Warning: Permanently added '[localhost]:6929' (ECDSA) to the list of known hosts.
syzkaller login: [  107.666014][   T40] kauditd_printk_skb: 7 callbacks suppressed
[  107.666070][   T40] audit: type=1400 audit(1577367763.229:42): avc:  denied  { map } for  pid=8513 comm="syz-fuzzer" path="/syz-fuzzer" dev="sda1" ino=16526 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1
2019/12/26 13:42:43 fuzzer started
2019/12/26 13:42:47 dialing manager at 10.0.2.10:33669
2019/12/26 13:42:47 syscalls: 2701
2019/12/26 13:42:47 code coverage: enabled
2019/12/26 13:42:47 comparison tracing: enabled
2019/12/26 13:42:47 extra coverage: enabled
2019/12/26 13:42:47 setuid sandbox: enabled
2019/12/26 13:42:47 namespace sandbox: enabled
2019/12/26 13:42:47 Android sandbox: /sys/fs/selinux/policy does not exist
2019/12/26 13:42:47 fault injection: enabled
2019/12/26 13:42:47 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/12/26 13:42:47 net packet injection: enabled
2019/12/26 13:42:47 net device setup: enabled
2019/12/26 13:42:47 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist
2019/12/26 13:42:47 devlink PCI setup: PCI device 0000:00:10.0 is not available
13:43:21 executing program 0:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$sock_timeval(r0, 0xffff, 0x1006, &(0x7f0000000300)={0x5}, 0x10)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
poll(&(0x7f0000000000)=[{}, {}, {r1}], 0x3, 0x4e)
recvfrom$inet(r0, 0x0, 0xa7573e4c, 0x0, 0x0, 0x800e00670)
shutdown(r0, 0x0)

[  145.704556][   T40] audit: type=1400 audit(1577367801.269:43): avc:  denied  { map } for  pid=8536 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=24203 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1
13:43:21 executing program 1:
r0 = socket(0x200000000010, 0x3, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
write(r0, &(0x7f000095c000)="2400000026007f000000000000007701000000ff0100000000000000160000000200ff10", 0x24)

13:43:21 executing program 2:
r0 = socket$inet(0x2, 0x200000002, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e24, @remote}, 0x10)
syz_emit_ethernet(0x352, &(0x7f00003f3fd5)={@link_local, @empty=[0x0, 0x0, 0x14], [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty=0xac1414bb, @multicast1}, @udp={0x0, 0x4e21, 0x8}}}}}, 0x0)

[  146.127910][ T8539] IPVS: ftp: loaded support on port[0] = 21
[  146.127918][ T8537] IPVS: ftp: loaded support on port[0] = 21
13:43:21 executing program 3:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000002, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
ioctl$sock_inet6_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, &(0x7f00000000c0)={@ipv4={[], [], @local}, 0x108})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0, 0x311}, {0x0, 0x22b}, {&(0x7f0000000200)=""/55, 0x2}], 0x29, 0x0, 0xffff, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
tkill(r0, 0x3c)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x9, r0, 0x0, 0x0)

[  146.208160][ T8541] IPVS: ftp: loaded support on port[0] = 21
[  146.428410][ T8543] IPVS: ftp: loaded support on port[0] = 21
[  146.447634][ T8537] chnl_net:caif_netlink_parms(): no params data found
[  146.498679][ T8539] chnl_net:caif_netlink_parms(): no params data found
[  146.508773][ T8541] chnl_net:caif_netlink_parms(): no params data found
[  146.576204][ T8537] bridge0: port 1(bridge_slave_0) entered blocking state
[  146.586376][ T8537] bridge0: port 1(bridge_slave_0) entered disabled state
[  146.597972][ T8537] device bridge_slave_0 entered promiscuous mode
[  146.628850][ T8539] bridge0: port 1(bridge_slave_0) entered blocking state
[  146.644345][ T8539] bridge0: port 1(bridge_slave_0) entered disabled state
[  146.657965][ T8539] device bridge_slave_0 entered promiscuous mode
[  146.669253][ T8537] bridge0: port 2(bridge_slave_1) entered blocking state
[  146.684348][ T8537] bridge0: port 2(bridge_slave_1) entered disabled state
[  146.694062][ T8537] device bridge_slave_1 entered promiscuous mode
[  146.705178][ T8541] bridge0: port 1(bridge_slave_0) entered blocking state
[  146.714024][ T8541] bridge0: port 1(bridge_slave_0) entered disabled state
[  146.725488][ T8541] device bridge_slave_0 entered promiscuous mode
[  146.737426][ T8541] bridge0: port 2(bridge_slave_1) entered blocking state
[  146.746481][ T8541] bridge0: port 2(bridge_slave_1) entered disabled state
[  146.756304][ T8541] device bridge_slave_1 entered promiscuous mode
[  146.764550][ T8539] bridge0: port 2(bridge_slave_1) entered blocking state
[  146.773977][ T8539] bridge0: port 2(bridge_slave_1) entered disabled state
[  146.783669][ T8539] device bridge_slave_1 entered promiscuous mode
[  146.816386][ T8539] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  146.841526][ T8539] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  146.868079][ T8537] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  146.891569][ T8539] team0: Port device team_slave_0 added
[  146.903912][ T8541] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  146.926974][ T8541] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  146.950117][ T8537] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  146.981578][ T8539] team0: Port device team_slave_1 added
[  146.999184][ T8537] team0: Port device team_slave_0 added
[  147.014489][ T8541] team0: Port device team_slave_0 added
[  147.037537][ T8537] team0: Port device team_slave_1 added
[  147.057045][ T8541] team0: Port device team_slave_1 added
[  147.163216][ T8539] device hsr_slave_0 entered promiscuous mode
[  147.270846][ T8539] device hsr_slave_1 entered promiscuous mode
[  147.362646][ T8537] device hsr_slave_0 entered promiscuous mode
[  147.430090][ T8537] device hsr_slave_1 entered promiscuous mode
[  147.529962][ T8537] debugfs: Directory 'hsr0' with parent '/' already present!
[  147.548131][ T8543] chnl_net:caif_netlink_parms(): no params data found
[  147.712979][ T8541] device hsr_slave_0 entered promiscuous mode
[  147.760325][ T8541] device hsr_slave_1 entered promiscuous mode
[  147.829868][ T8541] debugfs: Directory 'hsr0' with parent '/' already present!
[  147.900183][ T8543] bridge0: port 1(bridge_slave_0) entered blocking state
[  147.913040][ T8543] bridge0: port 1(bridge_slave_0) entered disabled state
[  147.922812][ T8543] device bridge_slave_0 entered promiscuous mode
[  147.929889][   T40] audit: type=1400 audit(1577367803.489:44): avc:  denied  { create } for  pid=8539 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  147.966716][ T8543] bridge0: port 2(bridge_slave_1) entered blocking state
[  147.967212][   T40] audit: type=1400 audit(1577367803.489:45): avc:  denied  { write } for  pid=8539 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  147.977064][ T8543] bridge0: port 2(bridge_slave_1) entered disabled state
[  148.010432][   T40] audit: type=1400 audit(1577367803.489:46): avc:  denied  { read } for  pid=8539 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1
[  148.056716][ T8543] device bridge_slave_1 entered promiscuous mode
[  148.069801][ T8539] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  148.180554][ T8539] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  148.245816][ T8539] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  148.305745][ T8539] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  148.355264][ T8541] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  148.446438][ T8541] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  148.501818][ T8541] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  148.601348][ T8537] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  148.652690][ T8537] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  148.732072][ T8537] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  148.794836][ T8543] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  148.831238][ T8541] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  148.945267][ T8537] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  149.032394][ T8543] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  149.055727][ T8543] team0: Port device team_slave_0 added
[  149.066266][ T8543] team0: Port device team_slave_1 added
[  149.152012][ T8543] device hsr_slave_0 entered promiscuous mode
[  149.200153][ T8543] device hsr_slave_1 entered promiscuous mode
[  149.259894][ T8543] debugfs: Directory 'hsr0' with parent '/' already present!
[  149.325651][ T8543] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  149.389160][ T8543] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  149.442607][ T8543] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  149.562430][ T8543] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  149.722293][ T8541] 8021q: adding VLAN 0 to HW filter on device bond0
[  149.757008][ T8539] 8021q: adding VLAN 0 to HW filter on device bond0
[  149.779098][ T8541] 8021q: adding VLAN 0 to HW filter on device team0
[  149.796644][   T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  149.820676][   T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  149.850244][ T8537] 8021q: adding VLAN 0 to HW filter on device bond0
[  149.869393][ T2591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  149.921331][ T2591] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  149.946447][ T2591] bridge0: port 1(bridge_slave_0) entered blocking state
[  149.973341][ T2591] bridge0: port 1(bridge_slave_0) entered forwarding state
[  149.999550][ T2591] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  150.054293][ T3386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  150.078864][ T3386] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  150.114212][ T3386] bridge0: port 2(bridge_slave_1) entered blocking state
[  150.146313][ T3386] bridge0: port 2(bridge_slave_1) entered forwarding state
[  150.182721][ T3386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  150.215473][ T3386] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  150.271602][ T8539] 8021q: adding VLAN 0 to HW filter on device team0
[  150.308853][ T8550] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  150.342675][ T8550] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  150.375377][ T8537] 8021q: adding VLAN 0 to HW filter on device team0
[  150.408649][ T8551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  150.433055][ T8551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  150.461029][ T8551] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  150.492514][ T8551] bridge0: port 1(bridge_slave_0) entered blocking state
[  150.520158][ T8551] bridge0: port 1(bridge_slave_0) entered forwarding state
[  150.545734][ T8551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  150.570244][ T8551] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  150.590559][ T8551] bridge0: port 1(bridge_slave_0) entered blocking state
[  150.601688][ T8551] bridge0: port 1(bridge_slave_0) entered forwarding state
[  150.615686][ T3386] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  150.630686][ T3386] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  150.655689][ T8550] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  150.673034][ T8550] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  150.690840][ T8550] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  150.706123][ T8550] bridge0: port 2(bridge_slave_1) entered blocking state
[  150.723860][ T8550] bridge0: port 2(bridge_slave_1) entered forwarding state
[  150.739554][ T8550] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  150.753083][ T8550] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  150.772851][ T8550] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  150.797920][ T8550] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  150.814003][ T8550] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  150.830027][ T8550] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  150.857955][ T8539] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  150.881748][ T8539] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  150.917734][ T3105] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  150.929391][ T3105] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  150.951329][ T3105] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  150.971316][ T3105] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  150.987673][ T3105] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  151.002008][ T3105] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  151.016138][ T3105] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  151.030754][ T3105] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  151.044081][ T3105] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  151.058081][ T3105] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  151.071636][ T3105] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  151.088668][ T3105] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  151.100262][ T3105] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  151.124275][ T3105] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  151.148606][ T3105] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  151.164646][ T3105] bridge0: port 2(bridge_slave_1) entered blocking state
[  151.182199][ T3105] bridge0: port 2(bridge_slave_1) entered forwarding state
[  151.197751][ T3105] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  151.213758][ T3105] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  151.230742][ T8541] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  151.271730][ T8543] 8021q: adding VLAN 0 to HW filter on device bond0
[  151.292238][ T2591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  151.341722][ T8543] 8021q: adding VLAN 0 to HW filter on device team0
[  151.363064][ T2591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  151.392230][ T2591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  151.415024][ T2591] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  151.435985][ T2591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  151.463435][ T2591] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  151.486642][ T2591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  151.505369][ T2591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  151.524335][ T2591] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  151.537900][ T2591] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  151.556528][ T2591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  151.572260][ T2591] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  151.584634][ T2591] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  151.606096][ T8541] 8021q: adding VLAN 0 to HW filter on device batadv0
[  151.631564][   T40] audit: type=1400 audit(1577367807.189:47): avc:  denied  { associate } for  pid=8541 comm="syz-executor.2" name="syz2" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1
[  151.634288][ T8539] 8021q: adding VLAN 0 to HW filter on device batadv0
[  151.715869][ T3386] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  151.739394][ T3386] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  151.764186][ T3386] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  151.786717][ T3386] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  151.828230][ T8537] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  151.881404][ T8552] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  151.906572][ T8552] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  151.940982][ T8552] bridge0: port 1(bridge_slave_0) entered blocking state
[  151.962333][ T8552] bridge0: port 1(bridge_slave_0) entered forwarding state
[  151.981466][ T8552] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  152.008146][ T8552] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  152.026153][ T8552] bridge0: port 2(bridge_slave_1) entered blocking state
[  152.052770][ T8552] bridge0: port 2(bridge_slave_1) entered forwarding state
[  152.087984][ T8552] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  152.156361][ T2591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  152.191181][ T2591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  152.252143][ T2591] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
13:43:27 executing program 2:
r0 = syz_open_procfs(0x0, &(0x7f00000003c0)='\x00\x00\x00\x00\x00egy\xc5\x8e\xcb\x1c\xf8\x8f\xca;\xa3?\xad\xae\x0f\xb5\x97ao3\xab\xcdY\x9a\xe3\xe5\xe1\xf4\x87\xac\xad\x80\xa3P\x8c\xea\x9c\xc7\x00\xeb\xf4X#\xe34\x80O]\x87\xdd\x894\xdal;w\xf8\xf8\v?v\xf0\xb8\xda=|\xa4\xba\xbbiq!\xd8g\xb7I\x12\x80')
openat$cgroup_ro(r0, &(0x7f0000000b00)='mem\x00\x01y7SwaS.\x06ur\x89\xc9B\xab\xe3\xfarent\x00\xaa\x1a\xfd\xae\v\xbf\xd8d\xbb\xaf9Q\xde\xfb\x1fY\xfb\x8do\xd1\x16\xce(\x82\xf1\xbf{5Z\x13\x15\x14\xd7\xb8\xce\xf20\x1e\xc0\xc2\xed<?\xc7\xb6s\xca\xff\x96\x9a}+Q\xd2\xd9{\xca\x86Vw\xde\xb3\x86\x91\xfd\xb5p\xdb$ j\xfb\xf8\xedw\xf4\x161a.\xc7\n\xe0X?\xc4\xf4BW\x01\x1f-\xcc\x01\xd0W\xc8\xf09\fV\x1b|A)\xb8\xda#NP\x1c\x9d\x93#V\x9f\"Kgn{\x96\xaa\xbd0\x8ef\x9d\xb88CP(}w\x8c\xbb\xdc%\ax \x10\xd1\n(\xa8=\xf54\xa9\xcb\xe9\x97T\xcf\xcf\x87t\x81\xfa\xaa\xf30\x8b\xb7\xea\xfc^\xb6\x95\x87E\x11\x89\x7f\xa0m\xd3&\tHvtD\x83\\6\xe0t\xa8\xdd\xa3\xa4\xd2\xb9\xb9{+\x1d\xa3\xd5Z;]*2\x99Os\bVW5\xe6\xe7\xdb\x95\x8d\xffY\xe0s\x7f\x9eK,\xae\xaeX\x15M@\xdd\x04`\xea\x03\xf7\x7f:\xc8HU3\xabX}\xa7S8s\xdb_\xc5\x9c\xc9Rw\x90G\xf3J\x9c\x8f\x91\xa1\xd6\x055?m\xed\x94\x9c\xb7(\x0f\xd3\xbc\xba\xc6T\xdd\x15\xf7+*Z3\x8e_Z\xa3k\xe4R\x1e\xc8\vYV\x8a\x8d\xad\x8cI\x88\fM\x19JX\x1f\xffe#|\x06\xfa86\xcb\x93\xea\xab\xcc\x864fC*I\x7fM\t7\x94}\x06\x1d\xc3\x9co-\xdd\xa6\x1b\xa8_\x1fBl\xc4:\xae\xfe4\x9e\xa9T\x91\xd9w\x05\xf8{\xd6@', 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/4\x00\xa7$\xbf\x05l\xb8\t\xd0\x06\xae\b\x86$dV\x92M%\xfd)0m6Z\x05\xae\xa7\rM\bp\xa6Q\x871B\x973\xfe\x05\x12\xf3\xd496\xf9\x1aM6\xb2|\xc5\x05\xbc\xe71g\xe4<&\xd2\xd8g\xb6\xa2U\xae\x9a\x17F\xa5xi\xe8_\xa8R\x96d\x99\xf6_E\xd0\x8f<\xa840\xd6\x84\xd0\x17\xafP\'\xdc{\b\x94\x00Y+\x18N\\\xc9\x1f\a\xf9X\x125\xb9\xd6\xbf\x1a4V\x10\xa6Uq\xceN\xeb\xa8M\xb2?\xda\xfb\xb1\x9d\x94\x13O\xab\xde\xc0t\x8c\")\x05~\x0f\xb8\xf3\xf6d\xbe\xad\xee\"\xaa\x91\x05\xcb9A\x1a\x8d&\x9e\x81\xcf\x9eWvT\x8a\xbfl\x8a\x83%\xec\x94\xfd\x90\xeb\xb3\xa3\xa8\x90\x90\xdb\xc2X\xf48\xd1\x83Eu\xe5c\xd7\xb7qe\xab\xae\xef*\x9e\x95\xde\xa0\x894r[\\\xc4?\xb7\xcfo\xdb\xbeR\xc5\xbc\xb34\xbe}\xf7n/4}\xbc.t\x94\x1c%\xcb\x93\xea\"Aa(\xd6FX\xd8\b\xd1\x10N{\xe8\xbc)\xc8\x1e6\xff\x95\xa3\xf3\x84\xf4\xa5\xe8f\xc2@\x1f7h\xb3\xd6\xab\x9a\x03\x95>V\\\xc4%T\x94M\xc7`\x83\xa1\xa0\xc8gn\xe3\xfe\xef[\xb3\xbd\x18R\x1b=\xab\x97$\x03\xaa\x84C\x0eWD\xeea\xf5\xb9\x82\xea\xbd5:\"\xf6f/\xa1\x8f%8\xa8\x1e\xcf\xb6\xa7\xe1\x1b1\x94\xc1G\xf9\xfc\xc77\x1c\x00'/370)
lseek(r1, 0x203ffffd, 0x0)
write$P9_RXATTRWALK(r1, &(0x7f0000000080)={0xf}, 0x20000357)
munlockall()

[  152.286320][ T2591] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  152.321030][ T2591] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  152.373916][ T2591] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  152.433438][ T2591] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  152.489385][ T8537] 8021q: adding VLAN 0 to HW filter on device batadv0
[  152.524829][ T8543] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
13:43:28 executing program 2:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$VT_SETMODE(r0, 0x5602, &(0x7f0000000000))

[  152.546851][ T8543] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  152.583404][   T34] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  152.610926][   T34] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
13:43:28 executing program 2:
r0 = socket$inet6(0xa, 0x80003, 0x6b)
ioctl(r0, 0x1000008912, &(0x7f00000001c0)="0805b5055e0bcfe8474071")
r1 = socket$kcm(0x10, 0x800000000002, 0x0)
writev(r1, &(0x7f0000000000)=[{&(0x7f0000ac9000)="290000002000190f00003fffffffda060200000000e80001040000040d000300ea1100028c05000081", 0x29}], 0x1)

[  152.635524][   T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  152.653853][   T34] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  152.666209][   T34] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  152.686291][   T34] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  152.698488][   T34] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
13:43:28 executing program 1:
r0 = socket(0x200000000010, 0x3, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
write(r0, &(0x7f000095c000)="2400000026007f000000000000007701000000ff0100000000000000160000000200ff10", 0x24)

[  152.751304][ T8550] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  152.763856][ T8550] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  152.785856][ T8543] 8021q: adding VLAN 0 to HW filter on device batadv0
13:43:28 executing program 0:
r0 = msgget$private(0x0, 0x0)
msgrcv(r0, 0x0, 0x0, 0x0, 0x82d159e5bedaff72)

13:43:28 executing program 2:
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r0, &(0x7f0000000040)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x1, @bcast}, 0x1c)

13:43:28 executing program 1:
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bind$bt_hci(0xffffffffffffffff, 0x0, 0x0)
openat$apparmor_task_exec(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/attr/exec\x00', 0x3, 0x0)
perf_event_open(&(0x7f0000000180)={0x6, 0x70}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000140)={0x2, 0x0, @broadcast}, 0x10)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fe, 0x0, 0x0)
dup3(0xffffffffffffffff, r0, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)

[  152.934505][   T40] audit: type=1400 audit(1577367808.499:48): avc:  denied  { open } for  pid=8587 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1
13:43:28 executing program 0:
r0 = msgget$private(0x0, 0x0)
msgrcv(r0, 0x0, 0x0, 0x3, 0x82d159e5bedaff72)

13:43:28 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x10, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="850000003c000000d4000000200000009500000000000000163bca9c282850d64746f6f1e19ac11b82ef95761575cbc2d019107f5e2f30d6213675903926fc1ff20116cd009826be3ea2e89584456f30a19670753cf3abe8562ae6e39a290aad6452cedc6b0fb3a73337073d9aedb4e9991040ac774caa20acf84774c7a27b6b47961f8ff88baae8b5"], &(0x7f0000000240)='GPL\x00', 0x1, 0x348, &(0x7f0000000280)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff60}, 0x48)

13:43:28 executing program 2:
r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
connect$rose(r0, &(0x7f0000000040)=@short={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x1, @bcast}, 0x1c)

[  153.016024][   T40] audit: type=1400 audit(1577367808.519:49): avc:  denied  { kernel } for  pid=8587 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1
13:43:28 executing program 0:
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = fcntl$dupfd(r0, 0x0, r1)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000500)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030000000000000000000000ffffffffe00000010000000000000000e40000000100ebffffffbd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c001080200000000000000000000000000000000000000005001686173686c696d6974000000000000000000000000000000000000000002726f73653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffffffffffff000000000000000000000000030000000700000000000000000000000000000048004354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000004a0d00000000000000000000000000000000000000200000000000000000000000000400000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b1200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x1)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000100), 0x10)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0xc)
r3 = memfd_create(&(0x7f0000000100)='wlan1\x00', 0x0)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r3, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0xfffffffffffffffd, {0x4000001}, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00*\x0e\xc3=.\x13\xcbx\x95*\xeeX\x9fcy\xa49\xf6\x8f\x82^\x19\xa9\xcd+\b\x9f\xc6,\xa0\xf0\xff\x9dO\x06\xc9\x15\xda\xa4\x7fh\xd4\xe8C\xdeKUrR\xf4\x9c\x87\xee\xd2\xfb\xdfs\xd0G\x91\x02\x15Z\xa8\x1ad\xadY\x13\x14mg\xc9\x00\x16\xa4\xc48\x06u\x1e:\xd4Y?\xd8P\xe8reP\xffv\xd6\x12\x85N1\n\f\xb0\x1e\xe7\xffD\x1aS\xbf0\x80\xff\xff7V\xcc5\x96W\x14J\xe2\x93\xe3\xc6A7\xd8\xec\xb2m\xf5\x16-\x1b\xbd\x11\x1aYg\xe0\xa7\xd19\a')
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000140)='net/ip_tables_targets\x00')

13:43:28 executing program 3:
r0 = socket(0x200000000010, 0x3, 0x0)
write(r0, &(0x7f000095c000)="2400000026007f000000000000007701000000ff0100000000000000160000000200ff10", 0x24)

13:43:28 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
poll(&(0x7f0000000000)=[{}, {}, {r1}], 0x3, 0x4e)
recvfrom$inet(r0, 0x0, 0xa7573e4c, 0x0, 0x0, 0x800e00670)
shutdown(r0, 0x0)

[  153.100898][   T40] audit: type=1400 audit(1577367808.599:50): avc:  denied  { prog_load } for  pid=8597 comm="syz-executor.3" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1
13:43:28 executing program 3:
mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0)
r0 = open$dir(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
setxattr$security_selinux(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='security.selinux\x00', &(0x7f0000000380)='system_u:object_r:logrotate_var_lib_t:s0\x00', 0x29, 0x0)
getdents64(r0, &(0x7f00000002c0)=""/91, 0x5b)

13:43:28 executing program 1:
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000300), 0x4)
sendmmsg(r0, &(0x7f0000001080)=[{{&(0x7f0000000040)=@hci={0x1f, 0x0, 0x1}, 0x80, 0x0}}], 0x1, 0x0)

[  153.269778][    C0] hrtimer: interrupt took 34265 ns
13:43:28 executing program 2:
r0 = socket$rds(0x15, 0x5, 0x0)
ppoll(&(0x7f0000000000)=[{r0}], 0x1, &(0x7f0000000100)={0x0, 0x1c9c380}, 0x0, 0x0)

13:43:28 executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x10, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="8500000006000000d4000000200000009500000000000000163bca9c282850d64746f6f1e19ac11b82ef95761575cbc2d019107f5e2f30d6213675903926fc1ff20116cd009826be3ea2e89584456f30a19670753cf3abe8562ae6e39a290aad6452cedc6b0fb3a73337073d9aedb4e9991040ac774caa20acf84774c7a27b6b47961f8ff88baae8b5"], &(0x7f0000000240)='GPL\x00', 0x1, 0x348, &(0x7f0000000280)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff60}, 0x48)

[  153.293438][   T40] audit: type=1400 audit(1577367808.859:51): avc:  denied  { map } for  pid=8603 comm="syz-executor.0" path=2F6D656D66643A776C616E31202864656C6574656429 dev="tmpfs" ino=37873 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:tmpfs_t:s0 tclass=file permissive=1
[  153.313785][ T8629] 
[  153.313792][ T8629] **********************************************************
[  153.313795][ T8629] **   NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE   **
[  153.313799][ T8629] **                                                      **
13:43:29 executing program 2:
bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback, 0xfffffffe}, 0xfffffffffffffe3c)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0)
r0 = creat(&(0x7f0000000040)='./file0/bus\x00', 0x6857b21ff1155d90)
fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1})
r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
write$P9_RREADLINK(r2, &(0x7f00000006c0)=ANY=[@ANYBLOB="ffd9531c1969fc15009c5b7213f6012f66b000000000e00700ffffffff6b6f"], 0x1f)
sendfile(r2, r2, &(0x7f0000000240), 0x7fff)
ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, &(0x7f0000000440)={0x0, 0xffff, 0x2, 0x0, 0x1, [{}]})
syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00')
shutdown(0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)

[  153.313802][ T8629] ** trace_printk() being used. Allocating extra memory.  **
[  153.313806][ T8629] **                                                      **
[  153.313809][ T8629] ** This means that this is a DEBUG kernel and it is     **
[  153.313812][ T8629] ** unsafe for production use.                           **
[  153.313816][ T8629] **                                                      **
[  153.313819][ T8629] ** If you see this message and you are not debugging    **
[  153.313823][ T8629] ** the kernel, report this immediately to your vendor!  **
[  153.313826][ T8629] **                                                      **
[  153.313830][ T8629] **   NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE   **
[  153.313833][ T8629] **********************************************************
[  154.115001][ T8639] 
[  154.118256][ T8639] **********************************************************
[  154.128134][ T8639] **   NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE   **
[  154.137522][ T8639] **                                                      **
[  154.146698][ T8639] ** trace_printk() being used. Allocating extra memory.  **
[  154.155989][ T8639] **                                                      **
[  154.165663][ T8639] ** This means that this is a DEBUG kernel and it is     **
[  154.175117][ T8639] ** unsafe for production use.                           **
[  154.185006][ T8639] **                                                      **
[  154.195003][ T8639] ** If you see this message and you are not debugging    **
[  154.205052][ T8639] ** the kernel, report this immediately to your vendor!  **
[  154.215655][ T8639] **                                                      **
[  154.228648][ T8639] **   NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE   **
[  154.239890][ T8639] **********************************************************
13:43:31 executing program 2:
bind$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x0, @loopback, 0xfffffffe}, 0xfffffffffffffe3c)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x50, 0x0)
r0 = creat(&(0x7f0000000040)='./file0/bus\x00', 0x6857b21ff1155d90)
fcntl$lock(r0, 0x7, &(0x7f0000027000)={0x1})
r1 = open(&(0x7f0000021000)='./file0\x00', 0x0, 0x0)
fchdir(r1)
r2 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0)
write$P9_RREADLINK(r2, &(0x7f00000006c0)=ANY=[@ANYBLOB="ffd9531c1969fc15009c5b7213f6012f66b000000000e00700ffffffff6b6f"], 0x1f)
sendfile(r2, r2, &(0x7f0000000240), 0x7fff)
ioctl$FS_IOC_FIEMAP(0xffffffffffffffff, 0xc020660b, &(0x7f0000000440)={0x0, 0xffff, 0x2, 0x0, 0x1, [{}]})
syz_genetlink_get_family_id$ipvs(&(0x7f0000000180)='IPVS\x00')
shutdown(0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)

13:43:31 executing program 0:
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = fcntl$dupfd(r0, 0x0, r1)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000500)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030000000000000000000000ffffffffe00000010000000000000000e40000000100ebffffffbd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c001080200000000000000000000000000000000000000005001686173686c696d6974000000000000000000000000000000000000000002726f73653000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffffffffffff000000000000000000000000030000000700000000000000000000000000000048004354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000004a0d00000000000000000000000000000000000000200000000000000000000000000400000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b1200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x1)
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000100), 0x10)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000180), &(0x7f00000001c0)=0xc)
r3 = memfd_create(&(0x7f0000000100)='wlan1\x00', 0x0)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r3, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0xfffffffffffffffd, {0x4000001}, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00*\x0e\xc3=.\x13\xcbx\x95*\xeeX\x9fcy\xa49\xf6\x8f\x82^\x19\xa9\xcd+\b\x9f\xc6,\xa0\xf0\xff\x9dO\x06\xc9\x15\xda\xa4\x7fh\xd4\xe8C\xdeKUrR\xf4\x9c\x87\xee\xd2\xfb\xdfs\xd0G\x91\x02\x15Z\xa8\x1ad\xadY\x13\x14mg\xc9\x00\x16\xa4\xc48\x06u\x1e:\xd4Y?\xd8P\xe8reP\xffv\xd6\x12\x85N1\n\f\xb0\x1e\xe7\xffD\x1aS\xbf0\x80\xff\xff7V\xcc5\x96W\x14J\xe2\x93\xe3\xc6A7\xd8\xec\xb2m\xf5\x16-\x1b\xbd\x11\x1aYg\xe0\xa7\xd19\a')
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000140)='net/ip_tables_targets\x00')

[  155.581834][ T8629] ------------[ cut here ]------------
[  155.597612][ T8629] WARNING: CPU: 3 PID: 8629 at kernel/tracepoint.c:243 tracepoint_probe_register_prio+0x217/0x790
[  155.622654][ T8629] Kernel panic - not syncing: panic_on_warn set ...
[  155.628007][ T4286] kobject: 'loop2' (00000000d4163c3a): fill_kobj_path: path = '/devices/virtual/block/loop2'
[  155.628154][ T8629] CPU: 3 PID: 8629 Comm: syz-executor.3 Not tainted 5.5.0-rc3-syzkaller #0
[  155.628154][ T8629] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014
[  155.628154][ T8629] Call Trace:
[  155.628154][ T8629]  dump_stack+0x197/0x210
[  155.628154][ T8629]  ? tracepoint_probe_register_prio+0x130/0x790
[  155.628154][ T8629]  panic+0x2e3/0x75c
[  155.628154][ T8629]  ? add_taint.cold+0x16/0x16
[  155.628154][ T8629]  ? printk+0xba/0xed
[  155.628154][ T8629]  ? kmsg_dump_rewind_nolock+0xe4/0xe4
[  155.628154][ T8629]  ? __warn.cold+0x14/0x3e
[  155.628154][ T8629]  ? tracepoint_probe_register_prio+0x217/0x790
[  155.628154][ T8629]  __warn.cold+0x2f/0x3e
[  155.628154][ T8629]  ? report_bug.cold+0x63/0xb2
[  155.628154][ T8629]  ? tracepoint_probe_register_prio+0x217/0x790
[  155.628154][ T8629]  report_bug+0x289/0x300
[  155.628154][ T8629]  do_error_trap+0x11b/0x200
[  155.628154][ T8629]  do_invalid_op+0x37/0x50
[  155.628154][ T8629]  ? tracepoint_probe_register_prio+0x217/0x790
[  155.628154][ T8629]  invalid_op+0x23/0x30
[  155.628154][ T8629] RIP: 0010:tracepoint_probe_register_prio+0x217/0x790
[  155.628154][ T8629] Code: 48 89 f8 48 c1 e8 03 80 3c 08 00 0f 85 bf 04 00 00 48 8b 45 b8 49 3b 45 08 0f 85 21 ff ff ff 41 bd ef ff ff ff e8 09 7c fe ff <0f> 0b e8 02 7c fe ff 48 c7 c7 20 d7 9d 89 e8 26 2c 51 06 44 89 e8
[  155.628154][ T8629] RSP: 0018:ffffc90000b97468 EFLAGS: 00010246
[  155.628154][ T8629] RAX: 0000000000040000 RBX: ffffffff8a754a00 RCX: ffffc90020604000
[  155.628154][ T8629] RDX: 0000000000040000 RSI: ffffffff8176b1e7 RDI: ffff888027595298
[  155.628154][ T8629] RBP: ffffc90000b974c0 R08: ffff888060fbc380 R09: fffffbfff133bae5
[  155.628154][ T8629] R10: ffffc90000b97458 R11: ffffffff899dd727 R12: ffff888027595290
[  155.628154][ T8629] R13: 00000000ffffffef R14: 00000000ffffffff R15: ffffffff817ab4b0
[  155.628154][ T8629]  ? probe_sched_switch+0xa0/0xa0
[  155.628154][ T8629]  ? tracepoint_probe_register_prio+0x217/0x790
[  155.628154][ T8629]  ? tracepoint_probe_register_prio+0x217/0x790
[  155.628154][ T8629]  ? probe_sched_switch+0xa0/0xa0
[  155.628154][ T8629]  ? probe_sched_switch+0xa0/0xa0
[  155.628154][ T8629]  tracepoint_probe_register+0x2b/0x40
[  155.628154][ T8629]  tracing_start_sched_switch+0xa8/0x190
[  155.628154][ T8629]  tracing_start_cmdline_record+0x13/0x20
[  155.628154][ T8629]  trace_printk_init_buffers.cold+0xdf/0xe9
[  155.628154][ T8629]  bpf_get_trace_printk_proto+0xe/0x20
[  155.628154][ T8629]  bpf_base_func_proto+0x199/0x1b0
[  155.628154][ T8629]  ? sk_skb_func_proto+0xd0/0xd0
[  155.628154][ T8629]  sk_msg_func_proto+0x3b/0xc0
[  155.628154][ T8629]  check_helper_call+0x143/0x4940
[  155.628154][ T8629]  ? print_bpf_insn+0x4d7/0x1800
[  155.628154][ T8629]  ? check_cond_jmp_op+0x3cf0/0x3cf0
[  155.628154][ T8629]  ? func_id_name+0x80/0x80
[  155.628154][ T8629]  ? memset+0x32/0x40
[  155.628154][ T8629]  ? tnum_const+0xe/0x20
[  155.628154][ T8629]  ? btf_check_func_arg_match+0x77b/0xa70
[  155.628154][ T8629]  ? __mark_reg_known+0x4a/0x100
[  155.628154][ T8629]  do_check+0x6258/0x8b20
[  155.628154][ T8629]  ? find_held_lock+0x35/0x130
[  155.628154][ T8629]  ? debug_check_no_obj_freed+0x20a/0x43f
[  155.628154][ T8629]  ? spin_dump+0x100/0x110
[  155.628154][ T8629]  ? check_helper_call+0x4940/0x4940
[  155.628154][ T8629]  ? bpf_verifier_log_write+0x270/0x270
[  155.628154][ T8629]  ? kfree+0x226/0x2c0
[  155.628154][ T8629]  ? lockdep_hardirqs_on+0x421/0x5e0
[  155.628154][ T8629]  ? trace_hardirqs_on+0x67/0x240
[  155.628154][ T8629]  ? kvfree+0x61/0x70
[  155.628154][ T8629]  bpf_check+0x73d9/0xa9ef
[  155.628154][ T8629]  ? __lock_acquire+0x16f2/0x4a00
[  155.628154][ T8629]  ? do_check+0x8b20/0x8b20
[  155.628154][ T8629]  ? rcu_read_lock_any_held.part.0+0x50/0x50
[  155.628154][ T8629]  ? lock_downgrade+0x920/0x920
[  155.628154][ T8629]  ? ktime_get_with_offset+0x135/0x360
[  155.628154][ T8629]  ? bpf_prog_load+0xd9c/0x18f0
[  155.628154][ T8629]  ? ktime_get_with_offset+0x135/0x360
[  155.628154][ T8629]  ? lockdep_hardirqs_on+0x421/0x5e0
[  155.628154][ T8629]  ? trace_hardirqs_on+0x67/0x240
[  155.628154][ T8629]  ? calibrate_delay+0x805/0xd72
[  155.628154][ T8629]  ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20
[  155.628154][ T8629]  ? bpf_obj_name_cpy+0x13f/0x190
[  155.628154][ T8629]  bpf_prog_load+0xe36/0x18f0
[  155.628154][ T8629]  ? bpf_prog_new_fd+0x60/0x60
[  155.628154][ T8629]  ? lock_downgrade+0x920/0x920
[  155.628154][ T8629]  ? selinux_bpf+0xee/0x140
[  155.628154][ T8629]  ? __sanitizer_cov_trace_const_cmp4+0x16/0x20
[  155.628154][ T8629]  ? security_bpf+0x8b/0xc0
[  155.628154][ T8629]  __do_sys_bpf+0xa48/0x3810
[  155.628154][ T8629]  ? bpf_prog_load+0x18f0/0x18f0
[  155.628154][ T8629]  ? __kasan_check_read+0x11/0x20
[  155.628154][ T8629]  ? _copy_to_user+0x118/0x160
[  155.628154][ T8629]  ? __sanitizer_cov_trace_const_cmp8+0x18/0x20
[  155.628154][ T8629]  ? put_timespec64+0xda/0x140
[  155.628154][ T8629]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  155.628154][ T8629]  ? do_syscall_64+0x26/0x790
[  155.628154][ T8629]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  155.628154][ T8629]  ? do_syscall_64+0x26/0x790
[  155.628154][ T8629]  __x64_sys_bpf+0x73/0xb0
[  155.628154][ T8629]  do_syscall_64+0xfa/0x790
[  155.628154][ T8629]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  155.628154][ T8629] RIP: 0033:0x45a9e9
[  155.628154][ T8629] Code: bd b1 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 8b b1 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  155.664517][ T4286] kobject: 'loop0' (00000000b8f6af3b): kobject_uevent_env
[  155.679253][ T8629] RSP: 002b:00007f5718bf4c88 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  155.679253][ T8629] RAX: ffffffffffffffda RBX: 000000000072bf00 RCX: 000000000045a9e9
[  155.679253][ T8629] RDX: 0000000000000048 RSI: 0000000020000100 RDI: 0000000000000005
[  155.679253][ T8629] RBP: 0000000000000003 R08: 0000000000000000 R09: 0000000000000000
[  155.679253][ T8629] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5718bf56d4
[  155.679253][ T8629] R13: 00000000004a7f9e R14: 00000000006e8968 R15: 00000000ffffffff
[  155.679253][ T8629] Kernel Offset: disabled
[  155.679253][ T8629] Rebooting in 86400 seconds..