Warning: Permanently added '10.128.0.97' (ECDSA) to the list of known hosts. 2019/11/18 04:33:33 fuzzer started 2019/11/18 04:33:34 dialing manager at 10.128.0.26:44591 2019/11/18 04:33:34 syscalls: 2566 2019/11/18 04:33:34 code coverage: enabled 2019/11/18 04:33:34 comparison tracing: enabled 2019/11/18 04:33:34 extra coverage: enabled 2019/11/18 04:33:34 setuid sandbox: enabled 2019/11/18 04:33:34 namespace sandbox: enabled 2019/11/18 04:33:34 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/18 04:33:34 fault injection: enabled 2019/11/18 04:33:34 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/18 04:33:34 net packet injection: enabled 2019/11/18 04:33:34 net device setup: enabled 2019/11/18 04:33:34 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/11/18 04:33:34 devlink PCI setup: PCI device 0000:00:10.0 is not available 04:36:04 executing program 0: r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2) r1 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mISDNtimer\x00', 0x0, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r2, 0x4c01, 0x0) 04:36:04 executing program 1: r0 = syz_open_dev$usbfs(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0x72, 0x2401) ioctl$USBDEVFS_IOCTL(r0, 0x80045518, &(0x7f0000000040)=@usbdevfs_connect) syzkaller login: [ 224.397159][ T9005] IPVS: ftp: loaded support on port[0] = 21 [ 224.580532][ T9005] chnl_net:caif_netlink_parms(): no params data found 04:36:04 executing program 2: r0 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x5) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000140)="ae88bff824f400005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2a85d4e46e10bca59a92", 0x2e}], 0x1) ioctl$SG_GET_PACK_ID(r0, 0x227c, 0x0) [ 224.647940][ T9005] bridge0: port 1(bridge_slave_0) entered blocking state [ 224.656859][ T9005] bridge0: port 1(bridge_slave_0) entered disabled state [ 224.666244][ T9005] device bridge_slave_0 entered promiscuous mode [ 224.685734][ T9008] IPVS: ftp: loaded support on port[0] = 21 [ 224.698205][ T9005] bridge0: port 2(bridge_slave_1) entered blocking state [ 224.725088][ T9005] bridge0: port 2(bridge_slave_1) entered disabled state [ 224.733153][ T9005] device bridge_slave_1 entered promiscuous mode [ 224.773257][ T9005] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 224.806850][ T9005] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 224.847253][ T9005] team0: Port device team_slave_0 added [ 224.868667][ T9005] team0: Port device team_slave_1 added [ 224.882910][ T9010] IPVS: ftp: loaded support on port[0] = 21 04:36:04 executing program 3: r0 = syz_open_dev$usbfs(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0x72, 0x2401) ioctl$USBDEVFS_IOCTL(r0, 0x80045518, 0x0) [ 224.980150][ T9005] device hsr_slave_0 entered promiscuous mode [ 225.035319][ T9005] device hsr_slave_1 entered promiscuous mode [ 225.123469][ T9012] IPVS: ftp: loaded support on port[0] = 21 04:36:05 executing program 4: r0 = socket$inet(0x2, 0x6000000000000003, 0x6) sendto$inet(r0, 0x0, 0x0, 0x404c0c0, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) sendto$inet(r0, &(0x7f0000000100)="438afddd626288bfe91dd7e812", 0xd, 0x0, &(0x7f00000001c0), 0x10) [ 225.230829][ T9005] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 225.291282][ T9005] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 225.368662][ T9005] netdevsim netdevsim0 netdevsim2: renamed from eth2 04:36:05 executing program 5: bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) socket$packet(0x11, 0x0, 0x300) socket$inet_sctp(0x2, 0x5, 0x84) r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f0000fa3fff)='\t', 0x1, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x7a, 0x0, 0x0) ioctl$TCGETA(r0, 0x5405, &(0x7f0000000000)) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r1, &(0x7f0000000280)={0x0, 0x50, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eb04001800160011000586f9835b3f00009148790003f85acc7c45", 0x2e}], 0x1}, 0x0) [ 225.430103][ T9008] chnl_net:caif_netlink_parms(): no params data found [ 225.451022][ T9005] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 225.532287][ T9015] IPVS: ftp: loaded support on port[0] = 21 [ 225.561315][ T9005] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.568599][ T9005] bridge0: port 2(bridge_slave_1) entered forwarding state [ 225.576554][ T9005] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.583622][ T9005] bridge0: port 1(bridge_slave_0) entered forwarding state [ 225.632588][ T2928] bridge0: port 1(bridge_slave_0) entered disabled state [ 225.641501][ T2928] bridge0: port 2(bridge_slave_1) entered disabled state [ 225.672456][ T9017] IPVS: ftp: loaded support on port[0] = 21 [ 225.685283][ T9008] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.692473][ T9008] bridge0: port 1(bridge_slave_0) entered disabled state [ 225.700307][ T9008] device bridge_slave_0 entered promiscuous mode [ 225.709602][ T9008] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.716795][ T9008] bridge0: port 2(bridge_slave_1) entered disabled state [ 225.724478][ T9008] device bridge_slave_1 entered promiscuous mode [ 225.751321][ T9010] chnl_net:caif_netlink_parms(): no params data found [ 225.791651][ T9008] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 225.836707][ T9008] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 225.872249][ T9010] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.882614][ T9010] bridge0: port 1(bridge_slave_0) entered disabled state [ 225.890637][ T9010] device bridge_slave_0 entered promiscuous mode [ 225.912240][ T9012] chnl_net:caif_netlink_parms(): no params data found [ 225.936526][ T9010] bridge0: port 2(bridge_slave_1) entered blocking state [ 225.943621][ T9010] bridge0: port 2(bridge_slave_1) entered disabled state [ 225.952112][ T9010] device bridge_slave_1 entered promiscuous mode [ 225.973827][ T9008] team0: Port device team_slave_0 added [ 225.984169][ T9008] team0: Port device team_slave_1 added [ 226.008834][ T9010] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 226.048642][ T9010] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 226.127770][ T9008] device hsr_slave_0 entered promiscuous mode [ 226.155397][ T9008] device hsr_slave_1 entered promiscuous mode [ 226.195515][ T9008] debugfs: Directory 'hsr0' with parent '/' already present! [ 226.251169][ T9012] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.258784][ T9012] bridge0: port 1(bridge_slave_0) entered disabled state [ 226.266884][ T9012] device bridge_slave_0 entered promiscuous mode [ 226.281489][ T9012] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.288965][ T9012] bridge0: port 2(bridge_slave_1) entered disabled state [ 226.299495][ T9012] device bridge_slave_1 entered promiscuous mode [ 226.330398][ T9010] team0: Port device team_slave_0 added [ 226.339094][ T9010] team0: Port device team_slave_1 added [ 226.417506][ T9015] chnl_net:caif_netlink_parms(): no params data found [ 226.454170][ T9012] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 226.466921][ T9012] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 226.476348][ T9008] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 226.558425][ T9010] device hsr_slave_0 entered promiscuous mode [ 226.595434][ T9010] device hsr_slave_1 entered promiscuous mode [ 226.655342][ T9010] debugfs: Directory 'hsr0' with parent '/' already present! [ 226.663806][ T9017] chnl_net:caif_netlink_parms(): no params data found [ 226.701571][ T9008] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 226.769113][ T9005] 8021q: adding VLAN 0 to HW filter on device bond0 [ 226.803882][ T9015] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.815694][ T9015] bridge0: port 1(bridge_slave_0) entered disabled state [ 226.823586][ T9015] device bridge_slave_0 entered promiscuous mode [ 226.831472][ T9008] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 226.876894][ T9008] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 226.949300][ T9012] team0: Port device team_slave_0 added [ 226.955994][ T9017] bridge0: port 1(bridge_slave_0) entered blocking state [ 226.963101][ T9017] bridge0: port 1(bridge_slave_0) entered disabled state [ 226.971921][ T9017] device bridge_slave_0 entered promiscuous mode [ 226.979505][ T9015] bridge0: port 2(bridge_slave_1) entered blocking state [ 226.987710][ T9015] bridge0: port 2(bridge_slave_1) entered disabled state [ 226.996607][ T9015] device bridge_slave_1 entered promiscuous mode [ 227.028800][ T9015] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 227.039876][ T9012] team0: Port device team_slave_1 added [ 227.045921][ T9017] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.053009][ T9017] bridge0: port 2(bridge_slave_1) entered disabled state [ 227.061035][ T9017] device bridge_slave_1 entered promiscuous mode [ 227.069552][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 227.077894][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 227.099084][ T9015] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 227.135805][ T9010] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 227.191180][ T9005] 8021q: adding VLAN 0 to HW filter on device team0 [ 227.216038][ T9017] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 227.229978][ T9017] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 227.249177][ T9010] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 227.301346][ T9010] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 227.383583][ T9010] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 227.435608][ T9015] team0: Port device team_slave_0 added [ 227.489920][ T9012] device hsr_slave_0 entered promiscuous mode [ 227.535669][ T9012] device hsr_slave_1 entered promiscuous mode [ 227.575151][ T9012] debugfs: Directory 'hsr0' with parent '/' already present! [ 227.605365][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 227.614870][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 227.623594][ T9019] bridge0: port 1(bridge_slave_0) entered blocking state [ 227.630698][ T9019] bridge0: port 1(bridge_slave_0) entered forwarding state [ 227.641392][ T9017] team0: Port device team_slave_0 added [ 227.650837][ T9015] team0: Port device team_slave_1 added [ 227.679907][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 227.689226][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 227.698169][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.705299][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 227.714485][ T9017] team0: Port device team_slave_1 added [ 227.798415][ T9015] device hsr_slave_0 entered promiscuous mode [ 227.835665][ T9015] device hsr_slave_1 entered promiscuous mode [ 227.876292][ T9015] debugfs: Directory 'hsr0' with parent '/' already present! [ 227.916189][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 227.988895][ T9017] device hsr_slave_0 entered promiscuous mode [ 228.045592][ T9017] device hsr_slave_1 entered promiscuous mode [ 228.085242][ T9017] debugfs: Directory 'hsr0' with parent '/' already present! [ 228.113386][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 228.123545][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 228.132704][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 228.141639][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 228.150941][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 228.159880][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 228.168623][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 228.199838][ T9012] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 228.268380][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 228.282450][ T9015] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 228.342957][ T9012] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 228.398614][ T9012] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 228.457333][ T9017] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 228.500861][ T9017] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 228.557391][ T9015] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 228.597623][ T9015] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 228.639404][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 228.650798][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 228.661290][ T9012] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 228.717998][ T9017] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 228.768051][ T9015] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 228.845536][ T9017] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 228.893354][ T9005] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 228.951158][ T9020] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 228.960386][ T9020] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 228.972796][ T9008] 8021q: adding VLAN 0 to HW filter on device bond0 [ 229.017010][ T9005] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 229.057993][ T9008] 8021q: adding VLAN 0 to HW filter on device team0 [ 229.076040][ T9020] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 229.084517][ T9020] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 229.093032][ T9020] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 229.102242][ T9020] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 229.111104][ T9020] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.118400][ T9020] bridge0: port 1(bridge_slave_0) entered forwarding state [ 229.127091][ T9020] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 229.137241][ T9020] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 229.146907][ T9020] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.154138][ T9020] bridge0: port 2(bridge_slave_1) entered forwarding state [ 229.188785][ T9010] 8021q: adding VLAN 0 to HW filter on device bond0 [ 229.200834][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 229.210191][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 229.243030][ T9010] 8021q: adding VLAN 0 to HW filter on device team0 [ 229.269156][ T9015] 8021q: adding VLAN 0 to HW filter on device bond0 [ 229.281022][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 229.294483][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 229.302589][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 229.310695][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 229.319559][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 229.361432][ T9012] 8021q: adding VLAN 0 to HW filter on device bond0 [ 229.369200][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 229.378184][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 229.388638][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 229.397950][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 229.408448][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 229.427855][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 229.451752][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready 04:36:09 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@mcast2, 0x0, 0x4}, 0x20) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) wait4(0x0, 0x0, 0x0, 0x0) [ 229.469226][ T9025] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.476386][ T9025] bridge0: port 1(bridge_slave_0) entered forwarding state [ 229.486048][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 229.494641][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 229.517662][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 229.525819][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 229.534675][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 229.545761][ T9008] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 229.563874][ T9015] 8021q: adding VLAN 0 to HW filter on device team0 [ 229.623693][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 229.633863][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 229.643768][ T65] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.650956][ T65] bridge0: port 2(bridge_slave_1) entered forwarding state [ 229.660074][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 229.669488][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 229.680648][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 229.690149][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 229.699374][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 229.708856][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 229.718141][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 229.729624][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 229.737750][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 229.746527][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 229.764665][ T9017] 8021q: adding VLAN 0 to HW filter on device bond0 [ 229.779686][ T9012] 8021q: adding VLAN 0 to HW filter on device team0 [ 229.812556][ T9010] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 229.837788][ T9010] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 229.853560][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 229.862866][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 229.872335][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 229.881388][ T65] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.888538][ T65] bridge0: port 1(bridge_slave_0) entered forwarding state [ 229.897600][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 229.905571][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 229.913121][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 229.923055][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 229.947368][ T9008] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 229.963458][ T2928] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 229.976163][ T2928] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 229.984836][ T2928] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready 04:36:10 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) ioctl$PPPOEIOCDFWD(0xffffffffffffffff, 0xb101, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="2e26ff56", 0x4) fcntl$setstatus(r1, 0x4, 0xa1a3f945407a2941) r2 = syz_open_procfs(0x0, &(0x7f00000005c0)='pagemap\x00') sendfile(r1, r2, 0x0, 0x10000000000443) [ 229.994788][ T2928] bridge0: port 1(bridge_slave_0) entered blocking state [ 230.001950][ T2928] bridge0: port 1(bridge_slave_0) entered forwarding state [ 230.012313][ T2928] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 230.021301][ T2928] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 230.029972][ T2928] bridge0: port 2(bridge_slave_1) entered blocking state [ 230.037104][ T2928] bridge0: port 2(bridge_slave_1) entered forwarding state [ 230.080621][ T9017] 8021q: adding VLAN 0 to HW filter on device team0 [ 230.099629][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 230.106823][ C0] hrtimer: interrupt took 36363 ns [ 230.108333][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 230.123321][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 230.140026][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 230.185269][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 230.194150][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 230.234581][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 230.241772][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state 04:36:10 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000000)={0x11, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x1000000, 'lblcr\x00'}, 0x2c) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000fb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7], 0x1f004, 0x110400}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000040)={0x0, 0x13c000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 230.276293][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 230.302757][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 230.331168][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 230.344216][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 04:36:10 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd600}, 0x20) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) wait4(0x0, 0x0, 0x0, 0x0) [ 230.376879][ T9047] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 230.381526][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 230.473327][ T9010] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 230.518601][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 230.555524][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 230.564345][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 230.582043][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 230.591418][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 230.606524][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready 04:36:10 executing program 1: perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x71, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = eventfd2(0x0, 0x0) io_setup(0xa3c, &(0x7f0000409000)=0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f0000805ff4)) io_submit(r2, 0x1, &(0x7f0000329fd8)=[&(0x7f00002a8000)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x1, r1}]) [ 230.622969][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 230.632939][ T9025] bridge0: port 1(bridge_slave_0) entered blocking state [ 230.640087][ T9025] bridge0: port 1(bridge_slave_0) entered forwarding state [ 230.685086][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 230.707355][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 230.721111][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 230.732515][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 230.748122][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 230.761040][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 230.770213][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 230.778031][ T9025] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 230.791963][ T9015] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 230.805588][ T9015] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 230.819972][ T9012] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready 04:36:10 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgrp(0x0) syz_mount_image$jfs(&(0x7f00000001c0)='jfs\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001a00)={[{@discard_size={'discard'}}, {@noquota='noquota'}]}) [ 230.844413][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 230.853751][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready 04:36:10 executing program 1: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000080)='./bus/file0\x00', 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000040)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x5c}]}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = open$dir(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) creat(&(0x7f0000000200)='./bus/file0/file0\x00', 0x0) [ 230.890962][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 230.900458][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 230.910529][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 230.919434][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 230.931574][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 230.941186][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 230.965961][ T9066] JFS: discard option not supported on device [ 230.983926][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 230.991083][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 231.038123][ T9012] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 231.066765][ T9072] overlayfs: filesystem on './bus' not supported as upperdir [ 231.077351][ T9073] JFS: discard option not supported on device [ 231.084488][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 231.101413][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 231.130602][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 231.141604][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 231.151013][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 231.162804][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 231.172332][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 231.213946][ T9015] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 231.227715][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 231.246239][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready 04:36:11 executing program 2: 04:36:11 executing program 1: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000080)='./bus/file0\x00', 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000040)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@workdir={'workdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x5c}]}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = open$dir(&(0x7f0000000340)='./file0\x00', 0x0, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) creat(&(0x7f0000000200)='./bus/file0/file0\x00', 0x0) [ 231.267843][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 231.302720][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 231.319326][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 231.348803][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 231.363940][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 231.400102][ T9017] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 231.431231][ T9017] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 231.457311][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 231.488617][ T9019] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 231.567332][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 231.575466][ T65] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 04:36:11 executing program 3: perf_event_open(&(0x7f00000004c0)={0x2, 0x70, 0x71, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = eventfd2(0x0, 0x0) io_setup(0xa3c, &(0x7f0000409000)=0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r1, &(0x7f0000805ff4)) io_submit(r2, 0x1, &(0x7f0000329fd8)=[&(0x7f00002a8000)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x1, r1}]) [ 231.617475][ T9017] 8021q: adding VLAN 0 to HW filter on device batadv0 04:36:11 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0) write$P9_RREAD(r1, &(0x7f00000003c0)=ANY=[@ANYBLOB="06"], 0x1) fallocate(r0, 0x0, 0x0, 0x110001) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000040)={0xd000000, r1, 0x0, 0x8}) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) mkdir(0x0, 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) 04:36:11 executing program 5: 04:36:11 executing program 0: r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0) r1 = creat(&(0x7f0000000540)='./file0\x00', 0x0) write$P9_RAUTH(r0, &(0x7f0000000040)={0x14}, 0x66) fallocate(r1, 0x11, 0x0, 0x7ff800000) fallocate(r0, 0x20, 0x0, 0x7ff800000) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) 04:36:11 executing program 2: openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcs\x00', 0x4000, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000380)='keyring\x00', &(0x7f00000003c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000480)='user\x00', &(0x7f0000000080)={'syz', 0x3}, &(0x7f0000000800)="585ccbc4ed83b836c1a6474914dc5500b66147b3c7218a91690000000042e3d35228897501f93191b076ac446ff0022b8753a1fa748c569f435fb3bae96efb74b50ec93c2db8eae3198a29e5c0cfc60000ce0637cef580b4ec61221adf59be045b70e48884ca000018cea71fcfed06fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff33c1e8e036e5031949762d009d308bd73f477252d0000000000004000000000000000000000000000000000195e23fb6430a9a4c2850b6380a743d6ea0c3b121f66c716d746aa81c301621b7662c06aae720b872d4b7828e3b48522c673aa6cb366d4201e2aee3261eb52da262b1f68a7b265b60ea6e630cfc16d909b4ab3485c034be843ddf951f2fc9fff39490b1da8138268d40c", 0x11b, r0) r2 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f0000000440)={'syz'}, &(0x7f0000000100)='\x00', 0x1, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000000)={r2, r1, r2}, &(0x7f0000000700)=""/243, 0x356, &(0x7f0000000040)={&(0x7f0000000580)={'poly1305-simd\x00\x00\x00\x00\x00\x00\x0f@\x00\x00\x00\x00\x02\x00\x00\x00\x0f\x00@\x00\x00\x01\x00'}, &(0x7f0000000180)}) 04:36:11 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r1, r0, 0x0) 04:36:12 executing program 3: 04:36:12 executing program 4: 04:36:12 executing program 1: 04:36:12 executing program 5: 04:36:12 executing program 3: 04:36:12 executing program 4: 04:36:12 executing program 3: 04:36:12 executing program 5: 04:36:12 executing program 1: 04:36:12 executing program 0: 04:36:12 executing program 2: 04:36:12 executing program 4: 04:36:12 executing program 3: 04:36:12 executing program 1: 04:36:12 executing program 5: 04:36:12 executing program 2: 04:36:12 executing program 4: 04:36:12 executing program 3: 04:36:12 executing program 0: 04:36:12 executing program 5: 04:36:12 executing program 1: 04:36:12 executing program 2: 04:36:12 executing program 3: 04:36:12 executing program 4: r0 = syz_open_dev$sndseq(&(0x7f0000000880)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000000)={0x200000001f3}) timer_create(0x0, 0x0, 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) tkill(0x0, 0x0) 04:36:13 executing program 5: 04:36:13 executing program 1: 04:36:13 executing program 0: 04:36:13 executing program 2: 04:36:13 executing program 3: 04:36:13 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x7) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000180)={@loopback}, 0x14) 04:36:13 executing program 5: perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd0001000000000023c0306554362dddcb892ef8051404bde5bf296e3c566a03d724f7ead1ef33adfdbe08b8c5236b93b9797b4409f6e370d1515d2e1fa63259e6d4bd05772981", @ANYRES32=0x0, @ANYBLOB="00000079abd1932a"], 0x48}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x306, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0x14}]}, 0x28}}, 0x0) 04:36:13 executing program 2: 04:36:13 executing program 0: 04:36:13 executing program 4: 04:36:13 executing program 3: [ 233.351619][ T9200] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.5'. 04:36:13 executing program 1: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000600)='/dev/rfkill\x00', 0x101012, 0x0) r1 = memfd_create(&(0x7f0000000080)='/dev/dsp\x00', 0x0) write$binfmt_aout(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="10bf1802000343"], 0x7) sendfile(r0, r1, &(0x7f0000000000), 0x7fffffffffffffff) 04:36:13 executing program 2: r0 = perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000209000/0x2000)=nil, 0x2000, 0x7ffffe, 0x4002011, r0, 0x0) [ 233.476464][ T9200] batman_adv: batadv0: Adding interface: syz_tun [ 233.482947][ T9200] batman_adv: batadv0: The MTU of interface syz_tun is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. 04:36:13 executing program 0: r0 = perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000209000/0x2000)=nil, 0x2000, 0x0, 0x4002011, r0, 0x0) r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10811, r1, 0x0) [ 233.530331][ T9200] batman_adv: batadv0: Interface activated: syz_tun 04:36:13 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x34, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0x4}}}]}, 0x34}}, 0x0) 04:36:13 executing program 3: r0 = syz_open_dev$dri(&(0x7f0000000080)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000040)) [ 233.700159][ T9224] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.5'. 04:36:13 executing program 3: r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2) ioctl$VIDIOC_QUERY_EXT_CTRL(r0, 0xc0e85667, &(0x7f0000000340)={0xc0000000, 0x0, "2a7a5911b8f8c5c9164f25aa277fe367b821c85e10a271dc5cde692d7e3f515e"}) 04:36:13 executing program 5: perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd0001000000000023c0306554362dddcb892ef8051404bde5bf296e3c566a03d724f7ead1ef33adfdbe08b8c5236b93b9797b4409f6e370d1515d2e1fa63259e6d4bd05772981", @ANYRES32=0x0, @ANYBLOB="00000079abd1932a"], 0x48}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x306, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x825, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0x14}]}, 0x28}}, 0x0) 04:36:13 executing program 0: futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$amidi(0x0, 0x0, 0x0) syz_open_dev$dmmidi(&(0x7f00000000c0)='/dev/dmmidi#\x00', 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x34, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0x4}}}]}, 0x34}}, 0x0) 04:36:13 executing program 3: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x9effffff, &(0x7f0000000080)=[{&(0x7f00000002c0)="2e00000010008108040f80ecdb4cb9c00a480e000d000000e8bd6efb120009000e000100400000ff050005001204", 0x2e}], 0x1}, 0x0) [ 233.965428][ T9235] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.5'. 04:36:14 executing program 2: openat$ipvs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/vs/backup_only\x00', 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xed3, &(0x7f0000000100)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x55, 0x0, 0x1b0001}, [@ldst]}, &(0x7f0000003ff6)='syzkaller\x00', 0x5, 0x481, &(0x7f00000002c0)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffffc1}, 0x48) 04:36:14 executing program 4: syz_open_dev$sndctrl(&(0x7f0000006000)='/dev/snd/controlC#\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x0, 0x0) 04:36:14 executing program 5: write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x80) fchdir(r0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(0xffffffffffffffff, 0xc04c5349, 0x0) ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, 0x0) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000bc0)=ANY=[@ANYBLOB="3a258211f663a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b0350412915d8a5c51817c3ff01a1f62ac71e85445d8f244f6be479ffffffffff8756ea7d486588272169d8b90f1d7106f5776f7894ee47382b88117e7b9c6e3203053a6a05995f5ed199fcf8722be75fa42c080601d48e7001161161a2793d1429196b4d9182f7c46359a074285b251aca195af3b2887cc79d0cedcc0b7e7f95c7d70472f7d3981e50042390a546375c8c1f1734a24583e1f8066319e93802eda50f3fb22ab8d6dc3d2afd102b71b6c5c2f2c915b6c3fc45000000000100000046a6fc39740aac6f2282f8b15f099d7cf2a2d80f132077b478cebc5552e149a3fdf5c67af8823cc1a179c344d3d9158f99dc221fefffffff7f971dc6b291ec0a98d98a3c1ea1cc9bfc33b883e16e1324f8fea4778898f5687c14f050c057009bdd9aa867d93ef1b4d88ac53776bfbe03de797c18ba0d994e3576580a07cadea061c2d965711a3567838ef9b1823d514afce45aeb63df4924420c1a2f0c34757a09ee279e34843b93f3e92b26cbf75fa85ae0fe4472b16cc3a0c45ace1aed1187cd57820d5338b4687e5aedd0511dc0966bf8e0d3f269ff482ea964ef5c93122a191bca4e88ffcff7346791946ec833ad0749d5ddb159483851a4a127b260b55af7af1fa47f920e83dd095efe24067a95a1e38f75abf390856d8c1dc018b0b5f90c12bdb7befc44a334762ca59f5557ace1f4938310c157f63cb130cead2b8c58efc31ba0b79ed2a61476fa45d125d8609680a932c4e1926cbc4417eed5c72ecfddaea4717e1bf51102a182eda006eef88f2099dc8162ae304e655f64b9ed4cdb46a404a49379fc07b10ef531a9387e7031649980608b4f3ac5cfcc2063838cdfaebcbaf34784f712ebf7db7bd66af48c903edd36ca9ce4d7d351fe2bc7a097c4f7f457541249482679e9533c34ad288cf69aa4c4e3bdad9b73db285e960005058639228e7b90b745aada"], 0x2e0) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) 04:36:14 executing program 1: r0 = socket(0x10, 0x2, 0x0) sendto(r0, &(0x7f0000000900)="120000001200e7ef077b1a3fcd00000600a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f0000000200)=@ethernet={0x0, @random}, 0x45, &(0x7f0000000380)=[{&(0x7f0000000040)=""/91, 0x3d}, {&(0x7f00000000c0)=""/85, 0x530}, {&(0x7f00000024c0)=""/4120, 0x1048}, {&(0x7f00000004c0)=""/120, 0x33}, {&(0x7f0000000480)=""/60, 0xc6}, {&(0x7f0000000280)=""/77, 0x7}, {&(0x7f0000000140)=""/154, 0x9a}, {&(0x7f0000000340)=""/22, 0xc}], 0x8, &(0x7f0000002400)=""/177, 0x1f9}}], 0x4000000000002b8, 0x6, &(0x7f0000003700)={0x77359400}) 04:36:14 executing program 3: socket$kcm(0x11, 0x0, 0x300) r0 = socket$kcm(0x11, 0x2, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0x12, &(0x7f00000000c0)=r0, 0x4) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000480)=""/128, 0x80}, {0x0}, {0x0}], 0x3}, 0x12040) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xf, 0x7, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3ff}, [@jmp={0x5, 0x0, 0x0, 0xb, 0x0, 0xffffffffffffffc0, 0x7126c95168a0df82}, @initr0, @call={0x85, 0x0, 0x0, 0x43}]}, &(0x7f0000000100)='syzkaller\x00', 0x5, 0xb4, &(0x7f0000000280)=""/180, 0x0, 0x1, [], 0x0, 0xd, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000400)={0x0, 0xd, 0x0, 0x80000001}, 0x10}, 0x70) socket$inet(0x2, 0x3, 0x5) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000006c0)={0xffffffffffffffff, 0x0, 0x0}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0xe80, 0x0, &(0x7f00000000c0)="b9ff0300000d698cb89e40f086dd01000005a4004000ffa377fbac141414e9", 0x0, 0x100}, 0x28) [ 234.228971][ T9252] BPF:hdr_len not found 04:36:14 executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) recvmmsg(r0, &(0x7f0000000300), 0x121, 0x0, 0x0) setsockopt$packet_int(r0, 0x107, 0x8, &(0x7f0000000040)=0x3fd, 0x1b2) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) 04:36:14 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x10000000012, 0x4, &(0x7f00000000c0)=@framed={{}, [@alu={0x8000000201a7f19, 0x0, 0x7, 0x2, 0x1, 0x31}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) 04:36:14 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x5) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000140)="ae88bff824f400005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2a85d4e46e10bca59a92", 0x2e}], 0x1) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$SG_GET_PACK_ID(r0, 0x227c, 0x0) 04:36:14 executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='memory.events\x00', 0x26e1, 0x0) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000680)={0x0, 0x8}, &(0x7f0000000240)=0xfffffe3d) setsockopt$netrom_NETROM_N2(r0, 0x103, 0x3, &(0x7f00000003c0)=0x28100000, 0x4) getsockopt$inet_sctp_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000280)={r1, 0x0, 0x32d, 0x20000001}, &(0x7f0000000380)=0xf631214290d7c3a1) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000040)=0x8, 0x4) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f00000006c0)=ANY=[@ANYBLOB="00041c59c4d352ad56a85b0a1dcab3ea604048b0d1605e2008c21950ab229af4a18ee08de6d17348b46d1de5497bfd0ef4e88a20647962a6d705b46b94e024f42edb0a50a3359ad11445b4bed3bc3993595a69485054a4340e9ad966a455000000ab8bb8ac4272daafe04f69b4b8130600000000000000000000000000c2d802a3026fe6e98c944b"], 0x80) write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[], 0xfffffcbe) setsockopt$IP_VS_SO_SET_DELDEST(r0, 0x0, 0x488, &(0x7f0000000480)={{0x63, @remote, 0x4e20, 0x4, 'dh\x00', 0x13, 0x7fff, 0x42}, {@multicast1, 0x4e22, 0x5, 0x9, 0x0, 0x6a7}}, 0x44) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000100)={0x0, 0x2}, &(0x7f00000001c0)=0x8) r4 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) r5 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) getsockopt$llc_int(r5, 0x10c, 0x4000000002, &(0x7f0000000080), &(0x7f0000002600)=0x4) r6 = accept4(r5, &(0x7f0000002640)=@hci, &(0x7f00000026c0)=0x80, 0x0) r7 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) getsockopt$llc_int(r7, 0x10c, 0x4000000002, &(0x7f0000000080), &(0x7f0000002600)=0x4) socketpair(0x10, 0x3, 0x9, &(0x7f0000002700)={0xffffffffffffffff}) getsockopt$llc_int(r8, 0x10c, 0x4000000002, &(0x7f0000000440), &(0x7f0000000580)=0x4) r9 = accept4(r4, &(0x7f0000000ac0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000b40)=0x73, 0x80000) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r9, 0x84, 0x73, &(0x7f0000000b80)={r1, 0x8, 0x10, 0x17c, 0x715}, &(0x7f0000000bc0)=0x18) r10 = syz_init_net_socket$x25(0x9, 0x5, 0x0) getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r6, 0x84, 0x1e, &(0x7f0000000180), &(0x7f00000005c0)=0xbc8589789354cb8f) bind$x25(r10, &(0x7f0000000380)={0x9, @null=' \x00'}, 0x3) connect$x25(r10, &(0x7f0000000000)={0x9, @remote={[], 0x1}}, 0x12) r11 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$sock_inet6_SIOCDELRT(r11, 0x890c, &(0x7f00000004c0)={@dev, @dev, @rand_addr="6f273c867b2ee83574ece1a5d5982e29", 0x0, 0x0, 0x9322, 0x0, 0x0, 0x80000}) ioctl$ifreq_SIOCGIFINDEX_team(r11, 0x8933, &(0x7f0000002580)={'team0\x00'}) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r11, 0x84, 0x18, &(0x7f0000000400)={r2, 0x6}, 0x8) recvmmsg(r10, &(0x7f0000004800)=[{{0x0, 0x0, 0x0}, 0x2a}], 0x1, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='memory.events\x00', 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) recvmmsg(0xffffffffffffffff, &(0x7f0000002bc0)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000002c0)=""/199, 0xc7}], 0x1}}], 0x1, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000000240), 0x4000033, 0x0, &(0x7f0000002980)={0x77359400}) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="146a0000001a000102800000000000008002000000"], 0x14}}, 0x0) socket$inet6_sctp(0xa, 0x10000000005, 0x84) r12 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r12, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000840)=ANY=[@ANYBLOB="1400000003017fff808fdb003d88c8f00018ee1ba1d7bfb57f47ec00b67a467d17f89d52f4ec0b6101d2850c1e05a64ae4833b3accfb4bd24b1352b0707e16576392e6cb38e5609cf111171a60687229aed66ba28dba358335f479e83d5f9a9193588530372ff378280dcec2efaee5be644df3ac36a92f49e9ce3024e4ce95c17536f7a58453a85a84f46c46a76249f27ea55322e43c1387213dafed266cd6363e29ddb4049106cb1976365999c5f68c28168f9185751cac1e3b61111dba702003564b39c09ab41bb1999b356ff7fa1a7e3544c00cca81de66d7e81ac13ef7004d7f722c1bbd246c5f2d1a746c567be123924fed02de3bc8d165d12cfbc6e94ba751639d80f40a79fd120e1cbe98dd6abf3dde7814ca4358d59a50ec3cd22d086a50b5aa0ebed38bbb8833c2f40dff661b81f2816db86060c85022f25acb96c02d7b59f669a6ec252c85fd00d49b8f0b2f6d056d89f804"], 0x133}}, 0x0) recvmmsg(r12, &(0x7f00000013c0), 0x4a5, 0x200002, &(0x7f0000000c40)={0x77359400}) 04:36:14 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KDADDIO(r0, 0x540b, 0x2) 04:36:14 executing program 4: 04:36:14 executing program 5: bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) socket$packet(0x11, 0x0, 0x300) r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, 0x0) ioctl$TCGETA(r0, 0x5405, &(0x7f0000000000)) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r1, &(0x7f0000000280)={0x0, 0x50, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eb04001800160011000586f9835b3f00009148790003f85acc7c45", 0x2e}], 0x1}, 0x0) 04:36:14 executing program 0: socket$kcm(0x11, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe80, 0x0, &(0x7f00000000c0)="b9ff0300000d698cb89e40f086dd01000005a4004000ffa377fbac141414e9", 0x0, 0x100}, 0x28) 04:36:14 executing program 4: unshare(0x20060400) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000000)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000480)='ramfs\x00', 0x0, 0x0) socket$inet_sctp(0x2, 0x0, 0x84) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) rename(&(0x7f0000000300)='./file1\x00', &(0x7f0000000340)='./file0\x00') 04:36:14 executing program 0: unshare(0x20060400) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mkdir(&(0x7f0000000000)='./file1\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000480)='ramfs\x00', 0x0, 0x0) socket$inet_sctp(0x2, 0x0, 0x84) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) rename(&(0x7f0000000300)='./file1\x00', &(0x7f0000000340)='./file0\x00') [ 234.793557][ T26] kauditd_printk_skb: 3 callbacks suppressed [ 234.793571][ T26] audit: type=1804 audit(1574051774.775:31): pid=9280 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir302671642/syzkaller.M6QzPd/10/memory.events" dev="sda1" ino=16530 res=1 04:36:14 executing program 3: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KDADDIO(r0, 0x540b, 0x2) 04:36:14 executing program 5: write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) ioctl$RTC_WKALM_RD(0xffffffffffffffff, 0x80287010, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) kexec_load(0x0, 0x0, 0x0, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) 04:36:15 executing program 1: 04:36:15 executing program 5: 04:36:15 executing program 4: 04:36:15 executing program 2: 04:36:15 executing program 3: 04:36:15 executing program 0: 04:36:15 executing program 4: [ 235.288844][ T26] audit: type=1804 audit(1574051775.275:32): pid=9287 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir302671642/syzkaller.M6QzPd/10/memory.events" dev="sda1" ino=16530 res=1 04:36:15 executing program 3: 04:36:15 executing program 1: 04:36:15 executing program 5: 04:36:15 executing program 4: 04:36:15 executing program 0: 04:36:15 executing program 2: 04:36:15 executing program 3: 04:36:15 executing program 1: 04:36:15 executing program 5: 04:36:15 executing program 4: 04:36:15 executing program 0: 04:36:15 executing program 2: 04:36:15 executing program 5: 04:36:15 executing program 3: 04:36:15 executing program 1: 04:36:15 executing program 0: 04:36:15 executing program 4: 04:36:16 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@multicast2, @in=@remote}, {@in6=@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x0, 0x33}, @in=@dev}, 0x0, 0x10000}}, 0xf8}, 0x8}, 0x0) 04:36:16 executing program 5: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/l\x01op-contl\x00', 0x20000, 0x0) r0 = socket$inet6(0xa, 0x401000000001, 0x0) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') preadv(r2, &(0x7f0000000100), 0x18d, 0x6c00) r3 = open(&(0x7f0000000140)='./bus\x00', 0x14103e, 0x0) accept$packet(r3, 0x0, &(0x7f0000000000)) r4 = getpid() sched_setscheduler(r4, 0x5, &(0x7f0000000380)) r5 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x1f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000000, 0x6}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0xffdc, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200), 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000400)={0x0, r5, 0x0, 0x1, &(0x7f00000003c0)='\x00', r6}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000200)={r4, 0xffffffffffffffff, 0x0, 0x12, &(0x7f00000001c0)='/dev/input/mouse#\x00', r6}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r7, r3, 0x0, 0x1, &(0x7f00000000c0)='\x00', r6}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0xffffffffffffffff, r2, 0x0, 0x11, &(0x7f00000000c0)='-wlan1vboxnet1^*\x00', r6}, 0x30) r9 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xacc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1000}, 0x0, 0xffffffffffffffff, r8, 0x0) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x11, r9, 0x0) r10 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r10, 0x0, r10) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r9) close(r0) syz_open_procfs(0x0, &(0x7f00000002c0)='comm\x00') r11 = open(&(0x7f0000000400)='./bus\x00', 0x1141042, 0x0) r12 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r12, 0x208200) sendfile(r0, r11, 0x0, 0x8000fffffffe) 04:36:16 executing program 0: bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) socket$packet(0x11, 0x0, 0x300) socket$inet_sctp(0x2, 0x5, 0x84) r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, 0x0) ioctl$TCGETA(r0, 0x5405, &(0x7f0000000000)) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r1, &(0x7f0000000280)={0x0, 0x50, &(0x7f0000000100)=[{&(0x7f0000000080)="2e0000002300817ee45de087185082cf0400b0eb04001800160011000586f9835b3f00009148790003f85acc7c45", 0x2e}], 0x1}, 0x0) 04:36:16 executing program 3: write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x80) fchdir(r0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(0xffffffffffffffff, 0xc04c5349, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000d84000), 0x1c) ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, &(0x7f0000000180)=0x9) fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) write$P9_RREADLINK(r1, &(0x7f0000000bc0)=ANY=[@ANYBLOB="3a258211f663a7724bdef64346bc14b7b0f781d1d3abf9d1a51c4bfce1e77551a8bd678625f508300200000040847bc2fdffe8cd918b0350412915d8a5c51817c3ff01a1f62ac71e85445d8f244f6be479ffffffffff8756ea7d486588272169d8b90f1d7106f5776f7894ee47382b88117e7b9c6e3203053a6a05995f5ed199fcf8722be75fa42c080601d48e7001161161a2793d1429196b4d9182f7c46359a074285b251aca195af3b2887cc79d0cedcc0b7e7f95c7d70472f7d3981e50042390a546375c8c1f1734a24583e1f8066319e93802eda50f3fb22ab8d6dc3d2afd102b71b6c5c2f2c915b6c3fc45000000000100000046a6fc39740aac6f2282f8b15f099d7cf2a2d80f132077b478cebc5552e149a3fdf5c67af8823cc1a179c344d3d9158f99dc221fefffffff7f971dc6b291ec0a98d98a3c1ea1cc9bfc33b883e16e1324f8fea4778898f5687c14f050c057009bdd9aa867d93ef1b4d88ac53776bfbe03de797c18ba0d994e3576580a07cadea061c2d965711a3567838ef9b1823d514afce45aeb63df4924420c1a2f0c34757a09ee279e34843b93f3e92b26cbf75fa85ae0fe4472b16cc3a0c45ace1aed1187cd57820d5338b4687e5aedd0511dc0966bf8e0d3f269ff482ea964ef5c93122a191bca4e88ffcff7346791946ec833ad0749d5ddb159483851a4a127b260b55af7af1fa47f920e83dd095efe24067a95a1e38f75abf390856d8c1dc018b0b5f90c12bdb7befc44a334762ca59f5557ace1f4938310c157f63cb130cead2b8c58efc31ba0b79ed2a61476fa45d125d8609680a932c4e1926cbc4417eed5c72ecfddaea4717e1bf51102a182eda006eef88f2099dc8162ae304e655f64b9ed4cdb46a404a49379fc07b10ef531a9387e7031649980608b4f3ac5cfcc2063838cdfaebcbaf34784f712ebf7db7bd66af48c903edd36ca9ce4d7d351fe2bc7a097c4f7f457541249482679e9533c34ad288cf69aa4c4e3bdad9b73db285e960005058639228e7b90b745aada"], 0x2e0) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) 04:36:16 executing program 1: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000600)='/dev/rfkill\x00', 0x101012, 0x0) r1 = memfd_create(&(0x7f0000000080)='/dev/dsp\x00', 0x0) write$binfmt_aout(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="10bf1802000343"], 0x7) sendfile(r0, r1, &(0x7f0000000000), 0x7fffffffffffffff) 04:36:16 executing program 4: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000700)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@multicast2, @in=@remote}, {@in6=@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x0, 0x33}, @in=@dev}}}, 0xf8}, 0x8}, 0x0) 04:36:16 executing program 2: r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) bind$nfc_llcp(r0, &(0x7f0000000100)={0x27, 0x0, 0x0, 0x0, 0xff, 0x0, "8811e78754a503d39c2bd6a40f03c8aa024d00000000ffffffffffff7f261e21ccf67e1d0000e565aa9a9d32c7627ffe7a54cdbd77b300"}, 0x60) 04:36:16 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000b40)='/group.stat\x00<#\xfbW*\x1f\x02\x94\xe6\xf3x\xb4\x1a\xd5KM\x9d\x9a\x1fc\xf8xZ\xd1\x88\xa7\xe1\xc8\x88u\xe0[\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ\x7f\xa2\xf3\xfd\xf6\xe04\xd8\x04\xe5\xf0\xdfK\x1d\xeeH;\x15v$\xc5\x9c\x01\x00\xe8\x9ej5|\x00\x00\x00\xc7\xbal&\x1e\xab\ry\xab0\xe6\f<\xed_\xee\xe6\x1b\xc9\xb0\t\x81\xac\x03\xa8s+\x8di\xb7V\xde\x15\xd3,\xb4\xeb\xcfwz\x1b\xac\xf8\xff\xbd\xe4\xa2\x84\v\x17\xf4*\x14\x83\r\xe2>*\xd4{\xdcH\x1b_\xab&\x98\x1b\xd7\x9b\xe9\xd7A\xe2\xc4\xfc\x03\xc9^\xb8\xd4Z\xee\x98', 0x2761, 0x0) perf_event_open(&(0x7f0000000080)={0x2, 0x70, 0xeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x716f56ff20d82f39, @perf_config_ext={0xfffffffffffffffc}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x1, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) ioctl$TIOCMBIC(0xffffffffffffffff, 0x5417, &(0x7f0000000240)=0x1) open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) ftruncate(r1, 0x2008001) socket$inet6(0xa, 0x400000000001, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xfffffffffffffff8}, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x4002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet6(0xa, 0x3, 0x80000000000004) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000080)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f0000000000)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x0, 0x0, 0x1, 0x1}, 0x20) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(r0, &(0x7f0000000080)=0x600, 0x297ef) 04:36:16 executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x4000000000000200, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'veth0_to_hsr\x00', 0x0}) bind$packet(r0, &(0x7f0000000040)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @link_local}, 0x14) sendto$inet6(r0, &(0x7f0000000440)="05030000b7fe3e0000000200c52cf7c25975e625b02f08007f2b2ff0dac8897c6b118777faffffff306609000000c5471d130a66321a54e7df305f80a88161b6fd8f24286a57c3feffff", 0x4a, 0x0, 0x0, 0x0) [ 236.553560][ T26] audit: type=1804 audit(1574051776.535:33): pid=9402 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir613561652/syzkaller.jn3RGD/20/bus" dev="sda1" ino=16563 res=1 04:36:16 executing program 1: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000600)='/dev/rfkill\x00', 0x101012, 0x0) r1 = memfd_create(&(0x7f0000000080)='/dev/dsp\x00', 0x0) write$binfmt_aout(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="10bf1802000343"], 0x7) sendfile(r0, r1, &(0x7f0000000000), 0x7fffffffffffffff) 04:36:16 executing program 4: bpf$MAP_CREATE(0x0, &(0x7f0000000000), 0x3c) r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r1, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000400)=[{&(0x7f0000000300)='Mq', 0x2}], 0x1}, 0xbc40) sendmsg$kcm(r1, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f00000001c0)="00a5425e86affa64179435d947227e0912529fde1875aafcee5c4cafa794db8ff7ba174647ebe7e68c00b186c0f9636bf98ab663e8aa17d9", 0x38}], 0x1}, 0x0) 04:36:16 executing program 2: mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x0, 0x2172, 0xffffffffffffffff, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000ff5)='/\x83ev\xcf\x8awrng\xc9', 0x0, 0x0) 04:36:16 executing program 1: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffff, 0xffffffffffffffff, 0x0) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000600)='/dev/rfkill\x00', 0x101012, 0x0) r1 = memfd_create(&(0x7f0000000080)='/dev/dsp\x00', 0x0) write$binfmt_aout(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="10bf1802000343"], 0x7) sendfile(r0, r1, &(0x7f0000000000), 0x7fffffffffffffff) [ 236.957085][ T26] audit: type=1804 audit(1574051776.945:34): pid=9411 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir613561652/syzkaller.jn3RGD/20/bus" dev="sda1" ino=16563 res=1 [ 237.099792][ T26] audit: type=1804 audit(1574051776.985:35): pid=9411 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir613561652/syzkaller.jn3RGD/20/bus" dev="sda1" ino=16563 res=1 [ 257.837869][ T0] NOHZ: local_softirq_pending 08 [ 383.915326][ T972] INFO: task :9376 can't die for more than 143 seconds. [ 383.922452][ T972] R running task 28144 9376 9017 0x00004006 [ 383.943617][ T972] Call Trace: [ 383.947148][ T972] __schedule+0x8e1/0x1f30 [ 383.952562][ T972] ? retint_kernel+0x1b/0x2b [ 383.963061][ T972] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 383.969422][ T972] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 383.974883][ T972] ? lockdep_hardirqs_on+0x421/0x5e0 [ 383.985892][ T972] ? retint_kernel+0x2b/0x2b [ 383.990521][ T972] ? trace_hardirqs_on_caller+0x6a/0x240 [ 384.004101][ T972] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 384.010767][ T972] ? preempt_schedule_irq+0xf3/0x160 [ 384.020721][ T972] ? retint_kernel+0x2b/0x2b [ 384.026434][ T972] ? irq_work_sync+0x106/0x1d0 [ 384.031191][ T972] ? irq_work_sync+0xd1/0x1d0 [ 384.040452][ T972] ? write_comp_data+0x1e/0x70 [ 384.046400][ T972] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 384.052641][ T972] ? irq_work_sync+0xd1/0x1d0 [ 384.063002][ T972] ? _free_event+0x89/0x13b0 [ 384.068697][ T972] ? __kasan_check_write+0x14/0x20 [ 384.074001][ T972] ? __mutex_unlock_slowpath+0xf0/0x6a0 [ 384.085131][ T972] ? mark_held_locks+0xa4/0xf0 [ 384.089920][ T972] ? ring_buffer_attach+0x650/0x650 [ 384.095243][ T972] ? wait_for_completion+0x440/0x440 [ 384.100556][ T972] ? put_event+0x47/0x60 [ 384.104832][ T972] ? perf_event_release_kernel+0x6d5/0xd70 [ 384.111515][ T972] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 384.118159][ T972] ? __perf_event_exit_context+0x170/0x170 [ 384.123973][ T972] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 384.130270][ T972] ? perf_release+0x37/0x50 [ 384.135037][ T972] ? __fput+0x2ff/0x890 [ 384.139205][ T972] ? perf_event_release_kernel+0xd70/0xd70 [ 384.145503][ T972] ? ____fput+0x16/0x20 [ 384.149678][ T972] ? task_work_run+0x145/0x1c0 [ 384.154437][ T972] ? exit_to_usermode_loop+0x316/0x380 [ 384.160529][ T972] ? do_syscall_64+0x676/0x790 [ 384.165656][ T972] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 384.171764][ T972] [ 384.171764][ T972] Showing all locks held in the system: [ 384.179861][ T972] 3 locks held by kworker/u4:1/21: [ 384.186824][ T972] #0: ffff8880ae837358 (&rq->lock){-.-.}, at: __schedule+0x232/0x1f30 [ 384.195906][ T972] #1: ffff8880a9a17dc0 ((work_completion)(&(&bat_priv->nc.work)->work)){+.+.}, at: process_one_work+0x8c1/0x1740 [ 384.207955][ T972] #2: ffff8880ae827258 (&base->lock){-.-.}, at: lock_timer_base+0x56/0x1b0 [ 384.217875][ T972] 1 lock held by khungtaskd/972: [ 384.222812][ T972] #0: ffffffff88faccc0 (rcu_read_lock){....}, at: debug_show_all_locks+0x5f/0x279 [ 384.232275][ T972] 2 locks held by getty/8966: [ 384.254973][ T972] #0: ffff8880a097e090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 384.264155][ T972] #1: ffffc90005f212e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 384.273959][ T972] 2 locks held by getty/8967: [ 384.278739][ T972] #0: ffff888093c3f090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 384.288480][ T972] #1: ffffc90005f3b2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 384.298109][ T972] 2 locks held by getty/8968: [ 384.302790][ T972] #0: ffff88808e8be090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 384.311817][ T972] #1: ffffc90005f372e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 384.321634][ T972] 2 locks held by getty/8969: [ 384.326778][ T972] #0: ffff8880a3a39090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 384.336171][ T972] #1: ffffc90005f152e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 384.346151][ T972] 2 locks held by getty/8970: [ 384.350972][ T972] #0: ffff8880a80dc090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 384.360021][ T972] #1: ffffc90005f292e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 384.369845][ T972] 2 locks held by getty/8971: [ 384.374612][ T972] #0: ffff888099c23090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 384.383638][ T972] #1: ffffc90005f312e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 384.393447][ T972] 2 locks held by getty/8972: [ 384.399430][ T972] #0: ffff88809ad40090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 384.408599][ T972] #1: ffffc90005f092e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 384.418466][ T972] [ 384.420795][ T972] ============================================= [ 384.420795][ T972] [ 384.429673][ T972] NMI backtrace for cpu 0 [ 384.434013][ T972] CPU: 0 PID: 972 Comm: khungtaskd Not tainted 5.4.0-rc7-next-20191115 #0 [ 384.442491][ T972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 384.452530][ T972] Call Trace: [ 384.456070][ T972] dump_stack+0x197/0x210 [ 384.460391][ T972] nmi_cpu_backtrace.cold+0x70/0xb2 [ 384.465574][ T972] ? vprintk_func+0x86/0x189 [ 384.470151][ T972] ? lapic_can_unplug_cpu.cold+0x3a/0x3a [ 384.475769][ T972] nmi_trigger_cpumask_backtrace+0x23b/0x28b [ 384.481735][ T972] arch_trigger_cpumask_backtrace+0x14/0x20 [ 384.487639][ T972] watchdog+0xc8f/0x1350 [ 384.491881][ T972] kthread+0x361/0x430 [ 384.495943][ T972] ? reset_hung_task_detector+0x30/0x30 [ 384.501477][ T972] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 384.507184][ T972] ret_from_fork+0x24/0x30 [ 384.511760][ T972] Sending NMI from CPU 0 to CPUs 1: [ 384.517510][ C1] NMI backtrace for cpu 1 [ 384.517516][ C1] CPU: 1 PID: 21 Comm: kworker/u4:1 Not tainted 5.4.0-rc7-next-20191115 #0 [ 384.517522][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 384.517526][ C1] Workqueue: bat_events batadv_nc_worker [ 384.517531][ C1] RIP: 0010:mark_lock+0xca/0x1220 [ 384.517542][ C1] Code: 20 66 81 e3 ff 1f 0f b7 db be 08 00 00 00 48 89 d8 48 c1 f8 06 48 8d 3c c5 a0 59 7a 8a e8 8e 74 56 00 48 0f a3 1d a6 d5 20 09 <0f> 83 be 00 00 00 48 69 db b0 00 00 00 48 81 c3 c0 5d 7a 8a 48 8d [ 384.517545][ C1] RSP: 0018:ffff8880a9a17a40 EFLAGS: 00000047 [ 384.517553][ C1] RAX: 0000000000000001 RBX: 000000000000058b RCX: ffffffff815983f2 [ 384.517557][ C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8a7a5a50 [ 384.517562][ C1] RBP: ffff8880a9a17a90 R08: 1ffffffff14f4b4a R09: fffffbfff14f4b4b [ 384.517566][ C1] R10: fffffbfff14f4b4a R11: ffffffff8a7a5a57 R12: 0000000000000008 [ 384.517571][ C1] R13: ffff8880a9a0ae70 R14: 0000000000000000 R15: 000000000004058b [ 384.517576][ C1] FS: 0000000000000000(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 384.517580][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 384.517584][ C1] CR2: ffffffffff600400 CR3: 00000000960b7000 CR4: 00000000001406e0 [ 384.517589][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 384.517593][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 384.517596][ C1] Call Trace: [ 384.517599][ C1] __lock_acquire+0x538/0x4a00 [ 384.517603][ C1] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 384.517607][ C1] ? debug_smp_processor_id+0x33/0x18a [ 384.517610][ C1] ? perf_trace_lock_acquire+0xf5/0x530 [ 384.517613][ C1] ? mark_held_locks+0xf0/0xf0 [ 384.517616][ C1] ? mark_held_locks+0xa4/0xf0 [ 384.517620][ C1] ? trace_hardirqs_off+0x62/0x240 [ 384.517623][ C1] lock_acquire+0x190/0x410 [ 384.517626][ C1] ? batadv_nc_purge_paths+0xd8/0x370 [ 384.517630][ C1] ? batadv_nc_to_purge_nc_path_decoding+0x160/0x160 [ 384.517633][ C1] _raw_spin_lock_bh+0x33/0x50 [ 384.517637][ C1] ? batadv_nc_purge_paths+0xd8/0x370 [ 384.517640][ C1] batadv_nc_purge_paths+0xd8/0x370 [ 384.517644][ C1] batadv_nc_worker+0x297/0x760 [ 384.517647][ C1] process_one_work+0x9af/0x1740 [ 384.517650][ C1] ? _raw_spin_lock_irq+0x3a/0x80 [ 384.517654][ C1] ? pwq_dec_nr_in_flight+0x320/0x320 [ 384.517657][ C1] ? lock_acquire+0x190/0x410 [ 384.517660][ C1] worker_thread+0x98/0xe40 [ 384.517664][ C1] ? trace_hardirqs_on+0x67/0x240 [ 384.517667][ C1] kthread+0x361/0x430 [ 384.517670][ C1] ? process_one_work+0x1740/0x1740 [ 384.517674][ C1] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 384.517677][ C1] ret_from_fork+0x24/0x30 [ 384.519499][ T972] Kernel panic - not syncing: hung_task: blocked tasks [ 384.787879][ T972] CPU: 0 PID: 972 Comm: khungtaskd Not tainted 5.4.0-rc7-next-20191115 #0 [ 384.796369][ T972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 384.806407][ T972] Call Trace: [ 384.809690][ T972] dump_stack+0x197/0x210 [ 384.814007][ T972] panic+0x2e3/0x75c [ 384.817891][ T972] ? add_taint.cold+0x16/0x16 [ 384.822560][ T972] ? lapic_can_unplug_cpu.cold+0x3a/0x3a [ 384.828179][ T972] ? ___preempt_schedule+0x16/0x18 [ 384.833284][ T972] ? nmi_trigger_cpumask_backtrace+0x21b/0x28b [ 384.839422][ T972] ? nmi_trigger_cpumask_backtrace+0x24c/0x28b [ 384.845561][ T972] ? nmi_trigger_cpumask_backtrace+0x256/0x28b [ 384.851699][ T972] ? nmi_trigger_cpumask_backtrace+0x21b/0x28b [ 384.857851][ T972] watchdog+0xca0/0x1350 [ 384.862083][ T972] kthread+0x361/0x430 [ 384.866145][ T972] ? reset_hung_task_detector+0x30/0x30 [ 384.871683][ T972] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 384.877397][ T972] ret_from_fork+0x24/0x30 [ 384.883070][ T972] Kernel Offset: disabled [ 384.887405][ T972] Rebooting in 86400 seconds..