[....] Starting file context maintaining daemon: restorecond[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[   33.577396] audit: type=1800 audit(1568954215.755:33): pid=6902 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0
[   33.601081] audit: type=1800 audit(1568954215.765:34): pid=6902 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="startpar" name="rmnologin" dev="sda1" ino=2456 res=0
[   34.313365] random: sshd: uninitialized urandom read (32 bytes read)
[   34.628527] audit: type=1400 audit(1568954216.805:35): avc:  denied  { map } for  pid=7073 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1
[   34.684474] random: sshd: uninitialized urandom read (32 bytes read)

Debian GNU/Linux 7 syzkaller ttyS0

syzkaller login: [   35.321763] random: sshd: uninitialized urandom read (32 bytes read)
Warning: Permanently added '10.128.0.178' (ECDSA) to the list of known hosts.
[   40.902422] random: sshd: uninitialized urandom read (32 bytes read)
2019/09/20 04:37:03 fuzzer started
[   41.105885] audit: type=1400 audit(1568954223.285:36): avc:  denied  { map } for  pid=7085 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1
[   41.678025] random: cc1: uninitialized urandom read (8 bytes read)
2019/09/20 04:37:04 dialing manager at 10.128.0.105:43807
2019/09/20 04:37:04 syscalls: 2472
2019/09/20 04:37:04 code coverage: enabled
2019/09/20 04:37:04 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument
2019/09/20 04:37:04 extra coverage: extra coverage is not supported by the kernel
2019/09/20 04:37:04 setuid sandbox: enabled
2019/09/20 04:37:04 namespace sandbox: enabled
2019/09/20 04:37:04 Android sandbox: /sys/fs/selinux/policy does not exist
2019/09/20 04:37:04 fault injection: enabled
2019/09/20 04:37:04 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/09/20 04:37:04 net packet injection: enabled
2019/09/20 04:37:04 net device setup: enabled
[   43.911383] random: crng init done
04:38:37 executing program 0:

04:38:37 executing program 1:

[  135.532880] audit: type=1400 audit(1568954317.715:37): avc:  denied  { map } for  pid=7085 comm="syz-fuzzer" path="/root/syzkaller-shm870727044" dev="sda1" ino=16489 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
04:38:37 executing program 5:

04:38:37 executing program 2:

04:38:37 executing program 3:

04:38:37 executing program 4:

[  135.560387] audit: type=1400 audit(1568954317.715:38): avc:  denied  { map } for  pid=7103 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=13733 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
[  135.752164] IPVS: ftp: loaded support on port[0] = 21
[  136.559750] IPVS: ftp: loaded support on port[0] = 21
[  136.611869] chnl_net:caif_netlink_parms(): no params data found
[  136.666264] bridge0: port 1(bridge_slave_0) entered blocking state
[  136.673269] bridge0: port 1(bridge_slave_0) entered disabled state
[  136.681111] device bridge_slave_0 entered promiscuous mode
[  136.691991] IPVS: ftp: loaded support on port[0] = 21
[  136.711461] bridge0: port 2(bridge_slave_1) entered blocking state
[  136.717921] bridge0: port 2(bridge_slave_1) entered disabled state
[  136.726082] device bridge_slave_1 entered promiscuous mode
[  136.755349] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  136.765750] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  136.787661] chnl_net:caif_netlink_parms(): no params data found
[  136.813107] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  136.820649] team0: Port device team_slave_0 added
[  136.828011] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  136.835428] team0: Port device team_slave_1 added
[  136.843145] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  136.850925] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  136.871948] IPVS: ftp: loaded support on port[0] = 21
[  136.932926] device hsr_slave_0 entered promiscuous mode
[  137.020441] device hsr_slave_1 entered promiscuous mode
[  137.095005] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  137.102643] bridge0: port 1(bridge_slave_0) entered blocking state
[  137.109092] bridge0: port 1(bridge_slave_0) entered disabled state
[  137.116619] device bridge_slave_0 entered promiscuous mode
[  137.125842] bridge0: port 2(bridge_slave_1) entered blocking state
[  137.132864] bridge0: port 2(bridge_slave_1) entered disabled state
[  137.139908] device bridge_slave_1 entered promiscuous mode
[  137.147608] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  137.167339] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  137.182472] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  137.232075] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  137.239363] team0: Port device team_slave_0 added
[  137.265202] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  137.273631] team0: Port device team_slave_1 added
[  137.283737] IPVS: ftp: loaded support on port[0] = 21
[  137.292680] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  137.302402] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  137.310262] bridge0: port 2(bridge_slave_1) entered blocking state
[  137.316730] bridge0: port 2(bridge_slave_1) entered forwarding state
[  137.323816] bridge0: port 1(bridge_slave_0) entered blocking state
[  137.330233] bridge0: port 1(bridge_slave_0) entered forwarding state
[  137.338314] chnl_net:caif_netlink_parms(): no params data found
[  137.413591] device hsr_slave_0 entered promiscuous mode
[  137.460422] device hsr_slave_1 entered promiscuous mode
[  137.521250] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  137.548224] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  137.585472] bridge0: port 2(bridge_slave_1) entered blocking state
[  137.591884] bridge0: port 2(bridge_slave_1) entered forwarding state
[  137.598477] bridge0: port 1(bridge_slave_0) entered blocking state
[  137.604837] bridge0: port 1(bridge_slave_0) entered forwarding state
[  137.617484] bridge0: port 1(bridge_slave_0) entered blocking state
[  137.624917] bridge0: port 1(bridge_slave_0) entered disabled state
[  137.632547] device bridge_slave_0 entered promiscuous mode
[  137.649879] bridge0: port 2(bridge_slave_1) entered blocking state
[  137.656515] bridge0: port 2(bridge_slave_1) entered disabled state
[  137.663740] device bridge_slave_1 entered promiscuous mode
[  137.682679] bridge0: port 1(bridge_slave_0) entered disabled state
[  137.689790] bridge0: port 2(bridge_slave_1) entered disabled state
[  137.697490] bridge0: port 1(bridge_slave_0) entered disabled state
[  137.704191] bridge0: port 2(bridge_slave_1) entered disabled state
[  137.749224] chnl_net:caif_netlink_parms(): no params data found
[  137.757569] IPVS: ftp: loaded support on port[0] = 21
[  137.776283] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  137.785910] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  137.829976] bridge0: port 1(bridge_slave_0) entered blocking state
[  137.837082] bridge0: port 1(bridge_slave_0) entered disabled state
[  137.844284] device bridge_slave_0 entered promiscuous mode
[  137.878417] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  137.887709] team0: Port device team_slave_0 added
[  137.893975] bridge0: port 2(bridge_slave_1) entered blocking state
[  137.901183] bridge0: port 2(bridge_slave_1) entered disabled state
[  137.908199] device bridge_slave_1 entered promiscuous mode
[  137.935392] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  137.942715] team0: Port device team_slave_1 added
[  137.969609] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  137.977319] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  137.987437] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  137.997498] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  138.005933] chnl_net:caif_netlink_parms(): no params data found
[  138.064779] 8021q: adding VLAN 0 to HW filter on device bond0
[  138.122524] device hsr_slave_0 entered promiscuous mode
[  138.160470] device hsr_slave_1 entered promiscuous mode
[  138.205287] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  138.218202] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  138.224843] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  138.232357] team0: Port device team_slave_0 added
[  138.238465] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  138.245903] bridge0: port 1(bridge_slave_0) entered blocking state
[  138.254226] bridge0: port 1(bridge_slave_0) entered disabled state
[  138.261383] device bridge_slave_0 entered promiscuous mode
[  138.269957] bridge0: port 2(bridge_slave_1) entered blocking state
[  138.277025] bridge0: port 2(bridge_slave_1) entered disabled state
[  138.285123] device bridge_slave_1 entered promiscuous mode
[  138.292796] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  138.299919] team0: Port device team_slave_1 added
[  138.305837] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  138.333486] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  138.342552] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  138.349943] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  138.402948] device hsr_slave_0 entered promiscuous mode
[  138.440506] device hsr_slave_1 entered promiscuous mode
[  138.481354] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  138.489172] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  138.498524] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  138.506587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  138.515509] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  138.522065] 8021q: adding VLAN 0 to HW filter on device team0
[  138.540919] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  138.549157] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  138.569176] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  138.577341] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  138.585743] bridge0: port 1(bridge_slave_0) entered blocking state
[  138.592401] bridge0: port 1(bridge_slave_0) entered forwarding state
[  138.601290] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  138.609955] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  138.624487] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  138.632743] team0: Port device team_slave_0 added
[  138.638262] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  138.646557] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  138.654965] bridge0: port 2(bridge_slave_1) entered blocking state
[  138.661361] bridge0: port 2(bridge_slave_1) entered forwarding state
[  138.668559] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  138.678578] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  138.715940] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  138.723252] team0: Port device team_slave_1 added
[  138.728921] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  138.737487] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  138.744378] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  138.758255] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  138.778290] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  138.789876] chnl_net:caif_netlink_parms(): no params data found
[  138.842512] device hsr_slave_0 entered promiscuous mode
[  138.880431] device hsr_slave_1 entered promiscuous mode
[  138.920415] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  138.928503] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  138.936280] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  138.953411] 8021q: adding VLAN 0 to HW filter on device bond0
[  138.964020] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  138.971601] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  138.983691] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  138.995557] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  139.004703] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  139.023849] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  139.032790] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  139.042477] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  139.069640] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  139.077958] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  139.087226] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  139.097223] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  139.108101] 8021q: adding VLAN 0 to HW filter on device bond0
[  139.115358] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  139.131170] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  139.138708] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  139.146507] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  139.153344] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  139.162882] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  139.168913] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  139.177590] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  139.186264] 8021q: adding VLAN 0 to HW filter on device team0
[  139.195153] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  139.203825] bridge0: port 1(bridge_slave_0) entered blocking state
[  139.211008] bridge0: port 1(bridge_slave_0) entered disabled state
[  139.217904] device bridge_slave_0 entered promiscuous mode
[  139.237404] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  139.246156] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  139.254275] bridge0: port 2(bridge_slave_1) entered blocking state
[  139.262381] bridge0: port 2(bridge_slave_1) entered disabled state
[  139.269278] device bridge_slave_1 entered promiscuous mode
[  139.291040] 8021q: adding VLAN 0 to HW filter on device bond0
[  139.297189] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  139.305117] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  139.312762] bridge0: port 1(bridge_slave_0) entered blocking state
[  139.319101] bridge0: port 1(bridge_slave_0) entered forwarding state
[  139.328270] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  139.338218] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  139.353331] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  139.361625] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  139.372497] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  139.380523] bridge0: port 2(bridge_slave_1) entered blocking state
[  139.386994] bridge0: port 2(bridge_slave_1) entered forwarding state
[  139.394082] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  139.403473] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  139.410224] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  139.417157] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  139.427900] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  139.438627] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  139.459314] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  139.468981] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  139.478138] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  139.485178] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  139.492619] team0: Port device team_slave_0 added
[  139.498818] 8021q: adding VLAN 0 to HW filter on device batadv0
[  139.506346] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  139.521271] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  139.527514] 8021q: adding VLAN 0 to HW filter on device team0
[  139.535144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  139.545488] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  139.552704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  139.560441] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  139.568063] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  139.575965] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  139.583414] team0: Port device team_slave_1 added
[  139.588909] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  139.598679] 8021q: adding VLAN 0 to HW filter on device bond0
[  139.608883] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  139.618428] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  139.627493] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  139.635853] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  139.644434] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  139.654358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  139.661897] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  139.669036] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  139.676917] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  139.684517] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  139.692621] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  139.700226] bridge0: port 1(bridge_slave_0) entered blocking state
[  139.706656] bridge0: port 1(bridge_slave_0) entered forwarding state
[  139.715688] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  139.722591] 8021q: adding VLAN 0 to HW filter on device team0
[  139.729991] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  139.737075] 8021q: adding VLAN 0 to HW filter on device team0
[  139.746097] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  139.764923] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  139.772521] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  139.779494] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  139.787105] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  139.794818] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  139.803611] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  139.811438] bridge0: port 2(bridge_slave_1) entered blocking state
[  139.817810] bridge0: port 2(bridge_slave_1) entered forwarding state
[  139.826815] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  139.836549] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
04:38:42 executing program 0:
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x5c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x9, 0x3, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000e7b0dcc3daa5520d15393464e02ff4091800eb0c280a1d56bb729bd3378032a431db705eb5b2e2b965ac087ecd8645ab029395eb39974ae562cbe55909b8f1f99b9b939000c4bb63a84e2ab946b87fc14b688f5b4c456cb467e285de87dd3c9510a1aadeaf28fb5e710ecf7fdd4240aece1996b95aa33f7a702cf4314043558b94402b9ccfe9622f5aa1809e22cb6a6f516eb5ce41f2f2b733273edb89b06945b3ba545513b0f358d4553053807f609db7928b73b60c04bb9923de8272017f1dc2e6112fd9f7e967fc260299ba5ea9fb0d3fe1befc42f717451d1f630256c08b8afbfa1c09b9eac772977a2b01108d5db00f75c66b7b295e96eb336d63ddf4fd217d929bde6a13695ecfa3aa958341f029c2009e91d2d4279af3cd57059a15b68956aa5aaf53fb12132f110c77a9bb735dd2811ece8f39092950a7e12bfc47a78ccda231002246ec19b8a6376e0c1cff2aa8d30c8c7475bca6780028fcc73e0f46b3c4f3d59e2006f4bb84b5c46b7cc096a6570bb963196a"], &(0x7f0000000140)='syzkaller\x00', 0x1, 0x1ee, &(0x7f00000003c0)=""/251, 0x0, 0x0, [], 0x0, 0xd, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1cf}, 0x48)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000040)={r1, r0, 0xd, 0x2}, 0xd)

04:38:42 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070")
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)={0x2, 0xa, 0x0, 0x0, 0x2}, 0x10}}, 0x0)

[  139.883904] device hsr_slave_0 entered promiscuous mode
[  139.920559] device hsr_slave_1 entered promiscuous mode
[  139.960883] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  139.968049] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  139.975447] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  139.985822] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  139.993894] bridge0: port 1(bridge_slave_0) entered blocking state
[  140.000436] bridge0: port 1(bridge_slave_0) entered forwarding state
[  140.007863] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  140.015397] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  140.023937] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  140.034507] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  140.043011] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  140.049065] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  140.057390] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  140.065388] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  140.075062] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  140.083028] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  140.090666] bridge0: port 1(bridge_slave_0) entered blocking state
[  140.097005] bridge0: port 1(bridge_slave_0) entered forwarding state
[  140.104220] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
04:38:42 executing program 0:
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x50000}]})
r0 = openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
fsync(r0)

[  140.112270] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  140.119785] bridge0: port 2(bridge_slave_1) entered blocking state
[  140.126208] bridge0: port 2(bridge_slave_1) entered forwarding state
[  140.134441] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  140.143852] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  140.152656] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  140.174642] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  140.199433] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  140.215296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
04:38:42 executing program 0:
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x50000}]})
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
splice(0xffffffffffffffff, 0x0, r0, 0x0, 0x0, 0x0)

[  140.230786] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  140.238573] bridge0: port 2(bridge_slave_1) entered blocking state
[  140.245013] bridge0: port 2(bridge_slave_1) entered forwarding state
[  140.252522] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  140.262710] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  140.270809] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  140.297484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  140.305558] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  140.326001] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  140.341936] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  140.367235] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  140.382900] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready
[  140.389200] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  140.410711] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  140.418795] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  140.427206] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  140.441437] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  140.450788] 8021q: adding VLAN 0 to HW filter on device batadv0
[  140.459014] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  140.471445] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  140.492005] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  140.501508] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
04:38:42 executing program 0:
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/dev\x00')

[  140.512738] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  140.532424] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  140.549168] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
04:38:42 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x4000000000013, &(0x7f0000000000), 0x4)

[  140.562177] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  140.569899] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  140.577813] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  140.592278] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
04:38:42 executing program 0:
r0 = socket$inet6(0x10, 0x8000000000003, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r1, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070")
sendmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000002000)=[{&(0x7f0000000100)="5500000019007f5300fe01b2a4a280930a60ffff00a84302910000003900090008000c00060000f3180015e005000600000000dc1320d54400fba456ab91d400"/85, 0x55}], 0x1}, 0x0)

[  140.610824] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  140.618615] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  140.626757] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  140.634795] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  140.651680] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  140.659790] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  140.672917] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  140.682727] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  140.691957] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  140.699890] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  140.710672] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  140.718158] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  140.730835] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  140.742475] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  140.751278] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  140.759140] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  140.767037] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  140.775087] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  140.797011] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  140.804490] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
[  140.841069] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  140.864276] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  140.874334] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  140.891991] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  140.900593] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  140.916183] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  140.922937] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  140.931254] 8021q: adding VLAN 0 to HW filter on device batadv0
[  140.944534] 8021q: adding VLAN 0 to HW filter on device bond0
[  140.952800] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  140.961830] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  140.974294] 8021q: adding VLAN 0 to HW filter on device batadv0
[  140.985578] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  140.997564] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  141.007261] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready
[  141.014323] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  141.023914] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  141.038456] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  141.046024] 8021q: adding VLAN 0 to HW filter on device team0
[  141.054617] 8021q: adding VLAN 0 to HW filter on device batadv0
[  141.071432] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready
[  141.078594] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  141.087300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  141.096604] bridge0: port 1(bridge_slave_0) entered blocking state
[  141.103038] bridge0: port 1(bridge_slave_0) entered forwarding state
[  141.114222] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready
[  141.125974] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  141.134566] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  141.144880] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  141.166406] bridge0: port 2(bridge_slave_1) entered blocking state
[  141.172844] bridge0: port 2(bridge_slave_1) entered forwarding state
[  141.181375] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready
[  141.191664] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready
[  141.202343] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready
[  141.211099] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  141.218987] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  141.228087] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  141.236915] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  141.245086] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  141.255286] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready
[  141.267757] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  141.276459] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  141.294311] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready
04:38:43 executing program 1:

04:38:43 executing program 0:

[  141.316415] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  141.324807] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  141.346460] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready
[  141.354574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
04:38:43 executing program 2:

[  141.369646] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  141.387225] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  141.395875] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  141.442868] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready
[  141.457272] 8021q: adding VLAN 0 to HW filter on device batadv0
04:38:44 executing program 3:

04:38:44 executing program 5:

04:38:44 executing program 4:

04:38:44 executing program 0:

04:38:44 executing program 1:

04:38:44 executing program 2:

04:38:44 executing program 3:

04:38:44 executing program 5:

04:38:44 executing program 0:

04:38:44 executing program 1:

04:38:44 executing program 2:

04:38:44 executing program 4:

04:38:45 executing program 0:

04:38:45 executing program 2:

04:38:45 executing program 1:

04:38:45 executing program 3:

04:38:45 executing program 4:

04:38:45 executing program 5:

04:38:45 executing program 2:

04:38:45 executing program 4:

04:38:45 executing program 1:

04:38:45 executing program 0:

04:38:45 executing program 3:

04:38:45 executing program 5:

04:38:45 executing program 2:

04:38:45 executing program 4:

04:38:45 executing program 3:

04:38:45 executing program 0:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='memory.stat\x00', 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x5c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x9, 0x3, &(0x7f00000004c0)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000e7b0dcc3daa5520d15393464e02ff4091800eb0c280a1d56bb729bd3378032a431db705eb5b2e2b965ac087ecd8645ab029395eb39974ae562cbe55909b8f1f99b9b939000c4bb63a84e2ab946b87fc14b688f5b4c456cb467e285de87dd3c9510a1aadeaf28fb5e710ecf7fdd4240aece1996b95aa33f7a702cf4314043558b94402b9ccfe9622f5aa1809e22cb6a6f516eb5ce41f2f2b733273edb89b06945b3ba545513b0f358d4553053807f609db7928b73b60c04bb9923de8272017f1dc2e6112fd9f7e967fc260299ba5ea9fb0d3fe1befc42f717451d1f630256c08b8afbfa1c09b9eac772977a2b01108d5db00f75c66b7b295e96eb336d63ddf4fd217d929bde6a13695ecfa3aa958341f029c2009e91d2d4279af3cd57059a15b68956aa5aaf53fb12132f110c77a9bb735dd2811ece8f39092950a7e12bfc47a78ccda231002246ec19b8a6376e0c1cff2aa8d30c8c7475bca6780028fcc73e0f46b3c4f3d59e2006f4bb84b5c46b7cc096a6570bb963196a"], &(0x7f0000000140)='syzkaller\x00', 0x1, 0x1ee, &(0x7f00000003c0)=""/251, 0x0, 0x0, [], 0x0, 0xd, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1cf}, 0x48)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup\x00', 0x200002, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000040)={r1, r0, 0xd}, 0xd)
bpf$BPF_PROG_ATTACH(0x9, &(0x7f0000000100)={r1, r0, 0x8000000000d}, 0xe)
socket$kcm(0x11, 0x3, 0x0)

04:38:45 executing program 1:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000980)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x1132})
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x400000001, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132})
r2 = socket$kcm(0x29, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&')
write$cgroup_subtree(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="ff038aa174036ed7e08f93dd8100"], 0xe)

04:38:45 executing program 2:

04:38:45 executing program 5:

04:38:45 executing program 4:

04:38:45 executing program 3:

04:38:45 executing program 2:

[  143.192653] hrtimer: interrupt took 38204 ns
04:38:45 executing program 5:

04:38:45 executing program 4:

04:38:45 executing program 3:

[  143.286295] device nr0 entered promiscuous mode
04:38:45 executing program 0:

04:38:45 executing program 2:

04:38:45 executing program 5:

[  143.499002] device nr0 entered promiscuous mode
04:38:45 executing program 1:

04:38:45 executing program 4:

04:38:45 executing program 3:

04:38:45 executing program 0:

04:38:45 executing program 2:

04:38:45 executing program 5:

04:38:45 executing program 0:

04:38:45 executing program 2:

04:38:45 executing program 3:

04:38:45 executing program 1:

04:38:45 executing program 5:

04:38:45 executing program 3:

04:38:45 executing program 4:

04:38:45 executing program 0:

04:38:45 executing program 2:

04:38:45 executing program 1:

04:38:45 executing program 5:

04:38:45 executing program 4:

04:38:45 executing program 3:

04:38:45 executing program 2:

04:38:46 executing program 0:

04:38:46 executing program 1:

04:38:46 executing program 5:

04:38:46 executing program 3:

04:38:46 executing program 4:

04:38:46 executing program 2:

04:38:46 executing program 1:

04:38:46 executing program 0:

04:38:46 executing program 5:

04:38:46 executing program 3:

04:38:46 executing program 1:

04:38:46 executing program 4:

04:38:46 executing program 0:

04:38:46 executing program 2:

04:38:46 executing program 3:

04:38:46 executing program 4:

04:38:46 executing program 5:

04:38:46 executing program 1:

04:38:46 executing program 0:

04:38:46 executing program 2:

04:38:46 executing program 3:

04:38:46 executing program 2:

04:38:46 executing program 4:

04:38:46 executing program 1:

04:38:46 executing program 5:

04:38:46 executing program 0:

04:38:46 executing program 3:

04:38:46 executing program 3:

04:38:46 executing program 1:

04:38:46 executing program 4:

04:38:46 executing program 2:

04:38:46 executing program 5:

04:38:46 executing program 0:

04:38:46 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0xea3b5d2, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/arp\x00')
preadv(r0, &(0x7f0000000480), 0x1000000000000208, 0x0)

04:38:46 executing program 4:
mkdir(&(0x7f0000000080)='./file0\x00', 0x52)
mkdir(&(0x7f00000009c0)='./file1\x00', 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
setxattr$system_posix_acl(0x0, 0x0, &(0x7f0000000280)=ANY=[], 0x0, 0x0)
mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65302c776f726b6469723d2e2f66696c65315c00359477"])
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='tmpfs\x00', 0x0, 0x0)
syslog(0x1, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
r0 = socket(0x10, 0x0, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, &(0x7f0000cab000))
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
faccessat(r1, 0x0, 0x0, 0x300)
socket(0x10, 0x2, 0x0)
setresuid(0x0, 0x0, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0)
socket(0x10, 0x2, 0x0)
socket(0x0, 0x0, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)

04:38:46 executing program 0:
r0 = socket$inet6_sctp(0xa, 0x80000000000001, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
connect$inet6(r0, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
recvmmsg(r0, &(0x7f0000005d40)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000180)=""/112, 0x70}], 0x1}}], 0x1, 0x0, 0x0)
sendmmsg(r0, &(0x7f000060d000)=[{{0x0, 0x0, &(0x7f0000c38ff0)=[{&(0x7f0000000080)='\x00', 0x1}], 0x1}}], 0x1, 0x0)
open(0x0, 0x0, 0x0)

04:38:46 executing program 2:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
close(r0)
r1 = socket(0x100000000000011, 0x2, 0x81)
bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
r2 = open(&(0x7f000000cc80)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0x87ffd)
sendfile(r0, r2, 0x0, 0x800000000024)

04:38:46 executing program 5:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = gettid()
r1 = gettid()
kcmp$KCMP_EPOLL_TFD(r0, r1, 0x7, 0xffffffffffffffff, &(0x7f0000000040))

04:38:46 executing program 3:

04:38:46 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0x0, 0x8, 0x0, 0x8000000001}, 0x3c)
socketpair(0x4, 0x8000f, 0x4, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000980)='/dev/net/tun\x00', 0x20000, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x1132})
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x400000001, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x7132})
r2 = socket$kcm(0x29, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000500)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xe0u\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&')
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000480), 0x4)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000b80)=ANY=[@ANYBLOB='\x00pids \x00io /cpu -cp'], 0x12)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x0)
ioctl$TUNDETACHFILTER(0xffffffffffffffff, 0x401054d6, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="ff038aa174036ed7e08f93dd8100"], 0xe)

04:38:46 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0xea3b5d2, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/arp\x00')
preadv(r0, &(0x7f0000000480), 0x1000000000000208, 0x0)

[  144.578911] audit: type=1400 audit(1568954326.755:39): avc:  denied  { syslog } for  pid=7390 comm="syz-executor.4" capability=34  scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1
04:38:46 executing program 5:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000780)={r0, 0x18000000000002a0, 0x1f, 0x0, &(0x7f00000006c0)="b9ff0300000d698cb89e40f088a8d501000000de0500000077fb7f11c72be9", 0x0, 0x100}, 0x28)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

04:38:46 executing program 0:
r0 = socket$inet6_sctp(0xa, 0x80000000000001, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
connect$inet6(r0, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
recvmmsg(r0, &(0x7f0000005d40)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000180)=""/112, 0x70}], 0x1}}], 0x1, 0x0, 0x0)
sendmmsg(r0, &(0x7f000060d000)=[{{0x0, 0x0, &(0x7f0000c38ff0)=[{&(0x7f0000000080)='\x00', 0x1}], 0x1}}], 0x1, 0x0)
open(0x0, 0x0, 0x0)

[  144.706849] device nr0 entered promiscuous mode
04:38:46 executing program 2:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
r1 = gettid()
r2 = gettid()
kcmp$KCMP_EPOLL_TFD(r1, r2, 0x7, r0, &(0x7f0000000040))

04:38:46 executing program 1:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000001200)=""/148, 0x94}], 0xea3b5d2, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/arp\x00')
preadv(r0, &(0x7f0000000480), 0x1000000000000208, 0x0)

[  144.728076] overlayfs: filesystem on './file0' not supported as upperdir
04:38:47 executing program 4:
mkdir(&(0x7f0000000080)='./file0\x00', 0x52)
mkdir(&(0x7f00000009c0)='./file1\x00', 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
setxattr$system_posix_acl(0x0, 0x0, &(0x7f0000000280)=ANY=[], 0x0, 0x0)
mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65302c776f726b6469723d2e2f66696c65315c00359477"])
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='tmpfs\x00', 0x0, 0x0)
syslog(0x1, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
r0 = socket(0x10, 0x0, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, &(0x7f0000cab000))
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
faccessat(r1, 0x0, 0x0, 0x300)
socket(0x10, 0x2, 0x0)
setresuid(0x0, 0x0, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0)
socket(0x10, 0x2, 0x0)
socket(0x0, 0x0, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)

04:38:47 executing program 2:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newlink={0x4c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x2c, 0x12, @ip6erspan={{0x10, 0x1, 'ip6erspan\x00'}, {0x18, 0x2, [@IFLA_GRE_REMOTE={0x14, 0x7, @empty}]}}}]}, 0x4c}}, 0x0)

04:38:47 executing program 3:
mkdir(&(0x7f0000000080)='./file0\x00', 0x52)
mkdir(&(0x7f00000009c0)='./file1\x00', 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
setxattr$system_posix_acl(0x0, 0x0, &(0x7f0000000280)=ANY=[], 0x0, 0x0)
mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65302c776f726b6469723d2e2f66696c65315c00359477"])
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='tmpfs\x00', 0x0, 0x0)
syslog(0x1, 0x0, 0x0)
syz_open_procfs(0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000cab000))
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
faccessat(r0, 0x0, 0x0, 0x0)
socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0x0, r1, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, 0x0)
socket(0x10, 0x2, 0x0)
socket(0x10, 0x2, 0x0)
fchown(0xffffffffffffffff, 0x0, 0x0)

04:38:47 executing program 1:
perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x3e5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe(0x0)
syz_open_procfs(0x0, &(0x7f0000000080)='mountinfo\x00\xd7\x88\x999\x04\xe4ua\x15l\xcc6\x12\xa4\xaa~\x8d\xca\xe4\x98\xe1<?\r?\xa1{Al\xc9\xe1\xb9:\x99\x8aA|X\x8c\xac\x13)\xb0\x8a\x8a\xd5Y\xc4\\\x19~|yw\x94r\x8a\xb7\xe3Du4_`d\x88\xda\vZ\xfe\x9e\xc36\f0\xaaz\xb3\xeb}\x9eC\x0f\x8dKhV\x1a\b\xef3u\x9ej\x88\xa1\x9e1\x80F%\xa3\xe7E\x9c\xb3\x9a\xd5\xc4\rBl\xbf\xe5\xa4k\xcc\\YT\x01\xe5\x11&\xd3X=\xa0\x9f\x83y\r\b\xc6r\xb0\x9f\x90\a\x80\xd4[@\x14asO\x86q\xa1\xeb\x01^zO,\x10\xdc\xa1\x13\xbcX\\\xe7\x18\x01\x8b^y\xc83;\xad')
syz_open_dev$usbmon(0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, 0x0)

04:38:47 executing program 5:
syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894", 0x53}], 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext2\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaad42, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c00f6ffffff00000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0)

04:38:47 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x900000000000000)
ioctl(0xffffffffffffffff, 0x8936, &(0x7f0000000000))
fcntl$getownex(r0, 0x10, &(0x7f00000003c0))
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, &(0x7f0000000000)={0xfff, {{0x2, 0x0, @remote}}}, 0x84)

[  144.988045] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
04:38:47 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x0)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x0)
fchmod(0xffffffffffffffff, 0x0)
ioctl$RTC_VL_READ(0xffffffffffffffff, 0x80047013, 0x0)
listen(r0, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x254)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$FICLONE(0xffffffffffffffff, 0x40049409, 0xffffffffffffffff)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r2, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_tx_ring(r2, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c)
recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
creat(0x0, 0x0)
getsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, 0x0, 0x0)
sendto$inet6(r1, 0x0, 0xfffffffffffffdc6, 0x20000004, &(0x7f0000000280)={0xa, 0x4e22}, 0x1c)
syz_genetlink_get_family_id$nbd(0x0)
sendmsg$NBD_CMD_STATUS(0xffffffffffffffff, 0x0, 0x0)
ioctl$TIOCLINUX3(0xffffffffffffffff, 0x541c, 0x0)
syz_open_procfs(0x0, 0x0)
recvfrom$inet6(r1, &(0x7f0000001840)=""/31, 0xfffffe0e, 0x100, &(0x7f0000001880), 0x1c)
r3 = accept4(r0, 0x0, 0x0, 0x0)
sendto$inet6(r3, &(0x7f00000000c0), 0xfffffdda, 0x0, 0x0, 0x2900)

[  145.065305] overlayfs: workdir and upperdir must reside under the same mount
04:38:47 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x900000000000000)
ioctl(0xffffffffffffffff, 0x8936, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f00000003c0))

04:38:47 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x7, 0x25}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48)

04:38:47 executing program 3:
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
socket$inet6(0xa, 0x0, 0x0)
r0 = getpid()
r1 = getpid()
rt_tgsigqueueinfo(r1, r1, 0x15, &(0x7f0000000100))
ptrace(0x10, r1)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl(r2, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070")
ptrace$pokeuser(0x6, r1, 0x388, 0x80000001)
ptrace$pokeuser(0x6, r0, 0x388, 0x2893)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockname$netrom(0xffffffffffffffff, 0x0, &(0x7f0000000080))
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0)

[  145.163861] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[  145.192785] audit: type=1400 audit(1568954327.375:40): avc:  denied  { create } for  pid=7463 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  145.228534] EXT4-fs (loop5): mounting ext2 file system using the ext4 subsystem
[  145.260538] EXT4-fs (loop5): bad geometry: block count 1080 exceeds size of device (1 blocks)
[  145.270000] audit: type=1400 audit(1568954327.405:41): avc:  denied  { write } for  pid=7463 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  145.309086] audit: type=1400 audit(1568954327.485:42): avc:  denied  { read } for  pid=7463 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
04:38:47 executing program 5:
syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894", 0x53}], 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext2\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaad42, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c00f6ffffff00000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0)

04:38:47 executing program 0:
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
r0 = memfd_create(0x0, 0x0)
prctl$PR_GET_CHILD_SUBREAPER(0x25)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x111080, 0x0)
ioctl$KVM_X86_SET_MCE(0xffffffffffffffff, 0x4040ae9e, &(0x7f0000000280)={0x0, 0x6000, 0x8, 0x4, 0xe})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setxattr$trusted_overlay_nlink(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='trusted.overlay.nlink\x00', &(0x7f0000000240)={'U+', 0x1}, 0x28, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')
socketpair$unix(0x1, 0x5, 0x0, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000028fc8)={0x0, 0x0, 0x0}, 0x0)
r1 = socket$inet6(0xa, 0x803, 0x3)
ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'})
dup2(0xffffffffffffffff, r0)
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(0xffffffffffffffff, 0x4010ae74, 0x0)
pipe(0x0)
getpeername$packet(0xffffffffffffffff, 0x0, 0x0)

04:38:47 executing program 4:
mkdir(&(0x7f0000000340)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/fuse\x00', 0x2, 0x0)
r1 = dup(r0)
mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

04:38:47 executing program 1:
r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x0)
write$cgroup_type(r0, &(0x7f00000009c0)='threaded\x00', 0xd4b9d11)
clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
clone(0x2102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCDELDLCI(r1, 0x8981, 0x0)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c)
link(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='./file1\x00')
rename(&(0x7f0000000740)='./file0\x00', &(0x7f0000000780)='./file0\x00')

[  145.510408] protocol 88fb is buggy, dev hsr_slave_0
[  145.515792] protocol 88fb is buggy, dev hsr_slave_1
[  145.549068] bridge0: port 2(bridge_slave_1) entered disabled state
[  145.558947] bridge0: port 1(bridge_slave_0) entered disabled state
[  145.567423] EXT4-fs (loop5): mounting ext2 file system using the ext4 subsystem
[  145.577388] EXT4-fs (loop5): bad geometry: block count 1080 exceeds size of device (1 blocks)
04:38:47 executing program 3:
r0 = semget$private(0x0, 0x20000000107, 0x0)
semtimedop(r0, &(0x7f0000000000)=[{0x0, 0x7fff}, {}], 0x19a, 0x0)
semtimedop(r0, &(0x7f0000000080)=[{0x0, 0x2}], 0x1, 0x0)

04:38:47 executing program 5:
r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ashmem\x00', 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffffe)
mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
ioctl$ASHMEM_SET_NAME(r0, 0x7709, &(0x7f0000000380)='\x00')

04:38:47 executing program 0:
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
r0 = memfd_create(0x0, 0x0)
prctl$PR_GET_CHILD_SUBREAPER(0x25)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x111080, 0x0)
ioctl$KVM_X86_SET_MCE(0xffffffffffffffff, 0x4040ae9e, &(0x7f0000000280)={0x0, 0x6000, 0x8, 0x4, 0xe})
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setxattr$trusted_overlay_nlink(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='trusted.overlay.nlink\x00', &(0x7f0000000240)={'U+', 0x1}, 0x28, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00')
socketpair$unix(0x1, 0x5, 0x0, 0x0)
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000028fc8)={0x0, 0x0, 0x0}, 0x0)
r1 = socket$inet6(0xa, 0x803, 0x3)
ioctl$sock_inet_SIOCSIFFLAGS(r1, 0x8914, &(0x7f0000000040)={'bridge0\x00h\x00\x01\xd8\x00H\x00'})
dup2(0xffffffffffffffff, r0)
ioctl$KVM_ASSIGN_SET_MSIX_ENTRY(0xffffffffffffffff, 0x4010ae74, 0x0)
pipe(0x0)
getpeername$packet(0xffffffffffffffff, 0x0, 0x0)

04:38:47 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0x0, 0x0)
ioctl$KVM_IOEVENTFD(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, r2})
ioctl$KVM_SET_NR_MMU_PAGES(r1, 0xae44, 0xfffffffffffffffe)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)

[  145.727890] audit: type=1400 audit(1568954327.905:43): avc:  denied  { map } for  pid=7518 comm="syz-executor.5" path="/dev/ashmem" dev="devtmpfs" ino=14976 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1
[  145.830124] protocol 88fb is buggy, dev hsr_slave_0
[  145.835302] protocol 88fb is buggy, dev hsr_slave_1
[  146.002324] ==================================================================
[  146.009916] BUG: KASAN: use-after-free in tcp_ack+0x414f/0x4760
[  146.015983] Read of size 4 at addr ffff888084799d6c by task ksoftirqd/1/17
[  146.023106] 
[  146.024739] CPU: 1 PID: 17 Comm: ksoftirqd/1 Not tainted 4.14.145 #0
[  146.031334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  146.040821] Call Trace:
[  146.043404]  dump_stack+0x138/0x197
[  146.047031]  ? tcp_ack+0x414f/0x4760
[  146.050915]  print_address_description.cold+0x7c/0x1dc
[  146.056207]  ? tcp_ack+0x414f/0x4760
[  146.059942]  kasan_report.cold+0xa9/0x2af
[  146.064100]  __asan_report_load4_noabort+0x14/0x20
[  146.069037]  tcp_ack+0x414f/0x4760
[  146.073185]  ? __read_once_size_nocheck.constprop.0+0x10/0x10
[  146.079069]  ? tcp_fastretrans_alert+0x2620/0x2620
[  146.084005]  ? save_trace+0x290/0x290
[  146.087819]  tcp_rcv_established+0x3e9/0x1650
[  146.092305]  ? rt6_check_expired+0xa5/0x160
[  146.096613]  ? tcp_data_queue+0x3730/0x3730
[  146.100921]  ? ip6_dst_check+0x16a/0x2c0
[  146.104972]  tcp_v6_do_rcv+0x417/0x1190
[  146.108936]  tcp_v6_rcv+0x2446/0x2ed0
[  146.112810]  ? save_trace+0x290/0x290
[  146.116608]  ip6_input_finish+0x300/0x15a0
[  146.120840]  ip6_input+0xd5/0x340
[  146.124304]  ? ip6_input_finish+0x15a0/0x15a0
[  146.128792]  ? ipv6_rcv+0x16aa/0x1d20
[  146.132584]  ? ip6_rcv_finish+0x7a0/0x7a0
[  146.136736]  ip6_rcv_finish+0x23f/0x7a0
[  146.140714]  ipv6_rcv+0xe4d/0x1d20
[  146.144251]  ? put_prev_task_stop+0x348/0x400
[  146.148733]  ? ip6_input+0x340/0x340
[  146.152433]  ? __lock_is_held+0xb6/0x140
[  146.156482]  ? check_preemption_disabled+0x3c/0x250
[  146.161514]  ? ip6_make_skb+0x410/0x410
[  146.165502]  ? rcu_lockdep_current_cpu_online+0xf2/0x140
[  146.170950]  ? ip6_input+0x340/0x340
[  146.174663]  __netif_receive_skb_core+0x1eae/0x2ca0
[  146.179671]  ? trace_hardirqs_on+0x10/0x10
[  146.184066]  ? enqueue_to_backlog+0xcc0/0xcc0
[  146.188551]  ? process_backlog+0x43e/0x730
[  146.192789]  ? find_held_lock+0x35/0x130
[  146.196870]  ? process_backlog+0x23a/0x730
[  146.201102]  ? lock_acquire+0x16f/0x430
[  146.205063]  __netif_receive_skb+0x2c/0x1b0
[  146.209370]  ? __netif_receive_skb+0x2c/0x1b0
[  146.213870]  process_backlog+0x21f/0x730
[  146.217925]  ? finish_task_switch+0x178/0x650
[  146.222423]  net_rx_action+0x490/0xf80
[  146.226298]  ? tasklet_action+0x510/0x510
[  146.230450]  ? napi_complete_done+0x4f0/0x4f0
[  146.234934]  ? rcu_lockdep_current_cpu_online+0xf2/0x140
[  146.240374]  __do_softirq+0x244/0x9a0
[  146.244178]  ? pci_mmcfg_check_reserved+0x150/0x150
[  146.249187]  ? tasklet_action+0x510/0x510
[  146.253324]  run_ksoftirqd+0x8c/0x1b0
[  146.257114]  smpboot_thread_fn+0x5f4/0x960
[  146.261422]  ? __kthread_parkme+0x117/0x1c0
[  146.265736]  ? sort_range+0x30/0x30
[  146.269369]  kthread+0x319/0x430
[  146.272734]  ? sort_range+0x30/0x30
[  146.276382]  ? kthread_create_on_node+0xd0/0xd0
[  146.281047]  ret_from_fork+0x24/0x30
[  146.284751] 
[  146.286365] Allocated by task 7466:
[  146.289984]  save_stack_trace+0x16/0x20
[  146.293945]  save_stack+0x45/0xd0
[  146.297381]  kasan_kmalloc+0xce/0xf0
[  146.301081]  kasan_slab_alloc+0xf/0x20
[  146.304976]  kmem_cache_alloc_node+0x144/0x780
[  146.309546]  __alloc_skb+0x9c/0x500
[  146.313157]  sk_stream_alloc_skb+0xb3/0x780
[  146.317465]  tcp_sendmsg_locked+0xf61/0x3200
[  146.321856]  tcp_sendmsg+0x30/0x50
[  146.325395]  inet_sendmsg+0x122/0x500
[  146.329181]  sock_sendmsg+0xce/0x110
[  146.332896]  SYSC_sendto+0x206/0x310
[  146.336708]  SyS_sendto+0x40/0x50
[  146.340149]  do_syscall_64+0x1e8/0x640
[  146.344026]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  146.349198] 
[  146.350813] Freed by task 7466:
[  146.354081]  save_stack_trace+0x16/0x20
[  146.358055]  save_stack+0x45/0xd0
[  146.361495]  kasan_slab_free+0x75/0xc0
[  146.365371]  kmem_cache_free+0x83/0x2b0
[  146.369334]  kfree_skbmem+0x8d/0x120
[  146.373033]  __kfree_skb+0x1e/0x30
[  146.376646]  tcp_remove_empty_skb.part.0+0x231/0x2e0
[  146.382428]  tcp_sendmsg_locked+0x1ced/0x3200
[  146.386921]  tcp_sendmsg+0x30/0x50
[  146.390449]  inet_sendmsg+0x122/0x500
[  146.394235]  sock_sendmsg+0xce/0x110
[  146.397931]  SYSC_sendto+0x206/0x310
[  146.401662]  SyS_sendto+0x40/0x50
[  146.405099]  do_syscall_64+0x1e8/0x640
[  146.409013]  entry_SYSCALL_64_after_hwframe+0x42/0xb7
[  146.414208] 
[  146.415825] The buggy address belongs to the object at ffff888084799d40
[  146.415825]  which belongs to the cache skbuff_fclone_cache of size 472
[  146.429177] The buggy address is located 44 bytes inside of
[  146.429177]  472-byte region [ffff888084799d40, ffff888084799f18)
[  146.440949] The buggy address belongs to the page:
[  146.445868] page:ffffea000211e640 count:1 mapcount:0 mapping:ffff8880847990c0 index:0x0
[  146.453995] flags: 0x1fffc0000000100(slab)
[  146.458219] raw: 01fffc0000000100 ffff8880847990c0 0000000000000000 0000000100000006
[  146.466086] raw: ffffea0002a68760 ffffea00027546a0 ffff8880a9e81d80 0000000000000000
[  146.473946] page dumped because: kasan: bad access detected
[  146.479639] 
[  146.481248] Memory state around the buggy address:
[  146.486161]  ffff888084799c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  146.493506]  ffff888084799c80: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc
[  146.500851] >ffff888084799d00: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb
[  146.508211]                                                           ^
[  146.515047]  ffff888084799d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  146.522411]  ffff888084799e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  146.529760] ==================================================================
[  146.537101] Disabling lock debugging due to kernel taint
[  146.542596] Kernel panic - not syncing: panic_on_warn set ...
[  146.542596] 
[  146.549982] CPU: 1 PID: 17 Comm: ksoftirqd/1 Tainted: G    B           4.14.145 #0
[  146.557690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  146.567132] Call Trace:
[  146.569726]  dump_stack+0x138/0x197
[  146.573371]  ? tcp_ack+0x414f/0x4760
[  146.577082]  panic+0x1f2/0x426
[  146.580280]  ? add_taint.cold+0x16/0x16
[  146.584259]  kasan_end_report+0x47/0x4f
[  146.588233]  kasan_report.cold+0x130/0x2af
[  146.592466]  __asan_report_load4_noabort+0x14/0x20
[  146.597386]  tcp_ack+0x414f/0x4760
[  146.600911]  ? __read_once_size_nocheck.constprop.0+0x10/0x10
[  146.606779]  ? tcp_fastretrans_alert+0x2620/0x2620
[  146.611702]  ? save_trace+0x290/0x290
[  146.615507]  tcp_rcv_established+0x3e9/0x1650
[  146.620006]  ? rt6_check_expired+0xa5/0x160
[  146.624318]  ? tcp_data_queue+0x3730/0x3730
[  146.628628]  ? ip6_dst_check+0x16a/0x2c0
[  146.632699]  tcp_v6_do_rcv+0x417/0x1190
[  146.636657]  tcp_v6_rcv+0x2446/0x2ed0
[  146.640446]  ? save_trace+0x290/0x290
[  146.645115]  ip6_input_finish+0x300/0x15a0
[  146.649338]  ip6_input+0xd5/0x340
[  146.652773]  ? ip6_input_finish+0x15a0/0x15a0
[  146.657251]  ? ipv6_rcv+0x16aa/0x1d20
[  146.661033]  ? ip6_rcv_finish+0x7a0/0x7a0
[  146.665163]  ip6_rcv_finish+0x23f/0x7a0
[  146.669123]  ipv6_rcv+0xe4d/0x1d20
[  146.672656]  ? put_prev_task_stop+0x348/0x400
[  146.677137]  ? ip6_input+0x340/0x340
[  146.680844]  ? __lock_is_held+0xb6/0x140
[  146.684892]  ? check_preemption_disabled+0x3c/0x250
[  146.689892]  ? ip6_make_skb+0x410/0x410
[  146.693848]  ? rcu_lockdep_current_cpu_online+0xf2/0x140
[  146.699282]  ? ip6_input+0x340/0x340
[  146.702982]  __netif_receive_skb_core+0x1eae/0x2ca0
[  146.707984]  ? trace_hardirqs_on+0x10/0x10
[  146.712205]  ? enqueue_to_backlog+0xcc0/0xcc0
[  146.716688]  ? process_backlog+0x43e/0x730
[  146.720907]  ? find_held_lock+0x35/0x130
[  146.724953]  ? process_backlog+0x23a/0x730
[  146.729173]  ? lock_acquire+0x16f/0x430
[  146.733132]  __netif_receive_skb+0x2c/0x1b0
[  146.737440]  ? __netif_receive_skb+0x2c/0x1b0
[  146.741925]  process_backlog+0x21f/0x730
[  146.745973]  ? finish_task_switch+0x178/0x650
[  146.750451]  net_rx_action+0x490/0xf80
[  146.755279]  ? tasklet_action+0x510/0x510
[  146.759432]  ? napi_complete_done+0x4f0/0x4f0
[  146.763917]  ? rcu_lockdep_current_cpu_online+0xf2/0x140
[  146.769355]  __do_softirq+0x244/0x9a0
[  146.773143]  ? pci_mmcfg_check_reserved+0x150/0x150
[  146.778147]  ? tasklet_action+0x510/0x510
[  146.782365]  run_ksoftirqd+0x8c/0x1b0
[  146.786147]  smpboot_thread_fn+0x5f4/0x960
[  146.790361]  ? __kthread_parkme+0x117/0x1c0
[  146.794665]  ? sort_range+0x30/0x30
[  146.798276]  kthread+0x319/0x430
[  146.801622]  ? sort_range+0x30/0x30
[  146.805229]  ? kthread_create_on_node+0xd0/0xd0
[  146.809896]  ret_from_fork+0x24/0x30
[  146.815202] Kernel Offset: disabled
[  146.818908] Rebooting in 86400 seconds..