[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 54.106720][ T26] audit: type=1800 audit(1571383489.684:25): pid=8444 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 54.143653][ T26] audit: type=1800 audit(1571383489.684:26): pid=8444 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 54.189445][ T26] audit: type=1800 audit(1571383489.684:27): pid=8444 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.245' (ECDSA) to the list of known hosts. 2019/10/18 07:24:58 fuzzer started 2019/10/18 07:24:59 dialing manager at 10.128.0.26:41689 2019/10/18 07:25:00 syscalls: 2362 2019/10/18 07:25:00 code coverage: enabled 2019/10/18 07:25:00 comparison tracing: enabled 2019/10/18 07:25:00 extra coverage: extra coverage is not supported by the kernel 2019/10/18 07:25:00 setuid sandbox: enabled 2019/10/18 07:25:00 namespace sandbox: enabled 2019/10/18 07:25:00 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/18 07:25:00 fault injection: enabled 2019/10/18 07:25:00 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/18 07:25:00 net packet injection: enabled 2019/10/18 07:25:00 net device setup: enabled 2019/10/18 07:25:00 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 07:26:28 executing program 0: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9e, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x1000000000000019, &(0x7f0000548000)=0x3ffe, 0x4) sendto$inet6(r0, 0x0, 0xffffffffffffffad, 0x0, &(0x7f0000000080)={0xa, 0x4e21, 0x0, @rand_addr="ffd6f1b9201348544de96b337da295b8"}, 0x1c) recvmmsg(r0, &(0x7f0000005c80)=[{{&(0x7f0000000140)=@nl=@unspec, 0x80, 0x0, 0x0, 0x0, 0xffffffffffffff10}}], 0x16a, 0x2000, 0x0) 07:26:28 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) creat(&(0x7f0000000040)='./file0/bus\x00', 0x0) r0 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$FIDEDUPERANGE(r1, 0xc0189436, &(0x7f00000017c0)={0x0, 0x0, 0x1, 0x0, 0x0, [{r0}]}) syzkaller login: [ 153.314333][ T8611] IPVS: ftp: loaded support on port[0] = 21 [ 153.368194][ T8612] IPVS: ftp: loaded support on port[0] = 21 07:26:29 executing program 2: r0 = socket(0x10, 0x803, 0x0) sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f00000001c0), 0xc, 0x0}, 0x0) sendto(r0, &(0x7f0000cfefee)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000f40)=[{&(0x7f0000000280)=""/99, 0x63}], 0x1, 0x0, 0x0, 0x0) sendmsg$SEG6_CMD_DUMPHMAC(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)={0x14}, 0x14}}, 0x0) sendmsg$SEG6_CMD_DUMPHMAC(0xffffffffffffffff, &(0x7f0000000880)={&(0x7f0000000300), 0xc, &(0x7f0000000840)={&(0x7f0000000340)={0x38, 0x0, 0x0, 0x0, 0x0, {}, [@SEG6_ATTR_DST={0x10, 0x1, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, @SEG6_ATTR_ALGID={0x8}, @SEG6_ATTR_HMACKEYID={0x8}]}, 0x38}}, 0x0) keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f00000006c0)={0x0, 0x0, 0x9b}, 0x0, 0x0, &(0x7f0000000740)=""/155) sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000800)={&(0x7f00000000c0), 0xc, 0x0}, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x374, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x14b}, {&(0x7f0000000140)=""/85, 0x20a}, {&(0x7f0000000fc0)=""/4096, 0x49d}, {&(0x7f0000000400)=""/120, 0x109}, {&(0x7f0000000480)=""/60, 0x3dd}, {&(0x7f0000000200)=""/77, 0x174}, {&(0x7f0000000540)=""/154, 0x40d}, {&(0x7f0000000000)=""/22, 0x16}], 0x161, &(0x7f0000000600)=""/191, 0x91}}], 0x40000000000020a, 0x0, &(0x7f0000003700)={0x77359400}) [ 153.502475][ T8611] chnl_net:caif_netlink_parms(): no params data found [ 153.632271][ T8612] chnl_net:caif_netlink_parms(): no params data found [ 153.659165][ T8611] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.675188][ T8611] bridge0: port 1(bridge_slave_0) entered disabled state [ 153.683362][ T8611] device bridge_slave_0 entered promiscuous mode [ 153.699565][ T8611] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.715180][ T8611] bridge0: port 2(bridge_slave_1) entered disabled state [ 153.723139][ T8611] device bridge_slave_1 entered promiscuous mode [ 153.736255][ T8616] IPVS: ftp: loaded support on port[0] = 21 [ 153.767165][ T8611] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link 07:26:29 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/dev\x00') readv(r0, &(0x7f0000000040)=[{&(0x7f0000002400)=""/4096, 0x10b6}], 0x1) [ 153.796787][ T8611] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 153.852068][ T8611] team0: Port device team_slave_0 added [ 153.876275][ T8612] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.883385][ T8612] bridge0: port 1(bridge_slave_0) entered disabled state [ 153.892165][ T8612] device bridge_slave_0 entered promiscuous mode [ 153.917739][ T8612] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.924812][ T8612] bridge0: port 2(bridge_slave_1) entered disabled state [ 153.946597][ T8612] device bridge_slave_1 entered promiscuous mode [ 153.966613][ T8611] team0: Port device team_slave_1 added [ 154.042671][ T8618] IPVS: ftp: loaded support on port[0] = 21 [ 154.058128][ T8611] device hsr_slave_0 entered promiscuous mode 07:26:29 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4020aea5, &(0x7f0000000a40)={0xfffffffffffffffa, 0x0, @ioapic}) [ 154.095462][ T8611] device hsr_slave_1 entered promiscuous mode [ 154.147147][ T8612] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 154.176378][ T8612] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 154.269526][ T8611] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.276770][ T8611] bridge0: port 2(bridge_slave_1) entered forwarding state [ 154.284613][ T8611] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.291733][ T8611] bridge0: port 1(bridge_slave_0) entered forwarding state [ 154.306083][ T8621] IPVS: ftp: loaded support on port[0] = 21 07:26:29 executing program 5: r0 = socket$inet6(0xa, 0x80002, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x400806e, &(0x7f00000000c0)={0xa, 0x4e26, 0x0, @remote}, 0x1c) sendto$inet6(r0, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e5d37149eb0f4a333726cf6d5b7647306559155f1c69d6bfd145b83576f2df4d85f271fd4119db923e2412c66dd954eb59dddc7e1fd286a83971b2ba1c63b4f99702cf91f3d1ecffb8ae189c79b403805e83650c251a564942896f205640c23b0cf51fe9bd931f54a343794710a9cd53cef20938edddb2bfa3c1f72f8e79e41e30fb8f9d314abd999ba396521b6c10bec7bc9d0745a80299342f5cf89eb9d94044258fbb18cec1cdbbc016a773d3ae41e3e30248e716fd0873d31454902cbe7dcf7d644dfadc255d99652b5ed5a5b1a75e3ad49cf80178678402e9d3a755d009889b2e6138f81dc02eedcc353aceb2f7781aea08aa91be7e1e2416ba3d555b1f2237f68c5d7dcfcb1b917c292a35d6d7e7cf2cb1dd6dba5a50ce55c4638d7d38cb7afd8da02f281ab69392bc6531eb03eb97c1d075e3342c244861d04bcad8991b8f588e48ad7fe218d2f5e604bb31c59241245b485210fe418af3d6377b59d5ab128497efeced38cc5036b1f34cb89674b5179219f34b9e8e1849695d7c23cce77eb8f038ef9f2cd69d1c9e2d6b46610adbadbdad857a77f59d38cb5120709716b87c52a48de249b231d7e39985b8b58094c0d7b4c6d1671a8ff9d2daaca94df2adcff6420077df0ddbc66d00b141ffc6e28bed09a19056e52a905a72c99a04af56b22da83135808ba2bfe87a39753447e78500d16bdad52d97df73d4852a79e7ec6910701b712cfd58c62b3ade86cf6ff0cd78719fa1ae81640381cb33f4f6b03c913e820cf9eb9b5cf7df9c878596c9ac9444cad118673fe339b4b7287b310ecff4742bfea2612d79d418293f0dfe14bc819c466473438ad71ea3b1386d17a9038b1f5a9285481500f84f4c7eabbf2eb071a101c69cce8e7495bda4c28a4e88f6a258abf58579c290eeb742b2678daab3ecc8c2bf97d89e89472901e254dd63ca7d918f8a7523161e29b28f64b285da7bb4a17d0ad734c321623e246bb0b5aaa08e8e7ac42b74ba83c70a8ca80068400be6adc3f4b01ba1050b54e6e4cf72fb567fbd27b74b2bfa7b7cabc6938851c13c6df7d5aaca79afd89b5e925379b959c7929ddfa3399695343f435772d70e5cfa3550377d23f50011ad5657e94c464cd43eb85496fd3b03bcb2d9278ceb432194d9893ffa747dfe85309f256c910e31e81dcd3cd8a13744fc2874737a2ff34bf8c89f15da7cc0853434117d744e30360b38ef1a063f9ee506f048e9980054e6c5c5688d04ece6067ac55bccc9a7773a2c4e21c039d153622130faff9fd675d64ad7284bd011b9b224713a721b4b731cf342357642a1a0bb846f5be443b7e72e9825b5f3a078c6ae09e4512dd93a5be1af13a49e6a33938509d3557aecf2356ac2329871b662a99cf3fd2486b064e7e6f90c1f8d632186a8bda338b02d45da4ea9041d42a23f40b93346dddc473a9f1a3d9f0285b7e48cbb87bc34d44b090a5e2aaf4764a10a44168f1719eff0b0d9bc1ce07750af4c21d0c67eae0799e91328c8b14869e4edd255a41735a2b1818aa9d3b271ba757af010ae6dbad89aa0d8f5b6f8ef3917adcedf247ffcf9ade407dfb5094", 0x534, 0xc001, 0x0, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000300)={@remote}, 0x14) sendto$inet6(r0, &(0x7f00000003c0)="3ce95c98b66a9cdea42aca63276ef1eca3f038047504ba09072b9792bbe041c012d015e0f9cdf7aa7a4d18766deff9a2735edc11437a10c0e9f265c48e7033f01161d5ca1babf5738b4c3df116d964712d2c577d1181a2a242ab4ada0b6cd45c1f36c27a7453575b33cdd7300a74dd585eab465795dccddd26", 0x79, 0x400c000, 0x0, 0x0) setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000140)=0x4, 0x4) setsockopt$inet6_udp_int(r0, 0x11, 0x1, &(0x7f0000000000), 0x4) [ 154.328573][ T8612] team0: Port device team_slave_0 added [ 154.362387][ T8612] team0: Port device team_slave_1 added [ 154.417610][ T8616] chnl_net:caif_netlink_parms(): no params data found [ 154.473801][ T8624] IPVS: ftp: loaded support on port[0] = 21 [ 154.488038][ T8612] device hsr_slave_0 entered promiscuous mode [ 154.525834][ T8612] device hsr_slave_1 entered promiscuous mode [ 154.565986][ T8612] debugfs: Directory 'hsr0' with parent '/' already present! [ 154.600620][ T3016] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.619409][ T3016] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.757337][ T8616] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.764430][ T8616] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.773284][ T8616] device bridge_slave_0 entered promiscuous mode [ 154.819872][ T8616] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.827061][ T8616] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.834643][ T8616] device bridge_slave_1 entered promiscuous mode [ 154.872289][ T8612] 8021q: adding VLAN 0 to HW filter on device bond0 [ 154.880566][ T8621] chnl_net:caif_netlink_parms(): no params data found [ 154.894350][ T8616] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 154.939895][ T8616] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 154.970340][ T8612] 8021q: adding VLAN 0 to HW filter on device team0 [ 154.987916][ T8618] chnl_net:caif_netlink_parms(): no params data found [ 155.006361][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 155.022660][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 155.043225][ T8611] 8021q: adding VLAN 0 to HW filter on device bond0 [ 155.057711][ T8616] team0: Port device team_slave_0 added [ 155.064100][ T8624] chnl_net:caif_netlink_parms(): no params data found [ 155.073570][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 155.082700][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 155.091308][ T22] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.098371][ T22] bridge0: port 1(bridge_slave_0) entered forwarding state [ 155.118563][ T8616] team0: Port device team_slave_1 added [ 155.131043][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 155.140787][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 155.149954][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 155.158593][ T3016] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.165710][ T3016] bridge0: port 2(bridge_slave_1) entered forwarding state [ 155.174589][ T8621] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.181790][ T8621] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.189484][ T8621] device bridge_slave_0 entered promiscuous mode [ 155.199718][ T8621] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.206893][ T8621] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.214497][ T8621] device bridge_slave_1 entered promiscuous mode [ 155.278469][ T8616] device hsr_slave_0 entered promiscuous mode [ 155.325592][ T8616] device hsr_slave_1 entered promiscuous mode [ 155.375202][ T8616] debugfs: Directory 'hsr0' with parent '/' already present! [ 155.400093][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 155.418798][ T8618] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.426116][ T8618] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.433821][ T8618] device bridge_slave_0 entered promiscuous mode [ 155.456502][ T8621] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 155.466735][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 155.475502][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 155.483951][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 155.492366][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 155.500959][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 155.509585][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 155.518009][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 155.526613][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 155.534245][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 155.542062][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 155.556352][ T8618] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.563420][ T8618] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.571916][ T8618] device bridge_slave_1 entered promiscuous mode [ 155.591296][ T8621] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 155.611244][ T2876] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 155.620197][ T2876] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 155.636157][ T8618] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 155.647155][ T8624] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.654206][ T8624] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.663524][ T8624] device bridge_slave_0 entered promiscuous mode [ 155.672027][ T8624] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.679189][ T8624] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.687255][ T8624] device bridge_slave_1 entered promiscuous mode [ 155.694885][ T8612] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 155.713366][ T8621] team0: Port device team_slave_0 added [ 155.721184][ T8611] 8021q: adding VLAN 0 to HW filter on device team0 [ 155.730355][ T8618] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 155.756167][ T8621] team0: Port device team_slave_1 added [ 155.791764][ T8624] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 155.804282][ T8624] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 155.820172][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 155.829167][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 155.837710][ T3016] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.844752][ T3016] bridge0: port 1(bridge_slave_0) entered forwarding state [ 155.852794][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 155.861315][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 155.869778][ T3016] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.876848][ T3016] bridge0: port 2(bridge_slave_1) entered forwarding state [ 155.886167][ T8618] team0: Port device team_slave_0 added [ 155.893862][ T8618] team0: Port device team_slave_1 added [ 155.920038][ T8612] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 155.943352][ T8624] team0: Port device team_slave_0 added [ 155.951502][ T8624] team0: Port device team_slave_1 added [ 156.018078][ T8618] device hsr_slave_0 entered promiscuous mode [ 156.058762][ T8618] device hsr_slave_1 entered promiscuous mode [ 156.095292][ T8618] debugfs: Directory 'hsr0' with parent '/' already present! [ 156.138027][ T8621] device hsr_slave_0 entered promiscuous mode [ 156.185979][ T8621] device hsr_slave_1 entered promiscuous mode [ 156.225351][ T8621] debugfs: Directory 'hsr0' with parent '/' already present! [ 156.237340][ T2876] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 156.246833][ T2876] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 156.327924][ T8624] device hsr_slave_0 entered promiscuous mode [ 156.365353][ T8624] device hsr_slave_1 entered promiscuous mode [ 156.435325][ T8624] debugfs: Directory 'hsr0' with parent '/' already present! [ 156.460407][ T8622] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 156.469087][ T8622] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 156.503209][ T8616] 8021q: adding VLAN 0 to HW filter on device bond0 [ 156.528499][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready 07:26:32 executing program 1: perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f00000002c0), 0x0, 0x0, 0x0) [ 156.576759][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 156.586321][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 156.635992][ T8622] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 156.644402][ T8622] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 156.660459][ T8622] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 156.670085][ T8622] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 07:26:32 executing program 1: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x11, 0x2, 0x0) setsockopt$sock_attach_bpf(r1, 0x107, 0x7, 0x0, 0x4) [ 156.685834][ T8622] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 156.695955][ T8622] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 156.704699][ T8611] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 156.738664][ T8616] 8021q: adding VLAN 0 to HW filter on device team0 [ 156.777543][ T8621] 8021q: adding VLAN 0 to HW filter on device bond0 07:26:32 executing program 1: mknod(&(0x7f0000000300)='./bus\x00', 0x1001040, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0xb00, 0x0) poll(&(0x7f00000000c0)=[{r0}], 0x1, 0x81) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, 0x0) open(&(0x7f0000000040)='./bus\x00', 0x5, 0x0) [ 156.820579][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 156.832711][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 156.856783][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.863861][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 156.873025][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 156.881924][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 156.892050][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.899169][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 156.914631][ T8621] 8021q: adding VLAN 0 to HW filter on device team0 [ 156.924804][ T8618] 8021q: adding VLAN 0 to HW filter on device bond0 [ 156.935454][ T8628] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 156.943225][ T8628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 156.951885][ T8628] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 156.961012][ T8628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 156.969363][ T8628] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 156.994245][ T8624] 8021q: adding VLAN 0 to HW filter on device bond0 [ 157.005365][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 157.013869][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 07:26:32 executing program 1: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) r0 = dup(0xffffffffffffffff) renameat2(0xffffffffffffffff, 0x0, r0, 0x0, 0x0) syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x20, 0x200) chdir(&(0x7f0000000380)='./file0\x00') r1 = open(&(0x7f00000008c0)='./file0\x00', 0x20141042, 0x0) perf_event_open(&(0x7f0000000600)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, @perf_config_ext={0x4000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$UHID_INPUT(r1, &(0x7f0000001cc0)={0x8, "5f5539ae7383df635d7eb9f00cde999ef4e1d4fbae589edcbcd64ae9781d89f20a7c347bd734db9d80a3e9ee0d0f04fe5305dacf9e656dc623d0d8abb05b81ebf7fa83533ebfe364612ee7d5571be6e3af5eccf0e26370ff66a26e95f4b7b1206b9d9a70fe612b356ec5074716b0e71eb9f60ac1c5e653c9a7de0de9a5f8c8047f77ece27201fc36e2ca04338864356e123b3b96be97afa5d6698e6f08a657f7ad07b42df05dfca83247581434b575e2d4419e52f1103e9e3ddc440a98f9caeace71f8affb3cfc62e4b428403787ff063d2923a50c0410f191c7923b77c51fea54cc7f2b8adcd2a5e1f53495c168736a160f28435b70f6e40df8523c2deaef8b70f13bc408d1d6eb05dbcae35f0c12cb00b8d589c0dda912acf9315852e1cbb85857f9421cd623fc5046448db22eec3c07358c4778c73a2495bf3452b18d8e904ed88ae250a99edb20b78fc923ccc841847a4f6d514320309afe2f0a075e50096c7a8cd4da2d88791d01a10cea10a97d32e8bb05a5e2bf52be5fffa3fb26953a0fadac598644cf0297d01d5c1ed9f2123ba789fa650b0d140a478903cc23a5b5c2a2a52f19bdd40039ac0291f648f1f991e272c52669f7843e73b3be22103fe0a88d5d405b9ecea5d602be0b5466d18d8a971b69a8e80e48621103a6bc6ee3a7b70b199005241779f22fa2cc159988eaf2d53c858ec06ab56acc232b587ffee3a5cb29f5641b2189fb1617d1a652e42511fe2e447a2636f18ceabc261126200193eb9f309f80aa204a93883bf6fb247ade866685f300295f8735e18d1d81365dbd2bddfa1779c59effed803bbe0a68302b1ab0f0d00892138ad24d52d653d92897bd28c2f031a77eae54ef3ce9a1fc44ea41763b2d780a454f68ea1a297302b4fa6664923a818040f5a74e0db3ff24e940e97d4abff40af2d36f7bceb8a0c5e90dbefbc8ba496f6e42f11ce11fb20655138f9387938abc3aa3a742f749a8695d972c537127519f654945bac96f0a2ef9d6b24f2226ae677684e3eb63041d6b5105777a8e6aa41ff11366448c0af1ddf5e3f2a1d828b4c9ede3809eab736c9035f2a7032ce38b699dfdc3e158e1ce62d325441e1b05a3ba5f663f20b0cb703cb2960aad298177881aa6b52bf4ae112c5d2bb691ac34b0723be7ddcfff0015e578475db1f062c5a50b54bbcba2f591eb4d6de66f386b0d5dd3975229ad25ae95d82266dfb9c1a6f497ef54b6ac5ee81edae16c47e89f9a435377dfac411db459559ce483921251745b8b94f69d4815b009ea86aedc5a75a516ff2afaff9a418f73c2cacbcdf45dd02ba962399f9b81e149635c2b4c0bda790a6d72fc243f6fbc73d0a0636db51c03d93b44b42c07f2269b465231f953e6a45dc549e9b5ef05443da7820cd667f5b0ff47a13f0a3df630a6f98f72e09978b829389d6a11afb0a7a0988822bb95fcb50399e51295f464662118646d2996da0fa710b082036820ae0a60828479bad4489061244b74179cfec74ab273551190c0eb2ca95be86391b8e469454796d04b29646b8aaae49889ffd84e83e33fb0cd7b10d778e72422f474911897dbd4548d9658e9af23cfff0ad4a7d750ab59e0f8988082ab7ac8d27eeab1c5809de6694aba8ee6ff1ba23d422f38dc026a77933cb0fc916d22131f7f736e35c881c5551f13a5037f65b9090372bb8e73bb9cd686715afef6b40ff275a978078c1e1c7db358285e5caee5c53cb4a7b446db91e5c0615342265edd9f09a72002aae56c7ad4269a0513569db514ee852724cdcccb72e8836fc270f7aa03e03e65f4572c2909e6fb1b557e89c3b505ba2f2b10b545513758abdbdc5b3e5ec1fe4d6bd5947b354058eccb79f10e971a85bdafa5aa27224acc734d884f9282ed033fc540defa3181d451713565d940879cd70a1d704b9a390de509351d5129bff18051b0c7ca196a78d3b8d0c8f384c79ad637b2e1770fecfc980960ef403cbc6bb284792cd169133f35aea028d9ffdc1668572dd197db86a26cb6fe1bb822bb76968ef2cd3c384704b75d0f17a50bcce054a400edd3b2f2abf72d2d8a679fdc94216d2d7d43ca1e60aeb5a313f8104f8ae54e75beb6c106cf080b9ecc9a1f91508b37d9ede25a1bede738c3a7f3501391a7b1863fe120ea26c4ff13f1de4588b150f3f2c12a9b9d92e6a8610c788c4d449a91416307a313536e1779bef88028d65a9398c5d1492b729d5f08e34e64fa07507f64297a1f9305a2d68169f653d5c107c9860ca0d822916eb357c646c229e792b1a5da56b35ab971bb82e41581e11f24f9c6b26c019dd2f2f89f2a82b74bd856ed7b46a2d9c07b2856bc39e9a28f271c5bb06db5bfa04d21e37e778b3e03071d25da8bbc91543fe8909603ba92e3455cb0edfe1dc040f12c169a97a5b8fb09f97acda29ab8491e7c9f81320b1a9de5773078557a6a0bdc5a1bfd2d953c47b3e5ccc70d76dc4ba10c297d7591e2c2150b8235de09714fedcf23aedb0ec9586e52f6af6c299256ad5a0a4ce22666be48592977dc5ff5c5eea529b81df4510016240b8fc8489bf59c899bb75481220554d0b9aebf1660cb72b01dfc3ffaac27dc1d36247e86339c6d99fc3ca8edf585fdb236ecdffda1b99819f873367ee5d8fde5d596517f895c9154deab01ca26008edbeadecfe33cae750ff044469a1b3b104b35af0c04a35a48aecf54dd8844b598432b81f67ce232ad46a247cad103274cd7c206d890008b149aaa3310f9794243cc5e04d4bd3e66a5b01ef67044412eba507a20399856cd26fb6233ebc064aa7b5ba94198bc05301dd74d6875b6d3b4731c2a11f0656767a3e6ba0a3d6951a7f9385ff99876891b8150ac5257756ef92a6c3854ccba8f13bca3cd3e66fdc93feefc44c3eba570970e0a6921f1eef24713ed5a174b8e52a0bc1bd3b420bdd0e521835289d29267fca4512caeaf64d1adeba2457864801d30d37e4eea965f8cfdb314f62307d8a12084a65da330f800862cae3876cdffe8c77d982ce9527b069628f0d796c0ec1c1b423ab6eb248e176a9b201d4de572f7901d8d88ae3dc6c3f196a4e3fb81552f16f7a7b7b3a242824b0618a855fc150fe8d484c80b3e1ea6c42f165dcfa7b0b292f9c7f27179d32260d4f472385a8818f7d76133030cf1256153b4162c8c3a3629c01e9b8cb5a30b3d0068d7f0e3727d8159739386511746fad1cfcc98c7af05b489876432957c6d59c51f12ebb62acac90311e6b00cea58b355db5a36718dfb8140d23e64e41ef9d33969cae75ea3ef8f14ad8c9b2d0c8bd7bf4366b091b5992ffbd71800495c0484cbee4b5fffaede0808cdcfa2409227e6b96dd82481d6d00bfff72c29f860b7fa4fa9c3634d9a2e4f7a8ef240c997b749e0562514d5c2c5d66da75149dea37b1cbb347fa0df5be2b9a5ddf20a6d47936b3b55cedc64453e69413a89c8a9eaeda00fccc96281b4f29db0f3e45fa098c77ffe3c0488529ecfa801cdf7fe8a23f6a3aa04acaf4e300c44e6d873f43b9fd4b13cbed2411c97378e07c7a6799d272d36ac8964233130947ed88f727915fa58a4812ceacd6cc6a52bc7fcba5e57543e93d293d5a428c73b194f33ba752b0ebeb0262423e7a8f490707a220857f44e191304cffb93cfc75b217ca306292549c8742fe3aa62a464d40c666115015201c0fef3e9555615f91c3d15b6e1556a9b04febc2ae7e3d689ca5f58b51f2717ae8c5153f2c2a4df11ea8cafcc369327c2a0a6f7946daf09be323d59e4b0e42ebcdeca373a6d70a3286382f1405b7107af899da00dbd52324657870bd18ca26f3ef47e0e81cd335c827512e88f24202836e7a1b505f0d03a23d577430d971458a11ff42e36b2d2883b664d402eb7497a90ba1f94829b6d9c6b4c4f7e9dc49882520a6fd2590cb8b41328541b9076e43f6019c3da9084e57960478c268f4215bb98455fbd2981e7e37caf7aaf9008f87cfe196da930637c55da5a34e142a433494e6f92a5985d7e6fc0ec68d2ad25144919af6dc81afc88cd05f01b401730bccc3086c9dd06d38ed522e52e7ffae7671898fb91cec0821c061aaea6c47ae877d2d7f5ca1ecf159e0ea152ce713f652c116f62e12cad293331db922a5fed311ab22096d90fc17ccc53f84d46eae680def0b9949e0d9debff263d575e590941a5ce0b33548beb6dbc01104f6054da73cc349625adece6a54e092d8d740915b91d81df30374a78693d6b69724f05354d61ac0febff4a544b88954d11d3f4927895edf6ad755313227ac87f24f12d70a831df16bd45c4a03570fdf27d698fa5581fce2d002890a3f2059a6bfdf77f0aeee3ad8318449bc1b2d486b225b148a78e921c73a2c37256dfb1ad611e410d5436e0d31d00ab5177da7915a74ef3307927c23c764f5cf62c3e2db86284c9abb39045b625d507f5c8d440557b4dad2a39593fbb572cce25a364aae44134fdd97ef0148690881bee42b6bd929f12cdf07996597a2a8366b12841f8fb8dfc0ece651756637b95c6bdb92320302805b4a700e7d3dfb0b8878862f400f8437a6c153b5fab40d30af07e73cf4345cb6fa81574018a7bc0e8789fae8b8560f4b93d413fa8e0e0218527ccb82873fc9da6cc34b6197c1d8bd9223ab7c4efb1f8cf021450037f4576934d83116655c120062fc3b912176fd395ccc792d492f2730465f8b4c68155b6ceb52e80742d2970e24004171f4685cd78467a4e943a0fecff66dffff10922d69236460dc37c1df9b19dded1ecb932dd8dd2045d2f8e8d3dfb6a83a65d6623553a2aed7a12b78effeeaa58eec84cdefc84923177afb7bd04f6fc3d3332d63ed5c5d6fe8820b9853e7615407eb23962f5232db44bc0267e7f07e47b158de0732a974b80aeb00ffeeca83d26fe21e487ea4472cd9048f942155784af8f68006cdb4286480a7ffa1ba6e93fe7fdb33283359d28bf9311dee59899e0e77aa113fadda21526c8e2bd60f21e182b735a5b0177fb95e948857c6c4ae391b2b4950a35b129e7bf25b7eb2c0857290c55f5d28b78ca1f39f0cd676610805b0a378647ae958182b26de1ddbf80e80d7ab1d2476086ed192e98bee0969bc0e8765278cb5570ccc29ac6d7298821bff4f85895deffcf4ce54a69878cfb41eade0d8703cbcff02352733ace2d800ba68b0fdcc52b94247ecacddf80ad228cf76eb547d276d0f6402054e34c3569e2b53ea3cbc54e49e099372cde3acd1ba47f836a765f855763a175a58ec4d6cecc72375da2d8c956c2868e77bfdb697182b554f0b743d7095cf13a3ba1d19e7590c281bd09ce235898a9682aacb5633b4fa4c3bdd71139c20c518b6a7651a47df7658a5a7ed41b3e7e43543d68c1dd4a5d01ec7e42cabdd6963db84f0d69b5a471ff8b929a8774baee39b14ab325af2ea7756c656c0135a59568499208341333d6b896cf0cc10108970e20313df241d179bd2a4d2392b269e6aeb9d2570bba7e3c67f49e90cf95562f93077a5fb588225724d444fcd8da55921dcff7b0be49ac0171ae98209e729f65bcebe447ccc0a185719f3fd55d1ae263daac4a420da91d05cdfc85d48e5743483dbb6fe81e5c216948953d95d5e725db17df44f05a57c6cc425e55572f9163e536a6d2d51d5213c937f6ddba08fc1f90ec73088a766a685f2c0d43b80422d48eef23b2ea588ea26b8dffb4f0df0cf91d6ea8f14a663ba2b165e4427010742fe63905d62b9dcf2385dce09fe75e4746d5c9c402ee77bfc9f39a28eb9f2751a81b090a499706accafbf5ae1afa9af350fd7481bb", 0x1000}, 0x1006) sendfile(r1, r1, &(0x7f0000000240), 0x2008000fffffffe) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) recvmmsg(r2, &(0x7f0000000200)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000280)=""/152, 0x98}, {&(0x7f0000000100)=""/35, 0x23}, {&(0x7f00000003c0)=""/92, 0x5c}], 0x3, &(0x7f0000000900)=""/4096, 0x1000}, 0x8}], 0x1, 0x100, &(0x7f0000000340)) sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) [ 157.022664][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 157.034832][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 157.044710][ T3016] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.051830][ T3016] bridge0: port 1(bridge_slave_0) entered forwarding state [ 157.060943][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 157.079388][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 157.100076][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 157.116352][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 157.124786][ T3016] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.131902][ T3016] bridge0: port 2(bridge_slave_1) entered forwarding state [ 157.139659][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 157.148293][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 157.167371][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 157.182993][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 157.204706][ T8616] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 157.223604][ T8616] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 157.249145][ T8611] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 157.265375][ T8618] 8021q: adding VLAN 0 to HW filter on device team0 [ 157.283344][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 157.292947][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 157.310820][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 157.321824][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 157.334914][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 157.350111][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 157.360970][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 157.378055][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 157.391894][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.399116][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 157.431130][ T8624] 8021q: adding VLAN 0 to HW filter on device team0 [ 157.470897][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 157.496453][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 157.504479][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 157.519705][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 157.531333][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 157.544397][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 157.559839][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 157.568731][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 157.577500][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 157.586164][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 157.594492][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 157.602786][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 157.612312][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 157.621432][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 157.630301][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.637430][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 157.646491][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 157.655593][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 157.664351][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 157.673311][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 157.684511][ T8621] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 157.720887][ T8630] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 157.729624][ T8630] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 157.744805][ T8630] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 157.754408][ T8630] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 157.764297][ T8630] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 157.773794][ T8630] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 157.782637][ T8630] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 157.791716][ T8630] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 157.804599][ T8616] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 157.832688][ T8621] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 157.849615][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 157.883259][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 157.903060][ T3016] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.910192][ T3016] bridge0: port 1(bridge_slave_0) entered forwarding state [ 157.920572][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 157.940409][ T8618] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 157.966556][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 157.977128][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready 07:26:33 executing program 0: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000100)={0x1, &(0x7f00000001c0)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r0, 0x10e, 0x2, 0x0, 0x0) [ 157.997037][ T3016] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.004133][ T3016] bridge0: port 2(bridge_slave_1) entered forwarding state [ 158.016163][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 158.026767][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 158.039940][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 158.062314][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 158.080119][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready 07:26:33 executing program 1: rt_sigaction(0xd, 0x0, &(0x7f0000000240)={0x0, {}, 0x0, 0x0}, 0x8, &(0x7f0000000280)) [ 158.101425][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 158.120666][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 158.132604][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 158.149791][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 158.160579][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 158.177861][ T3016] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 158.198211][ T8624] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 158.284204][ T8618] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 158.323441][ T8624] 8021q: adding VLAN 0 to HW filter on device batadv0 07:26:33 executing program 0: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) execveat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) mknod$loop(&(0x7f00000001c0)='./file0/file1\x00', 0x0, 0xffffffffffffffff) read$FUSE(r0, 0x0, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) umount2(&(0x7f0000000000)='./file0\x00', 0x2) read$FUSE(r0, &(0x7f00000030c0), 0xfffffed0) write$FUSE_ENTRY(r0, &(0x7f0000002000)={0x90, 0x0, 0x2}, 0x90) write$FUSE_ENTRY(0xffffffffffffffff, 0x0, 0x0) [ 158.336516][ T8667] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. 07:26:34 executing program 4: r0 = gettid() r1 = creat(&(0x7f0000000100)='./file0\x00', 0x10003) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) creat(&(0x7f0000000000)='./file0/bus\x00', 0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r1) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) tkill(r0, 0x5) creat(&(0x7f0000139000)='./file0/bus\x00', 0x40) prctl$PR_SET_DUMPABLE(0x4, 0x2) perf_event_open(0x0, r0, 0x0, 0xffffffffffffffff, 0x6) ptrace$setopts(0x4206, r0, 0x0, 0x0) [ 158.610204][ T8675] ================================================================== [ 158.618443][ T8675] BUG: KASAN: use-after-free in fuse_request_end+0x825/0x990 [ 158.625816][ T8675] Read of size 8 at addr ffff8880a2279f68 by task syz-executor.0/8675 [ 158.633965][ T8675] [ 158.636308][ T8675] CPU: 0 PID: 8675 Comm: syz-executor.0 Not tainted 5.4.0-rc3+ #0 [ 158.644109][ T8675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 158.654160][ T8675] Call Trace: [ 158.657448][ T8675] dump_stack+0x172/0x1f0 [ 158.661761][ T8675] ? fuse_request_end+0x825/0x990 [ 158.666808][ T8675] print_address_description.constprop.0.cold+0xd4/0x30b [ 158.673808][ T8675] ? fuse_request_end+0x825/0x990 [ 158.685120][ T8675] ? fuse_request_end+0x825/0x990 [ 158.690121][ T8675] __kasan_report.cold+0x1b/0x41 [ 158.695065][ T8675] ? fuse_request_end+0x825/0x990 [ 158.700255][ T8675] kasan_report+0x12/0x20 [ 158.704568][ T8675] __asan_report_load8_noabort+0x14/0x20 [ 158.710227][ T8675] fuse_request_end+0x825/0x990 [ 158.715068][ T8675] ? __kasan_check_read+0x11/0x20 [ 158.720121][ T8675] ? do_raw_spin_unlock+0x57/0x270 [ 158.725219][ T8675] fuse_dev_do_read.isra.0+0x115b/0x1df0 [ 158.730836][ T8675] ? __lock_acquire+0x8a0/0x4a00 [ 158.735813][ T8675] ? fuse_copy_args+0x380/0x380 [ 158.740670][ T8675] ? find_held_lock+0x35/0x130 [ 158.745450][ T8675] ? aa_file_perm+0x40b/0xeb0 [ 158.750142][ T8675] ? lock_downgrade+0x920/0x920 [ 158.755003][ T8675] ? memset+0x32/0x40 [ 158.759002][ T8675] fuse_dev_read+0x165/0x200 [ 158.763606][ T8675] ? fuse_dev_do_read.isra.0+0x1df0/0x1df0 [ 158.769416][ T8675] ? aa_file_perm+0x432/0xeb0 [ 158.774133][ T8675] ? aa_path_link+0x460/0x460 [ 158.778817][ T8675] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 158.785061][ T8675] ? iov_iter_init+0xee/0x220 [ 158.789750][ T8675] new_sync_read+0x4d7/0x800 [ 158.794351][ T8675] ? vfs_dedupe_file_range+0x780/0x780 [ 158.799922][ T8675] ? __fget+0x384/0x560 [ 158.804091][ T8675] ? security_file_permission+0x8f/0x380 [ 158.809731][ T8675] __vfs_read+0xe1/0x110 [ 158.813985][ T8675] vfs_read+0x1f0/0x440 [ 158.818160][ T8675] ksys_read+0x14f/0x290 [ 158.822412][ T8675] ? kernel_write+0x130/0x130 [ 158.827100][ T8675] ? do_fast_syscall_32+0xd1/0xdb3 [ 158.832215][ T8675] ? entry_SYSENTER_compat+0x70/0x7f [ 158.839676][ T8675] ? do_fast_syscall_32+0xd1/0xdb3 [ 158.844793][ T8675] __ia32_sys_read+0x71/0xb0 [ 158.849394][ T8675] do_fast_syscall_32+0x27b/0xdb3 [ 158.854430][ T8675] entry_SYSENTER_compat+0x70/0x7f [ 158.859545][ T8675] RIP: 0023:0xf7f59a29 [ 158.863619][ T8675] Code: b8 80 96 98 00 eb cc 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 158.883222][ T8675] RSP: 002b:00000000f5d340cc EFLAGS: 00000296 ORIG_RAX: 0000000000000003 [ 158.891641][ T8675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200030c0 [ 158.899613][ T8675] RDX: 00000000fffffed0 RSI: 0000000000000000 RDI: 0000000000000000 07:26:34 executing program 2: perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x4000, &(0x7f00000002c0), 0x0, 0x0, &(0x7f00000003c0)) 07:26:34 executing program 1: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000380)='SEG6\x00') sendmsg$SEG6_CMD_SET_TUNSRC(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x28, r1, 0x1, 0x0, 0x0, {}, [@SEG6_ATTR_DST={0x14, 0x1, @mcast2}]}, 0x28}}, 0x0) 07:26:34 executing program 5: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup2(r1, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0xa, &(0x7f0000000080)=0xfd1, 0x4) bind$inet(r3, &(0x7f0000001440)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x2200cf7d, &(0x7f0000e68000)={0x2, 0x4e23}, 0x10) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x7843c471) write$binfmt_elf64(r3, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xff5a) recvmsg(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f0000000400)=""/4096, 0x1fa0}], 0x1, 0x0, 0xff96ce4aaaa47475}, 0x100) 07:26:34 executing program 3: r0 = socket(0x400020000000010, 0x2, 0x0) write(r0, &(0x7f00000001c0)="1f00000056000d6dfcffff05bc0203030701ff2104173f8100000002000039", 0x1f) 07:26:34 executing program 4: r0 = socket$inet(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x1f) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f00000000c0)=0x2, 0x4) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bond0\x00', 0x10) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) [ 158.907586][ T8675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 158.915564][ T8675] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 158.923537][ T8675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 158.931516][ T8675] [ 158.933843][ T8675] Allocated by task 8675: [ 158.938182][ T8675] save_stack+0x23/0x90 [ 158.942346][ T8675] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 158.947985][ T8675] kasan_kmalloc+0x9/0x10 [ 158.952313][ T8675] kmem_cache_alloc_trace+0x158/0x790 [ 158.957693][ T8675] fuse_send_init+0x48/0x440 [ 158.962287][ T8675] fuse_fill_super+0x2a6/0x3a0 [ 158.967056][ T8675] vfs_get_super+0x13e/0x2e0 [ 158.971648][ T8675] get_tree_nodev+0x23/0x30 [ 158.976150][ T8675] fuse_get_tree+0x12e/0x190 [ 158.980745][ T8675] vfs_get_tree+0x8e/0x300 [ 158.985163][ T8675] do_mount+0x143d/0x1d10 [ 158.989493][ T8675] __ia32_compat_sys_mount+0x664/0x790 [ 158.994953][ T8675] do_fast_syscall_32+0x27b/0xdb3 [ 158.999983][ T8675] entry_SYSENTER_compat+0x70/0x7f [ 159.005108][ T8675] [ 159.007437][ T8675] Freed by task 8672: 07:26:34 executing program 3: socket$inet6(0xa, 0x800000000000002, 0x0) syz_open_procfs(0x0, &(0x7f0000000600)='\x00\xaeC\xae\xc4\x05\xa9\xbd~\xfb\x96\xf7\t\b\x00\x00@\xe54\x01\x01\x01\x00w\xa7\x04~\\\xd4Y\x04\xaf^\xc6\xf2\x98\"\xa0\xa1\x04\xaf\x81\x00ov=ie\xf3x\xfe[\x90\xe0\xaft\xafi\xd9\xb2\x96ef\x98XL\xe5\xb0\xc6\xac\xcb\x19\xf2\xba25v\xb2-\xc7g\tM\x04_R\x93\x1be\x8f\xacGxWc\xee[\xc0\xe6\xdc\xcc\x8dT[\x85\xb4\xa4@\t\xb3\x1f\b\x9c\xf9\x8d\x9d\x92YJ$\x89\xaa\xcfQ[?`\xf4\xfeg\xd6\xd9`Hpc\xdc@7N\xf4\xee\xfdQ\x1b\t\x00\x00\x00\xfcJ\x7fKC\xa1[\xe4\xc8f|\xe9\xef|\x1b\xf0d\xf0\x89\x1aM\x8b\xc3I&)\xc1\x8a\xc6\x11\x84&3\x02\x88\x97\xb7\xe3[E\x90\x95=\x8e7\x90\xa8,\x16~\x9c\xa1m\xf4F\xfb\x05\x82\x05\'1Q\xe5s\x8f\x13\xfe\xd3Zw\xf4e\xb9*\xcdgBY\xac\x83\xf8\xf9\xf0\xcc\"\xb4\xf4\xa7\'\x98\x1fg@\xbe|\xa72\xbf\vb\xc8y\x9b{\xfc?\x87\x9e\x16\'\'\xbe\xe6B\x9c\x01k\xe1\xa8\\\n\xcd.\xc14O\n\xd1\x14,\xc5\xa1\x1e\x9a\x03jUr\xca\xdb\x88C\x96\xd1\b+,\x8b\x8fTj\x80\'Q\x14\xa9\'L\x85c\x84P\xb1\xe6#\xba\x11+\xd9~\x13\xd44j\xed\x9b2\xc2\xdcT:\x9e\xa0\xe7\xb2\xf8\xf2\xd5\x96\xbe \xfci\xb9\xfa\x11\a\x15\xeb>rK\xaf\x1e\xcf\x1aI\xceM\x82v\xdd\xe4\xc4\xd1M8\xd9;\xb5\x14@K\x81\xcc\x02x\xc9]e\x96\xd57\be\xe5\x89\x9e\xefs\xe3U\xc7\xa1\xdf\x95\xe1\xf3\x0fM\x87\xb3\xd2)\v@w\x9f2\xbd\x8b!\xa2\xd4gv\xb5s\xf8\xc4\xdb\x87\x95dV\x9bc\xa3\a\x16\xba\xe9m/\x8a\x83\x9c\x84\xbes\xf6\xa4\xfb\xe09\xa6p\xcd\xd4*\xccF\xca\x1e\xacC!x\n!{\xc5oE\x00\xc2\xf6\x1f\xcf]\x891') clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) syz_open_dev$mice(&(0x7f0000000140)='/dev/input/mice\x00', 0x0, 0x0) r1 = syz_open_dev$mice(0x0, 0x0, 0x0) ioctl$ION_IOC_ALLOC(0xffffffffffffffff, 0xc0184900, &(0x7f00000000c0)={0x0, 0x0, 0x0, r1}) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="29f60f05"], 0x4}}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:26:34 executing program 1: mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='sysfs\x00', 0x0, 0x0) r0 = inotify_init() inotify_add_watch(r0, &(0x7f00000002c0)='./file0\x00', 0x20) inotify_add_watch(r0, &(0x7f00000001c0)='./file0/bus\x00', 0x21000510) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) recvfrom$unix(r1, 0x0, 0xfffffffffffffe45, 0x0, 0x0, 0x0) r2 = socket(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00') sendfile(r2, r3, 0x0, 0x1000000000e6) [ 159.011434][ T8675] save_stack+0x23/0x90 [ 159.015592][ T8675] __kasan_slab_free+0x102/0x150 [ 159.020536][ T8675] kasan_slab_free+0xe/0x10 [ 159.025040][ T8675] kfree+0x10a/0x2c0 [ 159.028939][ T8675] process_init_reply+0xfb/0x1620 [ 159.033965][ T8675] fuse_request_end+0x388/0x990 [ 159.038820][ T8675] end_requests+0x16c/0x240 [ 159.043336][ T8675] fuse_abort_conn+0xa4d/0xdb0 [ 159.048112][ T8675] fuse_sb_destroy+0xa3/0x120 [ 159.052817][ T8675] fuse_kill_sb_anon+0x16/0x30 [ 159.057586][ T8675] deactivate_locked_super+0x95/0x100 [ 159.062962][ T8675] deactivate_super+0x1b2/0x1d0 [ 159.067813][ T8675] cleanup_mnt+0x351/0x4c0 [ 159.072231][ T8675] __cleanup_mnt+0x16/0x20 [ 159.076651][ T8675] task_work_run+0x145/0x1c0 [ 159.081247][ T8675] get_signal+0x2078/0x2500 [ 159.085754][ T8675] do_signal+0x87/0x1700 [ 159.089999][ T8675] exit_to_usermode_loop+0x286/0x380 [ 159.095286][ T8675] do_fast_syscall_32+0xb87/0xdb3 [ 159.100313][ T8675] entry_SYSENTER_compat+0x70/0x7f 07:26:34 executing program 2: socket$inet6(0xa, 0x400000000001, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) msgget(0x2, 0x600) msgctl$MSG_INFO(0x0, 0xc, &(0x7f0000000480)=""/102) getdents(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x803, 0x3) ioctl$int_in(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, 0x0) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, 0xffffffffffffffff) setsockopt$inet_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x2, 0x0, "a77760f5a7645bc43c241d69912dda0c63c2a66726f8cfafd6c8fe2c98de7ba44947a79015f0fe57917cb62a93987a938fdedfce7bbba4fec2d8a09c41fb233245f2604b9e07b8ab79ec15ef2818a179"}, 0xd8) bind$inet(r2, &(0x7f0000000180)={0x2, 0x4e23, @dev}, 0x10) setxattr$security_selinux(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='security.selinux\x00', 0x0, 0x0, 0x2) connect$inet(r2, &(0x7f0000000040)={0x2, 0x4e23}, 0x10) setsockopt$inet_sctp6_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, &(0x7f0000000000)={0x0, 0x0, 0x10}, 0xb) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_open_dev$cec(&(0x7f0000000040)='/dev/cec#\x00', 0x1, 0x2) ioctl$sock_inet6_tcp_SIOCINQ(0xffffffffffffffff, 0x805c6103, 0x0) ppoll(0x0, 0x0, &(0x7f0000000440)={0x0, 0x989680}, 0x0, 0x0) r3 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000000700)={'team0\x00\x00\x00\x00\x00\x00\x00\xf7\x00', @broadcast}) r4 = socket$kcm(0xa, 0x2, 0x73) sendmmsg$inet_sctp(r4, &(0x7f0000002a40)=[{&(0x7f0000000300)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x37, 0x0, 0x0, &(0x7f0000001400)=[@sndinfo={0x20}], 0x20}], 0x1, 0x0) write$binfmt_script(r4, 0x0, 0x0) recvmsg(r1, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x100) socket$kcm(0x2, 0x3, 0x2) 07:26:34 executing program 4: [ 159.101390][ T8709] ptrace attach of "/root/syz-executor.3"[8707] was attempted by "/root/syz-executor.3"[8709] [ 159.105411][ T8675] [ 159.105429][ T8675] The buggy address belongs to the object at ffff8880a2279f00 [ 159.105429][ T8675] which belongs to the cache kmalloc-192 of size 192 [ 159.105442][ T8675] The buggy address is located 104 bytes inside of [ 159.105442][ T8675] 192-byte region [ffff8880a2279f00, ffff8880a2279fc0) [ 159.105447][ T8675] The buggy address belongs to the page: [ 159.105459][ T8675] page:ffffea0002889e40 refcount:1 mapcount:0 mapping:ffff8880aa400000 index:0x0 [ 159.105469][ T8675] flags: 0x1fffc0000000200(slab) [ 159.105487][ T8675] raw: 01fffc0000000200 ffffea00028e6e08 ffffea00025033c8 ffff8880aa400000 [ 159.173533][ T8675] raw: 0000000000000000 ffff8880a2279000 0000000100000010 0000000000000000 [ 159.182097][ T8675] page dumped because: kasan: bad access detected [ 159.188504][ T8675] [ 159.190812][ T8675] Memory state around the buggy address: [ 159.196425][ T8675] ffff8880a2279e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 159.204465][ T8675] ffff8880a2279e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 159.212508][ T8675] >ffff8880a2279f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 159.220561][ T8675] ^ [ 159.227996][ T8675] ffff8880a2279f80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 159.236074][ T8675] ffff8880a227a000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 159.244115][ T8675] ================================================================== [ 159.252153][ T8675] Disabling lock debugging due to kernel taint [ 159.280947][ T8675] Kernel panic - not syncing: panic_on_warn set ... [ 159.287661][ T8675] CPU: 1 PID: 8675 Comm: syz-executor.0 Tainted: G B 5.4.0-rc3+ #0 [ 159.296849][ T8675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 159.306900][ T8675] Call Trace: [ 159.310197][ T8675] dump_stack+0x172/0x1f0 [ 159.314536][ T8675] panic+0x2e3/0x75c [ 159.318431][ T8675] ? add_taint.cold+0x16/0x16 [ 159.323109][ T8675] ? fuse_request_end+0x825/0x990 [ 159.328135][ T8675] ? preempt_schedule+0x4b/0x60 [ 159.332986][ T8675] ? ___preempt_schedule+0x16/0x20 [ 159.338096][ T8675] ? trace_hardirqs_on+0x5e/0x240 [ 159.343122][ T8675] ? fuse_request_end+0x825/0x990 [ 159.348148][ T8675] end_report+0x47/0x4f [ 159.352302][ T8675] ? fuse_request_end+0x825/0x990 [ 159.357324][ T8675] __kasan_report.cold+0xe/0x41 [ 159.362167][ T8675] ? fuse_request_end+0x825/0x990 [ 159.367173][ T8675] kasan_report+0x12/0x20 [ 159.371481][ T8675] __asan_report_load8_noabort+0x14/0x20 [ 159.377091][ T8675] fuse_request_end+0x825/0x990 [ 159.381917][ T8675] ? __kasan_check_read+0x11/0x20 [ 159.386919][ T8675] ? do_raw_spin_unlock+0x57/0x270 [ 159.392012][ T8675] fuse_dev_do_read.isra.0+0x115b/0x1df0 [ 159.397622][ T8675] ? __lock_acquire+0x8a0/0x4a00 [ 159.402560][ T8675] ? fuse_copy_args+0x380/0x380 [ 159.407388][ T8675] ? find_held_lock+0x35/0x130 [ 159.412134][ T8675] ? aa_file_perm+0x40b/0xeb0 [ 159.416794][ T8675] ? lock_downgrade+0x920/0x920 [ 159.421623][ T8675] ? memset+0x32/0x40 [ 159.425587][ T8675] fuse_dev_read+0x165/0x200 [ 159.430160][ T8675] ? fuse_dev_do_read.isra.0+0x1df0/0x1df0 [ 159.435943][ T8675] ? aa_file_perm+0x432/0xeb0 [ 159.440602][ T8675] ? aa_path_link+0x460/0x460 [ 159.445262][ T8675] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 159.451484][ T8675] ? iov_iter_init+0xee/0x220 [ 159.456151][ T8675] new_sync_read+0x4d7/0x800 [ 159.460721][ T8675] ? vfs_dedupe_file_range+0x780/0x780 [ 159.466159][ T8675] ? __fget+0x384/0x560 [ 159.470300][ T8675] ? security_file_permission+0x8f/0x380 [ 159.475915][ T8675] __vfs_read+0xe1/0x110 [ 159.480163][ T8675] vfs_read+0x1f0/0x440 [ 159.484298][ T8675] ksys_read+0x14f/0x290 [ 159.488521][ T8675] ? kernel_write+0x130/0x130 [ 159.493179][ T8675] ? do_fast_syscall_32+0xd1/0xdb3 [ 159.498272][ T8675] ? entry_SYSENTER_compat+0x70/0x7f [ 159.503544][ T8675] ? do_fast_syscall_32+0xd1/0xdb3 [ 159.508633][ T8675] __ia32_sys_read+0x71/0xb0 [ 159.513217][ T8675] do_fast_syscall_32+0x27b/0xdb3 [ 159.518221][ T8675] entry_SYSENTER_compat+0x70/0x7f [ 159.523310][ T8675] RIP: 0023:0xf7f59a29 [ 159.527362][ T8675] Code: b8 80 96 98 00 eb cc 8b 04 24 c3 8b 1c 24 c3 8b 34 24 c3 8b 3c 24 c3 90 90 90 90 90 90 90 90 90 90 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 eb 0d 90 90 90 90 90 90 90 90 90 90 90 90 [ 159.546953][ T8675] RSP: 002b:00000000f5d340cc EFLAGS: 00000296 ORIG_RAX: 0000000000000003 [ 159.555344][ T8675] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000200030c0 [ 159.563293][ T8675] RDX: 00000000fffffed0 RSI: 0000000000000000 RDI: 0000000000000000 [ 159.571244][ T8675] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 159.579194][ T8675] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 159.587143][ T8675] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 159.596496][ T8675] Kernel Offset: disabled [ 159.600874][ T8675] Rebooting in 86400 seconds..