[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. Starting mcstransd: [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 39.218368] audit: type=1800 audit(1569502188.791:33): pid=7458 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 43.536532] kauditd_printk_skb: 1 callbacks suppressed [ 43.536547] audit: type=1400 audit(1569502193.101:35): avc: denied { map } for pid=7633 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.0.97' (ECDSA) to the list of known hosts. 2019/09/26 12:49:59 fuzzer started [ 50.113530] audit: type=1400 audit(1569502199.681:36): avc: denied { map } for pid=7642 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2019/09/26 12:50:00 dialing manager at 10.128.0.105:40603 2019/09/26 12:50:01 syscalls: 2488 2019/09/26 12:50:01 code coverage: enabled 2019/09/26 12:50:01 comparison tracing: enabled 2019/09/26 12:50:01 extra coverage: extra coverage is not supported by the kernel 2019/09/26 12:50:01 setuid sandbox: enabled 2019/09/26 12:50:01 namespace sandbox: enabled 2019/09/26 12:50:01 Android sandbox: /sys/fs/selinux/policy does not exist 2019/09/26 12:50:01 fault injection: enabled 2019/09/26 12:50:01 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/09/26 12:50:01 net packet injection: enabled 2019/09/26 12:50:01 net device setup: enabled 12:52:38 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) mount$fuse(0x0, &(0x7f00000000c0)='./file0/file1\x00', 0x0, 0x0, 0x0) mknod$loop(&(0x7f00000001c0)='./file0/file1\x00', 0x0, 0xffffffffffffffff) [ 208.970882] audit: type=1400 audit(1569502358.541:37): avc: denied { map } for pid=7659 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=2601 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 209.067304] IPVS: ftp: loaded support on port[0] = 21 12:52:38 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000003000), 0xffffff92) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, 0x2, {0x7, 0x1d, 0x0, 0x1101800}}, 0x50) [ 209.177628] chnl_net:caif_netlink_parms(): no params data found [ 209.239946] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.248490] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.256947] device bridge_slave_0 entered promiscuous mode [ 209.265301] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.272860] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.280503] device bridge_slave_1 entered promiscuous mode [ 209.303590] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 209.314536] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 209.338995] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 209.348102] team0: Port device team_slave_0 added [ 209.353840] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 209.361743] team0: Port device team_slave_1 added [ 209.368612] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 209.376918] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 209.390262] IPVS: ftp: loaded support on port[0] = 21 12:52:39 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000002c0)=[@textreal={0x8, &(0x7f0000000200)="66b8000000000f23c80f21f86635080060000f23f80f0173f0baa100ec36d8f00f09b8ff0f8ed0ba4200b0afee3ef26f2e642e640f01c866640f8b00900000", 0x3f}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_TSS_ADDR(r1, 0xae47, 0xd000) ioctl$KVM_RUN(r2, 0xae80, 0x0) open(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_CMD_SET_NETID(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8600000}, 0xc, 0x0}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 209.470119] device hsr_slave_0 entered promiscuous mode [ 209.527093] device hsr_slave_1 entered promiscuous mode [ 209.588370] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 209.609463] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 209.624363] IPVS: ftp: loaded support on port[0] = 21 12:52:39 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c0000001500010000000000000000000a780000", @ANYRES32=r2, @ANYBLOB="1400010001020000000000000000000000000001"], 0x2c}}, 0x0) [ 209.679852] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.686581] bridge0: port 2(bridge_slave_1) entered forwarding state [ 209.693934] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.700482] bridge0: port 1(bridge_slave_0) entered forwarding state [ 209.871659] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready [ 209.880706] 8021q: adding VLAN 0 to HW filter on device bond0 [ 209.910311] chnl_net:caif_netlink_parms(): no params data found [ 209.924323] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 209.942359] chnl_net:caif_netlink_parms(): no params data found [ 209.952219] IPVS: ftp: loaded support on port[0] = 21 12:52:39 executing program 4: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="d3e1bb03000000148c0f34"], 0xe}}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x10000000001c) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000080)={0x0, 0x0, 0x0, {}, {}, @cond=[{}, {0x0, 0x0, 0x0, 0x40}]}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/commit_pending_bools\x00', 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) [ 210.048563] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 210.054815] 8021q: adding VLAN 0 to HW filter on device team0 [ 210.073914] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 210.099933] bridge0: port 1(bridge_slave_0) entered disabled state [ 210.118348] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.126257] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 210.172775] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 210.198497] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.204911] bridge0: port 1(bridge_slave_0) entered forwarding state [ 210.212322] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 210.220614] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.227034] bridge0: port 2(bridge_slave_1) entered forwarding state [ 210.234339] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.243713] bridge0: port 1(bridge_slave_0) entered disabled state [ 210.251418] device bridge_slave_0 entered promiscuous mode [ 210.275031] IPVS: ftp: loaded support on port[0] = 21 [ 210.286070] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 210.295261] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 12:52:39 executing program 5: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) pipe(0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000200)='/dev/swradio#\x00', 0x0, 0x2) getsockopt$XDP_MMAP_OFFSETS(r1, 0x11b, 0x1, &(0x7f0000000040), &(0x7f0000000140)=0x80) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, &(0x7f000095dffc)) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0xd, 0x0, &(0x7f0000000180)) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000200), 0x8) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) [ 210.319652] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.326230] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.340436] device bridge_slave_1 entered promiscuous mode [ 210.362559] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.369643] bridge0: port 1(bridge_slave_0) entered disabled state [ 210.378041] device bridge_slave_0 entered promiscuous mode [ 210.389113] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 210.401402] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.407904] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.416227] device bridge_slave_1 entered promiscuous mode [ 210.445427] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 210.476174] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 210.486057] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 210.498597] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 210.508154] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 210.516122] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 210.533022] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 210.544685] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 210.555159] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 210.563148] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 210.570983] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 210.579068] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 210.586746] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 210.594515] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 210.607564] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 210.619023] IPVS: ftp: loaded support on port[0] = 21 [ 210.658395] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 210.665763] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 210.673640] team0: Port device team_slave_0 added [ 210.682095] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 210.689835] team0: Port device team_slave_1 added [ 210.698000] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 210.715544] chnl_net:caif_netlink_parms(): no params data found [ 210.724627] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 210.732742] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 210.742592] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 210.749332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 210.762565] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 210.770649] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 210.778106] team0: Port device team_slave_0 added [ 210.819674] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 210.828122] team0: Port device team_slave_1 added [ 210.862836] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 210.872832] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 210.881004] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.887886] bridge0: port 1(bridge_slave_0) entered disabled state [ 210.895060] device bridge_slave_0 entered promiscuous mode [ 210.904248] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.910895] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.919273] device bridge_slave_1 entered promiscuous mode [ 210.959913] device hsr_slave_0 entered promiscuous mode [ 210.997126] device hsr_slave_1 entered promiscuous mode [ 211.057536] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 211.066362] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 211.073626] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 211.179278] device hsr_slave_0 entered promiscuous mode [ 211.217090] device hsr_slave_1 entered promiscuous mode [ 211.257533] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 211.281488] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 211.308302] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 211.317561] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 211.328389] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 211.337256] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 211.343747] chnl_net:caif_netlink_parms(): no params data found [ 211.360653] audit: type=1400 audit(1569502360.931:38): avc: denied { associate } for pid=7660 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 211.366073] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 211.453189] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 211.472271] team0: Port device team_slave_0 added [ 211.481311] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 211.490092] team0: Port device team_slave_1 added 12:52:41 executing program 0: pipe(0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) mkdir(&(0x7f0000002000)='./file0\x00', 0x0) unshare(0x20020000) mount$bpf(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='bpf\x00', 0x0, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000240)='devpts\x00vh\xd2p!s\n@ha.\xc1\x88\x05\x89\x1d\b\xb3Xd\x92Y\x1b\x8c\xc0\xd0\xf4\x952\x8c!JC\xd1]Ul\xa2\x80\x19\x88 \xd4b\x0f\x87\x89P\xb4M\xf7]w\xa9\xb6\xc3}\x16\f\x87ueg$\xd9,\x8c\x9b\xbb*\xfe\x95\xb8\xa1\x9aVA\xb73w\xdf/\xa9\xc5\x8e\xe1\xef\xc5\x8d\x168\xba\"\x83\x8b\xe2\xf7*\xfa\xd20a\x94\xc7yiF\a\v\x14\xd2\xc1z\x94\x9d\x9d\a*\xab\xea\xd9Ee\xac\xa28p\xa2\xa1\x9a;\xb4o\xa0\xf1\xd7&[2\xf2\x82\xbc\xc2tu\xfb\xf5\xb1Y\xd6\xa9\x1b\xbec\xdeA\x8d\x94W)\x93,\xac\x02\x86\xd1\r\x00\xefZ\xf3Y\x84\xdbF\xf2u\xa1\x8b_\x9fe\xfe[q\xb1\\\xcen\bC \x81', 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) rmdir(&(0x7f0000000080)='./file0\x00') [ 211.523595] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 211.561214] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.569428] bridge0: port 1(bridge_slave_0) entered disabled state [ 211.578826] device bridge_slave_0 entered promiscuous mode [ 211.604049] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 211.617943] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.628165] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.635619] device bridge_slave_1 entered promiscuous mode [ 211.670209] chnl_net:caif_netlink_parms(): no params data found [ 211.694038] 8021q: adding VLAN 0 to HW filter on device bond0 [ 211.742033] 8021q: adding VLAN 0 to HW filter on device bond0 12:52:41 executing program 0: bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getgid() readlink(0x0, 0x0, 0xa) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$TIOCGSERIAL(0xffffffffffffffff, 0x541e, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, 0x0) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000040)={0x10, 0x17, 0x0, {0x7, './file0'}}, 0x10) r0 = socket$unix(0x1, 0x800000000005, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) listen(r0, 0x0) accept4(r0, 0x0, 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) bind$unix(0xffffffffffffffff, &(0x7f0000003000)=@abs, 0xfffffffffffffe29) r1 = socket$unix(0x1, 0x5, 0x0) connect(r1, &(0x7f0000931ff4)=@un=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) socket$unix(0x1, 0x1000000005, 0x0) [ 211.800017] device hsr_slave_0 entered promiscuous mode [ 211.837205] device hsr_slave_1 entered promiscuous mode [ 211.889898] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 211.897721] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 211.907176] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 211.921326] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 211.930438] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.937466] bridge0: port 1(bridge_slave_0) entered disabled state [ 211.944670] device bridge_slave_0 entered promiscuous mode [ 211.958048] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 211.965695] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.979105] bridge0: port 2(bridge_slave_1) entered disabled state [ 211.990118] device bridge_slave_1 entered promiscuous mode [ 212.000567] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 212.013050] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 212.020052] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 212.038358] hrtimer: interrupt took 34999 ns [ 212.048322] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 212.060287] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 212.067746] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 212.074880] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 212.084708] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready 12:52:41 executing program 0: bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0x0, 0x0}, 0x20) socketpair$unix(0x1, 0x0, 0x0, 0x0) mount$bpf(0x20000000, 0x0, 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) readlink(0x0, 0x0, 0xa) r0 = socket$unix(0x1, 0x800000000005, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) listen(r0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) bind$unix(0xffffffffffffffff, &(0x7f0000003000)=@abs={0x1, 0x0, 0x4e22}, 0xfffffffffffffe29) socket$unix(0x1, 0x1000000005, 0x0) [ 212.091082] 8021q: adding VLAN 0 to HW filter on device team0 [ 212.118871] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 212.124997] 8021q: adding VLAN 0 to HW filter on device team0 [ 212.144431] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 212.162008] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 212.171602] team0: Port device team_slave_0 added [ 212.185894] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready 12:52:41 executing program 0: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) pipe(0x0) socket$alg(0x26, 0x5, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000200)='/dev/swradio#\x00', 0x0, 0x2) getsockopt$XDP_MMAP_OFFSETS(r0, 0x11b, 0x1, &(0x7f0000000040), &(0x7f0000000140)=0x80) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) [ 212.195115] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 212.205209] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 212.214418] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 212.222717] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 212.230801] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.237595] bridge0: port 1(bridge_slave_0) entered forwarding state [ 212.247592] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 212.257279] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 212.265087] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.271671] bridge0: port 1(bridge_slave_0) entered forwarding state [ 212.286573] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 212.300661] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 212.311512] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 212.322473] team0: Port device team_slave_1 added [ 212.342536] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready 12:52:41 executing program 0: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) pipe(0x0) socket$alg(0x26, 0x5, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000200)='/dev/swradio#\x00', 0x0, 0x2) getsockopt$XDP_MMAP_OFFSETS(r0, 0x11b, 0x1, &(0x7f0000000040), &(0x7f0000000140)=0x80) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) [ 212.355395] overlayfs: conflicting lowerdir path [ 212.366113] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 212.391431] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 212.403155] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 212.412797] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 212.423317] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.430064] bridge0: port 2(bridge_slave_1) entered forwarding state [ 212.438480] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 212.446511] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 212.455512] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.462316] bridge0: port 2(bridge_slave_1) entered forwarding state [ 212.472191] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 212.499765] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 212.522773] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 212.534810] overlayfs: conflicting lowerdir path 12:52:42 executing program 0: bpf$MAP_CREATE(0x0, 0x0, 0x0) accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_bt_hidp_HIDPGETCONNINFO(0xffffffffffffffff, 0x800448d3, &(0x7f00000004c0)={{0x0, 0x9, 0x0, 0x100}, 0x10001, 0x0, 0x0, 0x0, 0x0, "65d15942ce6ad32c70646c452e7b397e9c71847aca0966ad184cd3d9576306f1b443f1f0385f0a6de4e7b51aa30fb05f261beb71eb2400e4a0ef81416f0c52bcff1b2faac7df28c6cb35036e2d7ef0410207487adf965d50a798a979e1ec34e333775fd2fae8b322d2d874898219de469ed4584052a2f0778113e8c3da9c33da"}) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$TIOCGSERIAL(0xffffffffffffffff, 0x541e, 0x0) pivot_root(0x0, &(0x7f0000000100)='./file0\x00') sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000040)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0x10) r0 = socket$unix(0x1, 0x800000000005, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) listen(r0, 0x0) accept4(r0, 0x0, 0x0, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) connect(r1, &(0x7f0000931ff4)=@un=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) [ 212.542375] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 212.556122] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 212.564759] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 212.574276] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 212.582958] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 212.598285] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 212.620499] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 212.630314] team0: Port device team_slave_0 added [ 212.636246] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 212.643799] team0: Port device team_slave_1 added [ 212.653211] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 212.663780] audit: type=1400 audit(1569502362.231:39): avc: denied { map_create } for pid=7714 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 212.687948] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 212.696145] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 212.704957] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 212.713491] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready 12:52:42 executing program 0: bpf$MAP_CREATE(0x0, 0x0, 0x0) accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_bt_hidp_HIDPGETCONNINFO(0xffffffffffffffff, 0x800448d3, &(0x7f00000004c0)={{0x0, 0x9, 0x0, 0x100}, 0x10001, 0x0, 0x0, 0x0, 0x0, "65d15942ce6ad32c70646c452e7b397e9c71847aca0966ad184cd3d9576306f1b443f1f0385f0a6de4e7b51aa30fb05f261beb71eb2400e4a0ef81416f0c52bcff1b2faac7df28c6cb35036e2d7ef0410207487adf965d50a798a979e1ec34e333775fd2fae8b322d2d874898219de469ed4584052a2f0778113e8c3da9c33da"}) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$TIOCGSERIAL(0xffffffffffffffff, 0x541e, 0x0) pivot_root(0x0, &(0x7f0000000100)='./file0\x00') sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) write$P9_RREADLINK(0xffffffffffffffff, &(0x7f0000000040)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0x10) r0 = socket$unix(0x1, 0x800000000005, 0x0) bind$unix(r0, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) listen(r0, 0x0) accept4(r0, 0x0, 0x0, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) connect(r1, &(0x7f0000931ff4)=@un=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) [ 212.769897] device hsr_slave_0 entered promiscuous mode [ 212.827327] device hsr_slave_1 entered promiscuous mode [ 212.867424] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 212.879371] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 212.900212] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 212.912067] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 212.919928] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 212.929296] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 212.937181] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 212.945984] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 212.954678] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 212.962733] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 212.976460] 8021q: adding VLAN 0 to HW filter on device bond0 [ 212.985239] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 213.009125] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 213.070146] device hsr_slave_0 entered promiscuous mode [ 213.107330] device hsr_slave_1 entered promiscuous mode [ 213.178270] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 213.184815] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 213.192532] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 213.201328] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 213.210826] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 213.221779] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 213.230441] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 213.240334] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 213.248576] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 213.255866] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 213.264804] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 213.273848] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 213.282118] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 213.290145] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 213.298428] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 213.309329] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 213.328909] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 213.338451] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 213.344531] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 213.354743] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 213.364218] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 213.372272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 213.379775] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 213.389301] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 213.395432] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 213.404840] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 213.411267] 8021q: adding VLAN 0 to HW filter on device team0 [ 213.420349] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 213.435705] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 213.447616] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 213.455672] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 213.463592] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.470110] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.478880] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 213.488888] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 213.497108] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 213.510747] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 213.520269] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 213.528440] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 213.536017] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.542431] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.553978] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 213.564727] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 213.576358] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 213.600980] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 213.647897] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 213.667921] 8021q: adding VLAN 0 to HW filter on device bond0 [ 213.676120] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 213.692242] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 213.718427] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 213.744093] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 213.757046] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 213.777833] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 12:52:43 executing program 1: clock_gettime(0x0, &(0x7f0000000340)={0x0, 0x0}) futimesat(0xffffffffffffffff, &(0x7f0000000300)='./file0\x00', &(0x7f0000000380)={{0x77359400}, {r0, r1/1000+10000}}) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_sctp(0x2, 0x5, 0x84) r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, 0x0, &(0x7f0000000080)) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r5, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f00000003c0)={0x0, 0x85, "f9dfa84a7ced1fa2848ea36f9bd178beec87dd96be1900e88cdaf9436149fa9e5aed8bd3a999bf32a4767fc88a10fa7d758ee5899b35e5e26990812aaa15c271e8da8ee2b9e0f0094ba78a44131e411a4c0f8ec7aed30da97fc675b961ab2f0db8566e4c31e287cb1f47e04672ffe521be07745403798514097ded16c07f57d7b77aefeb9e"}, &(0x7f00000004c0)=0x8d) listen(r5, 0x0) sendto$inet6(r4, 0x0, 0xfffffffffffffe32, 0x20004004, &(0x7f0000000040)={0xa, 0x20004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f0000000000)='tls\x00', 0xc498ead121f97dd6) setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f0000000100)=@gcm_128={{0x303}, "d44eb8c7308ec7c4", "442065238929350ade91900b51fc9534", "6bdda720", "7ee51430da3f51b3"}, 0x28) sendto$inet6(r4, &(0x7f0000000080)="39a110", 0xffffffffffffffc1, 0x40, 0x0, 0xfffffffffffffe5b) [ 213.800390] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 213.833867] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 213.848408] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 213.856303] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 213.867456] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 213.882020] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 213.890711] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready 12:52:43 executing program 2: r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0) ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f00000011c0)) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$ASHMEM_SET_NAME(r0, 0x40087707, &(0x7f0000000380)='\x00') [ 213.898916] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 213.907113] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 213.914890] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 213.928424] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 213.940205] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 213.949952] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 213.977990] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 213.984151] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 213.984924] audit: type=1400 audit(1569502363.551:40): avc: denied { map } for pid=7733 comm="syz-executor.2" path="/dev/ashmem" dev="devtmpfs" ino=15146 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1 [ 214.011376] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 214.037185] 8021q: adding VLAN 0 to HW filter on device bond0 [ 214.052214] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 214.059372] 8021q: adding VLAN 0 to HW filter on device team0 [ 214.079848] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 214.092904] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 214.112310] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 214.128054] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 214.136080] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 214.145215] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.151747] bridge0: port 1(bridge_slave_0) entered forwarding state [ 214.165968] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 214.176816] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 214.198414] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 214.208468] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.215208] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.225224] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 214.234726] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 214.249366] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 214.259588] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 214.277462] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 214.284931] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 214.299406] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 214.312884] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 214.322236] 8021q: adding VLAN 0 to HW filter on device team0 [ 214.335043] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 214.340108] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 214.355146] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 214.409221] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 214.429255] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 214.444070] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 214.452836] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 214.464224] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.471491] bridge0: port 1(bridge_slave_0) entered forwarding state [ 214.479385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 214.488005] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 214.496487] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready 12:52:44 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = syz_open_dev$vbi(0x0, 0x3, 0x2) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0xd5c60b10b90e5b1c, 0x0) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000180)={0x84, @empty, 0x0, 0x0, 'lc\x00', 0x4, 0xfffffffffffffffb, 0x2e}, 0x2c) openat$dlm_monitor(0xffffffffffffff9c, 0x0, 0x200, 0x0) connect$inet(r0, &(0x7f0000000100)={0x2, 0x0, @rand_addr=0x7fffffff}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x400000000000030, 0x0) ioctl$VIDIOC_G_FREQUENCY(r1, 0xc02c5638, &(0x7f0000000040)={0x7, 0x4}) dup3(r2, 0xffffffffffffffff, 0x80000) r3 = creat(&(0x7f0000000680)='./bus\x00', 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) ftruncate(r3, 0x800) lseek(r3, 0x0, 0x2) r4 = open(&(0x7f0000001840)='./bus\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x8400fffffffa) sendfile(r3, r4, 0x0, 0xffffffff) r5 = semget$private(0x0, 0x0, 0x0) semctl$SETVAL(r5, 0x4, 0x10, &(0x7f0000000200)=0x1) ioctl$RTC_AIE_OFF(0xffffffffffffffff, 0x7002) [ 214.504128] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 214.516252] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 214.536009] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 214.550691] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 214.573121] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 214.582818] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 214.598243] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 214.608155] audit: type=1804 audit(1569502364.171:41): pid=7752 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir947434796/syzkaller.XUkW99/1/bus" dev="sda1" ino=16535 res=1 [ 214.643768] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.650412] bridge0: port 2(bridge_slave_1) entered forwarding state [ 214.668005] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 214.684502] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 214.693655] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 214.710308] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 214.722321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 214.734622] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 214.748459] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 214.763288] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 214.772473] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 214.786598] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 214.798531] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 214.805130] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 214.825153] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 214.841090] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 214.854171] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 214.871648] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 214.887726] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 214.896029] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 214.910232] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 214.922583] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 214.940534] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 214.958190] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 214.973691] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 214.982862] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 215.024306] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 215.033377] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 215.048230] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 215.077780] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 215.084195] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 215.175100] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 215.224620] 8021q: adding VLAN 0 to HW filter on device batadv0 12:52:44 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x440903, 0x0) set_mempolicy(0x2, 0x0, 0x4) r2 = open(&(0x7f0000000080)='./bus\x00', 0x145042, 0x0) semget(0x3, 0x2, 0x20) getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) dup2(r3, r3) symlinkat(&(0x7f0000000000)='./file0\x00', r1, &(0x7f0000000200)='./file0\x00') ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000140)=0x66b) ftruncate(r2, 0x200004) sendfile(r0, r2, 0x0, 0x80001d00c0d0) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f00000003c0)={0x0, 0x10000}, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) syz_open_dev$dspn(0x0, 0x3, 0x14240) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000300)={0x0, @in={{0x2, 0x0, @local}}, 0x100000000000000}, &(0x7f0000000100)=0xfffffcdc) close(0xffffffffffffffff) syz_open_procfs(0x0, 0x0) [ 215.463330] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 215.498131] audit: type=1800 audit(1569502365.051:42): pid=7769 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=16547 res=0 [ 215.530692] overlayfs: filesystem on './file0' not supported as upperdir [ 215.565185] audit: type=1400 audit(1569502365.071:43): avc: denied { create } for pid=7767 comm="syz-executor.4" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 12:52:45 executing program 5: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) pipe(0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000200)='/dev/swradio#\x00', 0x0, 0x2) getsockopt$XDP_MMAP_OFFSETS(r1, 0x11b, 0x1, &(0x7f0000000040), &(0x7f0000000140)=0x80) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, &(0x7f000095dffc)) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0xd, 0x0, &(0x7f0000000180)) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000200), 0x8) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) 12:52:45 executing program 0: openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) getpid() r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(r0, &(0x7f0000000100)='cgroup.procs\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) listen(r2, 0x0) sendto$inet6(r1, 0x0, 0xfffffffffffffe32, 0x20004004, &(0x7f0000000040)={0xa, 0x20004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000000)='tls\x00', 0xc498ead121f97dd6) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000100)=@gcm_128={{0x303}, "d44eb8c7308ec7c4", "442065238929350ade91900b51fc9534", "6bdda720", "7ee51430da3f51b3"}, 0x28) sendto$inet6(r1, 0x0, 0x0, 0x40, 0x0, 0x0) 12:52:45 executing program 2: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x200000000d8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1000000000002, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r1, r0) write$P9_RXATTRCREATE(r2, 0x0, 0x0) 12:52:45 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e23, @multicast2}, 0x74) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x200000000000013, &(0x7f0000000180)=0x400100000001, 0xd48f1f8357fa1f19) connect$inet6(r2, &(0x7f0000000080), 0x1c) r3 = dup2(r2, r2) write$P9_RREADDIR(r1, &(0x7f00000004c0)=ANY=[@ANYBLOB="490000002902000800000049000000000000002e0000000039ed69a8d0aacba20007002e2f66696c6530000000000000000000390000000016002db5d33845d5000000e2c5a80e2911a90000ff03000000b8a5eaa0176e8d61bcbb9377003c09000000000000003e64f58ffe08cc7364fe0100dee71e4e26a65cb804f2d2d54197f9a1e309f00a91f0d4940811fffe6b58991f76cd58c8fa40aa84e48ed55ff6f0ef801e01ce1db977aa48da01cd557bf99665617c0a3c09"], 0x49) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000440), 0x45c) clone(0x8000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) write$UHID_GET_REPORT_REPLY(r3, &(0x7f0000000100)={0xa, 0x7, 0x1, 0x3}, 0xa) getsockopt$ARPT_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x0, 0x63, &(0x7f0000000280)={'NETMAP\x00'}, &(0x7f00000002c0)=0x1e) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000000c0)=0xffffffffffffffff, 0x4) setsockopt$inet6_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000040), 0x4) setsockopt$inet_int(r0, 0x0, 0x15, &(0x7f00000001c0)=0x5, 0x4) ioctl(r1, 0x4, &(0x7f0000000040)="11dca5055e0bcfec7be070") setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000240)=0xfff, 0x4) socketpair$unix(0x1, 0x8000000000001, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$inet6(0xffffffffffffffff, &(0x7f0000807fe4)={0xa, 0x4e22}, 0x1c) sendto$inet6(0xffffffffffffffff, 0x0, 0xfffffdff, 0x200408d4, &(0x7f000072e000)={0xa, 0x4e22, 0x5, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, 0x1c) sendto$inet6(0xffffffffffffffff, &(0x7f0000000200)="0030cf1b4431870d82e7514ab41f5d8129b8", 0xfffffef0, 0x3fffffd, 0x0, 0x14a) recvfrom$inet6(0xffffffffffffffff, &(0x7f0000000000)=""/111, 0x6f, 0x1, &(0x7f00000000c0)={0xa, 0x4e24, 0x4, @empty}, 0x717000) r5 = request_key(&(0x7f0000000300)='trusted\x00', &(0x7f0000000140)={'syz', 0x3}, &(0x7f0000000580)='ic\x8d\x9f\xcca\xc6\xed\xe3\x00H\xbc5\x94\xd0\x84\x91\xa2\x8d2\xbed\xf7\xd8[u\x95\\,\xc9\xc0Z\xf1\xda\xb7P\t\x80_\xecn\x1d\xe5U\xce\x1c\xca\xd3\xc2\x90w\xc1N\x0f\xdco\x83\x81Ty2;e\x8cN\xab\\5\xefNLY\xc8\xff\xdf\xd0b\x05\xef\xb8#\xb8\x9eB\xac\'\xbd\xe9\xd2 !p\x8bk\x8a(Dn\xd7M=\nWh$\xcd\xb4\x96&\xf7\x00\x00\x00\x00\x00\x00', 0xffffffffffffffff) ioctl$sock_inet_SIOCGIFDSTADDR(r2, 0x8917, &(0x7f00000003c0)={'eql\x00', {0x2, 0x4e21, @multicast2}}) keyctl$invalidate(0x15, r5) sendto$inet(r0, 0x0, 0x198, 0x20000804, &(0x7f0000000000)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='sit0\x00', 0x10) sendto$inet(r0, &(0x7f0000000480), 0xfffffffffffffdce, 0x0, 0x0, 0x150) shutdown(r0, 0x1) [ 215.606576] audit: type=1804 audit(1569502365.131:44): pid=7765 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir947434796/syzkaller.XUkW99/1/bus" dev="sda1" ino=16535 res=1 12:52:45 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f0000000340)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x110, 0x0) r0 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fchdir(r0) r2 = creat(&(0x7f0000000140)='./file0\x00', 0x0) fallocate(r2, 0x0, 0x40000, 0x4) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x110001) creat(&(0x7f0000000140)='./file0\x00', 0x0) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, 0x0) [ 215.636330] audit: type=1804 audit(1569502365.171:45): pid=7766 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir947434796/syzkaller.XUkW99/1/bus" dev="sda1" ino=16535 res=1 [ 215.739632] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 215.815658] audit: type=1804 audit(1569502365.381:46): pid=7782 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir947434796/syzkaller.XUkW99/2/file0/file0" dev="sda1" ino=16483 res=1 12:52:45 executing program 2: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000003000), 0xffffff92) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, 0x2, {0x7, 0x1d, 0x0, 0x200b301}}, 0x50) [ 215.899492] audit: type=1804 audit(1569502365.421:47): pid=7789 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir947434796/syzkaller.XUkW99/2/file0/file0" dev="sda1" ino=16483 res=1 12:52:45 executing program 3: r0 = syz_open_dev$dmmidi(0x0, 0x0, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x0, 0x0) setgid(0xffffffffffffffff) perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_IRQCHIP(r0, 0x8208ae63, &(0x7f0000001440)={0x0, 0x0, @pic={0xf7ce, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x6, 0x95, 0x8, 0x0, 0x3, 0x81}}) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, 0x0, 0x10) ptrace$pokeuser(0x6, 0x0, 0x20, 0x5) ptrace$getregset(0x4204, 0x0, 0x1, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x12, r1, 0x0) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x0, 0x0) preadv(r2, &(0x7f0000000040)=[{&(0x7f0000000400)=""/4096, 0x2f3ecd}], 0x1, 0x0) [ 216.025928] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. 12:52:45 executing program 0: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) utimes(&(0x7f0000000240)='./file0\x00', 0x0) read$FUSE(r0, &(0x7f0000003000), 0xffffff92) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, 0x2, {0x7, 0x8}}, 0x50) 12:52:45 executing program 2: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) perf_event_open(&(0x7f00000001c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) eventfd(0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) dup2(r1, r0) 12:52:45 executing program 5: getpid() prctl$PR_SET_PTRACER(0x59616d61, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f00000001c0)=[@timestamp, @sack_perm, @mss, @mss, @mss], 0x12fb85) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000040), 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) fcntl$setstatus(r0, 0x4, 0x80000000002c00) [ 216.172076] audit: type=1400 audit(1569502365.741:48): avc: denied { map } for pid=7804 comm="syz-executor.3" path="/dev/nullb0" dev="devtmpfs" ino=14823 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=blk_file permissive=1 12:52:45 executing program 1: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000003000), 0xffffff92) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, 0x2, {0x7, 0x1d, 0x0, 0x2000003}}, 0x50) [ 216.295022] audit: type=1800 audit(1569502365.831:49): pid=7771 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=16547 res=0 12:52:46 executing program 4: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer\x00', 0x440903, 0x0) set_mempolicy(0x2, 0x0, 0x4) r2 = open(&(0x7f0000000080)='./bus\x00', 0x145042, 0x0) semget(0x3, 0x2, 0x20) getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) dup2(r3, r3) symlinkat(&(0x7f0000000000)='./file0\x00', r1, &(0x7f0000000200)='./file0\x00') ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000140)=0x66b) ftruncate(r2, 0x200004) sendfile(r0, r2, 0x0, 0x80001d00c0d0) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f00000003c0)={0x0, 0x10000}, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) syz_open_dev$dspn(0x0, 0x3, 0x14240) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x1f, &(0x7f0000000300)={0x0, @in={{0x2, 0x0, @local}}, 0x100000000000000}, &(0x7f0000000100)=0xfffffcdc) close(0xffffffffffffffff) syz_open_procfs(0x0, 0x0) [ 216.464797] ptrace attach of "/root/syz-executor.5"[7825] was attempted by "/root/syz-executor.5"[7826] 12:52:46 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 12:52:46 executing program 5: r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x4) connect$inet6(r1, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f00000001c0)=[@timestamp, @sack_perm, @mss, @mss, @mss], 0x12fb85) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$inet6_buf(r1, 0x29, 0x2c, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) fcntl$setstatus(r1, 0x4, 0x80000000002c00) 12:52:46 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000080)="120000001200e7ef007b0a00f4afd7030a7c", 0x12, 0x0, 0x0, 0x1d4) recvmmsg(r0, &(0x7f0000006b40)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000000c0)=""/119, 0x77}], 0x1}}], 0x1, 0x0, 0x0) setsockopt$XDP_RX_RING(0xffffffffffffffff, 0x11b, 0x2, &(0x7f00000000c0), 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x2d, 0x0, 0x0) 12:52:46 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000080)="120000001200e7ef007b0a00f4afd7030a7c", 0x12, 0x0, 0x0, 0x1d4) recvmmsg(r0, &(0x7f0000006b40)=[{{0x0, 0xffffffffffffff56, &(0x7f0000000040)=[{&(0x7f00000011c0)=""/4096, 0x1000}, {&(0x7f00000000c0)=""/119, 0x79}], 0x2, 0x0, 0xfffffffffffffd18}}], 0x4000000000001d9, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x2d, &(0x7f000002eff0), 0x10) [ 217.187714] syz-executor.3 (7805) used greatest stack depth: 22448 bytes left 12:52:46 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000340)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000000c0)='cpuset.cpus\x00', 0x2, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070") r3 = openat$cgroup_int(r0, &(0x7f0000000100)='cgroup.clone_children\x00', 0x2, 0x0) sendfile(r1, r3, 0x0, 0x508) 12:52:47 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) r3 = creat(&(0x7f0000000140)='./file0\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x4) fallocate(r2, 0x0, 0x0, 0x110001) ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, &(0x7f0000000040)={0xd000015, r3}) r4 = creat(&(0x7f0000000140)='./file0\x00', 0x0) fallocate(r4, 0x0, 0x40000, 0x4) ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000040)={0xd000015, r4}) 12:52:47 executing program 4: 12:52:47 executing program 2: 12:52:47 executing program 3: 12:52:47 executing program 0: 12:52:47 executing program 3: 12:52:47 executing program 4: 12:52:47 executing program 0: 12:52:49 executing program 5: 12:52:49 executing program 2: 12:52:49 executing program 4: 12:52:49 executing program 1: 12:52:49 executing program 3: 12:52:49 executing program 0: 12:52:49 executing program 2: 12:52:49 executing program 4: 12:52:49 executing program 3: 12:52:49 executing program 1: 12:52:49 executing program 0: 12:52:49 executing program 5: 12:52:49 executing program 3: 12:52:49 executing program 4: 12:52:49 executing program 0: 12:52:49 executing program 2: 12:52:49 executing program 1: 12:52:49 executing program 5: 12:52:49 executing program 3: 12:52:49 executing program 0: 12:52:49 executing program 4: 12:52:49 executing program 5: 12:52:49 executing program 1: 12:52:49 executing program 2: 12:52:49 executing program 1: 12:52:49 executing program 0: 12:52:49 executing program 4: 12:52:49 executing program 5: 12:52:49 executing program 3: 12:52:50 executing program 2: 12:52:50 executing program 1: 12:52:50 executing program 4: 12:52:50 executing program 0: 12:52:50 executing program 3: 12:52:50 executing program 5: 12:52:50 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000140)={0xa, 0xffffffffffffffff, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x18}}}, 0x1c) sendmmsg(r0, &(0x7f0000000240), 0x5c3, 0x0) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000200)='threaded\x00', 0x175d900f) write$cgroup_type(0xffffffffffffffff, 0x0, 0x0) 12:52:50 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000600)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=@newqdisc={0x60, 0x24, 0x507, 0x0, 0x0, {0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7, 0x1, 'fq\x00'}, {0x34, 0x2, [@TCA_FQ_RATE_ENABLE={0x10, 0xb}, @TCA_FQ_FLOW_DEFAULT_RATE={0x8, 0x9}, @TCA_FQ_FLOW_PLIMIT={0x8}, @TCA_FQ_BUCKETS_LOG={0x8, 0x5, 0xc}, @TCA_FQ_PLIMIT={0x8}, @TCA_FQ_INITIAL_QUANTUM={0x8}]}}]}, 0x60}}, 0x0) 12:52:50 executing program 1: bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fsetxattr$trusted_overlay_origin(r0, 0x0, &(0x7f0000000040)='y\x00', 0x2, 0x1) r1 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(r1, 0x0, 0x43, &(0x7f0000000180)={'TPROXY\x00'}, &(0x7f00000001c0)=0x1e) 12:52:50 executing program 4: mknod$loop(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0) io_setup(0x8, &(0x7f0000000180)=0x0) fcntl$setstatus(r0, 0x4, 0x46600) io_submit(r1, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x3, 0x1, 0x0, r0, &(0x7f0000000000), 0x10000}]) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl(r2, 0x800000000008982, &(0x7f0000000080)) io_cancel(r1, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x16d728847821a2c2, 0x7fff, r2, &(0x7f00000002c0)="089749d5d8e38e5b8668669a8dcfde336e314fc65a77", 0x16, 0x100000001, 0x0, 0x3}, &(0x7f0000000380)) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) kcmp(0x0, 0x0, 0x5, 0xffffffffffffffff, 0xffffffffffffffff) r3 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$SO_TIMESTAMP(r3, 0x1, 0x40, &(0x7f0000000680)=0x65ed, 0x4) stat(&(0x7f0000001240)='./bus\x00', &(0x7f0000001280)) ioctl$int_in(0xffffffffffffffff, 0x5421, &(0x7f00000006c0)=0x9) r4 = syz_open_dev$vcsa(&(0x7f0000000340)='/dev/vcsa#\x00', 0x4bac3159, 0x40000) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$FUSE_NOTIFY_POLL(0xffffffffffffffff, &(0x7f0000000100)={0x18}, 0x18) fsetxattr$trusted_overlay_origin(r5, &(0x7f0000000000)='trusted.overlay.origin\x00', &(0x7f0000000040)='y\x00', 0x2, 0x1) nanosleep(&(0x7f0000000600), &(0x7f0000000640)) close(0xffffffffffffffff) unshare(0x6c060000) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f00000004c0)={{{@in=@remote, @in=@remote}}, {{@in6=@remote}, 0x0, @in6=@mcast1}}, &(0x7f0000000200)=0xe8) socket$caif_stream(0x25, 0x1, 0x0) r6 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r6, 0x8914, &(0x7f00000000c0)={'lo\x00@\x00\x00\x00\x00\x00\x05\x00', 0x4001}) r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_inet_SIOCSIFADDR(r7, 0x8916, &(0x7f0000000100)={'lo\x00', {0x2, 0x0, @local}}) sendmsg$nl_route_sched(r4, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x3bd69f77051db94a}, 0xc, &(0x7f00000000c0)={&(0x7f0000000280)=@gettaction={0x14, 0x32, 0x122, 0x70bd2c, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x24080000}, 0x4000) truncate(&(0x7f0000000240)='./file0\x00', 0x90002) 12:52:50 executing program 3: 12:52:50 executing program 5: [ 220.805417] netlink: 'syz-executor.0': attribute type 11 has an invalid length. 12:52:50 executing program 2: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) pipe(0x0) socket$alg(0x26, 0x5, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$swradio(0x0, 0x0, 0x2) getsockopt$XDP_MMAP_OFFSETS(r0, 0x11b, 0x1, &(0x7f0000000040), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) 12:52:50 executing program 3: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) pipe(0x0) socket$alg(0x26, 0x5, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$swradio(0x0, 0x0, 0x2) getsockopt$XDP_MMAP_OFFSETS(r0, 0x11b, 0x1, &(0x7f0000000040), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) 12:52:50 executing program 0: r0 = socket$unix(0x1, 0x800000000005, 0x0) listen(r0, 0x0) 12:52:50 executing program 5: r0 = socket$unix(0x1, 0x0, 0x0) openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/mls\x00', 0x0, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000380)='/dev/zero\x00', 0x82, 0x0) ioctl$TIOCGSID(r1, 0x5429, 0x0) sched_setaffinity(0x0, 0xfe75, &(0x7f00000002c0)=0x8000009) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r3 = openat$cgroup_ro(r2, 0x0, 0x0, 0x0) dup(0xffffffffffffffff) r4 = dup3(r3, 0xffffffffffffffff, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$BLKBSZSET(r4, 0x40081271, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = dup(r5) ioctl$int_in(r6, 0x5452, &(0x7f0000000600)=0xe2e) getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, 0x0, 0x0) setsockopt$inet6_tcp_int(r6, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @loopback, 0x81}, 0x1c) sendto$inet6(r5, 0x0, 0x88, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) r7 = open(&(0x7f0000000100)='./bus\x00', 0x141046, 0x0) ftruncate(r7, 0x2007fff) sendfile(r6, r7, &(0x7f0000d83ff8), 0x8000fffffffe) 12:52:50 executing program 1: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='configfs\x00', 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) lseek(r0, 0xfffffffffffbfffe, 0x0) 12:52:50 executing program 0: r0 = socket$unix(0x1, 0x0, 0x0) openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/mls\x00', 0x0, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000380)='/dev/zero\x00', 0x82, 0x0) ioctl$TIOCGSID(r1, 0x5429, 0x0) sched_setaffinity(0x0, 0xfe75, &(0x7f00000002c0)=0x8000009) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r3 = openat$cgroup_ro(r2, 0x0, 0x0, 0x0) dup(0xffffffffffffffff) r4 = dup3(r3, 0xffffffffffffffff, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$BLKBSZSET(r4, 0x40081271, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgrp(0x0) getpgid(0x0) r5 = inotify_init1(0x0) fcntl$setown(r5, 0x8, 0xffffffffffffffff) fcntl$getownex(r5, 0x10, &(0x7f0000000080)) r6 = socket$inet6(0xa, 0x400000000001, 0x0) r7 = dup(r6) ioctl$int_in(r7, 0x5452, &(0x7f0000000600)=0xe2e) getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, 0x0, 0x0) setsockopt$inet6_tcp_int(r7, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r6, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @loopback, 0x81}, 0x1c) sendto$inet6(r6, 0x0, 0x88, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r6, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) r8 = open(&(0x7f0000000100)='./bus\x00', 0x141046, 0x0) ftruncate(r8, 0x2007fff) sendfile(r7, r8, &(0x7f0000d83ff8), 0x8000fffffffe) [ 221.119030] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 221.140155] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. 12:52:50 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x12, 0x6f, 0x4, 0x404, 0x0, 0x1}, 0x3c) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000080)={r0, &(0x7f0000000040), 0x0}, 0x20) 12:52:50 executing program 1: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) socket$alg(0x26, 0x5, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) syz_open_dev$swradio(&(0x7f0000000200)='/dev/swradio#\x00', 0x0, 0x2) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0xd, 0x0, &(0x7f0000000180)) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000200), 0x8) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) [ 221.221530] overlayfs: filesystem on './file0' not supported as upperdir [ 221.246648] IPVS: ftp: loaded support on port[0] = 21 [ 221.248448] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 12:52:50 executing program 2: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) pipe(0x0) socket$alg(0x26, 0x5, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = syz_open_dev$swradio(0x0, 0x0, 0x2) getsockopt$XDP_MMAP_OFFSETS(r0, 0x11b, 0x1, &(0x7f0000000040), 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) [ 221.495200] kauditd_printk_skb: 1 callbacks suppressed [ 221.495215] audit: type=1400 audit(1569502371.061:51): avc: denied { map_read map_write } for pid=8000 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 [ 221.550055] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 221.633238] overlayfs: filesystem on './file0' not supported as upperdir [ 221.693438] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 221.732827] IPVS: ftp: loaded support on port[0] = 21 12:52:51 executing program 4: r0 = socket$unix(0x1, 0x0, 0x0) openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/mls\x00', 0x0, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000380)='/dev/zero\x00', 0x82, 0x0) ioctl$TIOCGSID(r1, 0x5429, 0x0) sched_setaffinity(0x0, 0xfe75, &(0x7f00000002c0)=0x8000009) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r3 = openat$cgroup_ro(r2, 0x0, 0x0, 0x0) dup(0xffffffffffffffff) r4 = dup3(r3, 0xffffffffffffffff, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$BLKBSZSET(r4, 0x40081271, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = dup(r5) ioctl$int_in(r6, 0x5452, &(0x7f0000000600)=0xe2e) getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, 0x0, 0x0) setsockopt$inet6_tcp_int(r6, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @loopback, 0x81}, 0x1c) sendto$inet6(r5, 0x0, 0x88, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) r7 = open(&(0x7f0000000100)='./bus\x00', 0x141046, 0x0) ftruncate(r7, 0x2007fff) sendfile(r6, r7, &(0x7f0000d83ff8), 0x8000fffffffe) 12:52:51 executing program 1: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) socket$alg(0x26, 0x5, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) syz_open_dev$swradio(&(0x7f0000000200)='/dev/swradio#\x00', 0x0, 0x2) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0xd, 0x0, &(0x7f0000000180)) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000200), 0x8) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) 12:52:51 executing program 3: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) pipe(0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) syz_open_dev$swradio(&(0x7f0000000200)='/dev/swradio#\x00', 0x0, 0x2) getsockopt$XDP_MMAP_OFFSETS(0xffffffffffffffff, 0x11b, 0x1, &(0x7f0000000040), &(0x7f0000000140)=0x80) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, 0x0) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) 12:52:51 executing program 0: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) pipe(0x0) socket$alg(0x26, 0x5, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000200)='/dev/swradio#\x00', 0x0, 0x2) getsockopt$XDP_MMAP_OFFSETS(r0, 0x11b, 0x1, &(0x7f0000000040), &(0x7f0000000140)=0x80) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0xd, 0x0, &(0x7f0000000180)) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000200), 0x8) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) 12:52:51 executing program 2: openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) getpid() open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) r0 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000100)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r0, &(0x7f0000000640), 0x12) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) listen(r2, 0x0) sendto$inet6(r1, 0x0, 0xfffffffffffffe32, 0x20004004, &(0x7f0000000040)={0xa, 0x20004e22, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f0000000000)='tls\x00', 0xc498ead121f97dd6) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x1, &(0x7f0000000100)=@gcm_128={{0x303}, "d44eb8c7308ec7c4", "442065238929350ade91900b51fc9534", "6bdda720", "7ee51430da3f51b3"}, 0x28) sendto$inet6(r1, &(0x7f0000000080)="39a110", 0xffffffffffffffc1, 0x40, 0x0, 0xfffffffffffffe5b) 12:52:51 executing program 5: r0 = socket$unix(0x1, 0x0, 0x0) openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/mls\x00', 0x0, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000380)='/dev/zero\x00', 0x82, 0x0) ioctl$TIOCGSID(r1, 0x5429, 0x0) sched_setaffinity(0x0, 0xfe75, &(0x7f00000002c0)=0x8000009) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r3 = openat$cgroup_ro(r2, 0x0, 0x0, 0x0) dup(0xffffffffffffffff) r4 = dup3(r3, 0xffffffffffffffff, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$BLKBSZSET(r4, 0x40081271, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r5 = socket$inet6(0xa, 0x400000000001, 0x0) r6 = dup(r5) ioctl$int_in(r6, 0x5452, &(0x7f0000000600)=0xe2e) getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, 0x0, 0x0) setsockopt$inet6_tcp_int(r6, 0x6, 0x12, &(0x7f0000000000)=0x7f, 0x4) bind$inet6(r5, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @loopback, 0x81}, 0x1c) sendto$inet6(r5, 0x0, 0x88, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$SO_BINDTODEVICE(r5, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) r7 = open(&(0x7f0000000100)='./bus\x00', 0x141046, 0x0) ftruncate(r7, 0x2007fff) sendfile(r6, r7, &(0x7f0000d83ff8), 0x8000fffffffe) [ 222.174294] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 222.226161] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 222.252393] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 222.262082] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 222.321221] overlayfs: conflicting lowerdir path [ 222.382405] overlayfs: workdir and upperdir must reside under the same mount 12:52:52 executing program 3: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) pipe(0x0) socket$alg(0x26, 0x5, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) syz_open_dev$swradio(0x0, 0x0, 0x2) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) 12:52:52 executing program 1: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) socket$alg(0x26, 0x5, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) syz_open_dev$swradio(&(0x7f0000000200)='/dev/swradio#\x00', 0x0, 0x2) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0xd, 0x0, &(0x7f0000000180)) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000200), 0x8) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) 12:52:52 executing program 0: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) pipe(0x0) socket$alg(0x26, 0x5, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000200)='/dev/swradio#\x00', 0x0, 0x2) getsockopt$XDP_MMAP_OFFSETS(r0, 0x11b, 0x1, &(0x7f0000000040), &(0x7f0000000140)=0x80) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0xd, 0x0, &(0x7f0000000180)) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000200), 0x8) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) [ 222.695829] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 222.753902] overlayfs: conflicting lowerdir path [ 222.762760] overlayfs: workdir and upperdir must reside under the same mount 12:52:52 executing program 3: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) pipe(0x0) socket$alg(0x26, 0x5, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) syz_open_dev$swradio(0x0, 0x0, 0x2) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0xd, 0x0, 0x0) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) 12:52:52 executing program 1: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) socket$alg(0x26, 0x5, 0x0) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) syz_open_dev$swradio(&(0x7f0000000200)='/dev/swradio#\x00', 0x0, 0x2) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0xd, 0x0, &(0x7f0000000180)) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000200), 0x8) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) [ 222.850136] overlayfs: conflicting lowerdir path 12:52:52 executing program 2: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) read$FUSE(r0, &(0x7f0000003000), 0xffffff92) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, 0x2, {0x7, 0x5}}, 0x50) [ 223.000271] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 223.061512] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. 12:52:52 executing program 4: r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x19, 0x4, 0x4, 0x4, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x3c) bpf$PROG_LOAD(0x5, &(0x7f0000b7a000)={0x6, 0x7, &(0x7f0000000000)=@framed={{0x18, 0x5}, [@func={0x85, 0x0, 0x1, 0x0, 0x3}, @map={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000f6bffb)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 12:52:52 executing program 0: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) pipe(0x0) socket$alg(0x26, 0x5, 0x0) r0 = syz_open_dev$swradio(&(0x7f0000000200)='/dev/swradio#\x00', 0x0, 0x2) getsockopt$XDP_MMAP_OFFSETS(r0, 0x11b, 0x1, &(0x7f0000000040), &(0x7f0000000140)=0x80) getsockopt$inet_sctp6_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0xd, 0x0, &(0x7f0000000180)) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000200), 0x8) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) 12:52:52 executing program 5: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r0, &(0x7f00000000c0)={0x14, 0x88, 0xfa00, {r1, 0x30, 0x0, @ib={0x1b, 0x0, 0x0, {"00000000000000000000000000000001"}, 0x1110002, 0xffffffffffffffff}}}, 0x90) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_BIND(r2, &(0x7f00000000c0)={0x14, 0x88, 0xfa00, {r3, 0x30, 0x0, @ib={0x1b, 0x0, 0x0, {"00000000000000000000000000000001"}, 0x1110002, 0xffffffffffffffff}}}, 0x90) 12:52:52 executing program 2: r0 = gettid() ptrace(0x11, r0) r1 = syz_open_dev$mouse(&(0x7f0000000100)='/dev/input/mouse#\x00', 0xfff, 0x81021) r2 = getpid() ioprio_get$pid(0x2, r2) r3 = open(0x0, 0x141044, 0x0) close(r3) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000280)={0xffffffffffffffff, 0xc0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=0x20000000000719c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0), 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, r4, 0x0, 0x1, &(0x7f0000000080)='\x00', r5}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={r2, r3, 0x0, 0x1, &(0x7f0000000280)='\x00', r5}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x2, &(0x7f0000000140)='[\x00', r5}, 0x30) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MFC(r6, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x0, @dev}, {0xa, 0x0, 0x0, @empty}}, 0x5c) setsockopt$inet6_MRT6_ADD_MFC(r6, 0x29, 0xcc, &(0x7f0000000080)={{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, {0xa, 0x0, 0x0, @mcast1}}, 0x5c) 12:52:52 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_ro(r1, &(0x7f0000000280)='cpu.stat\x00', 0x2761, 0x0) 12:52:52 executing program 4: r0 = socket$inet(0x2, 0x2000080001, 0x84) sendmsg(r0, &(0x7f000001afc8)={&(0x7f0000006000)=@in={0x2, 0x0, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)='*', 0x1a000}], 0x1}, 0x0) [ 223.266321] overlayfs: conflicting lowerdir path [ 223.273077] ------------[ cut here ]------------ [ 223.279625] ODEBUG: free active (active state 1) object type: rcu_head hint: (null) [ 223.283306] kobject: 'loop4' (00000000725e9370): kobject_uevent_env [ 223.288612] WARNING: CPU: 0 PID: 8078 at lib/debugobjects.c:325 debug_print_object+0x168/0x250 [ 223.294863] kobject: 'loop4' (00000000725e9370): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 223.303498] Kernel panic - not syncing: panic_on_warn set ... [ 223.303498] [ 223.303513] CPU: 0 PID: 8078 Comm: syz-executor.5 Not tainted 4.19.75 #0 [ 223.303519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 223.303523] Call Trace: [ 223.303542] dump_stack+0x172/0x1f0 [ 223.303558] panic+0x263/0x507 [ 223.303569] ? __warn_printk+0xf3/0xf3 [ 223.303585] ? debug_print_object+0x168/0x250 [ 223.303599] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 223.303614] ? __warn.cold+0x5/0x4a 12:52:52 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x1ee6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000300)='/dev/null\x00', 0x0, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000380)) r0 = syz_open_procfs(0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xb, 0x7f, 0x0, 0x5, 0x1}, 0x2c) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000000c0)={0xffffffffffffffff, &(0x7f0000000200), 0x0}, 0x18) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xb, 0x5, 0x7, 0x0, 0x1, 0xffffffffffffffff, 0x1, [], 0x0, r0, 0x1}, 0x3c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000000), 0x0}, 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000000c0)={r1, &(0x7f0000000200), 0x0}, 0x18) r2 = geteuid() ioprio_set$uid(0x3, r2, 0x0) lstat(0x0, &(0x7f0000000380)) setgid(0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000380)=0x0) syz_open_procfs(r3, 0x0) getresuid(&(0x7f0000003080), &(0x7f00000030c0), &(0x7f0000003100)) lstat(0x0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setgid(r4) socket$unix(0x1, 0x4, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000380)) [ 223.364022] ? debug_print_object+0x168/0x250 [ 223.368537] __warn.cold+0x20/0x4a [ 223.373106] ? trace_hardirqs_off+0x62/0x220 [ 223.377534] ? debug_print_object+0x168/0x250 [ 223.382038] report_bug+0x263/0x2b0 [ 223.385673] do_error_trap+0x204/0x360 [ 223.389574] ? math_error+0x340/0x340 [ 223.393383] ? wake_up_klogd+0x99/0xd0 [ 223.397288] ? vprintk_emit+0x1ab/0x690 [ 223.401290] ? error_entry+0x7c/0xe0 [ 223.405025] ? trace_hardirqs_off_caller+0x65/0x220 [ 223.410055] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 223.414909] do_invalid_op+0x1b/0x20 [ 223.418645] invalid_op+0x14/0x20 [ 223.422111] RIP: 0010:debug_print_object+0x168/0x250 [ 223.427228] Code: dd 20 56 82 87 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 b5 00 00 00 48 8b 14 dd 20 56 82 87 48 c7 c7 60 4b 82 87 e8 d6 04 19 fe <0f> 0b 83 05 cb 83 17 06 01 48 83 c4 20 5b 41 5c 41 5d 41 5e 5d c3 [ 223.446326] RSP: 0018:ffff888050f9f6f8 EFLAGS: 00010086 [ 223.451711] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 0000000000000000 [ 223.458989] RDX: 000000000002ffd8 RSI: ffffffff8155dbd6 RDI: ffffed100a1f3ed1 12:52:53 executing program 2: r0 = gettid() ptrace(0x11, r0) r1 = syz_open_dev$mouse(&(0x7f0000000100)='/dev/input/mouse#\x00', 0xfff, 0x81021) r2 = getpid() ioprio_get$pid(0x2, r2) r3 = open(0x0, 0x141044, 0x0) close(r3) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000280)={0xffffffffffffffff, 0xc0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=0x20000000000719c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), &(0x7f00000001c0), 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000000c0)={0x0, r4, 0x0, 0x1, &(0x7f0000000080)='\x00', r5}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={r2, r3, 0x0, 0x1, &(0x7f0000000280)='\x00', r5}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x2, &(0x7f0000000140)='[\x00', r5}, 0x30) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_ADD_MFC(r6, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x0, @dev}, {0xa, 0x0, 0x0, @empty}}, 0x5c) setsockopt$inet6_MRT6_ADD_MFC(r6, 0x29, 0xcc, &(0x7f0000000080)={{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, {0xa, 0x0, 0x0, @mcast1}}, 0x5c) [ 223.466267] RBP: ffff888050f9f738 R08: ffff88807f9ee140 R09: ffffed1015d03ee3 [ 223.473549] R10: ffffed1015d03ee2 R11: ffff8880ae81f717 R12: 0000000000000001 [ 223.480828] R13: ffffffff8879f200 R14: 0000000000000000 R15: ffff888050a41360 [ 223.488127] ? vprintk_func+0x86/0x189 [ 223.492031] ? debug_print_object+0x168/0x250 [ 223.496567] debug_check_no_obj_freed+0x29f/0x464 [ 223.501431] kmem_cache_free+0x18f/0x260 [ 223.503014] kobject: 'loop2' (000000007b23db23): kobject_uevent_env [ 223.505507] free_task+0xdd/0x120 [ 223.515833] __put_task_struct+0x20f/0x4c0 [ 223.520074] finish_task_switch+0x52b/0x780 [ 223.523260] kobject: 'loop2' (000000007b23db23): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 223.524408] ? switch_mm_irqs_off+0x7fa/0x1360 [ 223.524429] __schedule+0x86e/0x1dc0 [ 223.542505] ? pci_mmcfg_check_reserved+0x170/0x170 [ 223.547984] ? lock_downgrade+0x810/0x810 [ 223.552138] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 223.557686] ? get_futex_value_locked+0xd6/0x100 [ 223.562457] schedule+0x92/0x1c0 [ 223.565867] futex_wait_queue_me+0x30c/0x600 [ 223.570295] ? handle_futex_death.part.0+0x250/0x250 [ 223.575454] ? lock_pi_update_atomic+0x120/0x120 [ 223.580231] ? get_futex_key+0x9b3/0x1690 [ 223.584590] futex_wait+0x228/0x5e0 [ 223.588228] ? futex_wait_setup+0x390/0x390 [ 223.592573] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 223.597787] ? drop_futex_key_refs.isra.0+0x6f/0xf0 [ 223.602821] ? futex_wake+0x179/0x4d0 [ 223.606668] do_futex+0x175/0x1d70 [ 223.610403] ? __might_fault+0x12b/0x1e0 [ 223.614569] ? exit_robust_list+0x2c0/0x2c0 [ 223.618919] ? kasan_check_read+0x11/0x20 [ 223.623337] ? _copy_to_user+0xc9/0x120 [ 223.627319] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 223.632878] __x64_sys_futex+0x400/0x590 [ 223.636950] ? do_futex+0x1d70/0x1d70 [ 223.640752] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 223.645516] ? do_syscall_64+0x26/0x620 [ 223.649498] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 223.654985] ? do_syscall_64+0x26/0x620 [ 223.658976] ? lockdep_hardirqs_on+0x415/0x5d0 [ 223.663577] ? trace_hardirqs_on+0x67/0x220 [ 223.667920] do_syscall_64+0xfd/0x620 [ 223.671765] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 223.676968] RIP: 0033:0x459a29 [ 223.680165] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 223.699078] RSP: 002b:00007fc950cf1cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 223.706803] RAX: ffffffffffffffda RBX: 000000000075bfd0 RCX: 0000000000459a29 [ 223.714080] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075bfd0 [ 223.721385] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 223.729534] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bfd4 [ 223.736828] R13: 00007ffd923cb7af R14: 00007fc950cf29c0 R15: 000000000075bfd4 [ 223.744114] [ 223.744120] ====================================================== [ 223.744126] WARNING: possible circular locking dependency detected [ 223.744130] 4.19.75 #0 Not tainted [ 223.744135] ------------------------------------------------------ [ 223.744140] syz-executor.5/8078 is trying to acquire lock: [ 223.744144] 00000000a0deaad1 ((console_sem).lock){-.-.}, at: down_trylock+0x13/0x70 [ 223.744159] [ 223.744163] but task is already holding lock: [ 223.744166] 00000000075dd825 (&obj_hash[i].lock){-.-.}, at: debug_check_no_obj_freed+0xbe/0x464 [ 223.744182] [ 223.744187] which lock already depends on the new lock. [ 223.744188] [ 223.744191] [ 223.744196] the existing dependency chain (in reverse order) is: [ 223.744198] [ 223.744201] -> #3 (&obj_hash[i].lock){-.-.}: [ 223.744216] _raw_spin_lock_irqsave+0x95/0xcd [ 223.744220] __debug_object_init+0xc6/0xc30 [ 223.744225] debug_object_init+0x16/0x20 [ 223.744229] hrtimer_init+0x2a/0x300 [ 223.744233] init_dl_task_timer+0x1b/0x50 [ 223.744237] __sched_fork+0x22a/0x4b0 [ 223.744241] init_idle+0x75/0x800 [ 223.744245] sched_init+0x952/0x9f0 [ 223.744249] start_kernel+0x402/0x8c5 [ 223.744254] x86_64_start_reservations+0x29/0x2b [ 223.744258] x86_64_start_kernel+0x77/0x7b [ 223.744262] secondary_startup_64+0xa4/0xb0 [ 223.744270] [ 223.744273] -> #2 (&rq->lock){-.-.}: [ 223.744286] _raw_spin_lock+0x2f/0x40 [ 223.744290] task_fork_fair+0x6a/0x520 [ 223.744294] sched_fork+0x3af/0x900 [ 223.744299] copy_process.part.0+0x1859/0x7a30 [ 223.744302] _do_fork+0x257/0xfd0 [ 223.744306] kernel_thread+0x34/0x40 [ 223.744310] rest_init+0x24/0x222 [ 223.744314] start_kernel+0x88c/0x8c5 [ 223.744319] x86_64_start_reservations+0x29/0x2b [ 223.744322] x86_64_start_kernel+0x77/0x7b [ 223.744327] secondary_startup_64+0xa4/0xb0 [ 223.744329] [ 223.744331] -> #1 (&p->pi_lock){-.-.}: [ 223.744346] _raw_spin_lock_irqsave+0x95/0xcd [ 223.744350] try_to_wake_up+0x94/0xf50 [ 223.744354] wake_up_process+0x10/0x20 [ 223.744358] __up.isra.0+0x136/0x1a0 [ 223.744362] up+0x9c/0xe0 [ 223.744366] __up_console_sem+0xb7/0x1c0 [ 223.744370] console_unlock+0x6c7/0x10b0 [ 223.744374] do_con_write.part.0+0xeec/0x1eb0 [ 223.744378] con_write+0x46/0xd0 [ 223.744382] n_tty_write+0x3f9/0x10f0 [ 223.744385] tty_write+0x458/0x7a0 [ 223.744390] __vfs_write+0x114/0x810 [ 223.744394] vfs_write+0x20c/0x560 [ 223.744397] ksys_write+0x14f/0x2d0 [ 223.744401] __x64_sys_write+0x73/0xb0 [ 223.744405] do_syscall_64+0xfd/0x620 [ 223.744409] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 223.744412] [ 223.744414] -> #0 ((console_sem).lock){-.-.}: [ 223.744429] lock_acquire+0x16f/0x3f0 [ 223.744433] _raw_spin_lock_irqsave+0x95/0xcd [ 223.744437] down_trylock+0x13/0x70 [ 223.744441] __down_trylock_console_sem+0xa8/0x210 [ 223.744444] console_trylock+0x15/0xa0 [ 223.744447] vprintk_emit+0x21d/0x690 [ 223.744451] vprintk_default+0x28/0x30 [ 223.744454] vprintk_func+0x7e/0x189 [ 223.744458] printk+0xba/0xed [ 223.744462] __warn_printk+0x9b/0xf3 [ 223.744465] debug_print_object+0x168/0x250 [ 223.744470] debug_check_no_obj_freed+0x29f/0x464 [ 223.744474] kmem_cache_free+0x18f/0x260 [ 223.744477] free_task+0xdd/0x120 [ 223.744480] __put_task_struct+0x20f/0x4c0 [ 223.744484] finish_task_switch+0x52b/0x780 [ 223.744488] __schedule+0x86e/0x1dc0 [ 223.744491] schedule+0x92/0x1c0 [ 223.744495] futex_wait_queue_me+0x30c/0x600 [ 223.744513] futex_wait+0x228/0x5e0 [ 223.744516] do_futex+0x175/0x1d70 [ 223.744520] __x64_sys_futex+0x400/0x590 [ 223.744524] do_syscall_64+0xfd/0x620 [ 223.744528] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 223.744530] [ 223.744534] other info that might help us debug this: [ 223.744537] [ 223.744540] Chain exists of: [ 223.744542] (console_sem).lock --> &rq->lock --> &obj_hash[i].lock [ 223.744560] [ 223.744563] Possible unsafe locking scenario: [ 223.744565] [ 223.744569] CPU0 CPU1 [ 223.744573] ---- ---- [ 223.744575] lock(&obj_hash[i].lock); [ 223.744585] lock(&rq->lock); [ 223.744594] lock(&obj_hash[i].lock); [ 223.744602] lock((console_sem).lock); [ 223.744610] [ 223.744613] *** DEADLOCK *** [ 223.744615] [ 223.744619] 1 lock held by syz-executor.5/8078: [ 223.744621] #0: 00000000075dd825 (&obj_hash[i].lock){-.-.}, at: debug_check_no_obj_freed+0xbe/0x464 [ 223.744638] [ 223.744642] stack backtrace: [ 223.744647] CPU: 0 PID: 8078 Comm: syz-executor.5 Not tainted 4.19.75 #0 [ 223.744654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 223.744657] Call Trace: [ 223.744661] dump_stack+0x172/0x1f0 [ 223.744665] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 223.744669] __lock_acquire+0x2e19/0x49c0 [ 223.744673] ? mark_held_locks+0x100/0x100 [ 223.744677] ? kvm_clock_read+0x18/0x30 [ 223.744681] ? kvm_sched_clock_read+0x9/0x20 [ 223.744684] lock_acquire+0x16f/0x3f0 [ 223.744688] ? down_trylock+0x13/0x70 [ 223.744692] _raw_spin_lock_irqsave+0x95/0xcd [ 223.744696] ? down_trylock+0x13/0x70 [ 223.744700] ? vprintk_emit+0x21d/0x690 [ 223.744703] down_trylock+0x13/0x70 [ 223.744707] ? vprintk_emit+0x21d/0x690 [ 223.744711] __down_trylock_console_sem+0xa8/0x210 [ 223.744715] console_trylock+0x15/0xa0 [ 223.744719] vprintk_emit+0x21d/0x690 [ 223.744722] vprintk_default+0x28/0x30 [ 223.744726] vprintk_func+0x7e/0x189 [ 223.744729] printk+0xba/0xed [ 223.744734] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 223.744737] ? __warn_printk+0x8f/0xf3 [ 223.744741] __warn_printk+0x9b/0xf3 [ 223.744745] ? add_taint.cold+0x16/0x16 [ 223.744749] debug_print_object+0x168/0x250 [ 223.744753] debug_check_no_obj_freed+0x29f/0x464 [ 223.744757] kmem_cache_free+0x18f/0x260 [ 223.744760] free_task+0xdd/0x120 [ 223.744765] __put_task_struct+0x20f/0x4c0 [ 223.744768] finish_task_switch+0x52b/0x780 [ 223.744773] ? switch_mm_irqs_off+0x7fa/0x1360 [ 223.744776] __schedule+0x86e/0x1dc0 [ 223.744781] ? pci_mmcfg_check_reserved+0x170/0x170 [ 223.744785] ? lock_downgrade+0x810/0x810 [ 223.744790] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 223.744794] ? get_futex_value_locked+0xd6/0x100 [ 223.744797] schedule+0x92/0x1c0 [ 223.744802] futex_wait_queue_me+0x30c/0x600 [ 223.744806] ? handle_futex_death.part.0+0x250/0x250 [ 223.744811] ? lock_pi_update_atomic+0x120/0x120 [ 223.744815] ? get_futex_key+0x9b3/0x1690 [ 223.744819] futex_wait+0x228/0x5e0 [ 223.744822] ? futex_wait_setup+0x390/0x390 [ 223.744827] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 223.744831] ? drop_futex_key_refs.isra.0+0x6f/0xf0 [ 223.744835] ? futex_wake+0x179/0x4d0 [ 223.744839] do_futex+0x175/0x1d70 [ 223.744843] ? __might_fault+0x12b/0x1e0 [ 223.744847] ? exit_robust_list+0x2c0/0x2c0 [ 223.744852] ? kasan_check_read+0x11/0x20 [ 223.744856] ? _copy_to_user+0xc9/0x120 [ 223.744861] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 223.744865] __x64_sys_futex+0x400/0x590 [ 223.744868] ? do_futex+0x1d70/0x1d70 [ 223.744873] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 223.744877] ? do_syscall_64+0x26/0x620 [ 223.744882] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 223.744886] ? do_syscall_64+0x26/0x620 [ 223.744890] ? lockdep_hardirqs_on+0x415/0x5d0 [ 223.744895] ? trace_hardirqs_on+0x67/0x220 [ 223.744899] do_syscall_64+0xfd/0x620 [ 223.744904] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 223.744907] RIP: 0033:0x459a29 [ 223.744921] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 223.744926] RSP: 002b:00007fc950cf1cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 223.744936] RAX: ffffffffffffffda RBX: 000000000075bfd0 RCX: 0000000000459a29 [ 223.744942] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075bfd0 [ 223.744948] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 223.744954] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bfd4 [ 223.744960] R13: 00007ffd923cb7af R14: 00007fc950cf29c0 R15: 000000000075bfd4 [ 223.746539] Kernel Offset: disabled [ 224.567812] Rebooting in 86400 seconds..