[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 36.701584][ T25] audit: type=1800 audit(1571232417.486:25): pid=7079 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2447 res=0 [ 36.721444][ T25] audit: type=1800 audit(1571232417.486:26): pid=7079 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2490 res=0 [ 36.747641][ T25] audit: type=1800 audit(1571232417.486:27): pid=7079 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2469 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.15.224' (ECDSA) to the list of known hosts. 2019/10/16 13:27:05 fuzzer started 2019/10/16 13:27:07 dialing manager at 10.128.0.105:37551 2019/10/16 13:27:07 syscalls: 2524 2019/10/16 13:27:07 code coverage: enabled 2019/10/16 13:27:07 comparison tracing: enabled 2019/10/16 13:27:07 extra coverage: extra coverage is not supported by the kernel 2019/10/16 13:27:07 setuid sandbox: enabled 2019/10/16 13:27:07 namespace sandbox: enabled 2019/10/16 13:27:07 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/16 13:27:07 fault injection: enabled 2019/10/16 13:27:07 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/16 13:27:07 net packet injection: enabled 2019/10/16 13:27:07 net device setup: enabled 2019/10/16 13:27:07 concurrency sanitizer: enabled 13:27:09 executing program 0: accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r0, 0x800448d3, 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) close(r1) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) 13:27:10 executing program 1: syz_open_dev$usbfs(&(0x7f0000000840)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000080)) syzkaller login: [ 49.331729][ T7250] IPVS: ftp: loaded support on port[0] = 21 [ 49.455776][ T7250] chnl_net:caif_netlink_parms(): no params data found [ 49.511109][ T7250] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.519509][ T7250] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.527389][ T7250] device bridge_slave_0 entered promiscuous mode [ 49.548911][ T7250] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.556073][ T7250] bridge0: port 2(bridge_slave_1) entered disabled state [ 49.569217][ T7250] device bridge_slave_1 entered promiscuous mode [ 49.583769][ T7253] IPVS: ftp: loaded support on port[0] = 21 13:27:10 executing program 2: syz_emit_ethernet(0x76, &(0x7f0000000080)={@local, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, "a1d8f2", 0x40, 0x83a, 0x0, @dev, @mcast2, {[], @icmpv6=@param_prob={0x4, 0x0, 0x0, 0x0, {0x0, 0x6, "275485", 0x0, 0x11, 0x0, @mcast1, @dev, [@hopopts, @srh]}}}}}}}, 0x0) [ 49.613531][ T7250] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 49.636774][ T7250] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 49.674608][ T7250] team0: Port device team_slave_0 added [ 49.688910][ T7250] team0: Port device team_slave_1 added [ 49.771789][ T7250] device hsr_slave_0 entered promiscuous mode [ 49.828024][ T7250] device hsr_slave_1 entered promiscuous mode [ 49.898380][ T7255] IPVS: ftp: loaded support on port[0] = 21 [ 49.900488][ T7250] bridge0: port 2(bridge_slave_1) entered blocking state [ 49.911450][ T7250] bridge0: port 2(bridge_slave_1) entered forwarding state [ 49.918787][ T7250] bridge0: port 1(bridge_slave_0) entered blocking state [ 49.925831][ T7250] bridge0: port 1(bridge_slave_0) entered forwarding state 13:27:10 executing program 3: mkdir(&(0x7f0000ac6000)='./file0\x00', 0x0) mount(0x0, &(0x7f000000aff8)='./file0\x00', &(0x7f0000cd3000)='ramfs\x00', 0x1, 0x0) rmdir(&(0x7f0000000080)='./file0/file0\x00') [ 49.957247][ T7253] chnl_net:caif_netlink_parms(): no params data found [ 50.049173][ T7250] 8021q: adding VLAN 0 to HW filter on device bond0 [ 50.071899][ T7253] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.079360][ T7253] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.087393][ T7253] device bridge_slave_0 entered promiscuous mode [ 50.103716][ T7250] 8021q: adding VLAN 0 to HW filter on device team0 [ 50.128275][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 50.137183][ T44] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.154553][ T44] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.170795][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 50.199034][ T7253] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.206101][ T7253] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.215007][ T7253] device bridge_slave_1 entered promiscuous mode [ 50.234485][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 50.243538][ T44] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.250623][ T44] bridge0: port 1(bridge_slave_0) entered forwarding state [ 50.259208][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 50.268408][ T44] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.275484][ T44] bridge0: port 2(bridge_slave_1) entered forwarding state [ 50.302851][ T7259] IPVS: ftp: loaded support on port[0] = 21 13:27:11 executing program 4: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() getsockopt$netrom_NETROM_IDLE(0xffffffffffffffff, 0x103, 0x7, 0x0, 0x0) ioctl$DRM_IOCTL_AGP_ACQUIRE(0xffffffffffffffff, 0x6430) sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) r4 = syz_open_dev$sndpcmp(0x0, 0xdd, 0x800) ioctl$TCSETXW(r4, 0x5435, &(0x7f00000000c0)={0x7f, 0x8, [0x101, 0x0, 0x7], 0x7fff}) write$tun(0xffffffffffffffff, &(0x7f0000000400)=ANY=[@ANYBLOB="000000004c1a00da00000007008e9079ac141419ac1414bb0100890701ac1414bb830700e0000001440c0093ffffffff0000ffff4e244e220401907844faf6ad0040ac8b3ca94559b2581eed3d2a5ebf5ef31e52e1db11604e2b49e0b787582e7466f04f38d8c4eac63938046b65945f91fda53bec7191c8d6483b937e78189ed652d24dfa8abeffff281ab1e190155d2db43ff0d725aebe1107be1b5472bd7e20b5a5683179b002151c0cf8a819d6caf83802ff75523bf47a12392d7f06f5ae231b0cc6c4a3e0e3bfe2283b683c63d26ee76f8c926af1aa"], 0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r5 = socket$packet(0x11, 0x0, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000040)={0x0, 0xfffffffffffffff9}, 0x4) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000000480), 0x2e9, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) [ 50.359721][ T7253] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 50.384774][ T7255] chnl_net:caif_netlink_parms(): no params data found [ 50.402076][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 50.425520][ T7253] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 50.444957][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 50.481335][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 50.504423][ T7250] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 50.527787][ T7250] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 50.591741][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 50.600393][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 50.619039][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 50.627818][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 50.636997][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 50.663536][ T7253] team0: Port device team_slave_0 added [ 50.673470][ T7255] bridge0: port 1(bridge_slave_0) entered blocking state [ 50.681134][ T7255] bridge0: port 1(bridge_slave_0) entered disabled state [ 50.689762][ T7255] device bridge_slave_0 entered promiscuous mode [ 50.711774][ T7250] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 50.719747][ T7263] IPVS: ftp: loaded support on port[0] = 21 [ 50.722910][ T7253] team0: Port device team_slave_1 added [ 50.739635][ T7255] bridge0: port 2(bridge_slave_1) entered blocking state [ 50.746817][ T7255] bridge0: port 2(bridge_slave_1) entered disabled state [ 50.762233][ T7255] device bridge_slave_1 entered promiscuous mode 13:27:11 executing program 5: bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000002d0301000000000095000000000000006926000000000000bf67000000000000250608000fff0700350a000002000000070600000ee60000bf050000000000002d650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070400000400f9ffad500100000000009500000000000000050000000000000095000000000000007c6c814de1f217e99519e72f6577df7269ac7270bc42792ed30f41266eb65bf5a25b0920dd5a204ce19559281c1cbc"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000040), 0x1f1}, 0x48) [ 50.815649][ T7255] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 50.890560][ T7253] device hsr_slave_0 entered promiscuous mode [ 50.918036][ T7253] device hsr_slave_1 entered promiscuous mode [ 50.957763][ T7253] debugfs: Directory 'hsr0' with parent '/' already present! [ 50.966515][ T7255] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 51.024799][ T7255] team0: Port device team_slave_0 added [ 51.064492][ T7255] team0: Port device team_slave_1 added [ 51.067257][ T7269] IPVS: ftp: loaded support on port[0] = 21 [ 51.117420][ T7259] chnl_net:caif_netlink_parms(): no params data found [ 51.153047][ T7253] 8021q: adding VLAN 0 to HW filter on device bond0 [ 51.230185][ T7255] device hsr_slave_0 entered promiscuous mode [ 51.281168][ C1] hrtimer: interrupt took 31654 ns [ 51.298026][ T7255] device hsr_slave_1 entered promiscuous mode 13:27:12 executing program 0: accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r0, 0x800448d3, 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) close(r1) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) [ 51.347985][ T7255] debugfs: Directory 'hsr0' with parent '/' already present! [ 51.391693][ T7253] 8021q: adding VLAN 0 to HW filter on device team0 13:27:12 executing program 0: accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r0, 0x800448d3, 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) close(r1) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) [ 51.441319][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 51.449255][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.457099][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 51.466229][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 51.474955][ T3503] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.482043][ T3503] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.490627][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 51.499358][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 51.508052][ T3503] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.515108][ T3503] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.523157][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 51.578152][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 51.597174][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 51.638299][ T7259] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.645397][ T7259] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.654376][ T7259] device bridge_slave_0 entered promiscuous mode [ 51.662669][ T7259] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.670121][ T7259] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.678995][ T7259] device bridge_slave_1 entered promiscuous mode 13:27:12 executing program 0: accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r0, 0x800448d3, 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) close(r1) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) [ 51.698701][ T7263] chnl_net:caif_netlink_parms(): no params data found [ 51.714613][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 51.733446][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 51.749588][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 51.819691][ T7263] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.826871][ T7263] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.834676][ T7263] device bridge_slave_0 entered promiscuous mode [ 51.844296][ T7259] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 51.857562][ T2868] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready 13:27:12 executing program 0: accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r0, 0x800448d3, 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) close(r1) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) [ 51.870529][ T2868] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 51.881673][ T2868] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 51.892990][ T2868] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 51.923498][ T7253] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 51.936228][ T7253] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 51.949092][ T7263] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.957432][ T7263] bridge0: port 2(bridge_slave_1) entered disabled state 13:27:12 executing program 0: accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r0, 0x800448d3, 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) close(r1) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) [ 51.969988][ T7263] device bridge_slave_1 entered promiscuous mode [ 52.011612][ T7259] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 52.049781][ T2868] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.061903][ T2868] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.087231][ T7259] team0: Port device team_slave_0 added [ 52.094550][ T7259] team0: Port device team_slave_1 added 13:27:12 executing program 0: accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r0, 0x800448d3, 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000400)='/dev/snd/seq\x00', 0x0, 0x0) close(r1) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) [ 52.158044][ T7253] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 52.178395][ T7263] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link 13:27:13 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x24, 0x0, &(0x7f0000000100)) [ 52.234083][ T7259] device hsr_slave_0 entered promiscuous mode [ 52.271919][ T7259] device hsr_slave_1 entered promiscuous mode [ 52.337774][ T7259] debugfs: Directory 'hsr0' with parent '/' already present! [ 52.374521][ T7263] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 52.399365][ T7255] 8021q: adding VLAN 0 to HW filter on device bond0 [ 52.410109][ T7269] chnl_net:caif_netlink_parms(): no params data found [ 52.458148][ T7263] team0: Port device team_slave_0 added [ 52.468423][ T7259] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.475562][ T7259] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.496218][ T3503] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.512419][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 52.520899][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 52.529798][ T7263] team0: Port device team_slave_1 added [ 52.544398][ T7269] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.551638][ T7269] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.560186][ T7269] device bridge_slave_0 entered promiscuous mode [ 52.569104][ T7255] 8021q: adding VLAN 0 to HW filter on device team0 [ 52.584207][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 52.593277][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.605609][ T3503] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.612713][ T3503] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.621136][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 52.629877][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.638378][ T3503] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.645488][ T3503] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.653524][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 52.663410][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 52.672273][ T7269] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.682988][ T7269] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.691235][ T7269] device bridge_slave_1 entered promiscuous mode [ 52.718964][ T7269] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 52.755098][ T7255] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 52.776779][ T7255] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 52.794018][ T7261] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 52.803554][ T7261] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 52.816921][ T7261] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 13:27:13 executing program 1: syz_open_dev$usbfs(&(0x7f0000000840)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000080)) [ 52.826048][ T7261] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 52.835144][ T7261] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 52.844910][ T7261] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 52.853479][ T7261] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.862543][ T7261] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 52.871426][ T7261] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.888983][ T7269] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 52.922106][ T7261] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 52.931193][ T7261] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 52.957272][ T7259] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.010950][ T7263] device hsr_slave_0 entered promiscuous mode [ 53.058302][ T7263] device hsr_slave_1 entered promiscuous mode [ 53.097760][ T7263] debugfs: Directory 'hsr0' with parent '/' already present! [ 53.107286][ T7269] team0: Port device team_slave_0 added [ 53.117435][ T7255] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 53.134094][ T7269] team0: Port device team_slave_1 added [ 53.141101][ T7259] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.151491][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.159678][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.209996][ T7269] device hsr_slave_0 entered promiscuous mode [ 53.248446][ T7269] device hsr_slave_1 entered promiscuous mode [ 53.297781][ T7269] debugfs: Directory 'hsr0' with parent '/' already present! [ 53.333542][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 53.342537][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.351379][ T3503] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.358462][ T3503] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.389084][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 53.403316][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.429016][ T44] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.436094][ T44] bridge0: port 2(bridge_slave_1) entered forwarding state 13:27:14 executing program 2: syz_open_dev$usbfs(&(0x7f0000000840)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000080)) [ 53.464769][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 53.474868][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 53.490278][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 53.503099][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 53.514980][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 53.535247][ T44] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 53.551606][ T7263] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.568571][ T7259] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 53.579635][ T7259] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 53.591592][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 53.600737][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 53.609885][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.619011][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 53.628660][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 53.641635][ T3503] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 53.656268][ T7263] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.673593][ T7269] 8021q: adding VLAN 0 to HW filter on device bond0 [ 53.689626][ T2868] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.704959][ T2868] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.716610][ T7259] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 53.738456][ T2868] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 53.747228][ T2868] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 53.756502][ T2868] bridge0: port 1(bridge_slave_0) entered blocking state [ 53.763792][ T2868] bridge0: port 1(bridge_slave_0) entered forwarding state [ 53.771695][ T2868] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 53.779627][ T2868] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 53.787321][ T2868] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 53.796146][ T2868] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 53.804659][ T2868] bridge0: port 2(bridge_slave_1) entered blocking state [ 53.811705][ T2868] bridge0: port 2(bridge_slave_1) entered forwarding state [ 53.820319][ T2868] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 53.829564][ T2868] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 53.838834][ T2868] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 53.847356][ T2868] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 53.856354][ T2868] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 53.864361][ T2868] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 53.873559][ T7269] 8021q: adding VLAN 0 to HW filter on device team0 [ 53.885541][ T7263] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 53.896879][ T7263] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 53.917945][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 53.926723][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 53.936446][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 53.945666][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 53.954557][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 53.962943][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 53.972584][ T3008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 53.993201][ T7269] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 54.004254][ T7269] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 54.017078][ T7261] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 54.025884][ T7261] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 54.034352][ T7261] bridge0: port 1(bridge_slave_0) entered blocking state [ 54.041477][ T7261] bridge0: port 1(bridge_slave_0) entered forwarding state [ 54.049649][ T7261] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 54.058584][ T7261] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 54.067194][ T7261] bridge0: port 2(bridge_slave_1) entered blocking state [ 54.074237][ T7261] bridge0: port 2(bridge_slave_1) entered forwarding state [ 54.082467][ T7261] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 54.091480][ T7261] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 54.101143][ T7261] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 54.109815][ T7261] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 54.119019][ T7261] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 54.127520][ T7261] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 54.137146][ T7261] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 54.145727][ T7261] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 54.154714][ T7261] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 54.163345][ T7261] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 54.171926][ T7261] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 54.180535][ T7261] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 54.189026][ T7261] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 54.207479][ T7269] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 54.217054][ T7263] 8021q: adding VLAN 0 to HW filter on device batadv0 13:27:15 executing program 3: mkdir(&(0x7f0000ac6000)='./file0\x00', 0x0) mount(0x0, &(0x7f000000aff8)='./file0\x00', &(0x7f0000cd3000)='ramfs\x00', 0x1, 0x0) rmdir(&(0x7f0000000080)='./file0/file0\x00') [ 54.754008][ T7352] overlayfs: workdir and upperdir must reside under the same mount 13:27:16 executing program 4: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f00000009c0)='./file1\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() getsockopt$netrom_NETROM_IDLE(0xffffffffffffffff, 0x103, 0x7, 0x0, 0x0) ioctl$DRM_IOCTL_AGP_ACQUIRE(0xffffffffffffffff, 0x6430) sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) r4 = syz_open_dev$sndpcmp(0x0, 0xdd, 0x800) ioctl$TCSETXW(r4, 0x5435, &(0x7f00000000c0)={0x7f, 0x8, [0x101, 0x0, 0x7], 0x7fff}) write$tun(0xffffffffffffffff, &(0x7f0000000400)=ANY=[@ANYBLOB="000000004c1a00da00000007008e9079ac141419ac1414bb0100890701ac1414bb830700e0000001440c0093ffffffff0000ffff4e244e220401907844faf6ad0040ac8b3ca94559b2581eed3d2a5ebf5ef31e52e1db11604e2b49e0b787582e7466f04f38d8c4eac63938046b65945f91fda53bec7191c8d6483b937e78189ed652d24dfa8abeffff281ab1e190155d2db43ff0d725aebe1107be1b5472bd7e20b5a5683179b002151c0cf8a819d6caf83802ff75523bf47a12392d7f06f5ae231b0cc6c4a3e0e3bfe2283b683c63d26ee76f8c926af1aa"], 0x1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r5 = socket$packet(0x11, 0x0, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000040)={0x0, 0xfffffffffffffff9}, 0x4) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000000480), 0x2e9, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount$overlay(0x40000a, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './file1'}, 0x5c}], [], 0xf603000000000000}) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='cgroup2\x00', 0x0, 0x0) [ 55.335313][ T7353] overlayfs: workdir and upperdir must reside under the same mount 13:27:16 executing program 1: syz_open_dev$usbfs(&(0x7f0000000840)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000080)) 13:27:16 executing program 0: r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x24, 0x0, &(0x7f0000000100)) 13:27:16 executing program 2: syz_open_dev$usbfs(&(0x7f0000000840)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f0000000080)) 13:27:16 executing program 3: mkdir(&(0x7f0000ac6000)='./file0\x00', 0x0) mount(0x0, &(0x7f000000aff8)='./file0\x00', &(0x7f0000cd3000)='ramfs\x00', 0x1, 0x0) rmdir(&(0x7f0000000080)='./file0/file0\x00') 13:27:16 executing program 5: bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000002d0301000000000095000000000000006926000000000000bf67000000000000250608000fff0700350a000002000000070600000ee60000bf050000000000002d650000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070400000400f9ffad500100000000009500000000000000050000000000000095000000000000007c6c814de1f217e99519e72f6577df7269ac7270bc42792ed30f41266eb65bf5a25b0920dd5a204ce19559281c1cbc"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000040), 0x1f1}, 0x48) [ 55.456750][ T7359] ================================================================== [ 55.464868][ T7359] BUG: KCSAN: data-race in do_exit / mm_update_next_owner [ 55.471948][ T7359] [ 55.474279][ T7359] write to 0xffff888124f3f468 of 8 bytes by task 7361 on cpu 1: [ 55.481893][ T7359] do_exit+0x492/0x18f0 [ 55.486033][ T7359] do_group_exit+0xb4/0x1c0 [ 55.490611][ T7359] get_signal+0x2a2/0x1320 [ 55.495128][ T7359] do_signal+0x3b/0xc00 [ 55.499360][ T7359] exit_to_usermode_loop+0x250/0x2c0 [ 55.504628][ T7359] do_syscall_64+0x353/0x370 [ 55.509213][ T7359] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 55.515080][ T7359] [ 55.517394][ T7359] read to 0xffff888124f3f468 of 8 bytes by task 7359 on cpu 0: [ 55.524918][ T7359] mm_update_next_owner+0x374/0x460 [ 55.530097][ T7359] do_exit+0x4c1/0x18f0 [ 55.534236][ T7359] do_group_exit+0xb4/0x1c0 [ 55.538723][ T7359] __x64_sys_exit_group+0x2e/0x30 [ 55.543734][ T7359] do_syscall_64+0xcc/0x370 [ 55.548231][ T7359] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 55.554098][ T7359] [ 55.556404][ T7359] Reported by Kernel Concurrency Sanitizer on: [ 55.562545][ T7359] CPU: 0 PID: 7359 Comm: syz-executor.5 Not tainted 5.4.0-rc3+ #0 [ 55.570353][ T7359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.580397][ T7359] ================================================================== [ 55.588441][ T7359] Kernel panic - not syncing: panic_on_warn set ... [ 55.595018][ T7359] CPU: 0 PID: 7359 Comm: syz-executor.5 Not tainted 5.4.0-rc3+ #0 [ 55.602814][ T7359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 55.612864][ T7359] Call Trace: [ 55.616154][ T7359] dump_stack+0xf5/0x159 [ 55.620397][ T7359] panic+0x210/0x640 [ 55.624283][ T7359] ? vprintk_func+0x8d/0x140 [ 55.628878][ T7359] kcsan_report.cold+0xc/0x1b [ 55.633544][ T7359] __kcsan_setup_watchpoint+0x3ee/0x510 [ 55.639076][ T7359] ? __tsan_read8+0x2c/0x30 [ 55.643565][ T7359] __tsan_read8+0x2c/0x30 [ 55.647990][ T7359] mm_update_next_owner+0x374/0x460 [ 55.653263][ T7359] do_exit+0x4c1/0x18f0 [ 55.657416][ T7359] ? __kcsan_setup_watchpoint+0x96/0x510 [ 55.663036][ T7359] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 55.668913][ T7359] ? __tsan_read8+0x20/0x30 [ 55.673419][ T7359] do_group_exit+0xb4/0x1c0 [ 55.677914][ T7359] __x64_sys_exit_group+0x2e/0x30 [ 55.682939][ T7359] do_syscall_64+0xcc/0x370 [ 55.687429][ T7359] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 55.693302][ T7359] RIP: 0033:0x459a59 [ 55.697200][ T7359] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 55.716800][ T7359] RSP: 002b:00007ffee38a7d58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 55.725193][ T7359] RAX: ffffffffffffffda RBX: 000000000000001e RCX: 0000000000459a59 [ 55.733165][ T7359] RDX: 0000000000413741 RSI: fffffffffffffff7 RDI: 0000000000000000 [ 55.741207][ T7359] RBP: 0000000000000000 R08: 00000000f559b6b3 R09: 00007ffee38a7db0 [ 55.749177][ T7359] R10: ffffffff810070e5 R11: 0000000000000246 R12: 0000000000000000 [ 55.757132][ T7359] R13: 00007ffee38a7db0 R14: 0000000000000000 R15: 00007ffee38a7dc0 [ 55.765120][ T7359] ? do_syscall_64+0x235/0x370 [ 56.896601][ T7359] Shutting down cpus with NMI [ 56.902502][ T7359] Kernel Offset: disabled [ 56.906978][ T7359] Rebooting in 86400 seconds..