000b6aad74e"]}, 0x35a) [ 208.644125] kernel msg: ebtables bug: please report to author: entries_size too small 01:09:35 executing program 0: clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000240)=@nat={'nat\x00', 0x19, 0x3, 0x35d, [0x200003c0, 0x0, 0x0, 0x20000500, 0x20000768], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff01000000050000002000000000607465716c3000000000000000000000007665746831000000000000000000000076657468305f746f5f626f6e6400000062707130000000000000000000000000efed44c946460002ff00ffffffffffffffffffffffffff00000070000000d800000010010000415544495400000000000000000000000000000000000000000000000000000008000000000000000000000000000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff00000000736e61740000000000000000000000000000000000000000000000000000000010000000000000000180c20000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff020000001100000009000000a2f56263736630000000000000000000000076657468305f746f5f626f6e6400000069726c616e3000000000000000000000697036746e6c3000000000000000000000000000000000ffff0000000180c20000020000ffffff00000070000000a8000000f00000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000ffffffff000000004552524f5200000000000000000000000000000000000000000000000000000020000000000000000f5a2457c1e85b2302a41a5729b92b0e805fdc8ba80ee1827db344173b180000030000000000000000007665746830000000000000000000000062707130000000000000000000000000626f6e6430000000000000000000000073797a6b616c6c657231000000000000aaaaaaaaaabb00000000ff000180c20000000000000000000000e000000018010000480100007374700000000000000000000000b6aad74e00000000000000000000000000004800000000000000000000004b007f0000010180c200000e0000ffff000000000300000007000000040001000000000000000000ffffff004e244e23ffff030007000300030005000000030008000400736e617400000000000000000000000000000000000000000000000000"]}, 0x3d5) [ 208.712784] kernel msg: ebtables bug: please report to author: entries_size too small 01:09:35 executing program 0: clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000240)=@nat={'nat\x00', 0x19, 0x3, 0x35d, [0x200003c0, 0x0, 0x0, 0x20000500, 0x20000768], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff01000000050000002000000000607465716c3000000000000000000000007665746831000000000000000000000076657468305f746f5f626f6e6400000062707130000000000000000000000000efed44c946460002ff00ffffffffffffffffffffffffff00000070000000d800000010010000415544495400000000000000000000000000000000000000000000000000000008000000000000000000000000000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff00000000736e61740000000000000000000000000000000000000000000000000000000010000000000000000180c20000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff020000001100000009000000a2f56263736630000000000000000000000076657468305f746f5f626f6e6400000069726c616e3000000000000000000000697036746e6c3000000000000000000000000000000000ffff0000000180c20000020000ffffff00000070000000a8000000f00000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000ffffffff000000004552524f5200000000000000000000000000000000000000000000000000000020000000000000000f5a2457c1e85b2302a41a5729b92b0e805fdc8ba80ee1827db344173b180000030000000000000000007665746830000000000000000000000062707130000000000000000000000000626f6e6430000000000000000000000073797a6b616c6c657231000000000000aaaaaaaaaabb00000000ff000180c20000000000000000000000e000000018010000480100007374700000000000000000000000b6aad74e00000000000000000000000000004800000000000000000000004b007f0000010180c200000e0000ffff000000000300000007000000040001000000000000000000ffffff004e244e23ffff030007000300030005000000030008000400736e617400000000000000000000000000000000000000000000000000"]}, 0x3d5) [ 208.805227] kernel msg: ebtables bug: please report to author: entries_size too small [ 208.866278] kernel msg: ebtables bug: please report to author: entries_size too small 01:09:35 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$inet6_tcp_int(r0, 0x6, 0x4, &(0x7f00000000c0)=0x2be, 0x4) 01:09:35 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000480)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x20011, r1, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0xfffffffffffffe43, 0x0, &(0x7f00000003c0)}) 01:09:35 executing program 0: clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000240)=@nat={'nat\x00', 0x19, 0x3, 0x39b, [0x200003c0, 0x0, 0x0, 0x20000500, 0x20000768], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff01000000050000002000000000607465716c3000000000000000000000007665746831000000000000000000000076657468305f746f5f626f6e6400000062707130000000000000000000000000efed44c946460002ff00ffffffffffffffffffffffffff00000070000000d800000010010000415544495400000000000000000000000000000000000000000000000000000008000000000000000000000000000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff00000000736e61740000000000000000000000000000000000000000000000000000000010000000000000000180c20000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff020000001100000009000000a2f56263736630000000000000000000000076657468305f746f5f626f6e6400000069726c616e3000000000000000000000697036746e6c3000000000000000000000000000000000ffff0000000180c20000020000ffffff00000070000000a8000000f00000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000ffffffff000000004552524f5200000000000000000000000000000000000000000000000000000020000000000000000f5a2457c1e85b2302a41a5729b92b0e805fdc8ba80ee1827db344173b180000030000000000000000007665746830000000000000000000000062707130000000000000000000000000626f6e6430000000000000000000000073797a6b616c6c657231000000000000aaaaaaaaaabb00000000ff000180c20000000000000000000000e000000018010000480100007374700000000000000000000000b6aad74e00000000000000000000000000004800000000000000000000004b007f0000010180c200000e0000ffff000000000300000007000000040001000000000000000000ffffff004e244e23ffff030007000300030005000000030008000400736e6174000000000000000000000000000000000000000000000000000000001000000000000000ffffffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000"]}, 0x413) 01:09:35 executing program 0: clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000240)=@nat={'nat\x00', 0x19, 0x3, 0x39b, [0x200003c0, 0x0, 0x0, 0x20000500, 0x20000768], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff01000000050000002000000000607465716c3000000000000000000000007665746831000000000000000000000076657468305f746f5f626f6e6400000062707130000000000000000000000000efed44c946460002ff00ffffffffffffffffffffffffff00000070000000d800000010010000415544495400000000000000000000000000000000000000000000000000000008000000000000000000000000000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff00000000736e61740000000000000000000000000000000000000000000000000000000010000000000000000180c20000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff020000001100000009000000a2f56263736630000000000000000000000076657468305f746f5f626f6e6400000069726c616e3000000000000000000000697036746e6c3000000000000000000000000000000000ffff0000000180c20000020000ffffff00000070000000a8000000f00000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000ffffffff000000004552524f5200000000000000000000000000000000000000000000000000000020000000000000000f5a2457c1e85b2302a41a5729b92b0e805fdc8ba80ee1827db344173b180000030000000000000000007665746830000000000000000000000062707130000000000000000000000000626f6e6430000000000000000000000073797a6b616c6c657231000000000000aaaaaaaaaabb00000000ff000180c20000000000000000000000e000000018010000480100007374700000000000000000000000b6aad74e00000000000000000000000000004800000000000000000000004b007f0000010180c200000e0000ffff000000000300000007000000040001000000000000000000ffffff004e244e23ffff030007000300030005000000030008000400736e6174000000000000000000000000000000000000000000000000000000001000000000000000ffffffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000"]}, 0x413) [ 209.161026] kernel msg: ebtables bug: please report to author: entries_size too small [ 209.171885] binder: 8093:8096 transaction failed 29189/-22, size 24-8 line 2850 [ 209.186717] binder_alloc: binder_alloc_mmap_handler: 8093 20001000-20004000 already mapped failed -16 [ 209.197676] kernel msg: ebtables bug: please report to author: entries_size too small [ 209.198440] binder: 8093:8101 transaction failed 29189/-22, size 24-8 line 2850 01:09:36 executing program 0: clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000240)=@nat={'nat\x00', 0x19, 0x3, 0x39b, [0x200003c0, 0x0, 0x0, 0x20000500, 0x20000768], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff01000000050000002000000000607465716c3000000000000000000000007665746831000000000000000000000076657468305f746f5f626f6e6400000062707130000000000000000000000000efed44c946460002ff00ffffffffffffffffffffffffff00000070000000d800000010010000415544495400000000000000000000000000000000000000000000000000000008000000000000000000000000000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff00000000736e61740000000000000000000000000000000000000000000000000000000010000000000000000180c20000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff020000001100000009000000a2f56263736630000000000000000000000076657468305f746f5f626f6e6400000069726c616e3000000000000000000000697036746e6c3000000000000000000000000000000000ffff0000000180c20000020000ffffff00000070000000a8000000f00000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000ffffffff000000004552524f5200000000000000000000000000000000000000000000000000000020000000000000000f5a2457c1e85b2302a41a5729b92b0e805fdc8ba80ee1827db344173b180000030000000000000000007665746830000000000000000000000062707130000000000000000000000000626f6e6430000000000000000000000073797a6b616c6c657231000000000000aaaaaaaaaabb00000000ff000180c20000000000000000000000e000000018010000480100007374700000000000000000000000b6aad74e00000000000000000000000000004800000000000000000000004b007f0000010180c200000e0000ffff000000000300000007000000040001000000000000000000ffffff004e244e23ffff030007000300030005000000030008000400736e6174000000000000000000000000000000000000000000000000000000001000000000000000ffffffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000"]}, 0x413) [ 209.385492] kernel msg: ebtables bug: please report to author: entries_size too small 01:09:36 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) socket$inet_icmp_raw(0x2, 0x3, 0x1) read(r0, &(0x7f0000000000)=""/11, 0xb) syz_execute_func(&(0x7f0000000180)="3666440f9bf56664400f9f3241c3c4e2c9975842c4c27d794e003e0f11581010198c7f7fcd04af6e0f01db") 01:09:36 executing program 1: pread64(0xffffffffffffffff, 0x0, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) read(r0, &(0x7f0000000200)=""/250, 0x50c7e3e3) chmod(0x0, 0x0) r2 = socket$inet6(0xa, 0x0, 0x0) ioctl$EVIOCGPHYS(0xffffffffffffffff, 0x80404507, &(0x7f00000001c0)=""/17) r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x2}, 0x1c) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0) write$FUSE_WRITE(r0, 0x0, 0x0) ioctl$KDSKBSENT(r1, 0x4b49, 0x0) exit(0x43b) ioctl$int_out(0xffffffffffffffff, 0x5460, 0x0) ioctl$TIOCCBRK(r3, 0x5428) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x8000000}) 01:09:36 executing program 3: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000840)=""/148, 0x94}], 0x1, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/route\x00') preadv(r2, &(0x7f0000000700), 0x31f, 0x10400003) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x29, 0x0, 0x0) 01:09:36 executing program 0: clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000240)=@nat={'nat\x00', 0x19, 0x3, 0x3ba, [0x200003c0, 0x0, 0x0, 0x20000500, 0x20000768], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff01000000050000002000000000607465716c3000000000000000000000007665746831000000000000000000000076657468305f746f5f626f6e6400000062707130000000000000000000000000efed44c946460002ff00ffffffffffffffffffffffffff00000070000000d800000010010000415544495400000000000000000000000000000000000000000000000000000008000000000000000000000000000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff00000000736e61740000000000000000000000000000000000000000000000000000000010000000000000000180c20000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff020000001100000009000000a2f56263736630000000000000000000000076657468305f746f5f626f6e6400000069726c616e3000000000000000000000697036746e6c3000000000000000000000000000000000ffff0000000180c20000020000ffffff00000070000000a8000000f00000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000ffffffff000000004552524f5200000000000000000000000000000000000000000000000000000020000000000000000f5a2457c1e85b2302a41a5729b92b0e805fdc8ba80ee1827db344173b180000030000000000000000007665746830000000000000000000000062707130000000000000000000000000626f6e6430000000000000000000000073797a6b616c6c657231000000000000aaaaaaaaaabb00000000ff000180c20000000000000000000000e000000018010000480100007374700000000000000000000000b6aad74e00000000000000000000000000004800000000000000000000004b007f0000010180c200000e0000ffff000000000300000007000000040001000000000000000000ffffff004e244e23ffff030007000300030005000000030008000400736e6174000000000000000000000000000000000000000000000000000000001000000000000000ffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000ffffffff00000000000000000000000000000000000000000000"]}, 0x432) 01:09:36 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r0, &(0x7f00000000c0)=ANY=[], 0x7fffffff) recvfrom(r1, &(0x7f0000000180)=""/184, 0xfffffffffffffd84, 0x10100, 0x0, 0xfffffffffffffd51) getgid() socket(0x0, 0x1, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) 01:09:36 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r0, &(0x7f00000000c0)=ANY=[], 0x7fffffff) recvfrom(r1, &(0x7f0000000180)=""/184, 0xfffffffffffffd84, 0x0, 0x0, 0xfffffffffffffd51) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getgid() socket(0x0, 0x1, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) [ 209.533536] kernel msg: ebtables bug: please report to author: entries_size too small 01:09:36 executing program 0: clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000240)=@nat={'nat\x00', 0x19, 0x3, 0x3c9, [0x200003c0, 0x0, 0x0, 0x20000500, 0x20000768], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff01000000050000002000000000607465716c3000000000000000000000007665746831000000000000000000000076657468305f746f5f626f6e6400000062707130000000000000000000000000efed44c946460002ff00ffffffffffffffffffffffffff00000070000000d800000010010000415544495400000000000000000000000000000000000000000000000000000008000000000000000000000000000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff00000000736e61740000000000000000000000000000000000000000000000000000000010000000000000000180c20000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff020000001100000009000000a2f56263736630000000000000000000000076657468305f746f5f626f6e6400000069726c616e3000000000000000000000697036746e6c3000000000000000000000000000000000ffff0000000180c20000020000ffffff00000070000000a8000000f00000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000ffffffff000000004552524f5200000000000000000000000000000000000000000000000000000020000000000000000f5a2457c1e85b2302a41a5729b92b0e805fdc8ba80ee1827db344173b180000030000000000000000007665746830000000000000000000000062707130000000000000000000000000626f6e6430000000000000000000000073797a6b616c6c657231000000000000aaaaaaaaaabb00000000ff000180c20000000000000000000000e000000018010000480100007374700000000000000000000000b6aad74e00000000000000000000000000004800000000000000000000004b007f0000010180c200000e0000ffff000000000300000007000000040001000000000000000000ffffff004e244e23ffff030007000300030005000000030008000400736e6174000000000000000000000000000000000000000000000000000000001000000000000000ffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000"]}, 0x441) [ 209.679507] kernel msg: ebtables bug: please report to author: entries_size too small 01:09:36 executing program 0: clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000240)=@nat={'nat\x00', 0x19, 0x3, 0x3d1, [0x200003c0, 0x0, 0x0, 0x20000500, 0x20000768], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff01000000050000002000000000607465716c3000000000000000000000007665746831000000000000000000000076657468305f746f5f626f6e6400000062707130000000000000000000000000efed44c946460002ff00ffffffffffffffffffffffffff00000070000000d800000010010000415544495400000000000000000000000000000000000000000000000000000008000000000000000000000000000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff00000000736e61740000000000000000000000000000000000000000000000000000000010000000000000000180c20000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff020000001100000009000000a2f56263736630000000000000000000000076657468305f746f5f626f6e6400000069726c616e3000000000000000000000697036746e6c3000000000000000000000000000000000ffff0000000180c20000020000ffffff00000070000000a8000000f00000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000ffffffff000000004552524f5200000000000000000000000000000000000000000000000000000020000000000000000f5a2457c1e85b2302a41a5729b92b0e805fdc8ba80ee1827db344173b180000030000000000000000007665746830000000000000000000000062707130000000000000000000000000626f6e6430000000000000000000000073797a6b616c6c657231000000000000aaaaaaaaaabb00000000ff000180c20000000000000000000000e000000018010000480100007374700000000000000000000000b6aad74e00000000000000000000000000004800000000000000000000004b007f0000010180c200000e0000ffff000000000300000007000000040001000000000000000000ffffff004e244e23ffff030007000300030005000000030008000400736e6174000000000000000000000000000000000000000000000000000000001000000000000000ffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000003000000fe"]}, 0x449) 01:09:36 executing program 3: preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000840)=""/148, 0x94}], 0x1, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000002c0)='net/route\x00') preadv(r2, &(0x7f0000000700), 0x31f, 0x10400003) mmap$binder(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0x29, 0x0, 0x0) 01:09:36 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$inet6_tcp_int(r0, 0x6, 0x4, &(0x7f00000000c0)=0x2be, 0x4) 01:09:36 executing program 0: clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000240)=@nat={'nat\x00', 0x19, 0x3, 0x3d5, [0x200003c0, 0x0, 0x0, 0x20000500, 0x20000768], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff01000000050000002000000000607465716c3000000000000000000000007665746831000000000000000000000076657468305f746f5f626f6e6400000062707130000000000000000000000000efed44c946460002ff00ffffffffffffffffffffffffff00000070000000d800000010010000415544495400000000000000000000000000000000000000000000000000000008000000000000000000000000000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff00000000736e61740000000000000000000000000000000000000000000000000000000010000000000000000180c20000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff020000001100000009000000a2f56263736630000000000000000000000076657468305f746f5f626f6e6400000069726c616e3000000000000000000000697036746e6c3000000000000000000000000000000000ffff0000000180c20000020000ffffff00000070000000a8000000f00000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000ffffffff000000004552524f5200000000000000000000000000000000000000000000000000000020000000000000000f5a2457c1e85b2302a41a5729b92b0e805fdc8ba80ee1827db344173b180000030000000000000000007665746830000000000000000000000062707130000000000000000000000000626f6e6430000000000000000000000073797a6b616c6c657231000000000000aaaaaaaaaabb00000000ff000180c20000000000000000000000e000000018010000480100007374700000000000000000000000b6aad74e00000000000000000000000000004800000000000000000000004b007f0000010180c200000e0000ffff000000000300000007000000040001000000000000000000ffffff004e244e23ffff030007000300030005000000030008000400736e6174000000000000000000000000000000000000000000000000000000001000000000000000ffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000003000000feffffff00"]}, 0x44d) [ 210.004266] kernel msg: ebtables bug: please report to author: entries_size too small 01:09:36 executing program 0: clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000240)=@nat={'nat\x00', 0x19, 0x3, 0x3d7, [0x200003c0, 0x0, 0x0, 0x20000500, 0x20000768], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff01000000050000002000000000607465716c3000000000000000000000007665746831000000000000000000000076657468305f746f5f626f6e6400000062707130000000000000000000000000efed44c946460002ff00ffffffffffffffffffffffffff00000070000000d800000010010000415544495400000000000000000000000000000000000000000000000000000008000000000000000000000000000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff00000000736e61740000000000000000000000000000000000000000000000000000000010000000000000000180c20000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff020000001100000009000000a2f56263736630000000000000000000000076657468305f746f5f626f6e6400000069726c616e3000000000000000000000697036746e6c3000000000000000000000000000000000ffff0000000180c20000020000ffffff00000070000000a8000000f00000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000ffffffff000000004552524f5200000000000000000000000000000000000000000000000000000020000000000000000f5a2457c1e85b2302a41a5729b92b0e805fdc8ba80ee1827db344173b180000030000000000000000007665746830000000000000000000000062707130000000000000000000000000626f6e6430000000000000000000000073797a6b616c6c657231000000000000aaaaaaaaaabb00000000ff000180c20000000000000000000000e000000018010000480100007374700000000000000000000000b6aad74e00000000000000000000000000004800000000000000000000004b007f0000010180c200000e0000ffff000000000300000007000000040001000000000000000000ffffff004e244e23ffff030007000300030005000000030008000400736e6174000000000000000000000000000000000000000000000000000000001000000000000000ffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000003000000feffffff000000"]}, 0x44f) [ 210.044462] kernel msg: ebtables bug: please report to author: entries_size too small [ 210.111993] kernel msg: ebtables bug: please report to author: entries_size too small 01:09:37 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) socket$inet_icmp_raw(0x2, 0x3, 0x1) read(r0, &(0x7f0000000000)=""/11, 0xb) syz_execute_func(&(0x7f0000000180)="3666440f9bf56664400f9f3241c3c4e2c9975842c4c27d794e003e0f11581010198c7f7fcd04af6e0f01db") 01:09:37 executing program 0: clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000240)=@nat={'nat\x00', 0x19, 0x3, 0x3d7, [0x200003c0, 0x0, 0x0, 0x20000500, 0x20000768], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff01000000050000002000000000607465716c3000000000000000000000007665746831000000000000000000000076657468305f746f5f626f6e6400000062707130000000000000000000000000efed44c946460002ff00ffffffffffffffffffffffffff00000070000000d800000010010000415544495400000000000000000000000000000000000000000000000000000008000000000000000000000000000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff00000000736e61740000000000000000000000000000000000000000000000000000000010000000000000000180c20000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff020000001100000009000000a2f56263736630000000000000000000000076657468305f746f5f626f6e6400000069726c616e3000000000000000000000697036746e6c3000000000000000000000000000000000ffff0000000180c20000020000ffffff00000070000000a8000000f00000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000ffffffff000000004552524f5200000000000000000000000000000000000000000000000000000020000000000000000f5a2457c1e85b2302a41a5729b92b0e805fdc8ba80ee1827db344173b180000030000000000000000007665746830000000000000000000000062707130000000000000000000000000626f6e6430000000000000000000000073797a6b616c6c657231000000000000aaaaaaaaaabb00000000ff000180c20000000000000000000000e000000018010000480100007374700000000000000000000000b6aad74e00000000000000000000000000004800000000000000000000004b007f0000010180c200000e0000ffff000000000300000007000000040001000000000000000000ffffff004e244e23ffff030007000300030005000000030008000400736e6174000000000000000000000000000000000000000000000000000000001000000000000000ffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000003000000feffffff000000"]}, 0x44f) 01:09:37 executing program 3: r0 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="28000000320007070000000000a533fdfe6d9017501feefdd61dd400000000000000140001001000"], 0x1}}, 0x0) 01:09:37 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_GET_IRQCHIP(r1, 0xc208ae62, &(0x7f0000000140)) 01:09:37 executing program 0: clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000240)=@nat={'nat\x00', 0x19, 0x3, 0x3d7, [0x200003c0, 0x0, 0x0, 0x20000500, 0x20000768], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff01000000050000002000000000607465716c3000000000000000000000007665746831000000000000000000000076657468305f746f5f626f6e6400000062707130000000000000000000000000efed44c946460002ff00ffffffffffffffffffffffffff00000070000000d800000010010000415544495400000000000000000000000000000000000000000000000000000008000000000000000000000000000000646e6174000000000000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff00000000736e61740000000000000000000000000000000000000000000000000000000010000000000000000180c20000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff020000001100000009000000a2f56263736630000000000000000000000076657468305f746f5f626f6e6400000069726c616e3000000000000000000000697036746e6c3000000000000000000000000000000000ffff0000000180c20000020000ffffff00000070000000a8000000f00000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000ffffffff000000004552524f5200000000000000000000000000000000000000000000000000000020000000000000000f5a2457c1e85b2302a41a5729b92b0e805fdc8ba80ee1827db344173b180000030000000000000000007665746830000000000000000000000062707130000000000000000000000000626f6e6430000000000000000000000073797a6b616c6c657231000000000000aaaaaaaaaabb00000000ff000180c20000000000000000000000e000000018010000480100007374700000000000000000000000b6aad74e00000000000000000000000000004800000000000000000000004b007f0000010180c200000e0000ffff000000000300000007000000040001000000000000000000ffffff004e244e23ffff030007000300030005000000030008000400736e6174000000000000000000000000000000000000000000000000000000001000000000000000ffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000003000000feffffff000000"]}, 0x44f) [ 210.390309] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 210.403832] kernel msg: ebtables bug: please report to author: entries_size too small [ 210.472763] kernel msg: ebtables bug: please report to author: entries_size too small 01:09:37 executing program 3: perf_event_open(&(0x7f0000aaa000)={0x2, 0x70, 0x85a, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) sched_getattr(0x0, &(0x7f0000000000), 0x30, 0x0) 01:09:37 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f00000000c0)={0x2, 0x4e23, @broadcast}, 0x10) connect$inet(r1, &(0x7f00000e5000)={0x2, 0x4e23, @loopback}, 0x10) 01:09:37 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r0, &(0x7f00000000c0)=ANY=[], 0x7fffffff) recvfrom(r1, &(0x7f0000000180)=""/184, 0xfffffffffffffd84, 0x0, 0x0, 0xfffffffffffffd51) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getgid() socket(0x0, 0x1, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) 01:09:37 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_GET_IRQCHIP(r1, 0xc208ae62, &(0x7f0000000140)) 01:09:37 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_GET_IRQCHIP(r1, 0xc208ae62, &(0x7f0000000140)) 01:09:37 executing program 0: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r0, &(0x7f00000000c0)=ANY=[], 0x7fffffff) recvfrom(r1, &(0x7f0000000180)=""/184, 0xfffffffffffffd84, 0x0, 0x0, 0xfffffffffffffd51) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getgid() socket(0x0, 0x1, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) 01:09:37 executing program 4: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001540)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp\x00') preadv(r0, &(0x7f00000017c0), 0x1d0, 0x1f000000) 01:09:37 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)) setsockopt(r0, 0x8000000000000001, 0x10000000000009, &(0x7f0000003f00)="890528e4", 0x4) setsockopt$inet6_tcp_int(r0, 0x6, 0x4, &(0x7f00000000c0)=0x2be, 0x4) 01:09:37 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_GET_IRQCHIP(r1, 0xc208ae62, &(0x7f0000000140)) 01:09:37 executing program 3: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = socket$inet(0x10, 0x2000000000000003, 0x0) sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)="2f0000001c0005c5ffffff000d0000000200001f01000000fc0002c9130001000000000050000000586700a28663b3", 0x2f}], 0x1}, 0x0) 01:09:37 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_SIOCGIFCONF(r0, 0x8912, &(0x7f0000000140)) syz_execute_func(&(0x7f0000000180)="3666440f9bf56664400f9f3241c3c4e2c9975842c4c27d794e003e0f11581010198c7f7fcd04af6e0f01db") [ 211.260378] [ 211.262093] ====================================================== [ 211.268419] WARNING: possible circular locking dependency detected [ 211.270680] kobject: 'kvm' (00000000a3800bbf): kobject_uevent_env [ 211.274739] 4.20.0-rc6-next-20181217+ #172 Not tainted [ 211.274760] ------------------------------------------------------ [ 211.274768] syz-executor3/8239 is trying to acquire lock: [ 211.274779] 000000002547212a (&tbl->lock){+.-.}, at: neigh_change_state+0x1dc/0x7a0 [ 211.286646] kobject: 'kvm' (00000000a3800bbf): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 211.292562] [ 211.292562] but task is already holding lock: [ 211.292567] 00000000de1512fb (&n->lock){++--}, at: __neigh_update+0xe6/0x1eb0 [ 211.292592] [ 211.292592] which lock already depends on the new lock. [ 211.292592] [ 211.292601] [ 211.292601] the existing dependency chain (in reverse order) is: [ 211.344081] [ 211.344081] -> #1 (&n->lock){++--}: [ 211.349200] _raw_write_lock+0x2d/0x40 [ 211.353608] neigh_periodic_work+0x3c0/0xc30 [ 211.358556] process_one_work+0xc90/0x1c40 [ 211.363343] worker_thread+0x17f/0x1390 [ 211.367855] kthread+0x35a/0x440 [ 211.371751] ret_from_fork+0x3a/0x50 [ 211.375981] [ 211.375981] -> #0 (&tbl->lock){+.-.}: [ 211.381276] lock_acquire+0x1ed/0x520 [ 211.385616] _raw_write_lock_bh+0x31/0x40 [ 211.390306] neigh_change_state+0x1dc/0x7a0 [ 211.395173] __neigh_update+0x478/0x1eb0 [ 211.399775] neigh_add+0x613/0xd90 [ 211.403842] rtnetlink_rcv_msg+0x46a/0xc20 [ 211.408602] netlink_rcv_skb+0x172/0x440 [ 211.413209] rtnetlink_rcv+0x1c/0x20 [ 211.417464] netlink_unicast+0x5a5/0x760 [ 211.422052] netlink_sendmsg+0xa18/0xfc0 [ 211.425546] kobject: 'loop1' (00000000cc0be2c0): kobject_uevent_env [ 211.426642] sock_sendmsg+0xd5/0x120 [ 211.426655] ___sys_sendmsg+0x7fd/0x930 [ 211.426667] __sys_sendmsg+0x11d/0x280 [ 211.426679] __x64_sys_sendmsg+0x78/0xb0 [ 211.426692] do_syscall_64+0x1b9/0x820 [ 211.426706] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 211.426715] [ 211.426715] other info that might help us debug this: [ 211.426715] [ 211.433131] kobject: 'loop1' (00000000cc0be2c0): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 211.437326] Possible unsafe locking scenario: [ 211.437326] [ 211.437330] CPU0 CPU1 [ 211.437333] ---- ---- [ 211.437335] lock(&n->lock); [ 211.437343] lock(&tbl->lock); [ 211.437364] lock(&n->lock); 01:09:38 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)) setsockopt(r0, 0x8000000000000001, 0x10000000000009, &(0x7f0000003f00)="890528e4", 0x4) setsockopt$inet6_tcp_int(r0, 0x6, 0x4, &(0x7f00000000c0)=0x2be, 0x4) 01:09:38 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_GET_IRQCHIP(r1, 0xc208ae62, &(0x7f0000000140)) [ 211.437370] lock(&tbl->lock); [ 211.437377] [ 211.437377] *** DEADLOCK *** [ 211.437377] [ 211.437385] 2 locks held by syz-executor3/8239: [ 211.437388] #0: 000000001b7ee1aa (rtnl_mutex){+.+.}, at: rtnetlink_rcv_msg+0x40e/0xc20 [ 211.437412] #1: 00000000de1512fb (&n->lock){++--}, at: __neigh_update+0xe6/0x1eb0 [ 211.472799] kobject: 'loop2' (00000000983ef0b3): kobject_uevent_env [ 211.478548] [ 211.478548] stack backtrace: [ 211.478563] CPU: 1 PID: 8239 Comm: syz-executor3 Not tainted 4.20.0-rc6-next-20181217+ #172 [ 211.478571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 211.478575] Call Trace: [ 211.478590] dump_stack+0x244/0x39d [ 211.478605] ? dump_stack_print_info.cold.1+0x20/0x20 [ 211.478629] ? vprintk_func+0x85/0x181 [ 211.505392] kobject: 'loop2' (00000000983ef0b3): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 211.508513] print_circular_bug.isra.36.cold.58+0x1bd/0x27d [ 211.508529] ? save_trace+0xe0/0x290 [ 211.508545] __lock_acquire+0x3399/0x4c20 [ 211.508562] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 211.508582] ? mark_held_locks+0x130/0x130 [ 211.508599] ? graph_lock+0x270/0x270 [ 211.508614] ? print_usage_bug+0xc0/0xc0 [ 211.508644] ? lock_downgrade+0x900/0x900 [ 211.627117] ? find_held_lock+0x36/0x1c0 [ 211.631189] ? mark_held_locks+0xc7/0x130 [ 211.635345] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 211.640479] ? _raw_spin_unlock_irqrestore+0x82/0xd0 [ 211.645582] ? lockdep_hardirqs_on+0x296/0x5b0 [ 211.650176] ? trace_hardirqs_on+0xbd/0x310 [ 211.654506] ? kasan_check_read+0x11/0x20 [ 211.658679] ? mod_timer+0x62c/0x1560 [ 211.662501] ? __bpf_trace_timer_expire_entry+0x30/0x30 [ 211.667870] ? _raw_spin_unlock_irqrestore+0x6d/0xd0 [ 211.672974] lock_acquire+0x1ed/0x520 [ 211.676782] ? neigh_change_state+0x1dc/0x7a0 [ 211.681281] ? lock_release+0xa00/0xa00 [ 211.685274] ? print_usage_bug+0xc0/0xc0 [ 211.689339] ? lock_release+0xa00/0xa00 [ 211.693319] ? perf_trace_sched_process_exec+0x860/0x860 [ 211.698771] _raw_write_lock_bh+0x31/0x40 [ 211.702932] ? neigh_change_state+0x1dc/0x7a0 [ 211.707432] neigh_change_state+0x1dc/0x7a0 [ 211.711758] ? neigh_parms_alloc+0x6d0/0x6d0 [ 211.716172] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 211.721371] kobject: 'kvm' (00000000a3800bbf): kobject_uevent_env [ 211.721748] ? refcount_inc_not_zero_checked+0x1e5/0x2f0 [ 211.732643] kobject: 'kvm' (00000000a3800bbf): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 211.733407] ? refcount_dec_checked+0x70/0x70 [ 211.746893] ? kasan_check_write+0x14/0x20 [ 211.751152] ? do_raw_write_lock+0x14f/0x310 [ 211.755573] ? do_raw_read_unlock+0x70/0x70 01:09:38 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x3}, 0x1c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)) setsockopt(r0, 0x8000000000000001, 0x10000000000009, &(0x7f0000003f00)="890528e4", 0x4) setsockopt$inet6_tcp_int(r0, 0x6, 0x4, &(0x7f00000000c0)=0x2be, 0x4) [ 211.759908] ? check_preemption_disabled+0x48/0x280 [ 211.764935] __neigh_update+0x478/0x1eb0 [ 211.769034] ? __neigh_notify+0x160/0x160 [ 211.773195] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 211.778736] ? __nla_parse+0x12c/0x3e0 [ 211.782641] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 211.787669] neigh_add+0x613/0xd90 [ 211.791227] ? neigh_xmit+0xa50/0xa50 [ 211.795028] ? neigh_xmit+0xa50/0xa50 [ 211.798830] rtnetlink_rcv_msg+0x46a/0xc20 [ 211.803096] ? rtnl_fdb_dump+0xd00/0xd00 [ 211.807184] netlink_rcv_skb+0x172/0x440 01:09:38 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$KVM_GET_IRQCHIP(r1, 0xc208ae62, &(0x7f0000000140)) [ 211.811412] ? rtnl_fdb_dump+0xd00/0xd00 [ 211.815492] ? netlink_ack+0xb80/0xb80 [ 211.819394] ? rcu_read_unlock_special+0x370/0x370 [ 211.824336] rtnetlink_rcv+0x1c/0x20 [ 211.828059] netlink_unicast+0x5a5/0x760 [ 211.832136] ? netlink_attachskb+0x9a0/0x9a0 [ 211.836568] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 211.842121] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 211.847186] netlink_sendmsg+0xa18/0xfc0 [ 211.851260] ? netlink_unicast+0x760/0x760 [ 211.855351] kobject: 'loop1' (00000000cc0be2c0): kobject_uevent_env [ 211.855500] ? aa_sock_msg_perm.isra.14+0xba/0x160 [ 211.864369] kobject: 'loop1' (00000000cc0be2c0): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 211.866895] ? apparmor_socket_sendmsg+0x29/0x30 [ 211.866912] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 211.866928] ? security_socket_sendmsg+0x94/0xc0 [ 211.866942] ? netlink_unicast+0x760/0x760 [ 211.866964] sock_sendmsg+0xd5/0x120 [ 211.899404] ___sys_sendmsg+0x7fd/0x930 [ 211.902784] kobject: 'kvm' (00000000a3800bbf): kobject_uevent_env 01:09:38 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_GET_IRQCHIP(r1, 0xc208ae62, &(0x7f0000000140)) [ 211.903395] ? find_held_lock+0x36/0x1c0 [ 211.903413] ? copy_msghdr_from_user+0x580/0x580 [ 211.903444] ? __fd_install+0x2b5/0x8f0 [ 211.903478] ? __fget_light+0x2e9/0x430 [ 211.909866] kobject: 'kvm' (00000000a3800bbf): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 211.913747] ? fget_raw+0x20/0x20 [ 211.913766] ? __might_fault+0x12b/0x1e0 [ 211.913782] ? lock_downgrade+0x900/0x900 [ 211.913801] ? lock_release+0xa00/0xa00 [ 211.951576] ? perf_trace_sched_process_exec+0x860/0x860 [ 211.957026] ? posix_ktime_get_ts+0x15/0x20 [ 211.961386] ? trace_hardirqs_off_caller+0x310/0x310 [ 211.966502] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 211.972061] ? sockfd_lookup_light+0xc5/0x160 [ 211.976601] __sys_sendmsg+0x11d/0x280 [ 211.980504] ? __ia32_sys_shutdown+0x80/0x80 [ 211.984925] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 211.985048] kobject: 'kvm' (00000000a3800bbf): kobject_uevent_env [ 211.990472] ? put_timespec64+0x10f/0x1b0 [ 211.990490] ? do_syscall_64+0x9a/0x820 [ 211.990504] ? do_syscall_64+0x9a/0x820 [ 211.990523] ? trace_hardirqs_off_caller+0x310/0x310 01:09:38 executing program 0: setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000002c0)="0b8493da69d419d3e5a313affec5c48780fa42c0606761a2404a9a6c5a567525af09b4ae9ae6a36177018ff55a012c3fa3d9a196466f930c37b676633bbcdd54ad15d1d19aa5b95e6b797acddbacf7ed0796c0f196dfbb8bbe0d57cab508ca10839a6750dab329b861c57d41508204309f85c612f8e5b88a528d442e05736cbb65dc347f371e3b617e807818682759751ae85a5f6de6d672fdf84dfe6317c6c4a7e11b8fd8babb2127430a3eb34f68c6487f", 0xb2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000140)) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000280)) fcntl$getown(0xffffffffffffffff, 0x9) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 211.990555] __x64_sys_sendmsg+0x78/0xb0 [ 211.990571] do_syscall_64+0x1b9/0x820 [ 211.990593] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 211.997142] kobject: 'kvm' (00000000a3800bbf): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 212.000955] ? syscall_return_slowpath+0x5e0/0x5e0 [ 212.000971] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 212.000988] ? trace_hardirqs_on_caller+0x310/0x310 [ 212.001004] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 212.001024] ? prepare_exit_to_usermode+0x291/0x3b0 [ 212.019744] kobject: 'kvm' (00000000a3800bbf): kobject_uevent_env [ 212.021980] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 212.022000] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 212.022011] RIP: 0033:0x457669 [ 212.022032] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 212.027566] kobject: 'kvm' (00000000a3800bbf): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 212.036384] RSP: 002b:00007f58e9727c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 212.036398] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 212.036406] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 212.036415] RBP: 000000000072bf00 R08: 0000000000000000 R09: 0000000000000000 [ 212.036423] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f58e97286d4 [ 212.036431] R13: 00000000004c3e94 R14: 00000000004d6d20 R15: 00000000ffffffff [ 212.060508] kobject: 'loop0' (00000000bdf78471): kobject_uevent_env 01:09:38 executing program 3: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = socket$inet(0x10, 0x2000000000000003, 0x0) sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)="2f0000001c0005c5ffffff000d0000000200001f01000000fc0002c9130001000000000050000000586700a28663b3", 0x2f}], 0x1}, 0x0) [ 212.100568] kobject: 'kvm' (00000000a3800bbf): kobject_uevent_env [ 212.176992] kobject: 'kvm' (00000000a3800bbf): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 212.182363] kobject: 'loop0' (00000000bdf78471): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 212.201815] kobject: 'loop3' (00000000e3cb11a9): kobject_uevent_env [ 212.210730] kobject: 'loop3' (00000000e3cb11a9): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 212.222024] kobject: 'kvm' (00000000a3800bbf): kobject_uevent_env [ 212.228888] kobject: 'loop1' (00000000cc0be2c0): kobject_uevent_env [ 212.235404] kobject: 'loop1' (00000000cc0be2c0): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 212.245001] kobject: 'kvm' (00000000a3800bbf): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 212.254600] kobject: 'loop5' (00000000f4178d66): kobject_uevent_env [ 212.261203] kobject: 'loop5' (00000000f4178d66): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 212.271159] kobject: 'loop3' (00000000e3cb11a9): kobject_uevent_env [ 212.278195] ================================================================== [ 212.285576] BUG: KASAN: slab-out-of-bounds in fpstate_init+0x50/0x160 [ 212.292156] Write of size 832 at addr ffff8881b12a2bc0 by task syz-executor0/8273 [ 212.299787] [ 212.301425] CPU: 0 PID: 8273 Comm: syz-executor0 Not tainted 4.20.0-rc6-next-20181217+ #172 [ 212.303047] kobject: 'kvm' (00000000a3800bbf): kobject_uevent_env [ 212.309948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 212.309955] Call Trace: [ 212.309993] dump_stack+0x244/0x39d [ 212.310014] ? dump_stack_print_info.cold.1+0x20/0x20 [ 212.310036] ? printk+0xa7/0xcf [ 212.321793] kobject: 'kvm' (00000000a3800bbf): fill_kobj_path: path = '/devices/virtual/misc/kvm' [ 212.325599] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 212.325620] print_address_description.cold.4+0x9/0x1ff [ 212.325646] ? fpstate_init+0x50/0x160 [ 212.363251] kasan_report.cold.5+0x1b/0x39 [ 212.367492] ? fpstate_init+0x50/0x160 [ 212.371385] ? fpstate_init+0x50/0x160 [ 212.375318] check_memory_region+0x13e/0x1b0 [ 212.379748] memset+0x23/0x40 [ 212.382858] fpstate_init+0x50/0x160 [ 212.386576] kvm_arch_vcpu_init+0x3e9/0x870 [ 212.390908] kvm_vcpu_init+0x2fa/0x420 [ 212.394809] ? vcpu_stat_get+0x300/0x300 [ 212.398875] ? kmem_cache_alloc+0x30b/0x730 [ 212.403210] vmx_create_vcpu+0x1b7/0x2695 [ 212.407368] ? vmx_exec_control+0x210/0x210 [ 212.411696] ? kasan_check_write+0x14/0x20 [ 212.415967] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 212.420934] ? wait_for_completion+0x8a0/0x8a0 [ 212.425527] kvm_arch_vcpu_create+0xe5/0x220 [ 212.429939] ? kvm_arch_vcpu_free+0x90/0x90 [ 212.434270] kvm_vm_ioctl+0x526/0x2030 [ 212.438164] ? kvm_unregister_device_ops+0x70/0x70 [ 212.443099] ? mark_held_locks+0x130/0x130 [ 212.447352] ? mark_held_locks+0x130/0x130 [ 212.451601] ? mark_held_locks+0x130/0x130 [ 212.455865] ? __fget+0x4aa/0x740 [ 212.459353] ? lock_downgrade+0x900/0x900 [ 212.463507] ? lock_release+0xa00/0xa00 [ 212.467502] ? mark_held_locks+0x130/0x130 [ 212.471772] ? rcu_read_unlock_special+0x370/0x370 [ 212.476726] ? __fget+0x4d1/0x740 [ 212.480191] ? ksys_dup3+0x680/0x680 [ 212.483914] ? __might_fault+0x12b/0x1e0 [ 212.487982] ? lock_downgrade+0x900/0x900 [ 212.492137] ? lock_release+0xa00/0xa00 [ 212.496115] ? perf_trace_sched_process_exec+0x860/0x860 [ 212.501570] ? kvm_unregister_device_ops+0x70/0x70 [ 212.506499] do_vfs_ioctl+0x1de/0x1790 [ 212.510394] ? ioctl_preallocate+0x300/0x300 [ 212.514818] ? __fget_light+0x2e9/0x430 [ 212.518798] ? fget_raw+0x20/0x20 [ 212.522252] ? _copy_to_user+0xc8/0x110 [ 212.526233] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 212.531788] ? put_timespec64+0x10f/0x1b0 [ 212.535937] ? finish_task_switch+0x1f4/0x910 [ 212.540437] ? nsecs_to_jiffies+0x30/0x30 [ 212.544587] ? lock_downgrade+0x900/0x900 [ 212.548746] ? security_file_ioctl+0x94/0xc0 [ 212.553166] ksys_ioctl+0xa9/0xd0 [ 212.556642] __x64_sys_ioctl+0x73/0xb0 [ 212.560558] do_syscall_64+0x1b9/0x820 [ 212.564452] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 212.569827] ? syscall_return_slowpath+0x5e0/0x5e0 [ 212.574767] ? trace_hardirqs_on_caller+0x310/0x310 [ 212.579788] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 212.584823] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 212.591491] ? __switch_to_asm+0x40/0x70 [ 212.595552] ? __switch_to_asm+0x34/0x70 [ 212.599623] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 212.604522] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 212.609711] RIP: 0033:0x457669 [ 212.612926] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 212.631826] RSP: 002b:00007f177b43ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 212.639535] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 212.646816] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 212.654102] RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000 [ 212.661372] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f177b43b6d4 [ 212.668649] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 212.675944] [ 212.677566] Allocated by task 8273: [ 212.681208] save_stack+0x43/0xd0 [ 212.684674] kasan_kmalloc+0xcb/0xd0 [ 212.688391] kasan_slab_alloc+0x12/0x20 [ 212.692386] kmem_cache_alloc+0x130/0x730 [ 212.696547] vmx_create_vcpu+0x110/0x2695 [ 212.700691] kvm_arch_vcpu_create+0xe5/0x220 [ 212.705111] kvm_vm_ioctl+0x526/0x2030 [ 212.709036] do_vfs_ioctl+0x1de/0x1790 [ 212.712926] ksys_ioctl+0xa9/0xd0 [ 212.716390] __x64_sys_ioctl+0x73/0xb0 [ 212.720275] do_syscall_64+0x1b9/0x820 [ 212.724189] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 212.729381] [ 212.731003] Freed by task 0: [ 212.734027] (stack is not available) [ 212.737730] [ 212.739356] The buggy address belongs to the object at ffff8881b12a2b80 [ 212.739356] which belongs to the cache x86_fpu of size 832 [ 212.751688] The buggy address is located 64 bytes inside of [ 212.751688] 832-byte region [ffff8881b12a2b80, ffff8881b12a2ec0) [ 212.763486] The buggy address belongs to the page: [ 212.768411] page:ffffea0006c4a880 count:1 mapcount:0 mapping:ffff8881d7930680 index:0x0 [ 212.776553] flags: 0x2fffc0000000200(slab) [ 212.780788] raw: 02fffc0000000200 ffff8881d71b3248 ffff8881d71b3248 ffff8881d7930680 [ 212.788699] raw: 0000000000000000 ffff8881b12a2040 0000000100000004 0000000000000000 [ 212.796571] page dumped because: kasan: bad access detected [ 212.802268] [ 212.803895] Memory state around the buggy address: [ 212.808821] ffff8881b12a2d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 212.816177] ffff8881b12a2e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 212.823545] >ffff8881b12a2e80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 212.830894] ^ [ 212.836341] ffff8881b12a2f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 212.843700] ffff8881b12a2f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 212.851050] ================================================================== [ 212.867251] kobject: 'loop3' (00000000e3cb11a9): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 212.871989] Kernel panic - not syncing: panic_on_warn set ... [ 212.882596] CPU: 0 PID: 8273 Comm: syz-executor0 Tainted: G B 4.20.0-rc6-next-20181217+ #172 [ 212.892471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 212.901840] Call Trace: [ 212.904428] dump_stack+0x244/0x39d [ 212.908074] ? dump_stack_print_info.cold.1+0x20/0x20 [ 212.913274] ? fpstate_init+0x30/0x160 [ 212.917168] panic+0x2ad/0x632 [ 212.920366] ? add_taint.cold.5+0x16/0x16 [ 212.924519] ? preempt_schedule+0x4d/0x60 [ 212.928695] ? ___preempt_schedule+0x16/0x18 [ 212.933112] ? trace_hardirqs_on+0xb4/0x310 [ 212.937437] ? fpstate_init+0x50/0x160 [ 212.941333] end_report+0x47/0x4f [ 212.944790] kasan_report.cold.5+0xe/0x39 [ 212.948940] ? fpstate_init+0x50/0x160 [ 212.952836] ? fpstate_init+0x50/0x160 [ 212.956727] check_memory_region+0x13e/0x1b0 [ 212.961152] memset+0x23/0x40 [ 212.964276] fpstate_init+0x50/0x160 [ 212.968005] kvm_arch_vcpu_init+0x3e9/0x870 [ 212.972337] kvm_vcpu_init+0x2fa/0x420 [ 212.976246] ? vcpu_stat_get+0x300/0x300 [ 212.980330] ? kmem_cache_alloc+0x30b/0x730 [ 212.984675] vmx_create_vcpu+0x1b7/0x2695 [ 212.988833] ? vmx_exec_control+0x210/0x210 [ 212.993158] ? kasan_check_write+0x14/0x20 [ 212.997413] ? __mutex_unlock_slowpath+0x197/0x8c0 [ 213.002364] ? wait_for_completion+0x8a0/0x8a0 [ 213.006980] kvm_arch_vcpu_create+0xe5/0x220 [ 213.011393] ? kvm_arch_vcpu_free+0x90/0x90 01:09:39 executing program 4: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001540)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp\x00') preadv(r0, &(0x7f00000017c0), 0x1d0, 0x1f000000) 01:09:39 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_GET_IRQCHIP(r1, 0xc208ae62, &(0x7f0000000140)) 01:09:39 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, 0xffffffffffffffff) read(r0, &(0x7f0000000000)=""/11, 0xb) ioctl$sock_SIOCGIFCONF(0xffffffffffffffff, 0x8912, &(0x7f0000000140)) syz_execute_func(&(0x7f0000000180)="3666440f9bf56664400f9f3241c3c4e2c9975842c4c27d794e003e0f11581010198c7f7fcd04af6e0f01db") 01:09:39 executing program 3: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = socket$inet(0x10, 0x2000000000000003, 0x0) sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)="2f0000001c0005c5ffffff000d0000000200001f01000000fc0002c9130001000000000050000000586700a28663b3", 0x2f}], 0x1}, 0x0) [ 213.015727] kvm_vm_ioctl+0x526/0x2030 [ 213.019628] ? kvm_unregister_device_ops+0x70/0x70 [ 213.024583] ? mark_held_locks+0x130/0x130 [ 213.028845] ? mark_held_locks+0x130/0x130 [ 213.033115] ? mark_held_locks+0x130/0x130 [ 213.037406] ? __fget+0x4aa/0x740 [ 213.040878] ? lock_downgrade+0x900/0x900 [ 213.042231] kobject: 'loop4' (000000006b2573c6): kobject_uevent_env [ 213.045039] ? lock_release+0xa00/0xa00 [ 213.045056] ? mark_held_locks+0x130/0x130 [ 213.045076] ? rcu_read_unlock_special+0x370/0x370 01:09:39 executing program 3: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = socket$inet(0x10, 0x2000000000000003, 0x0) sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)="2f0000001c0005c5ffffff000d0000000200001f01000000fc0002c9130001000000000050000000586700a28663b3", 0x2f}], 0x1}, 0x0) [ 213.064295] kobject: 'loop4' (000000006b2573c6): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 213.064612] ? __fget+0x4d1/0x740 [ 213.077495] ? ksys_dup3+0x680/0x680 [ 213.081223] ? __might_fault+0x12b/0x1e0 [ 213.085293] ? lock_downgrade+0x900/0x900 [ 213.089465] ? lock_release+0xa00/0xa00 [ 213.093445] ? perf_trace_sched_process_exec+0x860/0x860 [ 213.098938] ? kvm_unregister_device_ops+0x70/0x70 [ 213.103884] do_vfs_ioctl+0x1de/0x1790 [ 213.107791] ? ioctl_preallocate+0x300/0x300 [ 213.110506] kobject: 'loop3' (00000000e3cb11a9): kobject_uevent_env [ 213.112207] ? __fget_light+0x2e9/0x430 [ 213.112224] ? fget_raw+0x20/0x20 [ 213.112245] ? _copy_to_user+0xc8/0x110 [ 213.130086] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 213.135641] ? put_timespec64+0x10f/0x1b0 [ 213.137655] kobject: 'loop3' (00000000e3cb11a9): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 213.139806] ? finish_task_switch+0x1f4/0x910 [ 213.139824] ? nsecs_to_jiffies+0x30/0x30 [ 213.139840] ? lock_downgrade+0x900/0x900 [ 213.139861] ? security_file_ioctl+0x94/0xc0 01:09:39 executing program 3: openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)="2f0000001c0005c5ffffff000d0000000200001f01000000fc0002c9130001000000000050000000586700a28663b3", 0x2f}], 0x1}, 0x0) [ 213.166470] ksys_ioctl+0xa9/0xd0 [ 213.169974] __x64_sys_ioctl+0x73/0xb0 [ 213.173891] do_syscall_64+0x1b9/0x820 [ 213.177578] kobject: 'loop3' (00000000e3cb11a9): kobject_uevent_env [ 213.177785] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 213.177816] ? syscall_return_slowpath+0x5e0/0x5e0 [ 213.177849] ? trace_hardirqs_on_caller+0x310/0x310 [ 213.177891] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 213.201091] kobject: 'loop3' (00000000e3cb11a9): fill_kobj_path: path = '/devices/virtual/block/loop3' 01:09:39 executing program 3: r0 = socket$inet(0x10, 0x2000000000000003, 0x0) sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)="2f0000001c0005c5ffffff000d0000000200001f01000000fc0002c9130001000000000050000000586700a28663b3", 0x2f}], 0x1}, 0x0) [ 213.204609] ? post_copy_siginfo_from_user.isra.25.part.26+0x250/0x250 [ 213.204624] ? __switch_to_asm+0x40/0x70 [ 213.204651] ? __switch_to_asm+0x34/0x70 [ 213.228874] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 213.233742] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 213.238932] RIP: 0033:0x457669 [ 213.242133] Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 213.244674] kobject: 'loop3' (00000000e3cb11a9): kobject_uevent_env [ 213.261037] RSP: 002b:00007f177b43ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 213.261052] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000457669 [ 213.261060] RDX: 0000000000000000 RSI: 000000000000ae41 RDI: 0000000000000004 [ 213.261084] RBP: 000000000072c040 R08: 0000000000000000 R09: 0000000000000000 [ 213.261107] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f177b43b6d4 [ 213.261115] R13: 00000000004c00ff R14: 00000000004d1170 R15: 00000000ffffffff [ 213.268471] Kernel Offset: disabled [ 213.316005] Rebooting in 86400 seconds..