[ OK ] Found device /dev/ttyS0. [ OK ] Started System Logging Service. [ OK ] Started Getty on tty2. [ OK ] Started Getty on tty1. [ OK ] Started Serial Getty on ttyS0. Debian GNU/Linux 9 syzkaller ttyS0 Warning: Permanently added '10.128.10.3' (ECDSA) to the list of known hosts. 2020/09/09 04:25:56 fuzzer started 2020/09/09 04:25:57 dialing manager at 10.128.0.26:37991 2020/09/09 04:25:58 syscalls: 3315 2020/09/09 04:25:58 code coverage: enabled 2020/09/09 04:25:58 comparison tracing: enabled 2020/09/09 04:25:58 extra coverage: enabled 2020/09/09 04:25:58 setuid sandbox: enabled 2020/09/09 04:25:58 namespace sandbox: enabled 2020/09/09 04:25:58 Android sandbox: enabled 2020/09/09 04:25:58 fault injection: enabled 2020/09/09 04:25:58 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/09/09 04:25:58 net packet injection: enabled 2020/09/09 04:25:58 net device setup: enabled 2020/09/09 04:25:58 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/09/09 04:25:58 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/09/09 04:25:58 USB emulation: enabled 2020/09/09 04:25:58 hci packet injection: enabled 04:30:35 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_io_uring_setup(0x87, &(0x7f0000000080), &(0x7f0000ee7000/0x2000)=nil, &(0x7f00006d4000/0x4000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000040)=0x0) syz_open_dev$tty20(0xc, 0x4, 0x1) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_MADVISE={0x19, 0x0, 0x0, 0x0, 0x0, &(0x7f00006d7000/0x1000)=nil, 0x1000}, 0x0) io_uring_enter(r2, 0x450c, 0x0, 0x0, 0x0, 0x0) syzkaller login: [ 451.161946][ T28] audit: type=1400 audit(1599625835.033:8): avc: denied { execmem } for pid=8493 comm="syz-executor.0" scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:system_r:kernel_t:s0 tclass=process permissive=1 [ 452.573626][ T8494] IPVS: ftp: loaded support on port[0] = 21 [ 452.986814][ T8494] chnl_net:caif_netlink_parms(): no params data found [ 453.183102][ T8494] bridge0: port 1(bridge_slave_0) entered blocking state [ 453.191825][ T8494] bridge0: port 1(bridge_slave_0) entered disabled state [ 453.203090][ T8494] device bridge_slave_0 entered promiscuous mode [ 453.270509][ T8494] bridge0: port 2(bridge_slave_1) entered blocking state [ 453.279551][ T8494] bridge0: port 2(bridge_slave_1) entered disabled state [ 453.290305][ T8494] device bridge_slave_1 entered promiscuous mode [ 453.376401][ T8494] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 453.401193][ T8494] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 453.479770][ T8494] team0: Port device team_slave_0 added [ 453.499680][ T8494] team0: Port device team_slave_1 added [ 453.553829][ T8494] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 453.561350][ T8494] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 453.587643][ T8494] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 453.612146][ T8494] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 453.620975][ T8494] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 453.647478][ T8494] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 453.741325][ T8494] device hsr_slave_0 entered promiscuous mode [ 453.753556][ T8494] device hsr_slave_1 entered promiscuous mode [ 454.103885][ T8494] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 454.140607][ T8494] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 454.179585][ T8494] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 454.218559][ T8494] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 454.547743][ T3475] Bluetooth: hci0: command 0x0409 tx timeout [ 454.567301][ T8494] 8021q: adding VLAN 0 to HW filter on device bond0 [ 454.611911][ T3225] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 454.621322][ T3225] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 454.652588][ T8494] 8021q: adding VLAN 0 to HW filter on device team0 [ 454.681292][ T3225] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 454.693289][ T3225] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 454.703069][ T3225] bridge0: port 1(bridge_slave_0) entered blocking state [ 454.710486][ T3225] bridge0: port 1(bridge_slave_0) entered forwarding state [ 454.731994][ T3225] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 454.746299][ T3475] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 454.756606][ T3475] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 454.766565][ T3475] bridge0: port 2(bridge_slave_1) entered blocking state [ 454.774133][ T3475] bridge0: port 2(bridge_slave_1) entered forwarding state [ 454.841775][ T3475] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 454.853581][ T3475] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 454.865018][ T3475] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 454.876258][ T3475] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 454.948480][ T8494] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 454.959047][ T8494] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 454.980362][ T3475] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 454.991004][ T3475] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 455.002056][ T3475] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 455.012893][ T3475] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 455.022804][ T3475] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 455.033703][ T3475] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 455.043799][ T3475] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 455.072656][ T3475] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 455.125921][ T8715] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 455.133989][ T8715] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 455.174279][ T8494] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 455.252037][ T8715] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 455.262482][ T8715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 455.336291][ T8715] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 455.346878][ T8715] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 455.362120][ T8715] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 455.371876][ T8715] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 455.411073][ T8494] device veth0_vlan entered promiscuous mode [ 455.453369][ T8494] device veth1_vlan entered promiscuous mode [ 455.545809][ T3475] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 455.555939][ T3475] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 455.566358][ T3475] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 455.576752][ T3475] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 455.597827][ T8494] device veth0_macvtap entered promiscuous mode [ 455.649108][ T8494] device veth1_macvtap entered promiscuous mode [ 455.717920][ T8494] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 455.728773][ T3475] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 455.738544][ T3475] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 455.749230][ T3475] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 455.760062][ T3475] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 455.787033][ T8494] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 455.795382][ T8715] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 455.806380][ T8715] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 04:30:40 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) set_mempolicy(0x4001, &(0x7f0000000140)=0x100000000000001, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00') readv(r0, &(0x7f00000012c0)=[{&(0x7f0000001400)=""/4110, 0x100e}], 0x1) [ 456.629067][ T3475] Bluetooth: hci0: command 0x041b tx timeout 04:30:40 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = fcntl$dupfd(r2, 0x0, r3) setsockopt$IPT_SO_SET_REPLACE(r4, 0x4000000000000, 0x40, &(0x7f0000000640)=@raw={'raw\x00', 0xc01, 0x3, 0x2d0, 0x0, 0x5002004a, 0x0, 0x118, 0x0, 0x238, 0x3c8, 0x3c8, 0x238, 0x3c8, 0x3, 0x0, {[{{@ip={@private, @empty, 0x0, 0x0, 'vlan0\x00', 'gretap0\x00'}, 0x0, 0xb0, 0x118, 0x0, {}, [@common=@set={{0x40, 'set\x00'}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'syz1\x00', 'syz0\x00'}}}, {{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x60], 0x0, 0xb8, 0x120, 0x0, {}, [@common=@unspec=@helper={{0x48, 'helper\x00'}, {0x0, 'amanda\x00'}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00', 'syz1\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x330) 04:30:41 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x2}, 0x0, 0x7ff, 0x401, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$sndseq(0xffffffffffffffff, &(0x7f00000003c0)=[{0x0, 0x23, 0x0, 0x0, @time, {0x3}, {0x0, 0x2}, @raw8={"a357b6b140cbb60000fd985d"}}], 0x1c) r0 = getpid() write$P9_RCREATE(0xffffffffffffffff, &(0x7f0000000280)={0x18, 0x73, 0x1, {{0x4, 0x2, 0x5}, 0x3}}, 0x18) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) sched_setscheduler(r0, 0x5, &(0x7f00000002c0)) dup(0xffffffffffffffff) clone(0xe1004d7c, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2e, 0x0, 0x0) syz_genetlink_get_family_id$fou(&(0x7f0000000200)='fou\x00') pipe(0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$KVM_SET_ONE_REG(0xffffffffffffffff, 0x4010aeac, &(0x7f0000000000)={0x4}) bind$xdp(0xffffffffffffffff, 0x0, 0x0) pipe2(&(0x7f00000000c0), 0x80000) bind$inet6(0xffffffffffffffff, &(0x7f00000001c0)={0xa, 0x4e20, 0x2, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x7f}, 0x1c) getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x8, &(0x7f0000000100), &(0x7f0000000140)=0x4) perf_event_open(&(0x7f0000001340)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) [ 457.286056][ C0] hrtimer: interrupt took 52975 ns [ 457.351346][ T8751] IPVS: ftp: loaded support on port[0] = 21 [ 457.941019][ T8773] IPVS: ftp: loaded support on port[0] = 21 04:30:42 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getsockname$packet(r2, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=@newlink={0x40, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, r4, 0x3}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LINK={0x8, 0x1, r3}, @IFLA_IPTUN_REMOTE={0x8, 0x3, @multicast1}]}}}]}, 0x40}}, 0x0) sendmmsg$inet(r0, 0x0, 0x0, 0x0) [ 458.708448][ T3475] Bluetooth: hci0: command 0x040f tx timeout 04:30:42 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @local}, 0x10) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) 04:30:42 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(0xffffffffffffffff, 0x3) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000002180)=@newtaction={0xe80, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0xe6c, 0x1, [@m_pedit={0xe68, 0x1, 0x0, 0x0, {{0xa, 0x1, 'pedit\x00'}, {0xe3c, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x18, 0x5, 0x0, 0x1, [{0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x5}]}]}, @TCA_PEDIT_PARMS={0xe20, 0x2, {{{}, 0x1}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe80}}, 0x0) [ 459.194179][ T8810] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 459.230174][ T8811] netlink: 'syz-executor.0': attribute type 1 has an invalid length. 04:30:43 executing program 0: r0 = openat$nvme_fabrics(0xffffff9c, &(0x7f00000000c0)='/dev/nvme-fabrics\x00', 0x103800, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r3, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000015c0)=ANY=[@ANYBLOB="b80c00002c00270d00"/20, @ANYRES32=r3, @ANYBLOB="00000000000000000e0000000a0001006261736963000000880c0200840c0400080005000300000004040300020000000300000002000000070000002000000001000000000800000000000027000000ff7f000080000000000000007a000000080000004c000000ffffff7f0800000000ffffff0600000000000000070000001f00000001010000040000000300000007000000040000000500000074070000222b00007f000000eb0200000300000009000000050000000300000001000000f8ffffff1f00000000800000c100000020000000ff010000feffffffaa0c00000700000000e5000006000000ff01000005000000020000000300000003000000920000000000000000010000fbffffff030000005d5f000007000000040000001f00000004000000ff0700008100000001010000090000000800000001f0ffff6c00000000000000ff0f0000030000000000000000000000070000000500000006000000010000800000000005000000ffffffff010000000900000001000080050000000200000004000000ff01000000000000ff0a0000070000007f00000032060000dd3c0000ff0700000001000036000000000400000900000003000000030000000001000063d900003b7b00000300000093a8000006000000010000000800000006000000020000000500000079020000070000000300000006000000060000000800000007000000010000000200000008000000040000000100008008000000fa00000007000000ff0f000007000000200000000600000005000000010000007f000000ff010000070000000800000003000000ff7f000004000000fcffffff0200000007000000010000800500000005000000b4830000080000000300000000080000000000003200000005000000e108000008000000000000004000000000000000f3000000040000008000000003000000041500000000010000000000fbffffff0600000007000000080000000500000004000000ffffffff070000000100000001000000010000000700000000800000ffff00000900000005000000260000000000000002000000070000000100000009000000020000000700000007000000ff01000000000000000000000500000001040000000000800200000004000000800000000300000002000000ff00000020000000680000003a00000008000000ff01000005000000150a0000f1000000957fe162ff07000004000000000400000500000078000000c80300000200000000800000ff0f0000ff7f000003000000bf000000000000800100000004000000020000000800000000000080feffffff00001000fbffffff4000000003000000200100000300000001800000010000000000000000000000a48d000003000000030000000500000005000000810000000100000007000000860b0000000100000500000009000000001000000000000000080000080005008694000008000500ad00000008000400790500000c00080006000000000000003c000100000000000000002006000000000000800300000080010900003805000900000006019107390c0080ff7f0000090000000001000001010000040402"], 0xcb8}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDPRL(r0, 0x89f5, &(0x7f0000000180)={'syztnl0\x00', &(0x7f0000000100)={'ip6tnl0\x00', r3, 0x4, 0xff, 0x9, 0x1, 0x25, @loopback, @private2, 0x8000, 0x8, 0x9, 0x3f}}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r0, 0xc0605345, &(0x7f0000000340)={0x7, 0x0, {0x3, 0x1, 0x6, 0x3, 0x6}, 0x4}) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="3cab00000000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800a0001006366687369000000fbfc02800800020000000000"], 0x3c}}, 0x0) [ 459.523000][ T8815] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 459.595857][ T8816] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. 04:30:43 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2011815, 0x0) syz_mount_image$ext4(&(0x7f0000000100)='ext3\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x1008c20, &(0x7f0000000080)) ioctl$VIDIOC_S_TUNER(0xffffffffffffffff, 0x4054561e, &(0x7f0000000140)={0xffffff80, "eed6f2ec7b9a8f5278697f7e447afe3df56f7b78a55e06003012d595cac9823c", 0x1, 0x2, 0x7f, 0x81, 0x4, 0x0, 0x1, 0x1fffc000}) [ 460.095421][ T8825] EXT4-fs (sda1): re-mounted. Opts: ,errors=continue [ 460.123256][ T8826] EXT4-fs (sda1): re-mounted. Opts: ,errors=continue 04:30:44 executing program 0: mq_open(&(0x7f0000000100)='%\\D],}-\x00', 0x2, 0x10, &(0x7f0000000140)={0x9, 0x6, 0x7ff, 0x79}) mknod$loop(&(0x7f0000000040)='./file0\x00', 0x0, 0x1) clone(0x26100900, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, &(0x7f00000000c0)={@local}) mount(&(0x7f0000000180)=ANY=[@ANYBLOB="2f6465762f6d643000abf3b8703dea0832163287e780346aee4bcd5dfb744c0e356d3bcfd3afddbb92ac177357ffc4e40199f819adc9366bd4e14716b4f2a6367f737fe8053384ac815fb0c41b44687b9a"], &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='f2fs\x00', 0x0, 0x0) [ 460.450905][ T8830] F2FS-fs (md0): Unable to read 1th superblock [ 460.458746][ T8830] F2FS-fs (md0): Unable to read 2th superblock [ 460.481513][ T8832] F2FS-fs (md0): Unable to read 1th superblock [ 460.489137][ T8832] F2FS-fs (md0): Unable to read 2th superblock 04:30:44 executing program 0: seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x5, &(0x7f0000000000)=[{0x401, 0x3, 0x35, 0xc1}, {0x0, 0x9, 0x1, 0x14400000}, {0x1ff, 0x1f, 0x8, 0x461}, {0x3ff, 0x3, 0x9}, {0x3, 0x5, 0x9, 0x8c}]}) r0 = syz_io_uring_complete(0x0) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r0, 0x81785501, &(0x7f0000000080)=""/20) arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000140)) pidfd_open(0xffffffffffffffff, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) ftruncate(r1, 0x2) read$midi(r1, &(0x7f0000000040)=""/20, 0x14) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0) fstatfs(r1, &(0x7f00000000c0)=""/71) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) ftruncate(r2, 0x2) read$midi(r2, &(0x7f0000000040)=""/20, 0x14) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r2, 0x0) pwritev(r2, &(0x7f0000001300)=[{&(0x7f0000000180)="cdc8a96113fa", 0x6}, {&(0x7f0000000200)="e8344d3e0202d65c95cae9ef6fd481e494f7cc4ac848a4a9aeb10dcbb117df680843028b59001f50b1bfbd34ac31b2d21ee831e786f3e204d5fde7f8ca145f9fec364fc834f15b4b7b8c6fbc278f2e70d25a027a86362a63720269ce949cd82331aa710f718683aa8dd57d8fe75ad4fd3fbdd0c7b1e63ba5a139c77d572449c1d0f370b7d2fe8920f9ca5546339f0bb2ca6592c0727ff7382646e2668361592a47ac9bd447ff2b4a57b7fe28b08a3d82c0f126794c66ccb6fd569506a7c251f55ca6d990e2fcd773de0291509770739f6f22f962797cafcefab9ddccb619a27a71e0a0aaf7677d7e40a407e2d4dc65878b5033cf1e970af9f5493e9eef58e6d9c380b27a31a2c00d51734de505fb84c6da928b5429f81111db14e5a3b5186605a5dff01e152c22790fed70dbead75785b857710dd8015f3ac84b6f40e9e30ef6a29966d575ff052296754c4d0cd14c0eb82db56a37094ce3ba9d518cd784dde42130ab60376909d2ef6f9f58d2810a0b5b4400556d8d048855909911a77c25331ae48cb985efd9c939e92bf834e4a339e127aca11fcf82bc1cac3ec45098364c0481838de2be3af1b8af763a06ed0ff0c170c35136de0244f167ae0d36b567e1c1a14249fc82e2c1f6f6cb2e3dcc2ddcda87846ee9483ed2a7b37a85fad7cccc595a77b1085731f88f164ea2893b1fb0e8b3d7fee10a7a8b04d106544b025561e53a153b15e282e44eafd829095842e0b8393866b3f70ada152161a5c296f04203432f508a132685f9eb31f5fdd96309435d462b3d8985b9203b6292d82da02435dec0579abe48fff2a7a46a1a7bae95ef59489d427bcdcdcbf8884723ec253543066cb86d0e65e2aea48cc060586871dcee7a73a8dc12b783fd3a5170b2ea134e5ecf59568dddb64813c445425a4e441c4ccb12ac67f4aec721e2f60c9483907031f0e0937b1afe498c6865537f0809a607fb09c30c21adf4227d0ad7de10409a327f35d7b9888f1a6ef796680bb2a79f9268f430372784fbbe742252868dfed04b3e566d7268389cfdfaad2506899631eb1be9300090583f727dd204e365665d83881ffe0d55d14203fab7de898516520bb462a1e199803ae4b57feb5b4d9e8791c91a638b6ae9dda771f91535365f65fda6a8cc3ae2203ed7b7e70f9f53d4eae3073d93bb08c55e281d366e3db42c7469addeeea4b83d48304694c200557215a1d37a4002891e4119dd8e42a8b200c8cf5a96b17f2040f6934742d9c65e0d50cd0c90a0cb5521a4f4d82528c738a36ac06ca85bb6c7a601b753ae285050f0de82214012b28a8b24146feec859a23cbd259b28e9df5ed59c9a183fe930642a3951683372cddf111c947a508ce1ea6c849a88edc2db42de1fb37f9f138d3ecc8c2c4beee40901616d27b6a807f6bf6e267cec5e25f02f85e4dbc14a465c528e18b478fda86bf24907b5ad83bf14d327d720d5befd00524639f111306c466b47b89554b0e484a390760612f24c193828250b00b263a15e129c572c6cd0e2018fbadcaeae00fe3272378c7a40232e503c87c2e2e9480d470d97647c6939c49f99678aa4c3c1718906ed205a4fec04e00dac4e0887724add9e3fa3bea02533eab643f720e5a9d704192b2889451b3cd0a16b97f94a192685765d0786b053c9ec6d812b170667a3b5b94da6226e2ad7e63f4a261f64bcdf805683ac5b92daee8ee6422ade08374ec20d79295b799852a14018b4c5100f8584630f57e5eb0377f538cb54f4df7ba0918af2e4f9c2f962d25a18573ff855d9b8c8834f1dc33d8b8630a0165c7fd940ef78114d4014ca4e65f89514be3c0aca18e66b85bf8461d0546e595755ac78868f6cb53187793c1eee0ad9208984e80c089e4eeb286579d918087363616d25cbdafb0f960552725a79337ad6c6dfaf915772e5b45f7e248994adbf10e2e1f69edf8910911b5bf2bedaf2a51bec46a45bf2c4eba2a046ab3aa3679f75696b12dc33ba45b19cd4d65b924fb4e99fec1f8cf742f1e31098e46f10bb8573d48c0622ebe39e7a3ef5ee07f660d72f0a06ab1fe1fdea933be46e804afbe11da0606645fdc16f603a9e3a8dee57b59dc08f87578fb9a1c16b343ff760f20d254565dc64a62958e77d0db23b1a60f937fc4f9542469342459322124a53b0dd3a9851aae064dcdcf23ee51ddfc844563b3f465f38158b13298d2a442e789f4afd473109eadc347ae6d64c664b3cd908e2451888ba65af2034d09b077aeb7a37240e6d8ee96e76c50594305c39483e8460c1875e5550bfd6d0e14baec5e991e8f3d46e4aa1da5f2792371f92f7b06cce95cedfe148e4197a22c288a25d059287facbd1ca47eb69cafd95ed5fe362c8739f28cc0d71efd012721e6db6d7ea4c2b6398a0eb52fe2ecf6b2434c735ab987d685c1d9a4d2f83481be477b98da15deb7bf2cb773426ce1e44e328e94f8ef649e9a512aa43e43d652e015fd12543324ed6826a668b71bbe12a0787711099cb89066f5f8b62db0331de98d0d79ea99c8b103d64f34afc943a64b3bdfaf88a9dd6fd9e55302b36e888388518d3acc60b6e3443779522458fb56ea3267de66f91540f0e56b68e4eeb8c60d1d9c35c84072efdc1c0b81a44579319f6cafdd9d503d1761c644646b2f1c6e2c9d1bce269e855e1e09bc84dcd620c16e5ab9a14be7fa5a72fde39638846e5e71799efe7650ac32441476671b59a4a029bfea69067deb3117fb4ddd3e63954f3630ec778ebd62cd40d4e97e76cfe6617c590c82f0b6523f242473142c4e3e32eea48bd5ce26ba8604953bb7ad640156477d635947f4778d7c1972669f91171bf8a8e628cb72d6cb354b8efdefd29ee0202d7ba6374f81ceec2a2f65ecd629ef1c3ecf682cb1e3e5e9376817745797e6fd386d8cdff80cb9517e883d548e7277549223e44f46bba775d059a2eeda649c3d6c0a6c1037ca82ec3cbce25dbe65121a3e31dddd87cb69974ebbb5db8a6d3096e8315ddbc7e3e2b4d5703feae869c273b09145089b33e6ac7c744ab228fe304c8e6b08426bf2394283fd3ded9e08c9a412ada12b4087decd939c91597032cbb337de52cc16eed083cca01cb20d5ce1b9da279910a9e03c27e0d9e4b49ac3ee824bf480fb67036ee5c6ca3e8a642cf47637356b1c0f458f7608de90ba2ec761a4e7c3f6ec8b10077402b9ba0945162d7ec19333a26064144a98cdf11d2c30f07adea72c4552acc957f6129dfaf109c0c6fb8afa5b0a05bb58eaef5f58d9dcec2258a21a21b49879b7b2dc4b0fb8e9463e68d137a2aeafcbe618e1da9a3672b0b9d3272cc3a3e55608a08487e6b52d44a23a7e5eaf452522b982a573fe0bd1158a815f3b7a9628326f8004d9661e9846bda4522be79478f7c8f41a10092e8ea50e536029fed60b0dcbff8f27b93abc8691d9b92778f94f3670cbd61196d8f4f2fc0bf1049a408178c4390c817012463fe95f6d96a33ef6caec9f4e54522b4efc5e59b7c4f95dc152027c554503d0f8e08b9e0a2b1f80b51168924ba714bb359b4f3fd881431669b88d59af0715287d38db33d64a5798cd542bea69c503ade53fdd693aa9b19da17c1f8875fc54b27b7721674625d9b82ffdae3174995dd1527619d38e8ba0ad3929dfcc0f1bad970cbb80ae3e6030ec4a9d1ee37a89bf010f20b391b2193c1a3c2be5587f816ba1527b69affbf2af9a7f1a9187ae746a85a54d621de0b5ae2104014ce8f8925a27eafd4449f97bfd5e8c0169c79779310e05858f2b212213f45dda6641216eae7ba5d3473237af70ba8d70de25927df21dd6e9e29c35d96f338c3b733dae23d00bfb0f312de9ce9c65aa18b77ffee80bdd42dd181aad496e8721aba06ccf393ccbfdb2bcffaeb0502d346dde76b7176e0211457ee6a64c8701ba07a565d029352d74d9adecd0f3c1cae5375c19faf87747e43070b996a25146694110dc072bc2609f9f1a04f25b53a1c9c96cf96d3a8718a0fdb325e8319cdd1705c468700efd7ad5d8ad5f3eaa9af62cbf32ae6cb93a74f8a19354a52aeb50e3be9fc8ad73cec53e7df256c56489a03e76b4a3599cbdaca1cd4a10cc41555c63c710b415996564466c38fd083bcfa3dc5cfc3c38416c27141d55e6541b2095d833c44612a7221a4433ee5062c3d0c3b033e3582bcba5113c6fb66e6efb536600862152ad89231f52791460eae51e845635be28a1ac3fa111758080595454b49819a8cc595506942400817a4694edd77eeaafba7cc867cb710c161d299d965b2b006d5d9e60522a88a31f281e1f45d6483ac37b7777023a1060e5aef17b445333a960589b6b0acd77cd8fee4039e1480155e06f205957115cedf8d1c9eba914f3cc35c23e710b80092c8bbd40f7b251fe8fa8000f84ba3306151875d081b0f4beba08e1a571d1b7add3e5799f0cb3a8a51fa9098db111b4050bd73d0087022b1c4e0f2aafae5f2923c3248036a5f9754a0208854d637ab7ea504fc788b8d908ddbc28fb47e5e868e294cb845694f76b32e7274edfc1b8314b07d5a0799eee0cef959c62d9977cf79ca60fa2610e85c270a21dcfd7180ed85cc486f52689062295a31eb6bafbd42a9e65cf7a0c56b2d0c601d130359a530c19a32ba29c6a893bb1d53bc1192b440daeb84e4dbc9a4823dc09260fdb908e29047b3f54f17d42c201cb7871af5772fd39518ecf6d8dd0ee7bfb295f3097385daa9fe83d37aeb102f3a1b2afa86d2554d409ed97922a08ed82c242fce99c831cc578032209d8097c6993e5883944a22f0cb401f979a24c962c0ac3f3da2cb9c5e82e8d7c2be0432cf9c5eba0255011a1532f10d9885428dbf489377c5536c6f016d6f90cc1d373108b0e7a78844aee409097af8e6213af05b8105a85b4825ae11a85f970af31e5eb29d2afc4b29e86e6bf3d6eab14f33f1c73a448e60f97441ec4d6b6cbf3c65af989815633693c8c553495c19f30f63ce28f91df57081712e837e45c23953cec8b149a57e3e767a4a74008038e766d2e397f952d679cce4c707d5516ad390ff058ba0d6bd3890eafd09228dc2a3a1ff19907cfe41a1ddef89472c9d1e813c23278f814b772b4373b5c5e2c0a3ec215862ffd936c3f6800289650ea170725288533fdf02fe16d3bb71bcfe4a021315fbe51b72d1f6cff3b7ec29fe252f364bdf5804f9c636f6ee4ea3193780cddb60d385472da350c098c716e9f4bf0eab531792ca83a5b65ed60b6d01ca2944a0484257190231e89fd3e7df455a91d800013185dbfc0f20007963a08b50fff888d62ea9afad2dc3d75c4429be2967a6f22271e5b6a82dee8945ec067e1f966fd61ed3ba4fb8216a396d3f466a5845d4a481a0f1a9eb88d273ce08ff58d0378a2b88ca82f723bd927b59fa8ffbf15a87d2d547a1ddf1c0806ff09c5d9167cf787bbced270fac7dd32eb97d70ca5292e02a34042973c2686af05f1f986fa3233ee4ed692f88ad954fd0d0743450f79dea6994b5147f53964855abc1dc74eaf27d3a17d5c614d13fffb71eb54cb86ff39a19e8421c01d2faeceb47238b8142ea1c08135ac617b68eba406a73294c18bb5448c67103c063589dd792ed145788cd39314ce2efbfeeb273502707d8c582fc4ae121df08f1575ab47ceaf6d8aa8679287224cb9345883c4dc3cb16c2227328c2b78d08fe450d673018d877595bb036ff2c35af302d4a1ff242f6b4ee73edb0628c0e4fdb6b3760a9aee851484fe5502bf5df72fb73af93e41a997c19a7b868427e4ae67c1f211f08bc63c76583d2db0cd606c70fdb", 0x1000}, {&(0x7f0000001200)="7ae33289abfcd48eb4e06b86c0240fb366f77ed1ba266c85ef8e022c2291b7d8", 0x20}, {&(0x7f0000001240)="a317b4665d91b3b51b792d2cd3c64b1be934d03084513b784d0dd2290f143a72c8b1c654c60e391c6066ea8f7890a21cbf6f4632973b1901d29800139ccadad06bb71f616c582b3bea48622dbafeb31f380b0cbba775a02971dcf6274f1dda1c5323f9f8408cb9a021cec2ecc9460c98c4d60f84105fdc06fb7bc34d2aa834d71fd6d0b6b074527ccf8c0cbf33", 0x8d}], 0x4, 0xffffffff, 0x6) [ 460.787582][ T3475] Bluetooth: hci0: command 0x0419 tx timeout 04:30:44 executing program 0: set_mempolicy(0x1, &(0x7f0000000140)=0x7, 0x2) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpu.stat\x00', 0x275a, 0x0) ftruncate(r0, 0x2) read$midi(r0, &(0x7f0000000040)=""/20, 0x14) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140)='devlink\x00') sendmsg$DEVLINK_CMD_GET(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000440)={0x14, r2, 0xc91add0bf88807dd, 0x0, 0x0, {0x26}}, 0x14}}, 0x0) sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB="03000004", @ANYRES16=r2, @ANYBLOB="00012bbd7000ffdbdf25450000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008008e0002000000080001007063690011000200303030303a30303a31302e300000000008008e0000000000"], 0x60}, 0x1, 0x0, 0x0, 0x40800}, 0x840) fstat(r0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) write$P9_RGETATTR(r0, &(0x7f0000000480)={0xa0, 0x19, 0x2, {0x208, {0x20, 0x2, 0x6}, 0x8, 0x0, r3, 0x7, 0x5915, 0x3, 0x5, 0xfffffffffffffbff, 0xda6, 0x6, 0x1000, 0x1e0, 0x3, 0x0, 0xc73, 0x5, 0x100000001, 0x7}}, 0xa0) clone(0x0, 0x0, 0x0, 0x0, 0x0) 04:30:45 executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_subtree(r0, &(0x7f0000000280)=ANY=[], 0x32600) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000140)=ANY=[], 0xb) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000), 0x4) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000200), 0x43400) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0xc028660f, &(0x7f00000005c0)=0x400000000) [ 461.680670][ T28] audit: type=1800 audit(1599625845.553:9): pid=8851 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed comm="syz-executor.0" name="memory.events" dev="sda1" ino=15727 res=0 04:30:45 executing program 0: ioctl$BTRFS_IOC_INO_PATHS(0xffffffffffffffff, 0xc0389423, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x11, 0x16, &(0x7f0000001000)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x9, [], 0x0, 0x18, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x74) timer_create(0x5, 0x0, &(0x7f0000000040)) tkill(0x0, 0x3f) timer_settime(0x0, 0x1, &(0x7f0000000180)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0) 04:30:45 executing program 0: syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000280)='./file1\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000140)="25bca2740a0000002734fa0095e0612687ecb86a548802a902000000020000000a0000000a000000250000000206e73ba8f4952bedc6760253ef", 0x3a, 0x400}], 0x0, &(0x7f00000000c0)=ANY=[@ANYRESOCT]) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x3938700}}, &(0x7f0000000180)) ioctl$DRM_IOCTL_INFO_BUFS(0xffffffffffffffff, 0xc0086418, &(0x7f0000000000)={0x80000000, 0xf1, 0x8000, 0xb296, 0x4, 0x5}) [ 462.207074][ T8864] EXT4-fs (loop0): Unrecognized mount option "01777777777777777777777" or missing value 04:30:46 executing program 0: syz_mount_image$hfs(&(0x7f00000000c0)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, &(0x7f00000002c0), 0x0, &(0x7f0000000340)={[{@gid={'gid', 0x3d, 0xffffffffffffffff}, 0x38}]}) mount$9p_unix(&(0x7f0000000000)='\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='9p\x00', 0x1000008, &(0x7f0000000140)={'trans=unix,', {[{@msize={'msize', 0x3d, 0x10000}}, {@privport='privport'}]}}) [ 462.626039][ T8870] hfs: can't find a HFS filesystem on dev loop0 [ 462.689205][ T8872] ===================================================== [ 462.696266][ T8872] BUG: KMSAN: uninit-value in unix_find_other+0x361/0x1050 [ 462.703499][ T8872] CPU: 0 PID: 8872 Comm: syz-executor.0 Not tainted 5.8.0-rc5-syzkaller #0 [ 462.712104][ T8872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 462.722179][ T8872] Call Trace: [ 462.725568][ T8872] dump_stack+0x21c/0x280 [ 462.729989][ T8872] kmsan_report+0xf7/0x1e0 [ 462.734454][ T8872] __msan_warning+0x58/0xa0 [ 462.738983][ T8872] unix_find_other+0x361/0x1050 [ 462.743995][ T8872] unix_stream_connect+0x89a/0x2980 [ 462.749237][ T8872] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 462.755107][ T8872] ? unix_bind+0x1e70/0x1e70 [ 462.759829][ T8872] p9_fd_create_unix+0x322/0x700 [ 462.764908][ T8872] ? kmsan_get_metadata+0x116/0x180 [ 462.770438][ T8872] ? p9_pollwake+0x350/0x350 [ 462.775068][ T8872] p9_client_create+0x10e5/0x1640 [ 462.780238][ T8872] ? kmsan_get_metadata+0x116/0x180 [ 462.785528][ T8872] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 462.791482][ T8872] v9fs_session_init+0x2ae/0x2cd0 [ 462.796636][ T8872] ? kmem_cache_alloc_trace+0x14c/0xc70 [ 462.802254][ T8872] ? v9fs_mount+0xc6/0x1340 [ 462.806826][ T8872] v9fs_mount+0x186/0x1340 [ 462.811356][ T8872] ? cap_capable+0x3bc/0x410 [ 462.816068][ T8872] legacy_get_tree+0x163/0x2e0 [ 462.820875][ T8872] ? xfs_fs_commit_blocks+0xf60/0xf60 [ 462.826303][ T8872] ? legacy_parse_monolithic+0x310/0x310 [ 462.832070][ T8872] vfs_get_tree+0xd8/0x5d0 [ 462.836605][ T8872] do_mount+0x3db8/0x5cf0 [ 462.841021][ T8872] ? _copy_from_user+0x201/0x310 [ 462.846074][ T8872] __se_compat_sys_mount+0x7b5/0xaa0 [ 462.851437][ T8872] __ia32_compat_sys_mount+0x62/0x80 [ 462.856794][ T8872] __do_fast_syscall_32+0x2af/0x480 [ 462.862099][ T8872] do_fast_syscall_32+0x6b/0xd0 [ 462.866984][ T8872] do_SYSENTER_32+0x73/0x90 [ 462.871574][ T8872] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 462.877923][ T8872] RIP: 0023:0xf7fcc549 [ 462.881991][ T8872] Code: Bad RIP value. [ 462.886088][ T8872] RSP: 002b:00000000f55a50cc EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 462.894597][ T8872] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000020000040 [ 462.902596][ T8872] RDX: 0000000020000080 RSI: 0000000001000008 RDI: 0000000020000140 [ 462.910608][ T8872] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 462.918604][ T8872] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 462.926624][ T8872] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 462.934636][ T8872] [ 462.936987][ T8872] Local variable ----sun_server@p9_fd_create_unix created at: [ 462.944474][ T8872] p9_fd_create_unix+0x8d/0x700 [ 462.949356][ T8872] p9_fd_create_unix+0x8d/0x700 [ 462.954219][ T8872] ===================================================== [ 462.961159][ T8872] Disabling lock debugging due to kernel taint [ 462.967507][ T8872] Kernel panic - not syncing: panic_on_warn set ... [ 462.974476][ T8872] CPU: 0 PID: 8872 Comm: syz-executor.0 Tainted: G B 5.8.0-rc5-syzkaller #0 [ 462.984485][ T8872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 462.994559][ T8872] Call Trace: [ 462.997886][ T8872] dump_stack+0x21c/0x280 [ 463.002337][ T8872] panic+0x4d7/0xef7 [ 463.006288][ T8872] ? add_taint+0x17c/0x210 [ 463.010763][ T8872] kmsan_report+0x1df/0x1e0 [ 463.015326][ T8872] __msan_warning+0x58/0xa0 [ 463.019857][ T8872] unix_find_other+0x361/0x1050 [ 463.024767][ T8872] unix_stream_connect+0x89a/0x2980 [ 463.030002][ T8872] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 463.035868][ T8872] ? unix_bind+0x1e70/0x1e70 [ 463.040485][ T8872] p9_fd_create_unix+0x322/0x700 [ 463.045482][ T8872] ? kmsan_get_metadata+0x116/0x180 [ 463.050726][ T8872] ? p9_pollwake+0x350/0x350 [ 463.055360][ T8872] p9_client_create+0x10e5/0x1640 [ 463.060458][ T8872] ? kmsan_get_metadata+0x116/0x180 [ 463.065697][ T8872] ? kmsan_get_shadow_origin_ptr+0x81/0xb0 [ 463.071539][ T8872] v9fs_session_init+0x2ae/0x2cd0 [ 463.076613][ T8872] ? kmem_cache_alloc_trace+0x14c/0xc70 [ 463.082188][ T8872] ? v9fs_mount+0xc6/0x1340 [ 463.086739][ T8872] v9fs_mount+0x186/0x1340 [ 463.091183][ T8872] ? cap_capable+0x3bc/0x410 [ 463.095827][ T8872] legacy_get_tree+0x163/0x2e0 [ 463.100619][ T8872] ? xfs_fs_commit_blocks+0xf60/0xf60 [ 463.106032][ T8872] ? legacy_parse_monolithic+0x310/0x310 [ 463.111702][ T8872] vfs_get_tree+0xd8/0x5d0 [ 463.116162][ T8872] do_mount+0x3db8/0x5cf0 [ 463.120516][ T8872] ? _copy_from_user+0x201/0x310 [ 463.125516][ T8872] __se_compat_sys_mount+0x7b5/0xaa0 [ 463.130851][ T8872] __ia32_compat_sys_mount+0x62/0x80 [ 463.136168][ T8872] __do_fast_syscall_32+0x2af/0x480 [ 463.141410][ T8872] do_fast_syscall_32+0x6b/0xd0 [ 463.146289][ T8872] do_SYSENTER_32+0x73/0x90 [ 463.150824][ T8872] entry_SYSENTER_compat_after_hwframe+0x4d/0x5c [ 463.157177][ T8872] RIP: 0023:0xf7fcc549 [ 463.161254][ T8872] Code: Bad RIP value. [ 463.165326][ T8872] RSP: 002b:00000000f55a50cc EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 463.173782][ T8872] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 0000000020000040 [ 463.181778][ T8872] RDX: 0000000020000080 RSI: 0000000001000008 RDI: 0000000020000140 [ 463.190663][ T8872] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 463.198784][ T8872] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 463.206778][ T8872] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 463.216021][ T8872] Kernel Offset: disabled [ 463.220380][ T8872] Rebooting in 86400 seconds..