[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 63.593961][ T27] audit: type=1800 audit(1575251584.916:25): pid=8877 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 63.627163][ T27] audit: type=1800 audit(1575251584.916:26): pid=8877 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 63.665595][ T27] audit: type=1800 audit(1575251584.916:27): pid=8877 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.226' (ECDSA) to the list of known hosts. 2019/12/02 01:53:15 fuzzer started 2019/12/02 01:53:17 dialing manager at 10.128.0.26:36723 2019/12/02 01:53:17 syscalls: 2678 2019/12/02 01:53:17 code coverage: enabled 2019/12/02 01:53:17 comparison tracing: enabled 2019/12/02 01:53:17 extra coverage: enabled 2019/12/02 01:53:17 setuid sandbox: enabled 2019/12/02 01:53:17 namespace sandbox: enabled 2019/12/02 01:53:17 Android sandbox: /sys/fs/selinux/policy does not exist 2019/12/02 01:53:17 fault injection: enabled 2019/12/02 01:53:17 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/12/02 01:53:17 net packet injection: enabled 2019/12/02 01:53:17 net device setup: enabled 2019/12/02 01:53:17 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/12/02 01:53:17 devlink PCI setup: PCI device 0000:00:10.0 is not available 01:54:36 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() socket$inet6(0xa, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x19) wait4(0x0, 0x0, 0x0, 0x0) 01:54:36 executing program 1: r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f00000001c0)=ANY=[@ANYBLOB="9662c011", @ANYRES32=0x0], &(0x7f00000000c0)=0xfe10) r2 = socket(0xa, 0x1, 0x0) close(r2) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8) sendmmsg$inet_sctp(r2, &(0x7f0000002940)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x4}}], 0x30}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0x4}, 0x10) syzkaller login: [ 154.970695][ T9043] IPVS: ftp: loaded support on port[0] = 21 [ 155.122495][ T9043] chnl_net:caif_netlink_parms(): no params data found 01:54:36 executing program 2: r0 = socket$inet6(0xa, 0x80003, 0xff) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0800b5055e0bcfe87b2071") r1 = io_uring_setup(0xf9, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, [], {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}) ppoll(&(0x7f0000000240)=[{r1}], 0x1, &(0x7f0000000280)={0x0, 0x1c9c380}, 0x0, 0x0) [ 155.219826][ T9043] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.231716][ T9043] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.240276][ T9043] device bridge_slave_0 entered promiscuous mode [ 155.262342][ T9046] IPVS: ftp: loaded support on port[0] = 21 [ 155.270975][ T9043] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.279682][ T9043] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.293391][ T9043] device bridge_slave_1 entered promiscuous mode [ 155.354978][ T9043] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 155.382938][ T9043] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 155.463221][ T9043] team0: Port device team_slave_0 added [ 155.475308][ T9046] chnl_net:caif_netlink_parms(): no params data found [ 155.483610][ T9048] IPVS: ftp: loaded support on port[0] = 21 [ 155.494765][ T9043] team0: Port device team_slave_1 added [ 155.532032][ T9046] bridge0: port 1(bridge_slave_0) entered blocking state [ 155.540114][ T9046] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.549287][ T9046] device bridge_slave_0 entered promiscuous mode [ 155.564536][ T9046] bridge0: port 2(bridge_slave_1) entered blocking state [ 155.571730][ T9046] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.579861][ T9046] device bridge_slave_1 entered promiscuous mode 01:54:36 executing program 3: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="2e0000001a008100a00f80ecdb4cb904024865160b000000d4036efb120004001300000040d819a9ffe200000000", 0x2e}], 0x1}, 0x0) [ 155.681357][ T9043] device hsr_slave_0 entered promiscuous mode [ 155.737409][ T9043] device hsr_slave_1 entered promiscuous mode [ 155.779049][ T9046] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 155.801136][ T9046] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 155.852628][ T9051] IPVS: ftp: loaded support on port[0] = 21 [ 155.878683][ T9046] team0: Port device team_slave_0 added 01:54:37 executing program 4: r0 = socket$inet6(0xa, 0x80003, 0xff) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0800b5055e0bcfe87b2071") r1 = socket$inet(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000200)={0x2, 0x1004e20, @loopback}, 0x10) sendto$inet(r1, &(0x7f0000000140)="6812334f6743a747f8bf094356", 0xd, 0x8800, &(0x7f00000000c0)={0x2, 0x4e21, @remote}, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) connect$inet(r1, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r1, &(0x7f0000000100)='\x00', 0x38, 0x4088, 0x0, 0x0) recvmmsg(r1, &(0x7f0000001480)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000180)=""/102, 0x66}], 0x1}}], 0x1, 0x0, 0x0) [ 155.902807][ T9046] team0: Port device team_slave_1 added [ 156.000071][ T9046] device hsr_slave_0 entered promiscuous mode [ 156.027748][ T9046] device hsr_slave_1 entered promiscuous mode [ 156.077579][ T9046] debugfs: Directory 'hsr0' with parent '/' already present! [ 156.115780][ T9053] IPVS: ftp: loaded support on port[0] = 21 01:54:37 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x4, 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0xe6) r1 = socket(0x10, 0x802, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f0000000100)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @dev}, 0x14) sendmmsg(r0, &(0x7f0000000780)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) [ 156.211608][ T9043] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 156.280059][ T9048] chnl_net:caif_netlink_parms(): no params data found [ 156.294119][ T9043] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 156.350472][ T9043] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 156.423139][ T9043] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 156.496817][ T9048] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.504292][ T9048] bridge0: port 1(bridge_slave_0) entered disabled state [ 156.512202][ T9048] device bridge_slave_0 entered promiscuous mode [ 156.524826][ T9048] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.531977][ T9048] bridge0: port 2(bridge_slave_1) entered disabled state [ 156.539989][ T9048] device bridge_slave_1 entered promiscuous mode [ 156.575732][ T9057] IPVS: ftp: loaded support on port[0] = 21 [ 156.585499][ T9048] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 156.629692][ T9048] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 156.655295][ T9048] team0: Port device team_slave_0 added [ 156.661944][ T9046] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 156.702538][ T9046] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 156.759450][ T9046] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 156.801560][ T9046] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 156.873975][ T9048] team0: Port device team_slave_1 added [ 156.959261][ T9048] device hsr_slave_0 entered promiscuous mode [ 157.007497][ T9048] device hsr_slave_1 entered promiscuous mode [ 157.067180][ T9048] debugfs: Directory 'hsr0' with parent '/' already present! [ 157.192931][ T9051] chnl_net:caif_netlink_parms(): no params data found [ 157.209998][ T9053] chnl_net:caif_netlink_parms(): no params data found [ 157.258111][ T9048] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 157.313021][ T9048] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 157.441392][ T9053] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.449006][ T9053] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.456708][ T9053] device bridge_slave_0 entered promiscuous mode [ 157.464403][ T9048] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 157.535436][ T9057] chnl_net:caif_netlink_parms(): no params data found [ 157.560278][ T9053] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.567541][ T9053] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.575188][ T9053] device bridge_slave_1 entered promiscuous mode [ 157.582940][ T9048] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 157.638970][ T9051] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.646071][ T9051] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.657323][ T9051] device bridge_slave_0 entered promiscuous mode [ 157.666062][ T9051] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.673286][ T9051] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.681386][ T9051] device bridge_slave_1 entered promiscuous mode [ 157.725423][ T9053] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 157.737935][ T9053] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 157.783884][ T9057] bridge0: port 1(bridge_slave_0) entered blocking state [ 157.791067][ T9057] bridge0: port 1(bridge_slave_0) entered disabled state [ 157.802246][ T9057] device bridge_slave_0 entered promiscuous mode [ 157.811098][ T9057] bridge0: port 2(bridge_slave_1) entered blocking state [ 157.819009][ T9057] bridge0: port 2(bridge_slave_1) entered disabled state [ 157.826663][ T9057] device bridge_slave_1 entered promiscuous mode [ 157.851788][ T9051] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 157.865423][ T9043] 8021q: adding VLAN 0 to HW filter on device bond0 [ 157.874867][ T9057] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 157.885308][ T9051] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 157.896906][ T9053] team0: Port device team_slave_0 added [ 157.920552][ T9046] 8021q: adding VLAN 0 to HW filter on device bond0 [ 157.934035][ T9057] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 157.958140][ T9051] team0: Port device team_slave_0 added [ 157.965252][ T9053] team0: Port device team_slave_1 added [ 157.978317][ T9043] 8021q: adding VLAN 0 to HW filter on device team0 [ 157.998547][ T9051] team0: Port device team_slave_1 added [ 158.013594][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 158.021924][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 158.030560][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 158.038806][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 158.047743][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 158.056234][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 158.064993][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.072255][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 158.081886][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 158.093151][ T9046] 8021q: adding VLAN 0 to HW filter on device team0 [ 158.179344][ T9051] device hsr_slave_0 entered promiscuous mode [ 158.237549][ T9051] device hsr_slave_1 entered promiscuous mode [ 158.277652][ T9051] debugfs: Directory 'hsr0' with parent '/' already present! [ 158.287429][ T9057] team0: Port device team_slave_0 added [ 158.295282][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 158.304323][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 158.312944][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.320062][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 158.328455][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 158.337440][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 158.345737][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 158.352912][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 158.361381][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 158.420410][ T9053] device hsr_slave_0 entered promiscuous mode [ 158.487344][ T9053] device hsr_slave_1 entered promiscuous mode [ 158.578107][ T9053] debugfs: Directory 'hsr0' with parent '/' already present! [ 158.599528][ T9057] team0: Port device team_slave_1 added [ 158.607708][ T2959] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 158.653001][ T9054] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 158.666049][ T9054] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 158.674608][ T9054] bridge0: port 2(bridge_slave_1) entered blocking state [ 158.681806][ T9054] bridge0: port 2(bridge_slave_1) entered forwarding state [ 158.689505][ T9054] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 158.742421][ T9054] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 158.760996][ T9054] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 158.770106][ T9054] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 158.778646][ T9054] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 158.787316][ T9054] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 158.796458][ T9054] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 158.805173][ T9054] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 158.814028][ T9054] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 158.823498][ T9054] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 158.831389][ T9054] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 158.853019][ T9051] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 158.939189][ T9057] device hsr_slave_0 entered promiscuous mode [ 158.977525][ T9057] device hsr_slave_1 entered promiscuous mode [ 159.017187][ T9057] debugfs: Directory 'hsr0' with parent '/' already present! [ 159.024797][ T9053] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 159.079132][ T9053] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 159.133819][ T9043] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 159.145597][ T9043] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 159.162202][ T9061] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 159.171545][ T9061] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 159.180674][ T9061] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 159.189272][ T9061] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 159.198265][ T9061] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 159.206491][ T9061] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 159.214885][ T9061] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 159.223124][ T9061] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 159.231757][ T9061] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 159.240228][ T9061] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 159.249723][ T9061] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 159.259700][ T9051] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 159.309714][ T9051] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 159.363615][ T9051] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 159.419279][ T9053] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 159.472727][ T9046] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 159.492583][ T9053] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 159.537762][ T9061] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 159.545204][ T9061] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 159.601258][ T9043] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 159.614400][ T9057] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 159.651906][ T9057] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 159.708872][ T9054] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 159.716340][ T9054] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 159.732780][ T9046] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 159.758473][ T9048] 8021q: adding VLAN 0 to HW filter on device bond0 [ 159.779309][ T9057] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 159.815048][ T9057] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 159.894111][ T9048] 8021q: adding VLAN 0 to HW filter on device team0 [ 159.953832][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 159.963462][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 159.981570][ T9061] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 159.994034][ T9061] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready 01:54:41 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() socket$inet6(0xa, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x19) wait4(0x0, 0x0, 0x0, 0x0) [ 160.002879][ T9061] bridge0: port 1(bridge_slave_0) entered blocking state [ 160.010013][ T9061] bridge0: port 1(bridge_slave_0) entered forwarding state [ 160.026246][ T9054] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 160.077896][ T2959] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 160.086556][ T2959] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 160.127869][ T2959] bridge0: port 2(bridge_slave_1) entered blocking state [ 160.134959][ T2959] bridge0: port 2(bridge_slave_1) entered forwarding state [ 160.152288][ T2959] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 160.161209][ T2959] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 160.185079][ T9053] 8021q: adding VLAN 0 to HW filter on device bond0 [ 160.216586][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 160.227557][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 160.235985][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 160.246246][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 160.255529][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 160.290463][ T9051] 8021q: adding VLAN 0 to HW filter on device bond0 [ 160.297963][ T9061] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 160.306312][ T9061] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 160.345595][ T9048] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 160.362323][ T9048] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 160.373661][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 160.381626][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 160.389587][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 160.398820][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 160.408723][ T9053] 8021q: adding VLAN 0 to HW filter on device team0 [ 160.428519][ T9058] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 160.436703][ T9058] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 160.447649][ T9057] 8021q: adding VLAN 0 to HW filter on device bond0 [ 160.466357][ T9051] 8021q: adding VLAN 0 to HW filter on device team0 [ 160.488427][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 160.497875][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 160.506180][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 160.513259][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 160.522103][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 160.530910][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 160.539379][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 160.546434][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 160.554148][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 160.562699][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 160.572251][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 160.601390][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 160.609591][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 160.619598][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 160.628841][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 160.638387][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 160.645523][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 160.655354][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 160.674600][ T9048] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 160.686068][ T9058] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 160.695354][ T9058] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 160.704221][ T9058] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 160.713136][ T9058] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 160.721908][ T9058] bridge0: port 2(bridge_slave_1) entered blocking state [ 160.729003][ T9058] bridge0: port 2(bridge_slave_1) entered forwarding state [ 160.744442][ T9057] 8021q: adding VLAN 0 to HW filter on device team0 [ 160.761643][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 160.771225][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 160.779324][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 160.792975][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 160.802219][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 160.811056][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 160.836567][ T9053] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 160.848453][ T9053] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 160.862565][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 160.872900][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 160.881413][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 160.890186][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 160.898737][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 160.909185][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 160.916742][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 160.926087][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 160.982525][ T9058] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 160.992948][ T9058] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 161.003123][ T9058] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready 01:54:42 executing program 1: r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f00000001c0)=ANY=[@ANYBLOB="9662c011", @ANYRES32=0x0], &(0x7f00000000c0)=0xfe10) r2 = socket(0xa, 0x1, 0x0) close(r2) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8) sendmmsg$inet_sctp(r2, &(0x7f0000002940)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x4}}], 0x30}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0x4}, 0x10) [ 161.042051][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 161.059218][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 161.069940][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 161.078059][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 161.086273][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 161.095994][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 161.104825][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 161.112932][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 161.122396][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 161.131337][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 161.140612][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 161.147896][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 161.155654][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 161.169640][ T9051] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 161.183666][ T9051] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 161.200261][ T9053] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 161.220553][ T9084] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 161.230625][ T9084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 161.239730][ T9084] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 01:54:42 executing program 2: r0 = socket$inet6(0xa, 0x80003, 0xff) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0800b5055e0bcfe87b2071") r1 = io_uring_setup(0xf9, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, [], {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}) ppoll(&(0x7f0000000240)=[{r1}], 0x1, &(0x7f0000000280)={0x0, 0x1c9c380}, 0x0, 0x0) [ 161.248577][ T9084] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 161.258306][ T9084] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 161.270989][ T9084] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 161.306744][ T9058] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 161.316482][ T9058] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 161.325411][ T9058] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 161.335243][ T9058] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 161.344042][ T9058] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 161.371822][ T9054] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 161.381793][ T9054] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 161.390265][ T9054] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 161.399617][ T9054] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 161.411346][ T9057] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 161.437795][ T9051] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 161.451286][ T9054] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 161.460356][ T9054] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 01:54:42 executing program 2: r0 = socket$inet6(0xa, 0x80003, 0xff) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0800b5055e0bcfe87b2071") r1 = io_uring_setup(0xf9, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, [], {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}) ppoll(&(0x7f0000000240)=[{r1}], 0x1, &(0x7f0000000280)={0x0, 0x1c9c380}, 0x0, 0x0) [ 161.503636][ T9057] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 161.614268][ T9121] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 01:54:43 executing program 2: r0 = socket$inet6(0xa, 0x80003, 0xff) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0800b5055e0bcfe87b2071") r1 = io_uring_setup(0xf9, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, [], {0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}) ppoll(&(0x7f0000000240)=[{r1}], 0x1, &(0x7f0000000280)={0x0, 0x1c9c380}, 0x0, 0x0) 01:54:43 executing program 3: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="2e0000001a008100a00f80ecdb4cb904024865160b000000d4036efb120004001300000040d819a9ffe200000000", 0x2e}], 0x1}, 0x0) [ 161.715418][ T9130] netlink: 'syz-executor.3': attribute type 4 has an invalid length. 01:54:43 executing program 3: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="2e0000001a008100a00f80ecdb4cb904024865160b000000d4036efb120004001300000040d819a9ffe200000000", 0x2e}], 0x1}, 0x0) [ 161.846163][ T9141] netlink: 'syz-executor.3': attribute type 4 has an invalid length. [ 161.857546][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 161.863572][ C1] protocol 88fb is buggy, dev hsr_slave_1 01:54:43 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() socket$inet6(0xa, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x19) wait4(0x0, 0x0, 0x0, 0x0) 01:54:43 executing program 3: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="2e0000001a008100a00f80ecdb4cb904024865160b000000d4036efb120004001300000040d819a9ffe200000000", 0x2e}], 0x1}, 0x0) 01:54:43 executing program 1: r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f00000001c0)=ANY=[@ANYBLOB="9662c011", @ANYRES32=0x0], &(0x7f00000000c0)=0xfe10) r2 = socket(0xa, 0x1, 0x0) close(r2) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8) sendmmsg$inet_sctp(r2, &(0x7f0000002940)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x4}}], 0x30}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0x4}, 0x10) [ 161.945355][ T9146] netlink: 'syz-executor.3': attribute type 4 has an invalid length. [ 162.009587][ T9150] netlink: 'syz-executor.3': attribute type 4 has an invalid length. 01:54:43 executing program 4: r0 = socket$inet6(0xa, 0x80003, 0xff) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0800b5055e0bcfe87b2071") r1 = socket$inet(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000200)={0x2, 0x1004e20, @loopback}, 0x10) sendto$inet(r1, &(0x7f0000000140)="6812334f6743a747f8bf094356", 0xd, 0x8800, &(0x7f00000000c0)={0x2, 0x4e21, @remote}, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) connect$inet(r1, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r1, &(0x7f0000000100)='\x00', 0x38, 0x4088, 0x0, 0x0) recvmmsg(r1, &(0x7f0000001480)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000180)=""/102, 0x66}], 0x1}}], 0x1, 0x0, 0x0) 01:54:43 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x18, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x10}, [@ldst={0x6, 0x0, 0x6}]}, &(0x7f0000003ff6)='G\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) 01:54:44 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() socket$inet6(0xa, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x19) wait4(0x0, 0x0, 0x0, 0x0) 01:54:44 executing program 1: r0 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000961fe4)=[@in={0x2, 0x0, @dev}], 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f00000001c0)=ANY=[@ANYBLOB="9662c011", @ANYRES32=0x0], &(0x7f00000000c0)=0xfe10) r2 = socket(0xa, 0x1, 0x0) close(r2) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000040)={r1}, &(0x7f0000000140)=0x8) sendmmsg$inet_sctp(r2, &(0x7f0000002940)=[{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@sndrcv={0x30, 0x84, 0x1, {0x0, 0x0, 0x4}}], 0x30}], 0x1, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r2, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0x4}, 0x10) 01:54:44 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x4, 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0xe6) r1 = socket(0x10, 0x802, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f0000000100)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @dev}, 0x14) sendmmsg(r0, &(0x7f0000000780)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 01:54:44 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x18, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x10}, [@ldst={0x6, 0x0, 0x6}]}, &(0x7f0000003ff6)='G\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) 01:54:44 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x18, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x10}, [@ldst={0x6, 0x0, 0x6}]}, &(0x7f0000003ff6)='G\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) 01:54:44 executing program 4: r0 = socket$inet6(0xa, 0x80003, 0xff) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0800b5055e0bcfe87b2071") r1 = socket$inet(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000200)={0x2, 0x1004e20, @loopback}, 0x10) sendto$inet(r1, &(0x7f0000000140)="6812334f6743a747f8bf094356", 0xd, 0x8800, &(0x7f00000000c0)={0x2, 0x4e21, @remote}, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) connect$inet(r1, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r1, &(0x7f0000000100)='\x00', 0x38, 0x4088, 0x0, 0x0) recvmmsg(r1, &(0x7f0000001480)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000180)=""/102, 0x66}], 0x1}}], 0x1, 0x0, 0x0) 01:54:44 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x18, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x10}, [@ldst={0x6, 0x0, 0x6}]}, &(0x7f0000003ff6)='G\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) 01:54:46 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() socket$inet6(0xa, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x19) wait4(0x0, 0x0, 0x0, 0x0) 01:54:46 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x4, 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0xe6) r1 = socket(0x10, 0x802, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f0000000100)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @dev}, 0x14) sendmmsg(r0, &(0x7f0000000780)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 01:54:46 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RWALK(r0, &(0x7f00000003c0)=ANY=[@ANYRES64], 0x8) r1 = open(&(0x7f0000000140)='./bus\x00', 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r1, 0x40046629, &(0x7f0000000200)) 01:54:46 executing program 1: r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000080)={0x4}, 0x10) write(r0, &(0x7f00000000c0)="1c0000004a005f0014f9f407000909000a0080000004000000000000", 0x1c) 01:54:46 executing program 4: r0 = socket$inet6(0xa, 0x80003, 0xff) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0800b5055e0bcfe87b2071") r1 = socket$inet(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000200)={0x2, 0x1004e20, @loopback}, 0x10) sendto$inet(r1, &(0x7f0000000140)="6812334f6743a747f8bf094356", 0xd, 0x8800, &(0x7f00000000c0)={0x2, 0x4e21, @remote}, 0x10) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) connect$inet(r1, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r1, &(0x7f0000000100)='\x00', 0x38, 0x4088, 0x0, 0x0) recvmmsg(r1, &(0x7f0000001480)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000180)=""/102, 0x66}], 0x1}}], 0x1, 0x0, 0x0) [ 165.163160][ T27] kauditd_printk_skb: 3 callbacks suppressed [ 165.163201][ T27] audit: type=1804 audit(1575251686.486:31): pid=9205 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir359703060/syzkaller.RLPzsL/8/bus" dev="sda1" ino=16522 res=1 [ 165.242657][ T27] audit: type=1804 audit(1575251686.526:32): pid=9215 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir359703060/syzkaller.RLPzsL/8/bus" dev="sda1" ino=16522 res=1 01:54:47 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() socket$inet6(0xa, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x19) wait4(0x0, 0x0, 0x0, 0x0) 01:54:47 executing program 1: r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000080)={0x4}, 0x10) write(r0, &(0x7f00000000c0)="1c0000004a005f0014f9f407000909000a0080000004000000000000", 0x1c) 01:54:47 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x4, 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0xe6) r1 = socket(0x10, 0x802, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f0000000100)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @dev}, 0x14) sendmmsg(r0, &(0x7f0000000780)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 01:54:47 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RWALK(r0, &(0x7f00000003c0)=ANY=[@ANYRES64], 0x8) r1 = open(&(0x7f0000000140)='./bus\x00', 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r1, 0x40046629, &(0x7f0000000200)) 01:54:47 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x84) getsockopt$bt_hci(r0, 0x84, 0x7f, 0x0, &(0x7f0000001140)) 01:54:47 executing program 1: r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000080)={0x4}, 0x10) write(r0, &(0x7f00000000c0)="1c0000004a005f0014f9f407000909000a0080000004000000000000", 0x1c) 01:54:47 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x84) getsockopt$bt_hci(r0, 0x84, 0x7f, 0x0, &(0x7f0000001140)) [ 166.283258][ T27] audit: type=1804 audit(1575251687.606:33): pid=9229 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir359703060/syzkaller.RLPzsL/9/bus" dev="sda1" ino=16567 res=1 01:54:49 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() socket$inet6(0xa, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x19) wait4(0x0, 0x0, 0x0, 0x0) 01:54:49 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RWALK(r0, &(0x7f00000003c0)=ANY=[@ANYRES64], 0x8) r1 = open(&(0x7f0000000140)='./bus\x00', 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r1, 0x40046629, &(0x7f0000000200)) 01:54:49 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x84) getsockopt$bt_hci(r0, 0x84, 0x7f, 0x0, &(0x7f0000001140)) 01:54:49 executing program 1: r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000080)={0x4}, 0x10) write(r0, &(0x7f00000000c0)="1c0000004a005f0014f9f407000909000a0080000004000000000000", 0x1c) 01:54:49 executing program 5: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000580)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4cc74502f987c2cec6504df6ead74ed8a60ab563e98b4b2a3d27a7082dbb78abd55fba3da80b856445ab100621d6234555c08dc540473786cd89e9b08e3f5972fe9ca162b123e19268c89c9dd81c796f27f537ccf6b59c41705b96a6711d4679079d00"/142], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x0, &(0x7f00000003c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap='cache=mmap'}]}}) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='mounts\x00') sendfile(r3, r3, &(0x7f0000000180)=0x74000000, 0x5) [ 168.235740][ T27] audit: type=1804 audit(1575251689.556:34): pid=9252 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir359703060/syzkaller.RLPzsL/10/bus" dev="sda1" ino=16581 res=1 01:54:50 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) write$P9_RWALK(r0, &(0x7f00000003c0)=ANY=[@ANYRES64], 0x8) r1 = open(&(0x7f0000000140)='./bus\x00', 0x0, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r1, 0x40046629, &(0x7f0000000200)) 01:54:50 executing program 1: openat$pidfd(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self\x00', 0x0, 0x0) r0 = memfd_create(&(0x7f0000000180)='\xb3', 0x0) write$FUSE_DIRENT(r0, &(0x7f0000000080)=ANY=[], 0x29) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x81, 0x11, r0, 0x0) readlinkat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000007140)=""/122, 0x7a) 01:54:50 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x84) getsockopt$bt_hci(r0, 0x84, 0x7f, 0x0, &(0x7f0000001140)) 01:54:50 executing program 5: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000580)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4cc74502f987c2cec6504df6ead74ed8a60ab563e98b4b2a3d27a7082dbb78abd55fba3da80b856445ab100621d6234555c08dc540473786cd89e9b08e3f5972fe9ca162b123e19268c89c9dd81c796f27f537ccf6b59c41705b96a6711d4679079d00"/142], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x0, &(0x7f00000003c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap='cache=mmap'}]}}) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='mounts\x00') sendfile(r3, r3, &(0x7f0000000180)=0x74000000, 0x5) 01:54:50 executing program 0: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000580)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4cc74502f987c2cec6504df6ead74ed8a60ab563e98b4b2a3d27a7082dbb78abd55fba3da80b856445ab100621d6234555c08dc540473786cd89e9b08e3f5972fe9ca162b123e19268c89c9dd81c796f27f537ccf6b59c41705b96a6711d4679079d00"/142], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x0, &(0x7f00000003c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap='cache=mmap'}]}}) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='mounts\x00') sendfile(r3, r3, &(0x7f0000000180)=0x74000000, 0x5) 01:54:50 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000002840)={"6c64125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10010174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde318ead4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c84f7cff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000000c0)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x1ff, 0x0, [{}, {0x0, 0xb9}]}}) 01:54:50 executing program 1: openat$pidfd(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self\x00', 0x0, 0x0) r0 = memfd_create(&(0x7f0000000180)='\xb3', 0x0) write$FUSE_DIRENT(r0, &(0x7f0000000080)=ANY=[], 0x29) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x81, 0x11, r0, 0x0) readlinkat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000007140)=""/122, 0x7a) [ 169.376195][ T27] audit: type=1804 audit(1575251690.696:35): pid=9271 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir359703060/syzkaller.RLPzsL/11/bus" dev="sda1" ino=16594 res=1 [ 169.461365][ T9281] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. 01:54:52 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='configfs\x00', 0x0, 0x0) r2 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) getdents64(r2, &(0x7f0000000100)=""/58, 0x3a) getdents64(r2, &(0x7f0000000280)=""/107, 0x6b) 01:54:52 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, r2, 0x0) fcntl$setlease(r0, 0x400, 0x0) 01:54:52 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-blowfish-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000412ff8)="3665a1ab", 0x4) r1 = accept(r0, 0x0, 0x0) sendto$x25(r1, &(0x7f0000000100)="df49f9d49c7f4c52fd992df3fbce33e816afeaaf4017327c", 0xfffffffffffffdcb, 0x0, 0x0, 0xcb) recvmsg$can_bcm(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)=""/91, 0x5b}, {&(0x7f0000000900)=""/4096, 0x1000}], 0x2}, 0x0) 01:54:52 executing program 5: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000580)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4cc74502f987c2cec6504df6ead74ed8a60ab563e98b4b2a3d27a7082dbb78abd55fba3da80b856445ab100621d6234555c08dc540473786cd89e9b08e3f5972fe9ca162b123e19268c89c9dd81c796f27f537ccf6b59c41705b96a6711d4679079d00"/142], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x0, &(0x7f00000003c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap='cache=mmap'}]}}) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='mounts\x00') sendfile(r3, r3, &(0x7f0000000180)=0x74000000, 0x5) 01:54:52 executing program 0: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000580)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4cc74502f987c2cec6504df6ead74ed8a60ab563e98b4b2a3d27a7082dbb78abd55fba3da80b856445ab100621d6234555c08dc540473786cd89e9b08e3f5972fe9ca162b123e19268c89c9dd81c796f27f537ccf6b59c41705b96a6711d4679079d00"/142], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x0, &(0x7f00000003c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap='cache=mmap'}]}}) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='mounts\x00') sendfile(r3, r3, &(0x7f0000000180)=0x74000000, 0x5) 01:54:52 executing program 1: openat$pidfd(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self\x00', 0x0, 0x0) r0 = memfd_create(&(0x7f0000000180)='\xb3', 0x0) write$FUSE_DIRENT(r0, &(0x7f0000000080)=ANY=[], 0x29) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x81, 0x11, r0, 0x0) readlinkat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000007140)=""/122, 0x7a) 01:54:52 executing program 1: openat$pidfd(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self\x00', 0x0, 0x0) r0 = memfd_create(&(0x7f0000000180)='\xb3', 0x0) write$FUSE_DIRENT(r0, &(0x7f0000000080)=ANY=[], 0x29) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x81, 0x11, r0, 0x0) readlinkat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000007140)=""/122, 0x7a) 01:54:52 executing program 5: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000580)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4cc74502f987c2cec6504df6ead74ed8a60ab563e98b4b2a3d27a7082dbb78abd55fba3da80b856445ab100621d6234555c08dc540473786cd89e9b08e3f5972fe9ca162b123e19268c89c9dd81c796f27f537ccf6b59c41705b96a6711d4679079d00"/142], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x0, &(0x7f00000003c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap='cache=mmap'}]}}) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='mounts\x00') sendfile(r3, r3, &(0x7f0000000180)=0x74000000, 0x5) 01:54:52 executing program 0: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000580)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4cc74502f987c2cec6504df6ead74ed8a60ab563e98b4b2a3d27a7082dbb78abd55fba3da80b856445ab100621d6234555c08dc540473786cd89e9b08e3f5972fe9ca162b123e19268c89c9dd81c796f27f537ccf6b59c41705b96a6711d4679079d00"/142], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x0, &(0x7f00000003c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap='cache=mmap'}]}}) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='mounts\x00') sendfile(r3, r3, &(0x7f0000000180)=0x74000000, 0x5) 01:54:52 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='configfs\x00', 0x0, 0x0) r2 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) getdents64(r2, &(0x7f0000000100)=""/58, 0x3a) getdents64(r2, &(0x7f0000000280)=""/107, 0x6b) 01:54:52 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, r2, 0x0) fcntl$setlease(r0, 0x400, 0x0) 01:54:52 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='configfs\x00', 0x0, 0x0) r2 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) getdents64(r2, &(0x7f0000000100)=""/58, 0x3a) getdents64(r2, &(0x7f0000000280)=""/107, 0x6b) 01:54:52 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='configfs\x00', 0x0, 0x0) r2 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) getdents64(r2, &(0x7f0000000100)=""/58, 0x3a) getdents64(r2, &(0x7f0000000280)=""/107, 0x6b) 01:54:53 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='configfs\x00', 0x0, 0x0) r2 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) getdents64(r2, &(0x7f0000000100)=""/58, 0x3a) getdents64(r2, &(0x7f0000000280)=""/107, 0x6b) 01:54:53 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-blowfish-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000412ff8)="3665a1ab", 0x4) r1 = accept(r0, 0x0, 0x0) sendto$x25(r1, &(0x7f0000000100)="df49f9d49c7f4c52fd992df3fbce33e816afeaaf4017327c", 0xfffffffffffffdcb, 0x0, 0x0, 0xcb) recvmsg$can_bcm(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)=""/91, 0x5b}, {&(0x7f0000000900)=""/4096, 0x1000}], 0x2}, 0x0) 01:54:53 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, r2, 0x0) fcntl$setlease(r0, 0x400, 0x0) 01:54:53 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0800b5055e0bcfe87b2071") r1 = socket$inet_smc(0x2b, 0x1, 0x0) listen(r1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000280)='dctcp\x00', 0x6) close(r1) 01:54:53 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='configfs\x00', 0x0, 0x0) r2 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) getdents64(r2, &(0x7f0000000100)=""/58, 0x3a) getdents64(r2, &(0x7f0000000280)=""/107, 0x6b) 01:54:53 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='configfs\x00', 0x0, 0x0) r2 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) getdents64(r2, &(0x7f0000000100)=""/58, 0x3a) getdents64(r2, &(0x7f0000000280)=""/107, 0x6b) 01:54:53 executing program 0: openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r1 = dup(r0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8b28, &(0x7f0000000000)='wlan0\x00') syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x3) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket(0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) 01:54:53 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(0x0, r2, 0x0) fcntl$setlease(r0, 0x400, 0x0) 01:54:53 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x43}]}, &(0x7f0000000400)='GPL\x00u\xf1\x85y*_\xb2\xf0S\xfe\x8e\xdfj\a\x19\v\xc2\x8c\x891\xf9D\xe1\x13\xc4)W\xd1}3\x9d\x10\xad\as\xdc\x81\xe2\xa9\x8d\xdf\x98u1\xc1\xc5\xa8\xe7\xd4[\xb7\xfa\xd3\r\xa8\x0e\xcb\x8e@\x1f\xdc\xa1\xf0e\x9b\xed.\xbf\x1d\xbc\x86b\xaa\x00c\x8dhD\f\xd0m]_\xa0\xd2\xc2\xcdg\x9fvt\",\xe1[\xb1u\xc2f.j\x84qg(h\xba\xe0\x1a[\x11o\xf7\x7f\x05]\x1c1\x9dL(n\xce\xeb\vvRa\xb2\xd1f\x1b3\xe6Xy\x0fe\xe8\xb2\xbf\xc0\xce\x7f\xfa\xaf\xe9mt2\xa8PA\x88\xa4v\xe6WL\xfc\x16\xf1\x9b\xe96\x10K\x02\xee\xb2=\xd2[\xca\x0f\xd4\x10ML,\x9cJ\x88(_qf\xcds\x8a\xa6\"\x9b\x97\xa5\xe2c\"G', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 01:54:53 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0800b5055e0bcfe87b2071") r1 = socket$inet_smc(0x2b, 0x1, 0x0) listen(r1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000280)='dctcp\x00', 0x6) close(r1) 01:54:53 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0800b5055e0bcfe87b2071") r1 = socket$inet_smc(0x2b, 0x1, 0x0) listen(r1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000280)='dctcp\x00', 0x6) close(r1) 01:54:53 executing program 0: openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r1 = dup(r0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8b28, &(0x7f0000000000)='wlan0\x00') syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x3) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket(0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) 01:54:53 executing program 2: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000000), 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback}], 0x10) sendto$inet(r0, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback}, 0x10) 01:54:54 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-blowfish-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000412ff8)="3665a1ab", 0x4) r1 = accept(r0, 0x0, 0x0) sendto$x25(r1, &(0x7f0000000100)="df49f9d49c7f4c52fd992df3fbce33e816afeaaf4017327c", 0xfffffffffffffdcb, 0x0, 0x0, 0xcb) recvmsg$can_bcm(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)=""/91, 0x5b}, {&(0x7f0000000900)=""/4096, 0x1000}], 0x2}, 0x0) 01:54:54 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0800b5055e0bcfe87b2071") r1 = socket$inet_smc(0x2b, 0x1, 0x0) listen(r1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000280)='dctcp\x00', 0x6) close(r1) 01:54:54 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x43}]}, &(0x7f0000000400)='GPL\x00u\xf1\x85y*_\xb2\xf0S\xfe\x8e\xdfj\a\x19\v\xc2\x8c\x891\xf9D\xe1\x13\xc4)W\xd1}3\x9d\x10\xad\as\xdc\x81\xe2\xa9\x8d\xdf\x98u1\xc1\xc5\xa8\xe7\xd4[\xb7\xfa\xd3\r\xa8\x0e\xcb\x8e@\x1f\xdc\xa1\xf0e\x9b\xed.\xbf\x1d\xbc\x86b\xaa\x00c\x8dhD\f\xd0m]_\xa0\xd2\xc2\xcdg\x9fvt\",\xe1[\xb1u\xc2f.j\x84qg(h\xba\xe0\x1a[\x11o\xf7\x7f\x05]\x1c1\x9dL(n\xce\xeb\vvRa\xb2\xd1f\x1b3\xe6Xy\x0fe\xe8\xb2\xbf\xc0\xce\x7f\xfa\xaf\xe9mt2\xa8PA\x88\xa4v\xe6WL\xfc\x16\xf1\x9b\xe96\x10K\x02\xee\xb2=\xd2[\xca\x0f\xd4\x10ML,\x9cJ\x88(_qf\xcds\x8a\xa6\"\x9b\x97\xa5\xe2c\"G', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 01:54:54 executing program 0: openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r1 = dup(r0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8b28, &(0x7f0000000000)='wlan0\x00') syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x3) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket(0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) 01:54:54 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0800b5055e0bcfe87b2071") r1 = socket$inet_smc(0x2b, 0x1, 0x0) listen(r1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000280)='dctcp\x00', 0x6) close(r1) 01:54:54 executing program 2: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000000), 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback}], 0x10) sendto$inet(r0, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback}, 0x10) 01:54:54 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x43}]}, &(0x7f0000000400)='GPL\x00u\xf1\x85y*_\xb2\xf0S\xfe\x8e\xdfj\a\x19\v\xc2\x8c\x891\xf9D\xe1\x13\xc4)W\xd1}3\x9d\x10\xad\as\xdc\x81\xe2\xa9\x8d\xdf\x98u1\xc1\xc5\xa8\xe7\xd4[\xb7\xfa\xd3\r\xa8\x0e\xcb\x8e@\x1f\xdc\xa1\xf0e\x9b\xed.\xbf\x1d\xbc\x86b\xaa\x00c\x8dhD\f\xd0m]_\xa0\xd2\xc2\xcdg\x9fvt\",\xe1[\xb1u\xc2f.j\x84qg(h\xba\xe0\x1a[\x11o\xf7\x7f\x05]\x1c1\x9dL(n\xce\xeb\vvRa\xb2\xd1f\x1b3\xe6Xy\x0fe\xe8\xb2\xbf\xc0\xce\x7f\xfa\xaf\xe9mt2\xa8PA\x88\xa4v\xe6WL\xfc\x16\xf1\x9b\xe96\x10K\x02\xee\xb2=\xd2[\xca\x0f\xd4\x10ML,\x9cJ\x88(_qf\xcds\x8a\xa6\"\x9b\x97\xa5\xe2c\"G', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 01:54:54 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0800b5055e0bcfe87b2071") r1 = socket$inet_smc(0x2b, 0x1, 0x0) listen(r1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000280)='dctcp\x00', 0x6) close(r1) 01:54:54 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0800b5055e0bcfe87b2071") r1 = socket$inet_smc(0x2b, 0x1, 0x0) listen(r1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000280)='dctcp\x00', 0x6) close(r1) 01:54:54 executing program 0: openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r1 = dup(r0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8b28, &(0x7f0000000000)='wlan0\x00') syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x3) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket(0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) 01:54:54 executing program 2: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000000), 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback}], 0x10) sendto$inet(r0, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback}, 0x10) 01:54:54 executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x43}]}, &(0x7f0000000400)='GPL\x00u\xf1\x85y*_\xb2\xf0S\xfe\x8e\xdfj\a\x19\v\xc2\x8c\x891\xf9D\xe1\x13\xc4)W\xd1}3\x9d\x10\xad\as\xdc\x81\xe2\xa9\x8d\xdf\x98u1\xc1\xc5\xa8\xe7\xd4[\xb7\xfa\xd3\r\xa8\x0e\xcb\x8e@\x1f\xdc\xa1\xf0e\x9b\xed.\xbf\x1d\xbc\x86b\xaa\x00c\x8dhD\f\xd0m]_\xa0\xd2\xc2\xcdg\x9fvt\",\xe1[\xb1u\xc2f.j\x84qg(h\xba\xe0\x1a[\x11o\xf7\x7f\x05]\x1c1\x9dL(n\xce\xeb\vvRa\xb2\xd1f\x1b3\xe6Xy\x0fe\xe8\xb2\xbf\xc0\xce\x7f\xfa\xaf\xe9mt2\xa8PA\x88\xa4v\xe6WL\xfc\x16\xf1\x9b\xe96\x10K\x02\xee\xb2=\xd2[\xca\x0f\xd4\x10ML,\x9cJ\x88(_qf\xcds\x8a\xa6\"\x9b\x97\xa5\xe2c\"G', 0x4, 0x1000, &(0x7f000062b000)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 01:54:55 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-blowfish-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000412ff8)="3665a1ab", 0x4) r1 = accept(r0, 0x0, 0x0) sendto$x25(r1, &(0x7f0000000100)="df49f9d49c7f4c52fd992df3fbce33e816afeaaf4017327c", 0xfffffffffffffdcb, 0x0, 0x0, 0xcb) recvmsg$can_bcm(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)=""/91, 0x5b}, {&(0x7f0000000900)=""/4096, 0x1000}], 0x2}, 0x0) 01:54:55 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_udp_int(r0, 0x88, 0x66, &(0x7f0000000000), 0x4) 01:54:55 executing program 1: syz_mount_image$xfs(&(0x7f0000000040)='xfs\x00', &(0x7f0000000100)='./file0\x00', 0xffffffff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="5846534200001000000000000000100000000000000000000000000000000000984f0b5042b64b06bc86cba3e6cc3f800000003b4800004000000000000000800000000000000081000000000000008200000007000010000000000100000000000006c034a40200010000100000000000000000000000000c0908040c", 0x7d}], 0x0, 0x0) 01:54:55 executing program 2: r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000000), 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000d6cff0)=[@in={0x2, 0x4e20, @loopback}], 0x10) sendto$inet(r0, &(0x7f00003cef9f)='7', 0x1, 0x0, &(0x7f0000618000)={0x2, 0x4e20, @loopback}, 0x10) 01:54:55 executing program 0: r0 = creat(&(0x7f0000000040)='./file1\x00', 0x0) r1 = creat(&(0x7f0000000040)='./file1\x00', 0x0) writev(r1, &(0x7f0000002380)=[{&(0x7f0000000300)='~', 0x1}], 0x1) fallocate(r1, 0x3, 0x0, 0x10) fallocate(r0, 0x3, 0x0, 0x10) 01:54:55 executing program 4: tkill(0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=@flushpolicy={0x1c, 0x1d, 0x30e210fbd7440b8d, 0x0, 0x0, "", [@policy_type={0xc}]}, 0x1c}}, 0x0) 01:54:55 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_udp_int(r0, 0x88, 0x66, &(0x7f0000000000), 0x4) [ 173.978484][ T9428] XFS (loop1): Mounting V4 Filesystem 01:54:55 executing program 4: tkill(0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=@flushpolicy={0x1c, 0x1d, 0x30e210fbd7440b8d, 0x0, 0x0, "", [@policy_type={0xc}]}, 0x1c}}, 0x0) [ 174.021653][ T9428] attempt to access beyond end of device [ 174.031841][ T9428] loop1: rw=6144, want=2036888240641, limit=264192 [ 174.055658][ T9428] XFS (loop1): log recovery read I/O error at daddr 0x0 len 1 error -5 01:54:55 executing program 0: r0 = creat(&(0x7f0000000040)='./file1\x00', 0x0) r1 = creat(&(0x7f0000000040)='./file1\x00', 0x0) writev(r1, &(0x7f0000002380)=[{&(0x7f0000000300)='~', 0x1}], 0x1) fallocate(r1, 0x3, 0x0, 0x10) fallocate(r0, 0x3, 0x0, 0x10) [ 174.100064][ T9428] XFS (loop1): empty log check failed [ 174.121263][ T9428] XFS (loop1): log mount/recovery failed: error -5 01:54:55 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_udp_int(r0, 0x88, 0x66, &(0x7f0000000000), 0x4) 01:54:55 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r3, 0x84, 0x71, &(0x7f0000000140)={r5}, 0x8) 01:54:55 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_udp_int(r0, 0x88, 0x66, &(0x7f0000000000), 0x4) [ 174.237369][ T9428] XFS (loop1): log mount failed [ 174.576032][ T9428] XFS (loop1): Mounting V4 Filesystem [ 174.627539][ T9428] ================================================================== [ 174.635893][ T9428] BUG: KASAN: use-after-free in xlog_alloc_log+0x1386/0x14b0 [ 174.643250][ T9428] Read of size 8 at addr ffff8880969e9090 by task syz-executor.1/9428 [ 174.651384][ T9428] [ 174.653713][ T9428] CPU: 0 PID: 9428 Comm: syz-executor.1 Not tainted 5.4.0-next-20191129-syzkaller #0 [ 174.663285][ T9428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 174.673328][ T9428] Call Trace: [ 174.677825][ T9428] dump_stack+0x197/0x210 [ 174.682211][ T9428] ? xlog_alloc_log+0x1386/0x14b0 [ 174.687243][ T9428] print_address_description.constprop.0.cold+0xd4/0x30b [ 174.694265][ T9428] ? xlog_alloc_log+0x1386/0x14b0 [ 174.699276][ T9428] ? xlog_alloc_log+0x1386/0x14b0 [ 174.704296][ T9428] __kasan_report.cold+0x1b/0x41 [ 174.709228][ T9428] ? kvfree+0x20/0x70 [ 174.713200][ T9428] ? xlog_alloc_log+0x1386/0x14b0 [ 174.718216][ T9428] kasan_report+0x12/0x20 [ 174.722528][ T9428] __asan_report_load8_noabort+0x14/0x20 [ 174.728170][ T9428] xlog_alloc_log+0x1386/0x14b0 [ 174.733010][ T9428] xfs_log_mount+0xdc/0x780 [ 174.737499][ T9428] xfs_mountfs+0xc35/0x1ca0 [ 174.742003][ T9428] ? xfs_default_resblks+0x60/0x60 [ 174.747119][ T9428] ? init_timer_key+0x13b/0x3a0 [ 174.751959][ T9428] ? xfs_mru_cache_create+0x4a0/0x5b0 [ 174.757313][ T9428] ? xfs_filestream_get_ag+0x60/0x60 [ 174.762579][ T9428] xfs_fc_fill_super+0x84e/0x11c0 [ 174.767605][ T9428] get_tree_bdev+0x414/0x650 [ 174.772249][ T9428] ? xfs_mount_free+0x80/0x80 [ 174.777042][ T9428] xfs_fc_get_tree+0x1d/0x30 [ 174.781758][ T9428] vfs_get_tree+0x8e/0x300 [ 174.786190][ T9428] do_mount+0x135a/0x1b50 [ 174.790509][ T9428] ? copy_mount_string+0x40/0x40 [ 174.795452][ T9428] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 174.801692][ T9428] ? copy_mount_options+0x2e8/0x3f0 [ 174.806889][ T9428] ksys_mount+0xdb/0x150 [ 174.811115][ T9428] __x64_sys_mount+0xbe/0x150 [ 174.815775][ T9428] do_syscall_64+0xfa/0x790 [ 174.820262][ T9428] entry_SYSCALL_64_after_hwframe+0x49/0xbe 01:54:56 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x19) ioctl$TCSETSF(r1, 0x40085500, 0x0) 01:54:56 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r3, 0x84, 0x71, &(0x7f0000000140)={r5}, 0x8) [ 174.826145][ T9428] RIP: 0033:0x45d0ca [ 174.830035][ T9428] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 174.849723][ T9428] RSP: 002b:00007f54e5ebba88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 174.858155][ T9428] RAX: ffffffffffffffda RBX: 00007f54e5ebbb40 RCX: 000000000045d0ca [ 174.866139][ T9428] RDX: 00007f54e5ebbae0 RSI: 0000000020000100 RDI: 00007f54e5ebbb00 [ 174.874204][ T9428] RBP: 0000000000000001 R08: 00007f54e5ebbb40 R09: 00007f54e5ebbae0 [ 174.882185][ T9428] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000003 [ 174.890166][ T9428] R13: 00000000004ca9b9 R14: 00000000004e3bb0 R15: 00000000ffffffff [ 174.898161][ T9428] [ 174.900489][ T9428] Allocated by task 9428: [ 174.904820][ T9428] save_stack+0x23/0x90 [ 174.908977][ T9428] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 174.914607][ T9428] kasan_kmalloc+0x9/0x10 [ 174.918927][ T9428] __kmalloc+0x163/0x770 [ 174.923163][ T9428] kmem_alloc+0x15b/0x4d0 [ 174.927487][ T9428] xlog_alloc_log+0xcc3/0x14b0 [ 174.932328][ T9428] xfs_log_mount+0xdc/0x780 [ 174.936855][ T9428] xfs_mountfs+0xc35/0x1ca0 [ 174.941346][ T9428] xfs_fc_fill_super+0x84e/0x11c0 [ 174.946363][ T9428] get_tree_bdev+0x414/0x650 [ 174.950938][ T9428] xfs_fc_get_tree+0x1d/0x30 [ 174.955568][ T9428] vfs_get_tree+0x8e/0x300 [ 174.960026][ T9428] do_mount+0x135a/0x1b50 [ 174.964342][ T9428] ksys_mount+0xdb/0x150 [ 174.968573][ T9428] __x64_sys_mount+0xbe/0x150 [ 174.973240][ T9428] do_syscall_64+0xfa/0x790 [ 174.977768][ T9428] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 174.983634][ T9428] [ 174.985952][ T9428] Freed by task 9428: [ 174.989915][ T9428] save_stack+0x23/0x90 [ 174.994057][ T9428] __kasan_slab_free+0x102/0x150 [ 174.998976][ T9428] kasan_slab_free+0xe/0x10 [ 175.003457][ T9428] kfree+0x10a/0x2c0 [ 175.007339][ T9428] kvfree+0x61/0x70 [ 175.011140][ T9428] xlog_alloc_log+0xeaa/0x14b0 [ 175.015883][ T9428] xfs_log_mount+0xdc/0x780 [ 175.020373][ T9428] xfs_mountfs+0xc35/0x1ca0 [ 175.024853][ T9428] xfs_fc_fill_super+0x84e/0x11c0 [ 175.029859][ T9428] get_tree_bdev+0x414/0x650 [ 175.034425][ T9428] xfs_fc_get_tree+0x1d/0x30 [ 175.039010][ T9428] vfs_get_tree+0x8e/0x300 [ 175.043412][ T9428] do_mount+0x135a/0x1b50 [ 175.047720][ T9428] ksys_mount+0xdb/0x150 [ 175.051940][ T9428] __x64_sys_mount+0xbe/0x150 [ 175.056596][ T9428] do_syscall_64+0xfa/0x790 [ 175.061080][ T9428] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 175.066946][ T9428] [ 175.069257][ T9428] The buggy address belongs to the object at ffff8880969e9000 [ 175.069257][ T9428] which belongs to the cache kmalloc-1k of size 1024 [ 175.083291][ T9428] The buggy address is located 144 bytes inside of [ 175.083291][ T9428] 1024-byte region [ffff8880969e9000, ffff8880969e9400) [ 175.096635][ T9428] The buggy address belongs to the page: [ 175.102253][ T9428] page:ffffea00025a7a40 refcount:1 mapcount:0 mapping:ffff8880aa000c40 index:0x0 [ 175.112125][ T9428] raw: 00fffe0000000200 ffffea0002508b08 ffffea00029bb748 ffff8880aa000c40 [ 175.120705][ T9428] raw: 0000000000000000 ffff8880969e9000 0000000100000002 0000000000000000 [ 175.129268][ T9428] page dumped because: kasan: bad access detected [ 175.135658][ T9428] [ 175.137965][ T9428] Memory state around the buggy address: [ 175.143576][ T9428] ffff8880969e8f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 175.151618][ T9428] ffff8880969e9000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 175.159676][ T9428] >ffff8880969e9080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 175.167711][ T9428] ^ [ 175.172297][ T9428] ffff8880969e9100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 175.180338][ T9428] ffff8880969e9180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 175.188373][ T9428] ================================================================== [ 175.196407][ T9428] Disabling lock debugging due to kernel taint [ 175.221677][ T9428] Kernel panic - not syncing: panic_on_warn set ... [ 175.228297][ T9428] CPU: 0 PID: 9428 Comm: syz-executor.1 Tainted: G B 5.4.0-next-20191129-syzkaller #0 [ 175.239138][ T9428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 175.249277][ T9428] Call Trace: [ 175.252571][ T9428] dump_stack+0x197/0x210 [ 175.256893][ T9428] panic+0x2e3/0x75c [ 175.260784][ T9428] ? add_taint.cold+0x16/0x16 [ 175.265463][ T9428] ? xlog_alloc_log+0x1386/0x14b0 [ 175.270493][ T9428] ? preempt_schedule+0x4b/0x60 [ 175.274852][ T4090] kobject: 'loop5' (0000000033c7678d): kobject_uevent_env [ 175.275349][ T9428] ? ___preempt_schedule+0x16/0x18 [ 175.284713][ T4090] kobject: 'loop5' (0000000033c7678d): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 175.287529][ T9428] ? trace_hardirqs_on+0x5e/0x240 [ 175.287545][ T9428] ? xlog_alloc_log+0x1386/0x14b0 [ 175.287562][ T9428] end_report+0x47/0x4f [ 175.311846][ T9428] ? xlog_alloc_log+0x1386/0x14b0 [ 175.316877][ T9428] __kasan_report.cold+0xe/0x41 [ 175.321722][ T9428] ? kvfree+0x20/0x70 [ 175.325688][ T9428] ? xlog_alloc_log+0x1386/0x14b0 [ 175.330704][ T9428] kasan_report+0x12/0x20 [ 175.335010][ T9428] __asan_report_load8_noabort+0x14/0x20 [ 175.340622][ T9428] xlog_alloc_log+0x1386/0x14b0 [ 175.345460][ T9428] xfs_log_mount+0xdc/0x780 [ 175.349944][ T9428] xfs_mountfs+0xc35/0x1ca0 [ 175.354428][ T9428] ? xfs_default_resblks+0x60/0x60 [ 175.359532][ T9428] ? init_timer_key+0x13b/0x3a0 [ 175.364362][ T9428] ? xfs_mru_cache_create+0x4a0/0x5b0 [ 175.369725][ T9428] ? xfs_filestream_get_ag+0x60/0x60 [ 175.374990][ T9428] xfs_fc_fill_super+0x84e/0x11c0 [ 175.379993][ T9428] get_tree_bdev+0x414/0x650 [ 175.384562][ T9428] ? xfs_mount_free+0x80/0x80 [ 175.389236][ T9428] xfs_fc_get_tree+0x1d/0x30 [ 175.393803][ T9428] vfs_get_tree+0x8e/0x300 [ 175.398211][ T9428] do_mount+0x135a/0x1b50 [ 175.402521][ T9428] ? copy_mount_string+0x40/0x40 [ 175.407440][ T9428] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 175.413658][ T9428] ? copy_mount_options+0x2e8/0x3f0 [ 175.418834][ T9428] ksys_mount+0xdb/0x150 [ 175.423055][ T9428] __x64_sys_mount+0xbe/0x150 [ 175.427730][ T9428] do_syscall_64+0xfa/0x790 [ 175.432215][ T9428] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 175.438100][ T9428] RIP: 0033:0x45d0ca [ 175.441973][ T9428] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 175.461554][ T9428] RSP: 002b:00007f54e5ebba88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 175.469942][ T9428] RAX: ffffffffffffffda RBX: 00007f54e5ebbb40 RCX: 000000000045d0ca [ 175.477890][ T9428] RDX: 00007f54e5ebbae0 RSI: 0000000020000100 RDI: 00007f54e5ebbb00 [ 175.485842][ T9428] RBP: 0000000000000001 R08: 00007f54e5ebbb40 R09: 00007f54e5ebbae0 [ 175.493789][ T9428] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000003 [ 175.501736][ T9428] R13: 00000000004ca9b9 R14: 00000000004e3bb0 R15: 00000000ffffffff [ 175.511100][ T9428] Kernel Offset: disabled [ 175.515426][ T9428] Rebooting in 86400 seconds..