[ 35.911657] audit: type=1800 audit(1550270436.578:28): pid=7480 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 36.737775] audit: type=1800 audit(1550270437.478:29): pid=7480 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 36.761530] audit: type=1800 audit(1550270437.478:30): pid=7480 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 [....] startpar: service(s) returned failure: rsyslog ...[?25l[?1c7[FAIL8[?25h[?0c failed! Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.45' (ECDSA) to the list of known hosts. 2019/02/15 22:40:48 fuzzer started 2019/02/15 22:40:51 dialing manager at 10.128.0.26:37991 2019/02/15 22:40:52 syscalls: 1 2019/02/15 22:40:52 code coverage: enabled 2019/02/15 22:40:52 comparison tracing: enabled 2019/02/15 22:40:52 extra coverage: extra coverage is not supported by the kernel 2019/02/15 22:40:52 setuid sandbox: enabled 2019/02/15 22:40:52 namespace sandbox: enabled 2019/02/15 22:40:52 Android sandbox: /sys/fs/selinux/policy does not exist 2019/02/15 22:40:52 fault injection: enabled 2019/02/15 22:40:52 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/02/15 22:40:52 net packet injection: enabled 2019/02/15 22:40:52 net device setup: enabled 22:41:13 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x5, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0xc0205647, &(0x7f0000000040)) syzkaller login: [ 73.107148] IPVS: ftp: loaded support on port[0] = 21 22:41:13 executing program 1: r0 = socket(0x2000000000000021, 0x2, 0x2) sendmmsg(r0, &(0x7f0000000000)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[{0x10, 0x110, 0xa}], 0x10}}], 0x1, 0x0) [ 73.206005] chnl_net:caif_netlink_parms(): no params data found [ 73.294891] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.301983] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.314233] device bridge_slave_0 entered promiscuous mode [ 73.334920] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.341850] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.355107] device bridge_slave_1 entered promiscuous mode [ 73.386795] IPVS: ftp: loaded support on port[0] = 21 [ 73.406367] bond0: Enslaving bond_slave_0 as an active interface with an up link 22:41:14 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$pppoe(0x18, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f00000000c0)=@ethtool_ringparam={0x7, 0x0, 0x709000}}) [ 73.438054] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 73.478167] team0: Port device team_slave_0 added [ 73.495361] team0: Port device team_slave_1 added [ 73.577122] device hsr_slave_0 entered promiscuous mode 22:41:14 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000340)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0}) close(r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x1, 0x0, &(0x7f00000000c0)=[@release={0x400c630e}], 0x5e, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)}) dup(r1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0f630c40"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xc, 0x0, &(0x7f0000000480)=[@dead_binder_done], 0x0, 0x0, 0x0}) [ 73.664368] device hsr_slave_1 entered promiscuous mode [ 73.768249] IPVS: ftp: loaded support on port[0] = 21 [ 73.772354] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.779964] bridge0: port 2(bridge_slave_1) entered forwarding state [ 73.787252] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.793605] bridge0: port 1(bridge_slave_0) entered forwarding state [ 73.809473] chnl_net:caif_netlink_parms(): no params data found [ 73.846648] IPVS: ftp: loaded support on port[0] = 21 22:41:14 executing program 4: mkdir(&(0x7f0000000000)='./file1\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000180)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) rename(&(0x7f00000004c0)='./file0/file0\x00', &(0x7f0000000280)='./file0/file1/file0\x00') [ 73.960636] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.967556] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.979619] device bridge_slave_0 entered promiscuous mode [ 73.996299] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.002654] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.025201] device bridge_slave_1 entered promiscuous mode [ 74.041060] 8021q: adding VLAN 0 to HW filter on device bond0 [ 74.105659] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 74.120499] 8021q: adding VLAN 0 to HW filter on device team0 [ 74.123307] IPVS: ftp: loaded support on port[0] = 21 [ 74.156541] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 74.169009] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.186690] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.194457] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 74.204959] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 74.225566] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 74.244760] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.251182] bridge0: port 1(bridge_slave_0) entered forwarding state 22:41:15 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha1)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000000c0), 0x27e) [ 74.302895] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 74.316098] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 74.327669] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.334619] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.367694] chnl_net:caif_netlink_parms(): no params data found [ 74.391273] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 74.400051] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 74.410016] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 74.418517] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 74.426383] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 74.434661] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 74.442163] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 74.449706] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 74.459738] team0: Port device team_slave_0 added [ 74.467681] team0: Port device team_slave_1 added [ 74.492227] IPVS: ftp: loaded support on port[0] = 21 [ 74.499701] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 74.507108] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 74.514825] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 74.523175] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 74.540085] chnl_net:caif_netlink_parms(): no params data found [ 74.596136] device hsr_slave_0 entered promiscuous mode [ 74.635246] device hsr_slave_1 entered promiscuous mode [ 74.729935] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.737449] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.745292] device bridge_slave_0 entered promiscuous mode [ 74.752008] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.758609] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.766047] device bridge_slave_1 entered promiscuous mode [ 74.782244] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.789766] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.797285] device bridge_slave_0 entered promiscuous mode [ 74.805880] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.812220] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.819355] device bridge_slave_1 entered promiscuous mode [ 74.842785] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 74.861059] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 74.881200] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 74.891142] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 74.911933] team0: Port device team_slave_0 added [ 74.918539] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 74.971630] team0: Port device team_slave_1 added [ 74.987327] team0: Port device team_slave_0 added [ 74.993384] team0: Port device team_slave_1 added 22:41:15 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x5, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0xc0205647, &(0x7f0000000040)) 22:41:15 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x5, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0xc0205647, &(0x7f0000000040)) [ 75.063741] chnl_net:caif_netlink_parms(): no params data found 22:41:15 executing program 0: r0 = syz_open_dev$video4linux(&(0x7f00000000c0)='/dev/v4l-subdev#\x00', 0x5, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0xc0205647, &(0x7f0000000040)) 22:41:15 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bind$alg(r0, &(0x7f00000005c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'rfc3686(ctr-aes-aesni)\x00'}, 0x58) [ 75.128019] device hsr_slave_0 entered promiscuous mode [ 75.164883] device hsr_slave_1 entered promiscuous mode [ 75.256786] device hsr_slave_0 entered promiscuous mode [ 75.294584] device hsr_slave_1 entered promiscuous mode [ 75.376952] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.383345] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.390002] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.396395] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.405773] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.412510] bridge0: port 2(bridge_slave_1) entered disabled state 22:41:16 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bind$alg(r0, &(0x7f00000005c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'rfc3686(ctr-aes-aesni)\x00'}, 0x58) [ 75.460236] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.468515] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.476191] device bridge_slave_0 entered promiscuous mode [ 75.483344] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.494484] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.501809] device bridge_slave_1 entered promiscuous mode [ 75.522608] chnl_net:caif_netlink_parms(): no params data found [ 75.542299] 8021q: adding VLAN 0 to HW filter on device bond0 22:41:16 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bind$alg(r0, &(0x7f00000005c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'rfc3686(ctr-aes-aesni)\x00'}, 0x58) [ 75.574850] bond0: Enslaving bond_slave_0 as an active interface with an up link 22:41:16 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bind$alg(r0, &(0x7f00000005c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'rfc3686(ctr-aes-aesni)\x00'}, 0x58) [ 75.639656] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 75.658345] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.693651] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 75.707571] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 75.729508] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.741365] team0: Port device team_slave_0 added [ 75.760573] team0: Port device team_slave_1 added [ 75.783575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 75.802326] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 75.811657] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.818068] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.831067] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 75.839253] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 75.848833] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.855275] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.862539] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 75.873248] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 75.881888] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 75.889841] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 75.898065] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 75.911280] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 75.919476] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 75.926690] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 75.939136] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.945594] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.952902] device bridge_slave_0 entered promiscuous mode [ 75.966207] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.972553] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.984544] device bridge_slave_1 entered promiscuous mode [ 76.014955] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 76.022492] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 76.030406] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 76.040360] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 76.049483] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 76.116009] device hsr_slave_0 entered promiscuous mode [ 76.174617] device hsr_slave_1 entered promiscuous mode [ 76.252060] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.266494] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.276479] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 76.285604] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 76.293656] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 76.300907] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.310455] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.331449] 8021q: adding VLAN 0 to HW filter on device team0 [ 76.359375] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 76.367381] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.374316] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 76.382013] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 76.389860] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.396236] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.403308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 76.411150] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 76.418707] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.425093] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.432006] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 76.441262] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 76.476659] team0: Port device team_slave_0 added [ 76.483619] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 76.493436] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 76.501226] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.507962] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.519691] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready 22:41:17 executing program 1: r0 = socket(0x2000000000000021, 0x2, 0x2) sendmmsg(r0, &(0x7f0000000000)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[{0x10, 0x110, 0xa}], 0x10}}], 0x1, 0x0) [ 76.528613] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 76.536574] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.542935] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.550081] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 76.558252] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 76.566222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 76.574105] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 76.584250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 76.592865] team0: Port device team_slave_1 added [ 76.620248] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 76.630313] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 76.641814] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 76.649321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 76.657790] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 76.666069] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 76.673945] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 76.681784] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 76.689428] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 76.697342] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 76.704946] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 76.712561] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 76.719588] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 76.788948] device hsr_slave_0 entered promiscuous mode [ 76.847221] device hsr_slave_1 entered promiscuous mode [ 76.910042] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 76.918816] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 76.926618] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 76.934086] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 76.941466] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 76.950297] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 76.962996] 8021q: adding VLAN 0 to HW filter on device bond0 [ 76.978763] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 76.987979] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 76.995400] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 77.002336] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.061010] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.096318] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.110699] hrtimer: interrupt took 56554 ns [ 77.117268] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 77.125676] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 77.133235] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.139621] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.147074] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 77.154935] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 77.162562] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.168951] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.176192] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 77.183882] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 77.193572] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 77.200790] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready 22:41:17 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$pppoe(0x18, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f00000000c0)=@ethtool_ringparam={0x7, 0x0, 0x709000}}) [ 77.208633] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 77.218442] 8021q: adding VLAN 0 to HW filter on device bond0 [ 77.269689] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 77.277284] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 77.302887] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 77.303784] binder: 7739:7740 ioctl c0306201 20008fd0 returned -14 [ 77.310868] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 77.325666] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 77.326740] binder: 7739:7740 tried to acquire reference to desc 0, got 1 instead [ 77.351916] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 77.363217] binder: 7739:7741 ioctl c0306201 20008fd0 returned -14 [ 77.371550] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 77.372140] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 77.388188] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 77.391919] binder: undelivered death notification, 0000000000000000 [ 77.407960] binder: undelivered death notification, 0000000000000000 22:41:18 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000340)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0}) close(r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x1, 0x0, &(0x7f00000000c0)=[@release={0x400c630e}], 0x5e, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)}) dup(r1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0f630c40"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xc, 0x0, &(0x7f0000000480)=[@dead_binder_done], 0x0, 0x0, 0x0}) [ 77.429099] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 77.436362] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 77.457743] 8021q: adding VLAN 0 to HW filter on device team0 [ 77.471996] binder: 7746:7747 ioctl c0306201 20008fd0 returned -14 [ 77.481324] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 77.482965] binder: undelivered death notification, 0000000000000000 [ 77.489667] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 77.503169] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.510066] bridge0: port 1(bridge_slave_0) entered forwarding state [ 77.521973] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 77.530102] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 77.538912] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.545325] bridge0: port 2(bridge_slave_1) entered forwarding state [ 77.552751] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 77.577126] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 77.588419] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 77.599193] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 77.607482] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 77.615400] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 77.623016] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 77.630647] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 77.638879] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 77.647131] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 77.654811] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 77.662246] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 77.669801] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 77.677769] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 77.685069] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 77.702438] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 77.713072] 8021q: adding VLAN 0 to HW filter on device batadv0 22:41:18 executing program 4: mkdir(&(0x7f0000000000)='./file1\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000180)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) rename(&(0x7f00000004c0)='./file0/file0\x00', &(0x7f0000000280)='./file0/file1/file0\x00') 22:41:18 executing program 1: r0 = socket(0x2000000000000021, 0x2, 0x2) sendmmsg(r0, &(0x7f0000000000)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[{0x10, 0x110, 0xa}], 0x10}}], 0x1, 0x0) 22:41:18 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha1)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000000c0), 0x27e) 22:41:18 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$pppoe(0x18, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f00000000c0)=@ethtool_ringparam={0x7, 0x0, 0x709000}}) 22:41:18 executing program 0: r0 = openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mISDNtimer\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000180)={{{@in6=@mcast2, @in=@multicast2}}, {{@in6=@initdev}, 0x0, @in=@loopback}}, 0x0) getresgid(0x0, &(0x7f0000000640), &(0x7f0000000600)) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x0) socket$packet(0x11, 0x0, 0x300) openat$cgroup_subtree(r2, 0x0, 0x2, 0x0) ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, 0x0) ioctl$KVM_ENABLE_CAP(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000480)={0x200000007d, 0x0, [0x0, 0x0, 0x3ff]}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100)='TIPCv2\x00') ioctl$EVIOCGABS20(r2, 0x80184560, &(0x7f0000000800)=""/216) sendmsg$TIPC_NL_NET_SET(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)={0x38, r4, 0x20d, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x24, 0x7, [@TIPC_NLA_NET_NODEID={0xc}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x8}, @TIPC_NLA_NET_NODEID_W1={0xc}]}]}, 0x38}}, 0x0) 22:41:18 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000340)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0}) close(r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x1, 0x0, &(0x7f00000000c0)=[@release={0x400c630e}], 0x5e, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)}) dup(r1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0f630c40"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xc, 0x0, &(0x7f0000000480)=[@dead_binder_done], 0x0, 0x0, 0x0}) [ 77.854667] overlayfs: filesystem on './file0' not supported as upperdir 22:41:18 executing program 1: r0 = socket(0x2000000000000021, 0x2, 0x2) sendmmsg(r0, &(0x7f0000000000)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[{0x10, 0x110, 0xa}], 0x10}}], 0x1, 0x0) 22:41:18 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$pppoe(0x18, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f00000000c0)=@ethtool_ringparam={0x7, 0x0, 0x709000}}) 22:41:18 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha1)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000000c0), 0x27e) [ 77.937556] binder: 7766:7768 ioctl c0306201 20008fd0 returned -14 [ 77.955038] Started in network mode [ 77.958980] Own node identity , cluster identity 8 [ 78.019134] binder: undelivered death notification, 0000000000000000 22:41:18 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000340)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0}) close(r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x1, 0x0, &(0x7f00000000c0)=[@release={0x400c630e}], 0x5e, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)}) dup(r1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0f630c40"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xc, 0x0, &(0x7f0000000480)=[@dead_binder_done], 0x0, 0x0, 0x0}) [ 78.071115] Started in network mode 22:41:18 executing program 1: mkdir(&(0x7f0000000000)='./file1\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000180)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) rename(&(0x7f00000004c0)='./file0/file0\x00', &(0x7f0000000280)='./file0/file1/file0\x00') [ 78.127360] Own node identity , cluster identity 8 [ 78.144753] binder: 7786:7787 ioctl c0306201 20008fd0 returned -14 22:41:18 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000340)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0}) close(r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x1, 0x0, &(0x7f00000000c0)=[@release={0x400c630e}], 0x5e, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)}) dup(r1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0f630c40"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xc, 0x0, &(0x7f0000000480)=[@dead_binder_done], 0x0, 0x0, 0x0}) [ 78.187008] binder: undelivered death notification, 0000000000000000 22:41:19 executing program 4: mkdir(&(0x7f0000000000)='./file1\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000180)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) rename(&(0x7f00000004c0)='./file0/file0\x00', &(0x7f0000000280)='./file0/file1/file0\x00') 22:41:19 executing program 5: socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha1)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000000c0), 0x27e) 22:41:19 executing program 0: r0 = openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mISDNtimer\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000180)={{{@in6=@mcast2, @in=@multicast2}}, {{@in6=@initdev}, 0x0, @in=@loopback}}, 0x0) getresgid(0x0, &(0x7f0000000640), &(0x7f0000000600)) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x0) socket$packet(0x11, 0x0, 0x300) openat$cgroup_subtree(r2, 0x0, 0x2, 0x0) ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, 0x0) ioctl$KVM_ENABLE_CAP(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000480)={0x200000007d, 0x0, [0x0, 0x0, 0x3ff]}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100)='TIPCv2\x00') ioctl$EVIOCGABS20(r2, 0x80184560, &(0x7f0000000800)=""/216) sendmsg$TIPC_NL_NET_SET(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)={0x38, r4, 0x20d, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x24, 0x7, [@TIPC_NLA_NET_NODEID={0xc}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x8}, @TIPC_NLA_NET_NODEID_W1={0xc}]}]}, 0x38}}, 0x0) 22:41:19 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000340)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0}) close(r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x1, 0x0, &(0x7f00000000c0)=[@release={0x400c630e}], 0x5e, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)}) dup(r1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0f630c40"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xc, 0x0, &(0x7f0000000480)=[@dead_binder_done], 0x0, 0x0, 0x0}) [ 78.269010] binder: 7792:7794 ioctl c0306201 20008fd0 returned -14 22:41:19 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000340)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0}) close(r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x1, 0x0, &(0x7f00000000c0)=[@release={0x400c630e}], 0x5e, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)}) dup(r1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0f630c40"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xc, 0x0, &(0x7f0000000480)=[@dead_binder_done], 0x0, 0x0, 0x0}) 22:41:19 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000340)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0}) close(r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x1, 0x0, &(0x7f00000000c0)=[@release={0x400c630e}], 0x5e, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)}) dup(r1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0f630c40"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xc, 0x0, &(0x7f0000000480)=[@dead_binder_done], 0x0, 0x0, 0x0}) [ 78.347327] binder: undelivered death notification, 0000000000000000 [ 78.362067] Started in network mode [ 78.385079] binder: 7803:7804 ioctl c0306201 20008fd0 returned -14 [ 78.387505] Own node identity , cluster identity 8 22:41:19 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000340)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0}) close(r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x1, 0x0, &(0x7f00000000c0)=[@release={0x400c630e}], 0x5e, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)}) dup(r1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0f630c40"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xc, 0x0, &(0x7f0000000480)=[@dead_binder_done], 0x0, 0x0, 0x0}) 22:41:19 executing program 0: r0 = openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mISDNtimer\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000180)={{{@in6=@mcast2, @in=@multicast2}}, {{@in6=@initdev}, 0x0, @in=@loopback}}, 0x0) getresgid(0x0, &(0x7f0000000640), &(0x7f0000000600)) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x0) socket$packet(0x11, 0x0, 0x300) openat$cgroup_subtree(r2, 0x0, 0x2, 0x0) ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, 0x0) ioctl$KVM_ENABLE_CAP(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000480)={0x200000007d, 0x0, [0x0, 0x0, 0x3ff]}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100)='TIPCv2\x00') ioctl$EVIOCGABS20(r2, 0x80184560, &(0x7f0000000800)=""/216) sendmsg$TIPC_NL_NET_SET(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)={0x38, r4, 0x20d, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x24, 0x7, [@TIPC_NLA_NET_NODEID={0xc}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x8}, @TIPC_NLA_NET_NODEID_W1={0xc}]}]}, 0x38}}, 0x0) [ 78.475637] binder: undelivered death notification, 0000000000000000 [ 78.488480] binder: 7811:7812 ioctl c0306201 20008fd0 returned -14 [ 78.497522] binder: BINDER_SET_CONTEXT_MGR already set [ 78.509765] binder: 7810:7813 ioctl 40046207 0 returned -16 22:41:19 executing program 1: mkdir(&(0x7f0000000000)='./file1\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000180)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) rename(&(0x7f00000004c0)='./file0/file0\x00', &(0x7f0000000280)='./file0/file1/file0\x00') [ 78.541375] binder: undelivered death notification, 0000000000000000 [ 78.577874] binder: 7817:7818 ioctl c0306201 20008fd0 returned -14 22:41:19 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000340)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0}) close(r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x1, 0x0, &(0x7f00000000c0)=[@release={0x400c630e}], 0x5e, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)}) dup(r1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0f630c40"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xc, 0x0, &(0x7f0000000480)=[@dead_binder_done], 0x0, 0x0, 0x0}) 22:41:19 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000340)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0}) close(r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x1, 0x0, &(0x7f00000000c0)=[@release={0x400c630e}], 0x5e, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)}) dup(r1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0f630c40"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xc, 0x0, &(0x7f0000000480)=[@dead_binder_done], 0x0, 0x0, 0x0}) [ 78.639003] Started in network mode [ 78.646255] binder: undelivered death notification, 0000000000000000 [ 78.669749] Own node identity , cluster identity 8 [ 78.727226] binder: 7826:7827 ioctl c0306201 20008fd0 returned -14 [ 78.769384] binder: 7829:7831 ioctl c0306201 20008fd0 returned -14 [ 78.784911] binder: undelivered death notification, 0000000000000000 22:41:19 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000000340)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0}) close(r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x1, 0x0, &(0x7f00000000c0)=[@release={0x400c630e}], 0x5e, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)}) dup(r1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0f630c40"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xc, 0x0, &(0x7f0000000480)=[@dead_binder_done], 0x0, 0x0, 0x0}) 22:41:19 executing program 4: mkdir(&(0x7f0000000000)='./file1\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000180)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) rename(&(0x7f00000004c0)='./file0/file0\x00', &(0x7f0000000280)='./file0/file1/file0\x00') 22:41:19 executing program 0: r0 = openat$misdntimer(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mISDNtimer\x00', 0x0, 0x0) r2 = dup3(r0, r1, 0x80000) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000180)={{{@in6=@mcast2, @in=@multicast2}}, {{@in6=@initdev}, 0x0, @in=@loopback}}, 0x0) getresgid(0x0, &(0x7f0000000640), &(0x7f0000000600)) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x0) socket$packet(0x11, 0x0, 0x300) openat$cgroup_subtree(r2, 0x0, 0x2, 0x0) ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, 0x0) ioctl$KVM_ENABLE_CAP(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000480)={0x200000007d, 0x0, [0x0, 0x0, 0x3ff]}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100)='TIPCv2\x00') ioctl$EVIOCGABS20(r2, 0x80184560, &(0x7f0000000800)=""/216) sendmsg$TIPC_NL_NET_SET(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)={0x38, r4, 0x20d, 0x0, 0x0, {}, [@TIPC_NLA_NET={0x24, 0x7, [@TIPC_NLA_NET_NODEID={0xc}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x8}, @TIPC_NLA_NET_NODEID_W1={0xc}]}]}, 0x38}}, 0x0) 22:41:19 executing program 1: mkdir(&(0x7f0000000000)='./file1\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000100)='./file0/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000180)='./file0\x00', &(0x7f0000000300)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) rename(&(0x7f00000004c0)='./file0/file0\x00', &(0x7f0000000280)='./file0/file1/file0\x00') 22:41:19 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000340)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0}) close(r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x1, 0x0, &(0x7f00000000c0)=[@release={0x400c630e}], 0x5e, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)}) dup(r1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0f630c40"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xc, 0x0, &(0x7f0000000480)=[@dead_binder_done], 0x0, 0x0, 0x0}) 22:41:19 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000340)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0}) close(r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x1, 0x0, &(0x7f00000000c0)=[@release={0x400c630e}], 0x5e, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)}) dup(r1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0f630c40"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xc, 0x0, &(0x7f0000000480)=[@dead_binder_done], 0x0, 0x0, 0x0}) [ 78.915906] binder: BINDER_SET_CONTEXT_MGR already set [ 78.921237] binder: 7840:7842 ioctl 40046207 0 returned -16 [ 78.937575] binder: 7837:7841 ioctl c0306201 20008fd0 returned -14 22:41:19 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000340)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0}) close(r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x1, 0x0, &(0x7f00000000c0)=[@release={0x400c630e}], 0x5e, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)}) dup(r1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0f630c40"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xc, 0x0, &(0x7f0000000480)=[@dead_binder_done], 0x0, 0x0, 0x0}) [ 78.960662] binder: 7838:7845 ioctl c0306201 20008fd0 returned -14 [ 78.980619] Started in network mode [ 78.994821] Own node identity , cluster identity 8 [ 79.063733] binder: 7851:7852 ioctl c0306201 20008fd0 returned -14 22:41:19 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000340)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0}) close(r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x1, 0x0, &(0x7f00000000c0)=[@release={0x400c630e}], 0x5e, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)}) dup(r1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0f630c40"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xc, 0x0, &(0x7f0000000480)=[@dead_binder_done], 0x0, 0x0, 0x0}) 22:41:19 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000340)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0}) close(r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x1, 0x0, &(0x7f00000000c0)=[@release={0x400c630e}], 0x5e, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)}) dup(r1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0f630c40"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xc, 0x0, &(0x7f0000000480)=[@dead_binder_done], 0x0, 0x0, 0x0}) [ 79.228066] binder: 7858:7859 ioctl c0306201 20008fd0 returned -14 22:41:20 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000340)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0}) close(r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x1, 0x0, &(0x7f00000000c0)=[@release={0x400c630e}], 0x5e, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)}) dup(r1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0f630c40"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xc, 0x0, &(0x7f0000000480)=[@dead_binder_done], 0x0, 0x0, 0x0}) 22:41:20 executing program 4: seccomp(0x1, 0x9, &(0x7f0000000080)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0xffffff7f7ffffffe}]}) seccomp(0x1, 0xa, &(0x7f0000000140)={0x1, &(0x7f0000000080)=[{0x6}]}) 22:41:20 executing program 3: r0 = syz_open_dev$binder(&(0x7f0000000340)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0}) close(r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x1, 0x0, &(0x7f00000000c0)=[@release={0x400c630e}], 0x5e, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)}) dup(r1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0f630c40"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xc, 0x0, &(0x7f0000000480)=[@dead_binder_done], 0x0, 0x0, 0x0}) 22:41:20 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0xffffffffffffff9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2dce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x200000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x1e, 0x1, 0x0) sendmsg(r0, &(0x7f00003bbfc8)={&(0x7f0000fdbf80)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x80, 0x0, 0x0, &(0x7f0000000100)}, 0x800) syz_open_dev$sndctrl(0x0, 0x0, 0x0) sched_setaffinity(0x0, 0xfe7d, &(0x7f0000001a80)=0x5) recvmmsg(0xffffffffffffffff, &(0x7f0000001f40)=[{{0x0, 0x0, &(0x7f0000001c40)=[{0x0}, {&(0x7f0000001b80)=""/130, 0x82}], 0x2}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) r2 = syz_open_dev$swradio(&(0x7f0000000080)='/dev/swradio#\x00', 0x1, 0x2) setsockopt$inet_sctp_SCTP_NODELAY(r2, 0x84, 0x3, 0x0, 0x0) bind$alg(r1, &(0x7f0000000340)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000001c0)="e180db4e3b23cdde86a3b7ae4fdb961983a44c4bca5351a6904cf9b053d46ee6", 0x20) r3 = accept4(r1, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f0000001bc0), 0xfe, 0x0, &(0x7f0000001d00)={0x77359400}) 22:41:20 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) [ 79.319133] binder: 7862:7863 ioctl c0306201 20008fd0 returned -14 [ 79.338414] binder: BINDER_SET_CONTEXT_MGR already set [ 79.350021] binder: 7864:7869 ioctl 40046207 0 returned -16 [ 79.353968] binder: 7865:7870 ioctl c0306201 20008fd0 returned -14 22:41:20 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x100000000011, 0x4, 0x4, 0x7}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r0, &(0x7f00000001c0), &(0x7f0000000180)}, 0x20) [ 79.371601] audit: type=1326 audit(1550270480.108:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7866 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0x0 22:41:20 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000340)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0}) close(r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x1, 0x0, &(0x7f00000000c0)=[@release={0x400c630e}], 0x5e, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)}) dup(r1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0f630c40"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xc, 0x0, &(0x7f0000000480)=[@dead_binder_done], 0x0, 0x0, 0x0}) 22:41:20 executing program 5: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x1e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 22:41:20 executing program 2: r0 = syz_open_dev$binder(&(0x7f0000000340)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0}) close(r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x1, 0x0, &(0x7f00000000c0)=[@release={0x400c630e}], 0x5e, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)}) dup(r1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0f630c40"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xc, 0x0, &(0x7f0000000480)=[@dead_binder_done], 0x0, 0x0, 0x0}) 22:41:20 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x100000000011, 0x4, 0x4, 0x7}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r0, &(0x7f00000001c0), &(0x7f0000000180)}, 0x20) 22:41:20 executing program 1: perf_event_open(&(0x7f0000000040)={0x1, 0xffffffffffffff9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2dce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x200000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x1e, 0x1, 0x0) sendmsg(r0, &(0x7f00003bbfc8)={&(0x7f0000fdbf80)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x80, 0x0, 0x0, &(0x7f0000000100)}, 0x800) syz_open_dev$sndctrl(0x0, 0x0, 0x0) sched_setaffinity(0x0, 0xfe7d, &(0x7f0000001a80)=0x5) recvmmsg(0xffffffffffffffff, &(0x7f0000001f40)=[{{0x0, 0x0, &(0x7f0000001c40)=[{0x0}, {&(0x7f0000001b80)=""/130, 0x82}], 0x2}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) r2 = syz_open_dev$swradio(&(0x7f0000000080)='/dev/swradio#\x00', 0x1, 0x2) setsockopt$inet_sctp_SCTP_NODELAY(r2, 0x84, 0x3, 0x0, 0x0) bind$alg(r1, &(0x7f0000000340)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000001c0)="e180db4e3b23cdde86a3b7ae4fdb961983a44c4bca5351a6904cf9b053d46ee6", 0x20) r3 = accept4(r1, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f0000001bc0), 0xfe, 0x0, &(0x7f0000001d00)={0x77359400}) [ 79.535469] binder: 7882:7883 ioctl c0306201 20008fd0 returned -14 22:41:20 executing program 0: r0 = syz_open_dev$binder(&(0x7f0000000340)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) r1 = syz_open_dev$binder(0x0, 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000012000)={0x8, 0x0, &(0x7f0000005fd4)=[@acquire], 0x0, 0x0, 0x0}) close(r0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000008fd0)={0x1, 0x0, &(0x7f00000000c0)=[@release={0x400c630e}], 0x5e, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f000000dfd0)={0x4, 0x0, &(0x7f0000000080)=[@enter_looper], 0xaf14113f02c18c41, 0x0, &(0x7f0000000680)}) dup(r1) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x4, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0f630c40"], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0xc, 0x0, &(0x7f0000000480)=[@dead_binder_done], 0x0, 0x0, 0x0}) [ 79.590234] binder: 7889:7890 ioctl c0306201 20008fd0 returned -14 22:41:20 executing program 2: perf_event_open(&(0x7f0000000040)={0x1, 0xffffffffffffff9a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2dce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}, 0x0, 0x200000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x1e, 0x1, 0x0) sendmsg(r0, &(0x7f00003bbfc8)={&(0x7f0000fdbf80)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x80, 0x0, 0x0, &(0x7f0000000100)}, 0x800) syz_open_dev$sndctrl(0x0, 0x0, 0x0) sched_setaffinity(0x0, 0xfe7d, &(0x7f0000001a80)=0x5) recvmmsg(0xffffffffffffffff, &(0x7f0000001f40)=[{{0x0, 0x0, &(0x7f0000001c40)=[{0x0}, {&(0x7f0000001b80)=""/130, 0x82}], 0x2}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) r2 = syz_open_dev$swradio(&(0x7f0000000080)='/dev/swradio#\x00', 0x1, 0x2) setsockopt$inet_sctp_SCTP_NODELAY(r2, 0x84, 0x3, 0x0, 0x0) bind$alg(r1, &(0x7f0000000340)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f00000001c0)="e180db4e3b23cdde86a3b7ae4fdb961983a44c4bca5351a6904cf9b053d46ee6", 0x20) r3 = accept4(r1, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f0000001bc0), 0xfe, 0x0, &(0x7f0000001d00)={0x77359400}) [ 79.687327] binder: 7900:7901 ioctl c0306201 20008fd0 returned -14 [ 80.120783] ================================================================== [ 80.128203] BUG: KASAN: use-after-free in __lock_acquire+0x30e0/0x4700 [ 80.135039] Read of size 8 at addr ffff88809ff1ed80 by task syz-executor.4/7866 [ 80.142463] [ 80.144079] CPU: 1 PID: 7866 Comm: syz-executor.4 Not tainted 5.0.0-rc6+ #73 [ 80.151249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 80.160598] Call Trace: [ 80.163212] dump_stack+0x172/0x1f0 [ 80.166829] ? __lock_acquire+0x30e0/0x4700 [ 80.171156] print_address_description.cold+0x7c/0x20d [ 80.176433] ? __lock_acquire+0x30e0/0x4700 [ 80.180736] ? __lock_acquire+0x30e0/0x4700 [ 80.185042] kasan_report.cold+0x1b/0x40 [ 80.189194] ? __lock_acquire+0x30e0/0x4700 [ 80.193511] __asan_report_load8_noabort+0x14/0x20 [ 80.198425] __lock_acquire+0x30e0/0x4700 [ 80.202568] ? mark_held_locks+0x100/0x100 [ 80.206786] ? __lock_acquire+0x53b/0x4700 [ 80.211003] ? __lock_acquire+0x53b/0x4700 [ 80.215220] ? mark_held_locks+0x100/0x100 [ 80.219443] ? find_held_lock+0x35/0x130 [ 80.223487] ? mark_held_locks+0x100/0x100 [ 80.227706] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 80.232794] ? debug_object_activate+0x206/0x4f0 [ 80.237559] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 80.242645] ? lockdep_hardirqs_on+0x415/0x5d0 [ 80.247212] ? seccomp_notify_release+0x62/0x280 [ 80.251952] lock_acquire+0x16f/0x3f0 [ 80.255755] ? seccomp_notify_release+0x62/0x280 [ 80.260496] ? seccomp_notify_release+0x62/0x280 [ 80.265249] __mutex_lock+0xf7/0x1310 [ 80.269032] ? seccomp_notify_release+0x62/0x280 [ 80.273771] ? seccomp_notify_release+0x62/0x280 [ 80.278517] ? __lock_acquire+0x53b/0x4700 [ 80.282734] ? __seccomp_filter+0x32c/0x12a0 [ 80.287125] ? mutex_trylock+0x1e0/0x1e0 [ 80.291171] ? mark_held_locks+0x100/0x100 [ 80.295400] ? vfs_lock_file+0xf0/0xf0 [ 80.299273] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 80.304790] ? fsnotify+0x395/0xbd0 [ 80.308403] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 80.313923] ? locks_remove_file+0x2de/0x460 [ 80.318331] ? get_nth_filter.part.0+0x1d0/0x1d0 [ 80.323080] mutex_lock_nested+0x16/0x20 [ 80.327124] ? mutex_lock_nested+0x16/0x20 [ 80.331350] seccomp_notify_release+0x62/0x280 [ 80.335916] ? ima_file_free+0xc9/0x4a0 [ 80.339873] ? get_nth_filter.part.0+0x1d0/0x1d0 [ 80.344611] __fput+0x2df/0x8d0 [ 80.347878] ____fput+0x16/0x20 [ 80.351140] task_work_run+0x14a/0x1c0 [ 80.355012] exit_to_usermode_loop+0x273/0x2c0 [ 80.359577] do_syscall_64+0x52d/0x610 [ 80.363469] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 80.368644] RIP: 0033:0x411d31 [ 80.371831] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 94 19 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 80.390715] RSP: 002b:00007ffecd11fa10 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 80.398412] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000411d31 [ 80.405835] RDX: 0000000000000000 RSI: 00000000007402a8 RDI: 0000000000000004 [ 80.413099] RBP: 0000000000000000 R08: 00000000007402a0 R09: 00000000000135bf [ 80.420362] R10: 00007ffecd11f930 R11: 0000000000000293 R12: 0000000000000000 [ 80.427613] R13: 0000000000000001 R14: 0000000000000004 R15: 0000000000000004 [ 80.434866] [ 80.436476] Allocated by task 7868: [ 80.440094] save_stack+0x45/0xd0 [ 80.443543] __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 80.448461] kasan_kmalloc+0x9/0x10 [ 80.452082] kmem_cache_alloc_trace+0x151/0x760 [ 80.456733] do_seccomp+0x73e/0x2250 [ 80.460437] __x64_sys_seccomp+0x73/0xb0 [ 80.464487] do_syscall_64+0x103/0x610 [ 80.468364] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 80.473531] [ 80.475151] Freed by task 7868: [ 80.478413] save_stack+0x45/0xd0 [ 80.481849] __kasan_slab_free+0x102/0x150 [ 80.486072] kasan_slab_free+0xe/0x10 [ 80.489855] kfree+0xcf/0x230 [ 80.492953] do_seccomp+0xafb/0x2250 [ 80.496647] __x64_sys_seccomp+0x73/0xb0 [ 80.500692] do_syscall_64+0x103/0x610 [ 80.505074] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 80.510239] [ 80.511872] The buggy address belongs to the object at ffff88809ff1ed00 [ 80.511872] which belongs to the cache kmalloc-192 of size 192 [ 80.524513] The buggy address is located 128 bytes inside of [ 80.524513] 192-byte region [ffff88809ff1ed00, ffff88809ff1edc0) [ 80.536365] The buggy address belongs to the page: [ 80.541276] page:ffffea00027fc780 count:1 mapcount:0 mapping:ffff88812c3f0040 index:0x0 [ 80.549398] flags: 0x1fffc0000000200(slab) [ 80.553706] raw: 01fffc0000000200 ffffea0002990108 ffffea00025fc388 ffff88812c3f0040 [ 80.561659] raw: 0000000000000000 ffff88809ff1e000 0000000100000010 0000000000000000 [ 80.569524] page dumped because: kasan: bad access detected [ 80.575227] [ 80.576832] Memory state around the buggy address: [ 80.581740] ffff88809ff1ec80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 80.589079] ffff88809ff1ed00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 80.596419] >ffff88809ff1ed80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 80.603756] ^ [ 80.607102] ffff88809ff1ee00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 80.614446] ffff88809ff1ee80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 80.621782] ================================================================== [ 80.629118] Disabling lock debugging due to kernel taint [ 80.634546] Kernel panic - not syncing: panic_on_warn set ... [ 80.640419] CPU: 1 PID: 7866 Comm: syz-executor.4 Tainted: G B 5.0.0-rc6+ #73 [ 80.648969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 80.658304] Call Trace: [ 80.660893] dump_stack+0x172/0x1f0 [ 80.664510] panic+0x2cb/0x65c [ 80.667706] ? __warn_printk+0xf3/0xf3 [ 80.671582] ? lock_downgrade+0x810/0x810 [ 80.675724] ? __lock_acquire+0x30e0/0x4700 [ 80.680034] ? trace_hardirqs_off+0x62/0x220 [ 80.684425] ? trace_hardirqs_off+0x59/0x220 [ 80.688814] ? __lock_acquire+0x30e0/0x4700 [ 80.693132] end_report+0x47/0x4f [ 80.696566] ? __lock_acquire+0x30e0/0x4700 [ 80.700869] kasan_report.cold+0xe/0x40 [ 80.704828] ? __lock_acquire+0x30e0/0x4700 [ 80.709135] __asan_report_load8_noabort+0x14/0x20 [ 80.714046] __lock_acquire+0x30e0/0x4700 [ 80.718176] ? mark_held_locks+0x100/0x100 [ 80.722407] ? __lock_acquire+0x53b/0x4700 [ 80.726626] ? __lock_acquire+0x53b/0x4700 [ 80.730847] ? mark_held_locks+0x100/0x100 [ 80.735144] ? find_held_lock+0x35/0x130 [ 80.739191] ? mark_held_locks+0x100/0x100 [ 80.743414] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 80.748503] ? debug_object_activate+0x206/0x4f0 [ 80.753252] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 80.758358] ? lockdep_hardirqs_on+0x415/0x5d0 [ 80.762924] ? seccomp_notify_release+0x62/0x280 [ 80.767663] lock_acquire+0x16f/0x3f0 [ 80.771447] ? seccomp_notify_release+0x62/0x280 [ 80.776190] ? seccomp_notify_release+0x62/0x280 [ 80.780951] __mutex_lock+0xf7/0x1310 [ 80.784736] ? seccomp_notify_release+0x62/0x280 [ 80.789528] ? seccomp_notify_release+0x62/0x280 [ 80.794273] ? __lock_acquire+0x53b/0x4700 [ 80.798502] ? __seccomp_filter+0x32c/0x12a0 [ 80.802902] ? mutex_trylock+0x1e0/0x1e0 [ 80.806946] ? mark_held_locks+0x100/0x100 [ 80.811163] ? vfs_lock_file+0xf0/0xf0 [ 80.815039] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 80.820650] ? fsnotify+0x395/0xbd0 [ 80.824261] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 80.829779] ? locks_remove_file+0x2de/0x460 [ 80.834270] ? get_nth_filter.part.0+0x1d0/0x1d0 [ 80.839018] mutex_lock_nested+0x16/0x20 [ 80.843061] ? mutex_lock_nested+0x16/0x20 [ 80.847276] seccomp_notify_release+0x62/0x280 [ 80.851862] ? ima_file_free+0xc9/0x4a0 [ 80.855823] ? get_nth_filter.part.0+0x1d0/0x1d0 [ 80.860564] __fput+0x2df/0x8d0 [ 80.863826] ____fput+0x16/0x20 [ 80.867099] task_work_run+0x14a/0x1c0 [ 80.870972] exit_to_usermode_loop+0x273/0x2c0 [ 80.875548] do_syscall_64+0x52d/0x610 [ 80.879422] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 80.884592] RIP: 0033:0x411d31 [ 80.887779] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 94 19 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 80.906676] RSP: 002b:00007ffecd11fa10 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 80.914366] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000411d31 [ 80.921629] RDX: 0000000000000000 RSI: 00000000007402a8 RDI: 0000000000000004 [ 80.928882] RBP: 0000000000000000 R08: 00000000007402a0 R09: 00000000000135bf [ 80.936134] R10: 00007ffecd11f930 R11: 0000000000000293 R12: 0000000000000000 [ 80.943385] R13: 0000000000000001 R14: 0000000000000004 R15: 0000000000000004 [ 80.951726] Kernel Offset: disabled [ 80.955349] Rebooting in 86400 seconds..