[....] Starting OpenBSD Secure Shell server: sshd[   28.974325] random: sshd: uninitialized urandom read (32 bytes read)
[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   33.436043] random: sshd: uninitialized urandom read (32 bytes read)
[   33.728574] kauditd_printk_skb: 9 callbacks suppressed
[   33.728582] audit: type=1400 audit(1568274777.400:35): avc:  denied  { map } for  pid=6805 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   33.784441] random: sshd: uninitialized urandom read (32 bytes read)
[   34.379866] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.149' (ECDSA) to the list of known hosts.
[   39.967099] random: sshd: uninitialized urandom read (32 bytes read)
2019/09/12 07:53:03 fuzzer started
[   40.154600] audit: type=1400 audit(1568274783.830:36): avc:  denied  { map } for  pid=6815 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16480 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   40.805292] random: cc1: uninitialized urandom read (8 bytes read)
2019/09/12 07:53:05 dialing manager at 10.128.0.105:37913
2019/09/12 07:53:05 syscalls: 2466
2019/09/12 07:53:05 code coverage: enabled
2019/09/12 07:53:05 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument
2019/09/12 07:53:05 extra coverage: extra coverage is not supported by the kernel
2019/09/12 07:53:05 setuid sandbox: enabled
2019/09/12 07:53:05 namespace sandbox: enabled
2019/09/12 07:53:05 Android sandbox: /sys/fs/selinux/policy does not exist
2019/09/12 07:53:05 fault injection: enabled
2019/09/12 07:53:05 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/09/12 07:53:05 net packet injection: enabled
2019/09/12 07:53:05 net device setup: enabled
[   42.552919] random: crng init done
07:54:47 executing program 5:
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
lsetxattr$trusted_overlay_opaque(0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
getpeername$unix(0xffffffffffffffff, &(0x7f0000000180), 0x0)
open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
waitid(0x1, 0x0, &(0x7f0000000280), 0x2, 0x0)
prctl$PR_SET_KEEPCAPS(0x8, 0x1)
syz_open_pts(0xffffffffffffffff, 0x0)
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_ifreq(r0, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"})
poll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x1}, {}, {}], 0x3, 0x0)
ioctl$sock_ifreq(r0, 0x89f2, &(0x7f0000000080)={'sit0\x00', @ifru_flags})
fadvise64(0xffffffffffffffff, 0x0, 0x0, 0x2)

07:54:47 executing program 0:
r0 = syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0x1, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000180)={0x0, 0xff8, 0x1, {0x5, @vbi={0x0, 0x0, 0xffffffffffffff81, 0x0, [], [0x1]}}})
r1 = syz_open_dev$vbi(0x0, 0x1, 0x2)
mmap$binder(&(0x7f0000efd000/0x2000)=nil, 0x2000, 0x2, 0x11, r1, 0x2a14f34d7000)

07:54:47 executing program 3:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="38f37fdba040c4d5415a871b0f013a"], 0x0, 0xf}, 0x20)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000015000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f004})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_NMI(r3, 0xae9a)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000400)={[], 0x0, 0x9dc233d19ccbf5df})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:54:47 executing program 1:
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4)
sendmsg$inet6(r0, &(0x7f0000000180)={&(0x7f0000000080)={0xa, 0x4e22, 0x1000000080000, @local}, 0x1c, 0x0}, 0x0)

07:54:47 executing program 2:
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0)
fsync(0xffffffffffffffff)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0)
r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0)
mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x8, 0x10, 0xffffffffffffffff, 0x0)
write$P9_RREAD(0xffffffffffffffff, &(0x7f0000000300)=ANY=[], 0x0)
fsync(0xffffffffffffffff)
fallocate(r1, 0x0, 0x40000, 0xfff)
fallocate(r0, 0x0, 0x0, 0x110001)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000040)={0x0, r1})

07:54:47 executing program 4:
r0 = socket$packet(0x11, 0x3, 0x300)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000180)=0x1, 0x4)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c)
syz_emit_ethernet(0x2e, &(0x7f0000000000)={@local, @link_local, [{}], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr, @broadcast}, @igmp={0x0, 0x0, 0x0, @multicast1}}}}}, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
syz_genetlink_get_family_id$tipc(0x0)
sendmsg$TIPC_CMD_GET_BEARER_NAMES(0xffffffffffffffff, 0x0, 0x0)

[  143.363366] audit: type=1400 audit(1568274887.040:37): avc:  denied  { map } for  pid=6815 comm="syz-fuzzer" path="/root/syzkaller-shm293386332" dev="sda1" ino=2233 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
[  143.396940] audit: type=1400 audit(1568274887.060:38): avc:  denied  { map } for  pid=6833 comm="syz-executor.5" path="/sys/kernel/debug/kcov" dev="debugfs" ino=13803 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
[  143.592902] IPVS: ftp: loaded support on port[0] = 21
[  144.061674] IPVS: ftp: loaded support on port[0] = 21
[  144.116624] chnl_net:caif_netlink_parms(): no params data found
[  144.142583] IPVS: ftp: loaded support on port[0] = 21
[  144.197583] bridge0: port 1(bridge_slave_0) entered blocking state
[  144.204439] bridge0: port 1(bridge_slave_0) entered disabled state
[  144.212002] device bridge_slave_0 entered promiscuous mode
[  144.221426] chnl_net:caif_netlink_parms(): no params data found
[  144.233030] bridge0: port 2(bridge_slave_1) entered blocking state
[  144.239427] bridge0: port 2(bridge_slave_1) entered disabled state
[  144.246393] device bridge_slave_1 entered promiscuous mode
[  144.277928] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  144.287509] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  144.317126] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  144.325090] team0: Port device team_slave_0 added
[  144.338607] IPVS: ftp: loaded support on port[0] = 21
[  144.339638] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  144.352959] team0: Port device team_slave_1 added
[  144.365250] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  144.373707] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  144.381184] bridge0: port 1(bridge_slave_0) entered blocking state
[  144.387559] bridge0: port 1(bridge_slave_0) entered disabled state
[  144.395687] device bridge_slave_0 entered promiscuous mode
[  144.404054] bridge0: port 2(bridge_slave_1) entered blocking state
[  144.410488] bridge0: port 2(bridge_slave_1) entered disabled state
[  144.429058] device bridge_slave_1 entered promiscuous mode
[  144.503346] device hsr_slave_0 entered promiscuous mode
[  144.540444] device hsr_slave_1 entered promiscuous mode
[  144.605656] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  144.616575] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  144.626169] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  144.649535] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  144.670342] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  144.677518] team0: Port device team_slave_0 added
[  144.698199] IPVS: ftp: loaded support on port[0] = 21
[  144.705542] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  144.714293] team0: Port device team_slave_1 added
[  144.719868] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  144.730116] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  144.764384] chnl_net:caif_netlink_parms(): no params data found
[  144.812780] device hsr_slave_0 entered promiscuous mode
[  144.880296] device hsr_slave_1 entered promiscuous mode
[  144.972888] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  144.980396] bridge0: port 2(bridge_slave_1) entered blocking state
[  144.986819] bridge0: port 2(bridge_slave_1) entered forwarding state
[  144.993799] bridge0: port 1(bridge_slave_0) entered blocking state
[  145.000302] bridge0: port 1(bridge_slave_0) entered forwarding state
[  145.013552] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  145.028054] chnl_net:caif_netlink_parms(): no params data found
[  145.069970] bridge0: port 1(bridge_slave_0) entered blocking state
[  145.077348] bridge0: port 1(bridge_slave_0) entered disabled state
[  145.085233] device bridge_slave_0 entered promiscuous mode
[  145.093273] bridge0: port 2(bridge_slave_1) entered blocking state
[  145.099635] bridge0: port 2(bridge_slave_1) entered disabled state
[  145.107118] device bridge_slave_1 entered promiscuous mode
[  145.129407] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  145.141823] bridge0: port 1(bridge_slave_0) entered disabled state
[  145.148536] bridge0: port 2(bridge_slave_1) entered disabled state
[  145.158161] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  145.179039] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  145.195094] IPVS: ftp: loaded support on port[0] = 21
[  145.200965] bridge0: port 1(bridge_slave_0) entered blocking state
[  145.207575] bridge0: port 1(bridge_slave_0) entered disabled state
[  145.215136] device bridge_slave_0 entered promiscuous mode
[  145.239902] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  145.247792] team0: Port device team_slave_0 added
[  145.261151] bridge0: port 2(bridge_slave_1) entered blocking state
[  145.267527] bridge0: port 2(bridge_slave_1) entered disabled state
[  145.274524] device bridge_slave_1 entered promiscuous mode
[  145.294496] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  145.301939] team0: Port device team_slave_1 added
[  145.307328] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  145.325537] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  145.333503] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  145.388959] chnl_net:caif_netlink_parms(): no params data found
[  145.398130] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  145.443218] device hsr_slave_0 entered promiscuous mode
[  145.500398] device hsr_slave_1 entered promiscuous mode
[  145.540612] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  145.566779] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  145.583035] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  145.590546] team0: Port device team_slave_0 added
[  145.602433] 8021q: adding VLAN 0 to HW filter on device bond0
[  145.617476] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  145.625462] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  145.632763] team0: Port device team_slave_1 added
[  145.638636] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  145.653471] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  145.673799] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  145.695128] bridge0: port 1(bridge_slave_0) entered blocking state
[  145.702334] bridge0: port 1(bridge_slave_0) entered disabled state
[  145.709173] device bridge_slave_0 entered promiscuous mode
[  145.715841] bridge0: port 2(bridge_slave_1) entered blocking state
[  145.722271] bridge0: port 2(bridge_slave_1) entered disabled state
[  145.729097] device bridge_slave_1 entered promiscuous mode
[  145.764762] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  145.784551] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  145.792158] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  145.815029] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  145.821536] 8021q: adding VLAN 0 to HW filter on device team0
[  145.873693] device hsr_slave_0 entered promiscuous mode
[  145.910428] device hsr_slave_1 entered promiscuous mode
[  145.951393] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  145.959167] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  145.978853] 8021q: adding VLAN 0 to HW filter on device bond0
[  145.986800] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  145.994139] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  146.002295] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  146.014506] chnl_net:caif_netlink_parms(): no params data found
[  146.026230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  146.034101] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  146.042430] bridge0: port 1(bridge_slave_0) entered blocking state
[  146.048782] bridge0: port 1(bridge_slave_0) entered forwarding state
[  146.058798] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  146.083649] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  146.095792] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  146.104039] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  146.112139] bridge0: port 2(bridge_slave_1) entered blocking state
[  146.119487] bridge0: port 2(bridge_slave_1) entered forwarding state
[  146.126980] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  146.134669] team0: Port device team_slave_0 added
[  146.141674] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  146.148726] team0: Port device team_slave_1 added
[  146.158042] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  146.169466] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  146.177694] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  146.187603] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  146.195275] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  146.204708] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  146.212408] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  146.223426] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  146.229519] 8021q: adding VLAN 0 to HW filter on device team0
[  146.253120] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  146.269209] bridge0: port 1(bridge_slave_0) entered blocking state
[  146.275804] bridge0: port 1(bridge_slave_0) entered disabled state
[  146.283378] device bridge_slave_0 entered promiscuous mode
[  146.291303] bridge0: port 2(bridge_slave_1) entered blocking state
[  146.297793] bridge0: port 2(bridge_slave_1) entered disabled state
[  146.305254] device bridge_slave_1 entered promiscuous mode
[  146.313352] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  146.335601] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  146.346237] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  146.392498] device hsr_slave_0 entered promiscuous mode
[  146.432723] device hsr_slave_1 entered promiscuous mode
[  146.495113] 8021q: adding VLAN 0 to HW filter on device bond0
[  146.505848] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  146.517012] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  146.525233] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  146.533238] bridge0: port 1(bridge_slave_0) entered blocking state
[  146.539666] bridge0: port 1(bridge_slave_0) entered forwarding state
[  146.547126] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  146.556243] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  146.565602] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  146.573521] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  146.584039] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  146.592175] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  146.602175] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  146.610650] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  146.636503] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  146.644142] team0: Port device team_slave_0 added
[  146.649995] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  146.658300] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  146.666335] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  146.673476] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  146.680448] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  146.688184] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  146.695997] bridge0: port 2(bridge_slave_1) entered blocking state
[  146.702381] bridge0: port 2(bridge_slave_1) entered forwarding state
[  146.712056] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  146.721694] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  146.729982] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  146.736573] 8021q: adding VLAN 0 to HW filter on device team0
[  146.747942] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  146.755577] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  146.763143] team0: Port device team_slave_1 added
[  146.768652] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  146.776917] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  146.785244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  146.793117] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  146.800835] bridge0: port 1(bridge_slave_0) entered blocking state
[  146.807166] bridge0: port 1(bridge_slave_0) entered forwarding state
[  146.814782] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  146.828305] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  146.839477] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  146.849676] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  146.858173] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  146.872488] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  146.932071] device hsr_slave_0 entered promiscuous mode
[  146.970316] device hsr_slave_1 entered promiscuous mode
[  147.031180] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  147.038437] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  147.045889] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  147.054300] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  147.061803] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  147.069942] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  147.077651] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  147.085404] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  147.093374] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  147.100999] bridge0: port 2(bridge_slave_1) entered blocking state
[  147.107326] bridge0: port 2(bridge_slave_1) entered forwarding state
[  147.116695] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  147.125542] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  147.134938] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  147.142350] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  147.149553] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  147.157132] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  147.165220] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  147.172993] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  147.180710] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  147.188952] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  147.204326] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  147.210570] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  147.221660] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  147.238395] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  147.246278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  147.254378] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  147.262909] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  147.275138] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  147.294552] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  147.303999] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  147.313777] 8021q: adding VLAN 0 to HW filter on device bond0
[  147.324210] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  147.331249] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  147.346707] 8021q: adding VLAN 0 to HW filter on device batadv0
[  147.354809] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  147.365680] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  147.374168] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  147.381915] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  147.389218] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  147.398108] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  147.411805] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  147.419260] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  147.431816] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  147.439375] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  147.451257] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  147.458979] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  147.466656] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  147.473874] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  147.483666] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  147.489740] 8021q: adding VLAN 0 to HW filter on device team0
[  147.498878] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  147.507567] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  147.514082] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  147.530781] 8021q: adding VLAN 0 to HW filter on device bond0
[  147.538761] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  147.545296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  147.553497] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  147.565435] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  147.574704] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  147.587625] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  147.596958] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  147.605555] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  147.614728] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  147.622614] bridge0: port 1(bridge_slave_0) entered blocking state
[  147.628979] bridge0: port 1(bridge_slave_0) entered forwarding state
[  147.638578] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  147.645279] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  147.658200] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  147.666266] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  147.680696] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  147.690558] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  147.700281] 8021q: adding VLAN 0 to HW filter on device bond0
[  147.710707] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  147.717700] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  147.724796] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  147.733190] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  147.740982] bridge0: port 2(bridge_slave_1) entered blocking state
[  147.747318] bridge0: port 2(bridge_slave_1) entered forwarding state
[  147.757363] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  147.763947] 8021q: adding VLAN 0 to HW filter on device team0
[  147.772067] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  147.780723] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  147.790447] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  147.800337] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  147.812168] 8021q: adding VLAN 0 to HW filter on device batadv0
[  147.821055] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  147.828438] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  147.836800] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  147.845835] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  147.853930] bridge0: port 1(bridge_slave_0) entered blocking state
[  147.860338] bridge0: port 1(bridge_slave_0) entered forwarding state
[  147.867176] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  147.875753] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  147.885541] 8021q: adding VLAN 0 to HW filter on device batadv0
[  147.895710] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
07:54:51 executing program 5:
r0 = add_key$user(&(0x7f0000000080)='user\x00', &(0x7f0000000300)={'syz', 0x3}, &(0x7f0000000200)='\x00', 0x1, 0xfffffffffffffffe)
io_setup(0x30, &(0x7f0000000180))
keyctl$update(0x2, r0, &(0x7f0000000240)="db4095", 0x3)
r1 = add_key$user(&(0x7f00000003c0)='user\x00', &(0x7f0000000440)={'syz'}, &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xa2bd1d5677b481f6, 0x0)

[  147.906121] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  147.915057] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  147.928317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  147.940308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  147.947274] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  147.955278] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  147.963171] bridge0: port 2(bridge_slave_1) entered blocking state
[  147.969499] bridge0: port 2(bridge_slave_1) entered forwarding state
[  147.976478] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  147.984172] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  147.998303] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  148.005800] 8021q: adding VLAN 0 to HW filter on device team0
[  148.020690] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  148.028461] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  148.036662] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  148.047232] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  148.061021] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
07:54:51 executing program 5:
r0 = gettid()
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
clock_nanosleep(0x0, 0x0, &(0x7f0000000000)={0x77359400}, &(0x7f0000000300))
r1 = gettid()
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
tkill(r1, 0x1000000000016)
tkill(r0, 0x1000000000016)

[  148.075759] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  148.084278] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  148.121929] bridge0: port 1(bridge_slave_0) entered blocking state
[  148.128350] bridge0: port 1(bridge_slave_0) entered forwarding state
[  148.133724] audit: type=1400 audit(1568274891.810:39): avc:  denied  { map } for  pid=6888 comm="syz-executor.0" path="/dev/vbi1" dev="devtmpfs" ino=14864 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:v4l_device_t:s0 tclass=chr_file permissive=1
[  148.144778] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
07:54:51 executing program 0:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x1)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r1, 0x0, 0x0, 0x20000004, &(0x7f0000000000)={0xa, 0x4e22}, 0x1c)
getpgid(0x0)
openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000280))
read(r2, &(0x7f00000000c0)=""/11, 0x3ef)
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000040)={0x15})
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000))
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000280))
read(r4, &(0x7f00000000c0)=""/11, 0x3ef)
epoll_create1(0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000000))
getsockopt$IP_VS_SO_GET_VERSION(0xffffffffffffffff, 0x0, 0x480, &(0x7f0000000040), &(0x7f0000000080)=0x40)
r5 = accept4(r0, 0x0, 0x0, 0x0)
sendto$inet6(r5, &(0x7f0000000200)="e5b997fddd402f61a17706a1d4444ee1aa909bdd5b98c93789fd48f97cc7015e8483cc86c9818d14b23c3f7b41ba4391", 0xfffffdda, 0x8dffffff, 0x0, 0xfffffee0)

[  148.174209] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  148.189530] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  148.201041] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  148.209786] hrtimer: interrupt took 54990 ns
[  148.211961] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  148.225366] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  148.233740] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  148.246277] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  148.260933] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  148.268810] bridge0: port 2(bridge_slave_1) entered blocking state
[  148.275216] bridge0: port 2(bridge_slave_1) entered forwarding state
[  148.282955] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  148.290781] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  148.300459] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  148.310250] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  148.321144] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  148.329526] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  148.346496] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  148.355212] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  148.363258] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  148.371013] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  148.378458] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  148.386999] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  148.387263] audit: type=1400 audit(1568274892.060:40): avc:  denied  { create } for  pid=6901 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  148.394595] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  148.420459] audit: type=1400 audit(1568274892.100:41): avc:  denied  { write } for  pid=6901 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  148.431876] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  148.463397] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  148.476290] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  148.476638] audit: type=1400 audit(1568274892.150:42): avc:  denied  { read } for  pid=6901 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  148.495508] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  148.513402] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
07:54:52 executing program 4:
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
wait4(0x0, 0x0, 0x80000000, 0x0)
r0 = getpid()
tkill(r0, 0x0)
write$P9_RLOPEN(0xffffffffffffffff, &(0x7f0000000000)={0x18}, 0x18)
inotify_init()
rmdir(&(0x7f0000000200)='./file0\x00')

[  148.521086] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  148.528609] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  148.536990] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  148.555215] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  148.565818] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  148.586320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  148.596450] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  148.606519] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  148.614324] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  148.623898] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  148.629896] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  148.640254] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  148.649051] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  148.656110] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  148.663153] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  148.670936] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  148.678372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
07:54:52 executing program 4:
clone(0x20100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070")
dup2(0xffffffffffffffff, 0xffffffffffffffff)
write$ppp(0xffffffffffffffff, 0x0, 0x0)
r1 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="d3d2bb3c5a7100cd80"], 0x9}}, 0x0)
ptrace$setopts(0x4206, r1, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYRES16=0x0, @ANYBLOB="9c362dc6ea3930f2979db4b2055d848538df21a8c1e63674e01c375e21a8c6a49e8bec312540cf8408000000000000000000c76873f0fbe5e26196fd3c050000925b80515539b73c096d7092f3c9a73969aebba58f04b95f25866a22302de8d0ad473e937bdcc99ae3d4cf94e0e6234fa2a7967443b809060000f8b94784a5f1ac165735e7c5d780188fb7469ca95c97feca9e7fccca392df0400e2d4a2f84c90000000000", @ANYBLOB="e6c55c669eb82eec5101000180437a7462010000000000000029a741efca44f937d0492482"], 0x0, 0xa2, 0xfffffffffffffe35}, 0x20)
tkill(r1, 0x3b)
ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r1, 0x0, 0x0)
tkill(r1, 0x40)
socket$inet6(0xa, 0x0, 0x0)

[  148.686003] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  148.708628] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  148.722364] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  148.729869] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  148.741687] 8021q: adding VLAN 0 to HW filter on device batadv0
[  148.751162] 8021q: adding VLAN 0 to HW filter on device batadv0
[  148.757884] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  148.766794] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  148.780388] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
07:54:52 executing program 4:
r0 = add_key$user(&(0x7f0000000080)='user\x00', &(0x7f0000000300)={'syz', 0x3}, &(0x7f0000000200)='\x00', 0x1, 0xfffffffffffffffe)
io_setup(0x30, &(0x7f0000000180))
keyctl$update(0x2, r0, &(0x7f0000000240)="db40", 0x2)
r1 = add_key$user(&(0x7f00000003c0)='user\x00', &(0x7f0000000440)={'syz'}, &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xa2bd1d5677b481f6, 0x0)

[  148.786387] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  148.838517] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  148.854035] 8021q: adding VLAN 0 to HW filter on device batadv0
07:54:52 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="38f37fdba040c4d5415a871b0f013a"], 0x0, 0xf}, 0x20)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
open$dir(&(0x7f0000000080)='.\x00', 0x0, 0x0)
mkdirat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000015000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x80000000000000], 0x1f004})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000400))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  148.918636] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
07:54:52 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl(r1, 0x1000008912, &(0x7f0000000140)="11dca50d5e0bcfe47bf070")
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=@getlink={0x28, 0x12, 0x60d, 0x0, 0x0, {}, [@IFLA_MASTER={0x8}]}, 0x28}}, 0x0)

07:54:53 executing program 4:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup2(r0, r0)
r2 = open(&(0x7f000000fffa)='./bus\x00', 0x141042, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000080)=ANY=[@ANYBLOB="6e61853100022200000100000000000000000000e4dbb77487e9010400ffe83693c581180d260000011b2300000503f10000000000cc00ad5158c4efc60967000600000000001a000000080000f34f8dfac0dc1695"], 0x1)

07:54:53 executing program 5:
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
close(r0)
r1 = socket(0x11, 0x800000003, 0x81)
bind(r1, &(0x7f0000000000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0)
ftruncate(r2, 0x2008002)
sendfile(r0, r2, 0x0, 0x800000000008)
creat(&(0x7f0000000000)='./bus\x00', 0x0)

07:54:53 executing program 0:
r0 = syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0x1, 0x2)
ioctl$VIDIOC_QUERY_EXT_CTRL(r0, 0xc0e85667, &(0x7f0000000280)={0x308ff538d1c3ac19, 0x0, "61cad624e74851c1b32dfa2a853d47975b5cfd0e521347734ff69224c8706a18"})

07:54:53 executing program 1:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070")
syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0xa0c050, &(0x7f0000000800)={[{@quota='quota'}, {@pquota='pquota'}], [{@subj_type={'subj_type', 0x3d, '/dev/cec#\x00'}}, {@obj_role={'obj_role'}}, {@seclabel='seclabel'}]})

07:54:53 executing program 2:
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0)
fsync(0xffffffffffffffff)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0)
r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0)
mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x8, 0x10, 0xffffffffffffffff, 0x0)
write$P9_RREAD(0xffffffffffffffff, &(0x7f0000000300)=ANY=[], 0x0)
fsync(0xffffffffffffffff)
fallocate(r1, 0x0, 0x40000, 0xfff)
fallocate(r0, 0x0, 0x0, 0x110001)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000040)={0x0, r1})

07:54:53 executing program 3:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="38f37fdba040c4d5415a871b0f013a"], 0x0, 0xf}, 0x20)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000015000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f004})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_NMI(r3, 0xae9a)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000400)={[], 0x0, 0x9dc233d19ccbf5df})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:54:53 executing program 0:
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0)
fsync(0xffffffffffffffff)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0)
r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0)
mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x8, 0x10, 0xffffffffffffffff, 0x0)
write$P9_RREAD(0xffffffffffffffff, &(0x7f0000000300)=ANY=[], 0x0)
fsync(0xffffffffffffffff)
fallocate(r1, 0x0, 0x40000, 0xfff)
fallocate(r0, 0x0, 0x0, 0x110001)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000040)={0x0, r1})

[  149.956506] XFS (loop1): unknown mount option [subj_type=/dev/cec#].
07:54:53 executing program 4:
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
wait4(0x0, 0x0, 0x80000000, 0x0)
r0 = getpid()
tkill(r0, 0x0)
rmdir(&(0x7f0000000200)='./file0\x00')

[  150.087918] XFS (loop1): unknown mount option [subj_type=/dev/cec#].
07:54:53 executing program 4:
r0 = syz_open_dev$radio(&(0x7f0000000080)='/dev/radio#\x00', 0x3, 0x2)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f00000000c0)={0x5})

07:54:53 executing program 1:
r0 = socket$unix(0x1, 0x1, 0x0)
socket$unix(0x1, 0x0, 0x0)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
listen(0xffffffffffffffff, 0x0)
connect(r0, 0x0, 0x0)

07:54:53 executing program 2:
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='load '], 0x1, 0x0)
clone(0xffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0xca, 0xfffffffffffffffe)

07:54:53 executing program 4:
perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))

07:54:53 executing program 5:
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
close(r0)
r1 = socket(0x11, 0x800000003, 0x81)
bind(r1, &(0x7f0000000000)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x143042, 0x0)
ftruncate(r2, 0x2008002)
sendfile(r0, r2, 0x0, 0x800000000008)
creat(&(0x7f0000000000)='./bus\x00', 0x0)

07:54:54 executing program 0:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
pipe(&(0x7f0000000880)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write(r1, &(0x7f00000001c0), 0xfffffef3)
vmsplice(r0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9)

07:54:54 executing program 3:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="38f37fdba040c4d5415a871b0f013a"], 0x0, 0xf}, 0x20)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000015000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f004})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_NMI(r3, 0xae9a)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000400)={[], 0x0, 0x9dc233d19ccbf5df})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  150.301373] encrypted_key: master key parameter '' is invalid
[  150.340768] encrypted_key: master key parameter '' is invalid
07:54:54 executing program 2:
fchdir(0xffffffffffffffff)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getpid()
tkill(0x0, 0x9)
mknodat(0xffffffffffffffff, 0x0, 0xc000, 0x0)
write$P9_RLOPEN(0xffffffffffffffff, &(0x7f0000000000)={0x18}, 0x18)
rmdir(&(0x7f0000000200)='./file0\x00')

07:54:54 executing program 1:
open(0x0, 0x0, 0x0)
ioctl$TCFLSH(0xffffffffffffffff, 0x540b, 0x0)
r0 = gettid()
ptrace$peekuser(0x3, 0x0, 0x0)
timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000))
epoll_create1(0x0)
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0)
mount$9p_unix(0x0, 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0x1000000000016)

07:54:54 executing program 2:
fchdir(0xffffffffffffffff)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getpid()
tkill(0x0, 0x9)
mknodat(0xffffffffffffffff, 0x0, 0xc000, 0x0)
write$P9_RLOPEN(0xffffffffffffffff, &(0x7f0000000000)={0x18}, 0x18)
rmdir(&(0x7f0000000200)='./file0\x00')

07:54:54 executing program 4:
fchdir(0xffffffffffffffff)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
getpid()
tkill(0x0, 0x9)
mknodat(0xffffffffffffffff, 0x0, 0xc000, 0x0)
write$P9_RLOPEN(0xffffffffffffffff, &(0x7f0000000000)={0x18}, 0x18)
rmdir(&(0x7f0000000200)='./file0\x00')

07:54:54 executing program 1:
r0 = syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0x1, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000180)={0x0, 0x0, 0x0, {0x7, @vbi}})

07:54:54 executing program 4:
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0)
fsync(0xffffffffffffffff)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0)
r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0)
mmap(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
write$P9_RREAD(0xffffffffffffffff, 0x0, 0x0)
fallocate(r1, 0x0, 0x40000, 0xfff)
fallocate(r0, 0x0, 0x0, 0x110001)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000040)={0x0, r1})

07:54:54 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca50d5e0bcfe47bf070")
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = eventfd(0x3)
ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000080)={r3})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_IRQFD(r5, 0x4020ae76, &(0x7f00000000c0)={r3})

07:54:54 executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f0000000080)={0x11, 0x4, 0x4, 0xfd23, 0x0, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x3c)
pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0)

07:54:54 executing program 5:
syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0)
r0 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0)
ioctl$BINDER_GET_NODE_INFO_FOR_REF(r0, 0xc018620c, &(0x7f0000000040))

07:54:54 executing program 1:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000400)={0xa, 0x4e24, 0x40, @remote, 0x4}, 0x1c)
r1 = socket$packet(0x11, 0x2, 0x300)
getsockname(r1, &(0x7f0000000140)=@in={0x2, 0x0, @loopback}, &(0x7f00000001c0)=0x80)
r2 = socket(0x2000000400000018, 0x0, 0x3)
connect(r2, &(0x7f0000000080)=@pppoe={0x18, 0x0, {0x0, @empty, 'syzkaller0\x00'}}, 0x80)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r2, 0x10e, 0x2, &(0x7f0000000380)=0xb, 0x4)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0)
fchdir(r3)
syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0)
r4 = getpid()
sched_setattr(r4, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuset.effective_mems\x00', 0x0, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r5, 0x10e, 0x2, &(0x7f0000000100)=0x15, 0x4)
r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='smaps\x00')
preadv(r6, &(0x7f0000000480), 0x100000000000022c, 0x6c00000000000000)
r7 = perf_event_open$cgroup(&(0x7f0000000300)={0x5, 0x70, 0x7, 0x5, 0x4, 0x5, 0x0, 0x8, 0x1010, 0x4, 0x101, 0x3, 0x5e, 0x3, 0xffffffffffff1821, 0x0, 0xfff, 0x7e6, 0x1, 0x1, 0x5, 0x8000, 0x10000, 0x100000000, 0xfe, 0x3, 0x3, 0x1, 0x7, 0x8, 0x9, 0x5311066e, 0x3, 0x9, 0x81, 0x2, 0x1, 0x5, 0x0, 0x71cff475, 0x0, @perf_config_ext={0x80000001, 0x1}, 0x200, 0x1f, 0x3, 0x9, 0x9, 0xd7e9, 0x2}, r5, 0xf, r6, 0x8)
perf_event_open(&(0x7f0000000280)={0x2, 0x70, 0x1, 0x7, 0x2, 0x2000000, 0x0, 0x4, 0xcdc8cdfc62afa4ec, 0x3, 0x4, 0x5, 0x20, 0xfffffffffffffffb, 0x1, 0x3, 0xfffffffffffffffa, 0x5ee9, 0x2, 0x4, 0x2, 0xc, 0x7ff, 0x2, 0x0, 0x7, 0x6, 0x4, 0x0, 0x800, 0x401, 0x40, 0x2000000, 0x8, 0x1, 0x3, 0x100, 0x200, 0x0, 0x9, 0x0, @perf_config_ext={0x1}, 0x0, 0x3, 0x1f, 0xedca8bb9c9470472, 0xc, 0xffff, 0x3}, r4, 0x8, r7, 0xe)
r8 = syz_open_procfs(0x0, &(0x7f00000000c0)='smaps\x00')
preadv(r8, &(0x7f0000000480), 0x100000000000022c, 0x6c00000000000000)
mkdirat(r8, &(0x7f0000000440)='./file2\x00', 0x25e758f34c0164b5)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000500)={@local, @local, <r9=>0x0}, &(0x7f0000000580)=0xc)
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000005c0)={@ipv4={[], [], @loopback}, @local, @remote, 0x5, 0x3, 0xc0, 0x500, 0x2, 0x4, r9})
pipe(&(0x7f0000000080)={<r10=>0xffffffffffffffff})
socket$inet6(0xa, 0x40809, 0x81)
bind$bt_sco(r10, &(0x7f00000000c0)={0x1f, {0x5, 0x8, 0x6129, 0x0, 0x8, 0x80000000}}, 0x8)
umount2(&(0x7f0000000540)='./file0\x00', 0x4)
quotactl(0x0, &(0x7f0000000480)='./file1\x00', 0x0, 0x0)

[  150.732603] irq bypass consumer (token ffff8880a7fd4880) registration fails: -16
[  150.767286] binder: 7069:7071 ioctl c018620c 20000040 returned -22
[  150.814462] binder: 7069:7073 ioctl c018620c 20000040 returned -22
[  151.030303] protocol 88fb is buggy, dev hsr_slave_0
[  151.035517] protocol 88fb is buggy, dev hsr_slave_1
[  151.110495] protocol 88fb is buggy, dev hsr_slave_0
[  151.115605] protocol 88fb is buggy, dev hsr_slave_1
07:54:54 executing program 0:
r0 = add_key$user(&(0x7f0000000080)='user\x00', &(0x7f0000000300)={'syz', 0x3}, &(0x7f0000000200)='\x00', 0x1, 0xfffffffffffffffe)
io_setup(0x30, &(0x7f0000000180))
r1 = add_key$user(&(0x7f00000003c0)='user\x00', &(0x7f0000000440)={'syz'}, &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000140)={r0, r1, r0}, &(0x7f00000000c0)=""/83, 0xa2bd1d5677b481f6, 0x0)

07:54:54 executing program 3:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="38f37fdba040c4d5415a871b0f013a"], 0x0, 0xf}, 0x20)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000015000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f004})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_NMI(r3, 0xae9a)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000400)={[], 0x0, 0x9dc233d19ccbf5df})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:54:54 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000180)={0x0, 0x119000})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000012000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000040)="0f20c2f00fbbb2070065f30fc7fbba6100b071ee3ed9d00f78f60f01c30f01c30fc71e1e5a", 0xfffffffffffffddc}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

07:54:54 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f0000000040)={0x7b, 0x5, [0x277], [0xc1]})

07:54:54 executing program 4:
r0 = socket(0x10, 0x80002, 0x0)
bind$netlink(r0, &(0x7f00000004c0)={0x10, 0x0, 0x1}, 0xc)
write(r0, &(0x7f0000000340)="2600000022004701050000000000000005006d20002b5fee839cd53400b017ca5b0000000000", 0x26)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000b4bffc), 0x4)
sendto(r0, &(0x7f0000000340), 0xac, 0x0, 0x0, 0xfffffffffffffe73)
recvmmsg(r0, &(0x7f0000000780), 0x3ffffffffffff81, 0x0, 0x0)

07:54:54 executing program 1:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000400)={0xa, 0x4e24, 0x40, @remote, 0x4}, 0x1c)
r1 = socket$packet(0x11, 0x2, 0x300)
getsockname(r1, &(0x7f0000000140)=@in={0x2, 0x0, @loopback}, &(0x7f00000001c0)=0x80)
r2 = socket(0x2000000400000018, 0x0, 0x3)
connect(r2, &(0x7f0000000080)=@pppoe={0x18, 0x0, {0x0, @empty, 'syzkaller0\x00'}}, 0x80)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r2, 0x10e, 0x2, &(0x7f0000000380)=0xb, 0x4)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0)
fchdir(r3)
syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0)
r4 = getpid()
sched_setattr(r4, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuset.effective_mems\x00', 0x0, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r5, 0x10e, 0x2, &(0x7f0000000100)=0x15, 0x4)
r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='smaps\x00')
preadv(r6, &(0x7f0000000480), 0x100000000000022c, 0x6c00000000000000)
r7 = perf_event_open$cgroup(&(0x7f0000000300)={0x5, 0x70, 0x7, 0x5, 0x4, 0x5, 0x0, 0x8, 0x1010, 0x4, 0x101, 0x3, 0x5e, 0x3, 0xffffffffffff1821, 0x0, 0xfff, 0x7e6, 0x1, 0x1, 0x5, 0x8000, 0x10000, 0x100000000, 0xfe, 0x3, 0x3, 0x1, 0x7, 0x8, 0x9, 0x5311066e, 0x3, 0x9, 0x81, 0x2, 0x1, 0x5, 0x0, 0x71cff475, 0x0, @perf_config_ext={0x80000001, 0x1}, 0x200, 0x1f, 0x3, 0x9, 0x9, 0xd7e9, 0x2}, r5, 0xf, r6, 0x8)
perf_event_open(&(0x7f0000000280)={0x2, 0x70, 0x1, 0x7, 0x2, 0x2000000, 0x0, 0x4, 0xcdc8cdfc62afa4ec, 0x3, 0x4, 0x5, 0x20, 0xfffffffffffffffb, 0x1, 0x3, 0xfffffffffffffffa, 0x5ee9, 0x2, 0x4, 0x2, 0xc, 0x7ff, 0x2, 0x0, 0x7, 0x6, 0x4, 0x0, 0x800, 0x401, 0x40, 0x2000000, 0x8, 0x1, 0x3, 0x100, 0x200, 0x0, 0x9, 0x0, @perf_config_ext={0x1}, 0x0, 0x3, 0x1f, 0xedca8bb9c9470472, 0xc, 0xffff, 0x3}, r4, 0x8, r7, 0xe)
r8 = syz_open_procfs(0x0, &(0x7f00000000c0)='smaps\x00')
preadv(r8, &(0x7f0000000480), 0x100000000000022c, 0x6c00000000000000)
mkdirat(r8, &(0x7f0000000440)='./file2\x00', 0x25e758f34c0164b5)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000500)={@local, @local, <r9=>0x0}, &(0x7f0000000580)=0xc)
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000005c0)={@ipv4={[], [], @loopback}, @local, @remote, 0x5, 0x3, 0xc0, 0x500, 0x2, 0x4, r9})
pipe(&(0x7f0000000080)={<r10=>0xffffffffffffffff})
socket$inet6(0xa, 0x40809, 0x81)
bind$bt_sco(r10, &(0x7f00000000c0)={0x1f, {0x5, 0x8, 0x6129, 0x0, 0x8, 0x80000000}}, 0x8)
umount2(&(0x7f0000000540)='./file0\x00', 0x4)
quotactl(0x0, &(0x7f0000000480)='./file1\x00', 0x0, 0x0)

07:54:55 executing program 2:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000400)={0xa, 0x4e24, 0x40, @remote, 0x4}, 0x1c)
r1 = socket$packet(0x11, 0x2, 0x300)
getsockname(r1, &(0x7f0000000140)=@in={0x2, 0x0, @loopback}, &(0x7f00000001c0)=0x80)
r2 = socket(0x2000000400000018, 0x0, 0x3)
connect(r2, &(0x7f0000000080)=@pppoe={0x18, 0x0, {0x0, @empty, 'syzkaller0\x00'}}, 0x80)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r2, 0x10e, 0x2, &(0x7f0000000380)=0xb, 0x4)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0)
fchdir(r3)
syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0)
r4 = getpid()
sched_setattr(r4, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuset.effective_mems\x00', 0x0, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r5, 0x10e, 0x2, &(0x7f0000000100)=0x15, 0x4)
r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='smaps\x00')
preadv(r6, &(0x7f0000000480), 0x100000000000022c, 0x6c00000000000000)
r7 = perf_event_open$cgroup(&(0x7f0000000300)={0x5, 0x70, 0x7, 0x5, 0x4, 0x5, 0x0, 0x8, 0x1010, 0x4, 0x101, 0x3, 0x5e, 0x3, 0xffffffffffff1821, 0x0, 0xfff, 0x7e6, 0x1, 0x1, 0x5, 0x8000, 0x10000, 0x100000000, 0xfe, 0x3, 0x3, 0x1, 0x7, 0x8, 0x9, 0x5311066e, 0x3, 0x9, 0x81, 0x2, 0x1, 0x5, 0x0, 0x71cff475, 0x0, @perf_config_ext={0x80000001, 0x1}, 0x200, 0x1f, 0x3, 0x9, 0x9, 0xd7e9, 0x2}, r5, 0xf, r6, 0x8)
perf_event_open(&(0x7f0000000280)={0x2, 0x70, 0x1, 0x7, 0x2, 0x2000000, 0x0, 0x4, 0xcdc8cdfc62afa4ec, 0x3, 0x4, 0x5, 0x20, 0xfffffffffffffffb, 0x1, 0x3, 0xfffffffffffffffa, 0x5ee9, 0x2, 0x4, 0x2, 0xc, 0x7ff, 0x2, 0x0, 0x7, 0x6, 0x4, 0x0, 0x800, 0x401, 0x40, 0x2000000, 0x8, 0x1, 0x3, 0x100, 0x200, 0x0, 0x9, 0x0, @perf_config_ext={0x1}, 0x0, 0x3, 0x1f, 0xedca8bb9c9470472, 0xc, 0xffff, 0x3}, r4, 0x8, r7, 0xe)
r8 = syz_open_procfs(0x0, &(0x7f00000000c0)='smaps\x00')
preadv(r8, &(0x7f0000000480), 0x100000000000022c, 0x6c00000000000000)
mkdirat(r8, &(0x7f0000000440)='./file2\x00', 0x25e758f34c0164b5)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000500)={@local, @local, <r9=>0x0}, &(0x7f0000000580)=0xc)
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000005c0)={@ipv4={[], [], @loopback}, @local, @remote, 0x5, 0x3, 0xc0, 0x500, 0x2, 0x4, r9})
pipe(&(0x7f0000000080)={<r10=>0xffffffffffffffff})
socket$inet6(0xa, 0x40809, 0x81)
bind$bt_sco(r10, &(0x7f00000000c0)={0x1f, {0x5, 0x8, 0x6129, 0x0, 0x8, 0x80000000}}, 0x8)
umount2(&(0x7f0000000540)='./file0\x00', 0x4)
quotactl(0x0, &(0x7f0000000480)='./file1\x00', 0x0, 0x0)

[  151.287884] kvm: emulating exchange as write
07:54:55 executing program 0:
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e23, @rand_addr=0x6}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
r1 = memfd_create(&(0x7f0000000b80)='-\'\x00\x10\f\xdex\xf5\a\xd91\xc4dT\x12P\xc6\x89\x0e\x83\xe7\x1b\xbd\xa5\xb4\xc2H\r\xe1\x8e[\xd6\x11\xfb\xfe&\xd2\x18\x88\x97\xea\x8eD\"\x9a\xfbpk\x18\xcb\xb3rR`\xa4\xbbzM\x84\xfb\xbd\xe3c\xe09\xd0\xc4\t\xaf\bC\x81\xb7\x05E\x8c\x8a$\x84\xe3\x06-61\x13\xeb\xc9\xb8\xe4\xea\aSs\rqM\xbbQ\xa6o\x9e!S\x17`\x18V\xbe\xb8N\xad\r9\x15\x8f\x92\x9b\'\xb7\xf2j\xa16\x04w\xc3\f</%\xe5A\xe3p\x1b\xdf\xf9\xa6\xac\xbef\xe5T\xc9\xdcMwM\x12\xab\xe0\xbe\xc1xc\xb2\xed\xd4v\x89\x96\xbb\xb5AOg\xc1\xe1\xf9c\xf2\xc8\x86d\xbe\x18\xc3[\xa0As\xd2\xc2\xe8cJ\x98\xa04[cO\xfc', 0x0)
write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000640)=ANY=[@ANYBLOB="960cfa8f7b900487c6df5892d92f7c6a7f411929a306c762a1ba2bf05daa7fa9cb000026ddb765c68f0d31816b1b78a5f4d96efb725ef8f059ecb71a01095f6993be03eb70bffc6e6135c7ca564920307ea0c8d28bb8a17a39cc0ac2b0469fe20ac981929eeb4e9c0000000000000000ef7ec5ee059b59181444a0729319d93bafa591a6ad306d070e7a2e1e803634f16f1f98a841614e51d23b19a1ac7f3d961509008fb15fff352a6809fe36bc5bba78c652fea0ff09e659dc86fab8352de1360e72785110bc0556e6d853b27e199245d4b597380bc21ae88f4cb985a413da11fb0a73a46ef080588c2698200f2724eb42074e58e49cec4fea44276281866fbed1beea017b0200c211a6000000389bdc0df6b291d0a9c91f000009000000000000000000161dbf830202ce57b0bbb7ab66ab4867e42b4418b46d2d5d9d1f7d0abb3365d60900000000000000c30b2fa268490b6057691e5dfc485cde1ab8f629a5e87718a7372ef94bd5d76f03e08dd395ed7989095b37510f179b1ac04d4b24ada6355635bb8f6485955b8db63ded0fca373e6f00d66e41e85412340b2d1c3349c6e73bd8ff012780793b744f27a9e9ec38b26e30cebc010b73223f0ff4a2aa26119f20db714a155ac803373c80d0759850a2496b4bdf9af6cf0f3f4f2fad274773ccd8bd2a0a5eed026a1a09d9185b8b90f335dcc97fc264eb776e390656e368f3349f84a795bef646a787761a556f8581fb7400000000000000000000000000000000da51620cfbfa85eb644853660bb9fb921d29a52b7a3f37ca1397f620f004dfd3e3a3467eacb7915900dfdea6c1a2ceabfd9cea7d928fd5d7d8fdde821ef3d1fb1d5a6802a11b919aca0d58a84f932a87f4b59a165f05a24bc578419fb004ae0d1b3d00f54d714cb00f1ffdddd4d2792a5bc9ac2347a529072f8f9cac44c871d432aa5bd33a331537bb849210b0571723573c1562482d0fb4454134f206d051a8874064fa6787298c6da4d851859ee04ab9ec3ba54748cf6f340342edaad1da685eee06d15d0b784295fe299645d2adf6dcddb3c91557c9ad5b1594a9b15f23"], 0x7)
mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x12, r1, 0x0)
r2 = socket(0x100000000018, 0x0, 0x4)
connect(r2, &(0x7f0000000000)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0xe)

[  151.350550] protocol 88fb is buggy, dev hsr_slave_0
[  151.356008] protocol 88fb is buggy, dev hsr_slave_1
07:54:55 executing program 3:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="38f37fdba040c4d5415a871b0f013a"], 0x0, 0xf}, 0x20)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000015000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f004})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_NMI(r3, 0xae9a)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  151.413026] audit: type=1400 audit(1568274895.090:43): avc:  denied  { map } for  pid=7108 comm="syz-executor.0" path=2F6D656D66643A2D27202864656C6574656429 dev="tmpfs" ino=26865 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=file permissive=1
07:54:55 executing program 0:
perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x10, 0x2000000000000002, 0x0)
sendmsg(r0, &(0x7f0000000080)={0x0, 0x65, &(0x7f0000000140)=[{&(0x7f00000000c0)="2f0000001d0005c5ffffff000d0000000200001f01000000000002c9130001000000000050800000d18e1092e0c875", 0x64b}], 0x1}, 0x0)

07:54:55 executing program 1:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000400)={0xa, 0x4e24, 0x40, @remote, 0x4}, 0x1c)
r1 = socket$packet(0x11, 0x2, 0x300)
getsockname(r1, &(0x7f0000000140)=@in={0x2, 0x0, @loopback}, &(0x7f00000001c0)=0x80)
r2 = socket(0x2000000400000018, 0x0, 0x3)
connect(r2, &(0x7f0000000080)=@pppoe={0x18, 0x0, {0x0, @empty, 'syzkaller0\x00'}}, 0x80)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r2, 0x10e, 0x2, &(0x7f0000000380)=0xb, 0x4)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0)
fchdir(r3)
syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0)
r4 = getpid()
sched_setattr(r4, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuset.effective_mems\x00', 0x0, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r5, 0x10e, 0x2, &(0x7f0000000100)=0x15, 0x4)
r6 = syz_open_procfs(0x0, &(0x7f00000000c0)='smaps\x00')
preadv(r6, &(0x7f0000000480), 0x100000000000022c, 0x6c00000000000000)
r7 = perf_event_open$cgroup(&(0x7f0000000300)={0x5, 0x70, 0x7, 0x5, 0x4, 0x5, 0x0, 0x8, 0x1010, 0x4, 0x101, 0x3, 0x5e, 0x3, 0xffffffffffff1821, 0x0, 0xfff, 0x7e6, 0x1, 0x1, 0x5, 0x8000, 0x10000, 0x100000000, 0xfe, 0x3, 0x3, 0x1, 0x7, 0x8, 0x9, 0x5311066e, 0x3, 0x9, 0x81, 0x2, 0x1, 0x5, 0x0, 0x71cff475, 0x0, @perf_config_ext={0x80000001, 0x1}, 0x200, 0x1f, 0x3, 0x9, 0x9, 0xd7e9, 0x2}, r5, 0xf, r6, 0x8)
perf_event_open(&(0x7f0000000280)={0x2, 0x70, 0x1, 0x7, 0x2, 0x2000000, 0x0, 0x4, 0xcdc8cdfc62afa4ec, 0x3, 0x4, 0x5, 0x20, 0xfffffffffffffffb, 0x1, 0x3, 0xfffffffffffffffa, 0x5ee9, 0x2, 0x4, 0x2, 0xc, 0x7ff, 0x2, 0x0, 0x7, 0x6, 0x4, 0x0, 0x800, 0x401, 0x40, 0x2000000, 0x8, 0x1, 0x3, 0x100, 0x200, 0x0, 0x9, 0x0, @perf_config_ext={0x1}, 0x0, 0x3, 0x1f, 0xedca8bb9c9470472, 0xc, 0xffff, 0x3}, r4, 0x8, r7, 0xe)
r8 = syz_open_procfs(0x0, &(0x7f00000000c0)='smaps\x00')
preadv(r8, &(0x7f0000000480), 0x100000000000022c, 0x6c00000000000000)
mkdirat(r8, &(0x7f0000000440)='./file2\x00', 0x25e758f34c0164b5)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, &(0x7f0000000500)={@local, @local, <r9=>0x0}, &(0x7f0000000580)=0xc)
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000005c0)={@ipv4={[], [], @loopback}, @local, @remote, 0x5, 0x3, 0xc0, 0x500, 0x2, 0x4, r9})
pipe(&(0x7f0000000080)={<r10=>0xffffffffffffffff})
socket$inet6(0xa, 0x40809, 0x81)
bind$bt_sco(r10, &(0x7f00000000c0)={0x1f, {0x5, 0x8, 0x6129, 0x0, 0x8, 0x80000000}}, 0x8)
umount2(&(0x7f0000000540)='./file0\x00', 0x4)
quotactl(0x0, &(0x7f0000000480)='./file1\x00', 0x0, 0x0)

07:54:55 executing program 0:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
mkdir(&(0x7f0000001540)='./file0\x00', 0x0)
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)

07:54:55 executing program 3:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="38f37fdba040c4d5415a871b0f013a"], 0x0, 0xf}, 0x20)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000015000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f004})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_NMI(r3, 0xae9a)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:54:55 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x0)
setsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
ptrace$getregset(0x4204, 0x0, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r1, 0x0, 0xfffffffffffffdc6, 0x20000004, &(0x7f0000000280)={0xa, 0x4e22}, 0x1c)
setsockopt$inet6_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, 0x0, 0x0)
accept4(r0, &(0x7f0000000040)=@vsock={0x28, 0x0, 0x0, @hyper}, &(0x7f00000000c0)=0x80, 0x0)
recvfrom$inet6(r1, 0x0, 0x0, 0x100, &(0x7f0000001880), 0x1c)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0xfffff00c}, {0x80000006}]}, 0x10)
socket$packet(0x11, 0x0, 0x300)
socket$packet(0x11, 0x0, 0x300)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bind$packet(0xffffffffffffffff, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)

[  151.750145] protocol 88fb is buggy, dev hsr_slave_0
[  151.755270] protocol 88fb is buggy, dev hsr_slave_1
[  151.777277] FAT-fs (loop0): error, invalid access to FAT (entry 0x00006500)
[  151.831784] FAT-fs (loop0): Filesystem has been set read-only
[  151.835306] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  151.862402] FAT-fs (loop0): error, invalid access to FAT (entry 0x00006500)
[  151.901087] FAT-fs (loop0): error, invalid access to FAT (entry 0x00006500)
[  151.916583] FAT-fs (loop0): error, invalid access to FAT (entry 0x00006500)
[  151.925824] FAT-fs (loop0): error, invalid access to FAT (entry 0x00006500)
07:54:55 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000180)={0x0, 0x119000})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000012000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000040)="0f20c2f00fbbb2070065f30fc7fbba6100b071ee3ed9d00f78f60f01c30f01c30fc71e1e5a", 0xfffffffffffffddc}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  152.070125] protocol 88fb is buggy, dev hsr_slave_0
[  152.075287] protocol 88fb is buggy, dev hsr_slave_1
07:54:55 executing program 1:
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$inet_udp(0x2, 0x2, 0x0)
write$P9_RWALK(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB='\\'], 0x27b)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
connect$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10)
splice(r0, 0x0, r2, 0x0, 0x10002, 0x0)

07:54:55 executing program 3:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="38f37fdba040c4d5415a871b0f013a"], 0x0, 0xf}, 0x20)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000015000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f004})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_NMI(r3, 0xae9a)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:54:55 executing program 0:
syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
fchdir(r0)
mkdir(&(0x7f0000001540)='./file0\x00', 0x0)
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)

07:54:55 executing program 4:
perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
getsockname(0xffffffffffffffff, &(0x7f0000000140)=@in={0x2, 0x0, @loopback}, &(0x7f00000001c0)=0x80)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x2, &(0x7f0000000380)=0xb, 0x4)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000003c0)='./cgroup\x00', 0x200002, 0x0)
fchdir(r0)
syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f00000004c0)='./file0\x00', 0xe000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270f7f8", 0x16}], 0x0, 0x0)
r1 = getpid()
sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(0xffffffffffffffff, 0x10e, 0x2, &(0x7f0000000100)=0x15, 0x4)
preadv(0xffffffffffffffff, &(0x7f0000000480), 0x100000000000022c, 0x0)
perf_event_open$cgroup(&(0x7f0000000300)={0x5, 0x70, 0x7, 0x5, 0x4, 0x5, 0x0, 0x8, 0x1010, 0x0, 0x101, 0x3, 0x5e, 0x3, 0xffffffffffff1821, 0x0, 0xfff, 0x7e6, 0x1, 0x0, 0x5, 0x8000, 0x0, 0x100000000, 0xfe, 0x3, 0x3, 0x1, 0x7, 0x8, 0x9, 0x5311066e, 0x3, 0x9, 0x81, 0x2, 0x1, 0x5, 0x0, 0x71cff475, 0x0, @perf_config_ext={0x80000001, 0x1}, 0x200, 0x1f, 0x3, 0x9, 0x9, 0xd7e9, 0x2}, 0xffffffffffffffff, 0xf, 0xffffffffffffffff, 0x8)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='smaps\x00')
preadv(r2, &(0x7f0000000480), 0x100000000000022c, 0x6c00000000000000)
mkdirat(r2, &(0x7f0000000440)='./file2\x00', 0x25e758f34c0164b5)
pipe(&(0x7f0000000080)={<r3=>0xffffffffffffffff})
bind$bt_sco(r3, 0x0, 0x0)
umount2(&(0x7f0000000540)='./file0\x00', 0x4)
quotactl(0x0, &(0x7f0000000480)='./file1\x00', 0x0, 0x0)

07:54:55 executing program 3:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="38f37fdba040c4d5415a871b0f013a"], 0x0, 0xf}, 0x20)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000015000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f004})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000400)={[], 0x0, 0x9dc233d19ccbf5df})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:54:55 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000180)={0x0, 0x119000})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000012000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, &(0x7f0000000040)="0f20c2f00fbbb2070065f30fc7fbba6100b071ee3ed9d00f78f60f01c30f01c30fc71e1e5a", 0xfffffffffffffddc}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

07:54:56 executing program 3:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="38f37fdba040c4d5415a871b0f013a"], 0x0, 0xf}, 0x20)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000015000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f004})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000400)={[], 0x0, 0x9dc233d19ccbf5df})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:54:56 executing program 4:
r0 = socket$packet(0x11, 0xa, 0x300)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x28, 0x0, 0x0, 0x2000000fffff024}, {0x80000006}]}, 0x10)
syz_emit_ethernet(0xe, &(0x7f0000000080)=ANY=[@ANYBLOB="ffffaaaaaa000900"], 0x0)

07:54:56 executing program 3:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="38f37fdba040c4d5415a871b0f013a"], 0x0, 0xf}, 0x20)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000015000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f004})
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000400)={[], 0x0, 0x9dc233d19ccbf5df})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

07:54:56 executing program 3:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="38f37fdba040c4d5415a871b0f013a"], 0x0, 0xf}, 0x20)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000040)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000015000/0x1000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f004})
ioctl$KVM_NMI(r3, 0xae9a)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000400)={[], 0x0, 0x9dc233d19ccbf5df})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[  152.614285] ==================================================================
[  152.621835] BUG: KASAN: use-after-free in tcp_ack+0x414f/0x4760
[  152.627896] Read of size 4 at addr ffff8880a60fc56c by task syz-executor.2/7145
[  152.635332] 
[  152.635347] CPU: 1 PID: 7145 Comm: syz-executor.2 Not tainted 4.14.143 #0
[  152.635352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  152.635355] Call Trace:
[  152.635363]  <IRQ>
[  152.643904]  dump_stack+0x138/0x197
[  152.643917]  ? tcp_ack+0x414f/0x4760
[  152.643930]  print_address_description.cold+0x7c/0x1dc
[  152.670554]  ? tcp_ack+0x414f/0x4760
[  152.674267]  kasan_report.cold+0xa9/0x2af
[  152.678415]  __asan_report_load4_noabort+0x14/0x20
[  152.682227] *** Guest State ***
[  152.683341]  tcp_ack+0x414f/0x4760
[  152.683368]  ? tcp_fastretrans_alert+0x2620/0x2620
[  152.688893] CR0: actual=0x0000000000000030, shadow=0x0000000060000010, gh_mask=fffffffffffffff7
[  152.690156]  ? save_trace+0x290/0x290
[  152.690182]  tcp_rcv_established+0x3e9/0x1650
[  152.690191]  ? rt6_check_expired+0xa5/0x160
[  152.690205]  ? tcp_data_queue+0x3730/0x3730
[  152.696557] CR4: actual=0x0000000000002050, shadow=0x0000000000000000, gh_mask=ffffffffffffe871
[  152.703933]  ? ip6_dst_check+0x16a/0x2c0
[  152.703946]  tcp_v6_do_rcv+0x417/0x1190
[  152.703958]  tcp_v6_rcv+0x2446/0x2ed0
[  152.703966]  ? save_trace+0x290/0x290
[  152.703989]  ip6_input_finish+0x300/0x15a0
[  152.715559] CR3 = 0x00000000fffbc000
[  152.716560]  ip6_input+0xd5/0x340
[  152.716571]  ? ip6_input_finish+0x15a0/0x15a0
[  152.726473] RSP = 0x0000000000000000  RIP = 0x0000000000000000
[  152.729688]  ? ipv6_rcv+0x16aa/0x1d20
[  152.729699]  ? ip6_rcv_finish+0x7a0/0x7a0
[  152.729712]  ip6_rcv_finish+0x23f/0x7a0
[  152.729724]  ipv6_rcv+0xe4d/0x1d20
[  152.741722] RFLAGS=0x9dc233d19ccbf5df         DR7 = 0x0000000000000400
[  152.745301]  ? lock_downgrade+0x6e0/0x6e0
[  152.745311]  ? percpu_ida_for_each_free+0x2b8/0x524
[  152.745324]  ? ip6_input+0x340/0x340
[  152.745335]  ? ip6_make_skb+0x410/0x410
[  152.754072] Sysenter RSP=0000000000000000 CS:RIP=0000:0000000000000000
[  152.756677]  ? ip6_input+0x340/0x340
[  152.756691]  __netif_receive_skb_core+0x1eae/0x2ca0
[  152.756699]  ? trace_hardirqs_on+0x10/0x10
[  152.756712]  ? enqueue_to_backlog+0xcc0/0xcc0
[  152.769159] CS:   sel=0xf000, attr=0x0009b, limit=0x0000ffff, base=0x00000000ffff0000
[  152.770945]  ? process_backlog+0x43e/0x730
[  152.770959]  ? lock_acquire+0x16f/0x430
[  152.770970]  __netif_receive_skb+0x2c/0x1b0
[  152.770978]  ? __netif_receive_skb+0x2c/0x1b0
[  152.770987]  process_backlog+0x21f/0x730
[  152.770994]  ? mark_held_locks+0xb1/0x100
[  152.771011]  net_rx_action+0x490/0xf80
[  152.778738] DS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  152.779103]  ? napi_complete_done+0x4f0/0x4f0
[  152.787207] SS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  152.789266]  ? rcu_lockdep_current_cpu_online+0xf2/0x140
[  152.789280]  __do_softirq+0x244/0x9a0
[  152.789295]  ? ip6_finish_output2+0x9c0/0x21b0
[  152.789305]  do_softirq_own_stack+0x2a/0x40
[  152.800242] ES:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  152.802119]  </IRQ>
[  152.802131]  do_softirq.part.0+0x10e/0x160
[  152.802141]  __local_bh_enable_ip+0x154/0x1a0
[  152.802150]  ip6_finish_output2+0x9f3/0x21b0
[  152.802163]  ? ip6_forward_finish+0x480/0x480
[  152.808399] FS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  152.812765]  ? __lock_is_held+0xb6/0x140
[  152.812776]  ? check_preemption_disabled+0x3c/0x250
[  152.812791]  ip6_finish_output+0x4f4/0xb50
[  152.812798]  ? ip6_finish_output+0x4f4/0xb50
[  152.812809]  ip6_output+0x20f/0x6d0
[  152.812817]  ? ip6_finish_output+0xb50/0xb50
[  152.812826]  ? __lock_is_held+0xb6/0x140
[  152.821027] GS:   sel=0x0000, attr=0x00093, limit=0x0000ffff, base=0x0000000000000000
[  152.821512]  ? check_preemption_disabled+0x3c/0x250
[  152.821526]  ? ip6_fragment+0x32c0/0x32c0
[  152.831474] GDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  152.838168]  ? rcu_lockdep_current_cpu_online+0xf2/0x140
[  152.838180]  ip6_xmit+0xd53/0x1eb0
[  152.838198]  ? ip6_finish_output2+0x21b0/0x21b0
[  152.853703] LDTR: sel=0x0000, attr=0x00082, limit=0x0000ffff, base=0x0000000000000000
[  152.855148]  ? ip6_dst_check+0x116/0x2c0
[  152.855160]  ? save_trace+0x290/0x290
[  152.855170]  ? ip6_append_data+0x2f0/0x2f0
[  152.855181]  ? __lock_is_held+0xb6/0x140
[  152.861516] IDTR:                           limit=0x0000ffff, base=0x0000000000000000
[  152.863349]  ? check_preemption_disabled+0x3c/0x250
[  152.863368]  inet6_csk_xmit+0x286/0x4d0
[  152.863379]  ? inet6_csk_update_pmtu+0x140/0x140
[  152.869539] TR:   sel=0x0000, attr=0x0008b, limit=0x0000ffff, base=0x0000000000000000
[  152.875188]  ? tcp_md5_do_lookup+0x1d3/0x530
[  152.875209]  __tcp_transmit_skb+0x172c/0x2fe0
[  152.875228]  ? __tcp_select_window+0x6e0/0x6e0
[  152.875240]  ? kvm_clock_read+0x23/0x40
[  152.875252]  ? sched_clock_cpu+0x1b/0x1c0
[  152.886654] EFER =     0x0000000000000000  PAT = 0x0007040600070406
[  152.887695]  ? tcp_small_queue_check+0x184/0x1e0
[  152.887706]  tcp_write_xmit+0x523/0x4960
[  152.887716]  ? tcp_v6_md5_lookup+0x23/0x30
[  152.887727]  ? tcp_established_options+0x2c5/0x420
[  152.899954] DebugCtl = 0x0000000000000000  DebugExceptions = 0x0000000000000000
[  152.901508]  ? tcp_current_mss+0x1b1/0x2f0
[  152.901525]  __tcp_push_pending_frames+0xa6/0x260
[  152.901535]  tcp_send_fin+0x17e/0xc40
[  152.901547]  tcp_close+0xcc8/0xfb0
[  152.901557]  ? lock_acquire+0x16f/0x430
[  152.901567]  ? ip_mc_drop_socket+0x1d6/0x230
[  152.909414] Interruptibility = 00000000  ActivityState = 00000000
[  152.913817]  inet_release+0xec/0x1c0
[  152.913829]  inet6_release+0x53/0x80
[  152.913839]  __sock_release+0xce/0x2b0
[  152.913848]  ? __sock_release+0x2b0/0x2b0
[  152.913854]  sock_close+0x1b/0x30
[  152.913864]  __fput+0x275/0x7a0
[  152.920602] *** Host State ***
[  152.924790]  ____fput+0x16/0x20
[  152.924801]  task_work_run+0x114/0x190
[  152.924817]  exit_to_usermode_loop+0x1da/0x220
[  152.934845] RIP = 0xffffffff81174a90  RSP = 0xffff88805b007998
[  152.941627]  do_syscall_64+0x4bc/0x640
[  152.941635]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  152.941650]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  152.941658] RIP: 0033:0x4135d1
[  152.941662] RSP: 002b:00007fff66575230 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  152.960583] CS=0010 SS=0018 DS=0000 ES=0000 FS=0000 GS=0000 TR=0040
[  152.962915] RAX: 0000000000000000 RBX: 0000000000000006 RCX: 00000000004135d1
[  152.962920] RDX: 0000000000000000 RSI: 000000000000033f RDI: 0000000000000005
[  152.962925] RBP: 0000000000000001 R08: 000000008beec33f R09: 000000008beec343
[  152.962930] R10: 00007fff66575310 R11: 0000000000000293 R12: 000000000075c9a0
[  152.962935] R13: 000000000075c9a0 R14: 0000000000760d90 R15: ffffffffffffffff
[  152.962949] 
[  152.973519] FSBase=00007f2c2bdd2700 GSBase=ffff8880aee00000 TRBase=fffffe0000003000
[  152.979330] Allocated by task 7148:
[  152.979344]  save_stack_trace+0x16/0x20
[  152.979354]  save_stack+0x45/0xd0
[  153.008466] GDTBase=fffffe0000001000 IDTBase=fffffe0000000000
[  153.010066]  kasan_kmalloc+0xce/0xf0
[  153.010072]  kasan_slab_alloc+0xf/0x20
[  153.010080]  kmem_cache_alloc_node+0x144/0x780
[  153.010088]  __alloc_skb+0x9c/0x500
[  153.010098]  sk_stream_alloc_skb+0xb3/0x780
[  153.019041] kobject: 'kvm' (ffff8880a6e3e310): kobject_uevent_env
[  153.022093]  tcp_sendmsg_locked+0xf61/0x3200
[  153.022099]  tcp_sendmsg+0x30/0x50
[  153.022107]  inet_sendmsg+0x122/0x500
[  153.022114]  sock_sendmsg+0xce/0x110
[  153.022119]  SYSC_sendto+0x206/0x310
[  153.022125]  SyS_sendto+0x40/0x50
[  153.022133]  do_syscall_64+0x1e8/0x640
[  153.022143]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  153.027659] CR0=0000000080050033 CR3=00000000975ca000 CR4=00000000001426f0
[  153.030135] 
[  153.030140] Freed by task 7148:
[  153.030150]  save_stack_trace+0x16/0x20
[  153.030157]  save_stack+0x45/0xd0
[  153.030165]  kasan_slab_free+0x75/0xc0
[  153.034210] Sysenter RSP=fffffe0000002200 CS:RIP=0010:ffffffff862018e0
[  153.042150]  kmem_cache_free+0x83/0x2b0
[  153.042157]  kfree_skbmem+0x8d/0x120
[  153.042162]  __kfree_skb+0x1e/0x30
[  153.042169]  tcp_remove_empty_skb.part.0+0x231/0x2e0
[  153.042175]  tcp_sendmsg_locked+0x1ced/0x3200
[  153.042182]  tcp_sendmsg+0x30/0x50
[  153.047355] kobject: 'kvm' (ffff8880a6e3e310): fill_kobj_path: path = '/devices/virtual/misc/kvm'
[  153.051121]  inet_sendmsg+0x122/0x500
[  153.051128]  sock_sendmsg+0xce/0x110
[  153.051134]  SYSC_sendto+0x206/0x310
[  153.051140]  SyS_sendto+0x40/0x50
[  153.051147]  do_syscall_64+0x1e8/0x640
[  153.051157]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  153.070792] EFER = 0x0000000000000d01  PAT = 0x0407050600070106
[  153.072695] 
[  153.072703] The buggy address belongs to the object at ffff8880a60fc540
[  153.072703]  which belongs to the cache skbuff_fclone_cache of size 472
[  153.072709] The buggy address is located 44 bytes inside of
[  153.072709]  472-byte region [ffff8880a60fc540, ffff8880a60fc718)
[  153.072715] The buggy address belongs to the page:
[  153.079386] *** Control State ***
[  153.081333] page:ffffea0002983f00 count:1 mapcount:0 mapping:ffff8880a60fc040 index:0x0
[  153.081342] flags: 0x1fffc0000000100(slab)
[  153.081352] raw: 01fffc0000000100 ffff8880a60fc040 0000000000000000 0000000100000006
[  153.081360] raw: ffffea00025f44e0 ffffea0002a588e0 ffff8880a9e82d80 0000000000000000
[  153.081363] page dumped because: kasan: bad access detected
[  153.081366] 
[  153.081368] Memory state around the buggy address:
[  153.081378]  ffff8880a60fc400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  153.088104] PinBased=0000003f CPUBased=b699edfa SecondaryExec=000000e2
[  153.091897]  ffff8880a60fc480: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc
[  153.091903] >ffff8880a60fc500: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[  153.091907]                                                           ^
[  153.091913]  ffff8880a60fc580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  153.091918]  ffff8880a60fc600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  153.091921] ==================================================================
[  153.091924] Disabling lock debugging due to kernel taint
[  153.091963] Kernel panic - not syncing: panic_on_warn set ...
[  153.091963] 
[  153.098352] EntryControls=0000d1ff ExitControls=002fefff
[  153.100722] CPU: 1 PID: 7145 Comm: syz-executor.2 Tainted: G    B           4.14.143 #0
[  153.100727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  153.100729] Call Trace:
[  153.100732]  <IRQ>
[  153.100744]  dump_stack+0x138/0x197
[  153.100754]  ? tcp_ack+0x414f/0x4760
[  153.100761]  panic+0x1f2/0x426
[  153.100766]  ? add_taint.cold+0x16/0x16
[  153.100777]  kasan_end_report+0x47/0x4f
[  153.100782]  kasan_report.cold+0x130/0x2af
[  153.100790]  __asan_report_load4_noabort+0x14/0x20
[  153.100795]  tcp_ack+0x414f/0x4760
[  153.100809]  ? tcp_fastretrans_alert+0x2620/0x2620
[  153.100817]  ? save_trace+0x290/0x290
[  153.100830]  tcp_rcv_established+0x3e9/0x1650
[  153.100838]  ? rt6_check_expired+0xa5/0x160
[  153.100844]  ? tcp_data_queue+0x3730/0x3730
[  153.100850]  ? ip6_dst_check+0x16a/0x2c0
[  153.100858]  tcp_v6_do_rcv+0x417/0x1190
[  153.100867]  tcp_v6_rcv+0x2446/0x2ed0
[  153.100872]  ? save_trace+0x290/0x290
[  153.100884]  ip6_input_finish+0x300/0x15a0
[  153.100896]  ip6_input+0xd5/0x340
[  153.100903]  ? ip6_input_finish+0x15a0/0x15a0
[  153.100908]  ? ipv6_rcv+0x16aa/0x1d20
[  153.100914]  ? ip6_rcv_finish+0x7a0/0x7a0
[  153.100921]  ip6_rcv_finish+0x23f/0x7a0
[  153.100927]  ipv6_rcv+0xe4d/0x1d20
[  153.100934]  ? lock_downgrade+0x6e0/0x6e0
[  153.100941]  ? percpu_ida_for_each_free+0x2b8/0x524
[  153.100949]  ? ip6_input+0x340/0x340
[  153.100957]  ? ip6_make_skb+0x410/0x410
[  153.100963]  ? ip6_input+0x340/0x340
[  153.100973]  __netif_receive_skb_core+0x1eae/0x2ca0
[  153.100979]  ? trace_hardirqs_on+0x10/0x10
[  153.100988]  ? enqueue_to_backlog+0xcc0/0xcc0
[  153.100996]  ? process_backlog+0x43e/0x730
[  153.101005]  ? lock_acquire+0x16f/0x430
[  153.101013]  __netif_receive_skb+0x2c/0x1b0
[  153.101019]  ? __netif_receive_skb+0x2c/0x1b0
[  153.101026]  process_backlog+0x21f/0x730
[  153.101031]  ? mark_held_locks+0xb1/0x100
[  153.101041]  net_rx_action+0x490/0xf80
[  153.101051]  ? napi_complete_done+0x4f0/0x4f0
[  153.101060]  ? rcu_lockdep_current_cpu_online+0xf2/0x140
[  153.101069]  __do_softirq+0x244/0x9a0
[  153.101078]  ? ip6_finish_output2+0x9c0/0x21b0
[  153.101086]  do_softirq_own_stack+0x2a/0x40
[  153.101089]  </IRQ>
[  153.101096]  do_softirq.part.0+0x10e/0x160
[  153.101103]  __local_bh_enable_ip+0x154/0x1a0
[  153.101110]  ip6_finish_output2+0x9f3/0x21b0
[  153.101120]  ? ip6_forward_finish+0x480/0x480
[  153.101127]  ? __lock_is_held+0xb6/0x140
[  153.101133]  ? check_preemption_disabled+0x3c/0x250
[  153.101143]  ip6_finish_output+0x4f4/0xb50
[  153.101148]  ? ip6_finish_output+0x4f4/0xb50
[  153.101155]  ip6_output+0x20f/0x6d0
[  153.101163]  ? ip6_finish_output+0xb50/0xb50
[  153.101169]  ? __lock_is_held+0xb6/0x140
[  153.101175]  ? check_preemption_disabled+0x3c/0x250
[  153.101182]  ? ip6_fragment+0x32c0/0x32c0
[  153.101189]  ? rcu_lockdep_current_cpu_online+0xf2/0x140
[  153.101196]  ip6_xmit+0xd53/0x1eb0
[  153.101207]  ? ip6_finish_output2+0x21b0/0x21b0
[  153.101212]  ? ip6_dst_check+0x116/0x2c0
[  153.101217]  ? save_trace+0x290/0x290
[  153.101224]  ? ip6_append_data+0x2f0/0x2f0
[  153.101232]  ? __lock_is_held+0xb6/0x140
[  153.101238]  ? check_preemption_disabled+0x3c/0x250
[  153.101249]  inet6_csk_xmit+0x286/0x4d0
[  153.101256]  ? inet6_csk_update_pmtu+0x140/0x140
[  153.101262]  ? tcp_md5_do_lookup+0x1d3/0x530
[  153.101275]  __tcp_transmit_skb+0x172c/0x2fe0
[  153.101287]  ? __tcp_select_window+0x6e0/0x6e0
[  153.101296]  ? kvm_clock_read+0x23/0x40
[  153.101305]  ? sched_clock_cpu+0x1b/0x1c0
[  153.101311]  ? tcp_small_queue_check+0x184/0x1e0
[  153.101319]  tcp_write_xmit+0x523/0x4960
[  153.101326]  ? tcp_v6_md5_lookup+0x23/0x30
[  153.101333]  ? tcp_established_options+0x2c5/0x420
[  153.101341]  ? tcp_current_mss+0x1b1/0x2f0
[  153.101352]  __tcp_push_pending_frames+0xa6/0x260
[  153.101360]  tcp_send_fin+0x17e/0xc40
[  153.101368]  tcp_close+0xcc8/0xfb0
[  153.101375]  ? lock_acquire+0x16f/0x430
[  153.101381]  ? ip_mc_drop_socket+0x1d6/0x230
[  153.101388]  inet_release+0xec/0x1c0
[  153.101394]  inet6_release+0x53/0x80
[  153.101402]  __sock_release+0xce/0x2b0
[  153.101408]  ? __sock_release+0x2b0/0x2b0
[  153.101414]  sock_close+0x1b/0x30
[  153.101422]  __fput+0x275/0x7a0
[  153.101432]  ____fput+0x16/0x20
[  153.101440]  task_work_run+0x114/0x190
[  153.101452]  exit_to_usermode_loop+0x1da/0x220
[  153.101467]  do_syscall_64+0x4bc/0x640
[  153.101473]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  153.101481]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  153.101486] RIP: 0033:0x4135d1
[  153.101490] RSP: 002b:00007fff66575230 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  153.101498] RAX: 0000000000000000 RBX: 0000000000000006 RCX: 00000000004135d1
[  153.101502] RDX: 0000000000000000 RSI: 000000000000033f RDI: 0000000000000005
[  153.101506] RBP: 0000000000000001 R08: 000000008beec33f R09: 000000008beec343
[  153.101510] R10: 00007fff66575310 R11: 0000000000000293 R12: 000000000075c9a0
[  153.101515] R13: 000000000075c9a0 R14: 0000000000760d90 R15: ffffffffffffffff
[  153.102914] Kernel Offset: disabled
[  154.056693] Rebooting in 86400 seconds..