[ 67.159538][ T26] audit: type=1800 audit(1572292237.595:25): pid=8942 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 67.179344][ T26] audit: type=1800 audit(1572292237.595:26): pid=8942 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 67.225883][ T26] audit: type=1800 audit(1572292237.595:27): pid=8942 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [ 67.793762][ T9007] sshd (9007) used greatest stack depth: 22888 bytes left [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.51' (ECDSA) to the list of known hosts. 2019/10/28 19:50:48 fuzzer started 2019/10/28 19:50:50 dialing manager at 10.128.0.26:44167 2019/10/28 19:50:50 syscalls: 2541 2019/10/28 19:50:50 code coverage: enabled 2019/10/28 19:50:50 comparison tracing: enabled 2019/10/28 19:50:50 extra coverage: extra coverage is not supported by the kernel 2019/10/28 19:50:50 setuid sandbox: enabled 2019/10/28 19:50:50 namespace sandbox: enabled 2019/10/28 19:50:50 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/28 19:50:50 fault injection: enabled 2019/10/28 19:50:50 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/28 19:50:50 net packet injection: enabled 2019/10/28 19:50:50 net device setup: enabled 2019/10/28 19:50:50 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 19:52:54 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0xd, 0x12, @gre={{0x8, 0x1, 'gre\x00'}, {0x14, 0x2, [@IFLA_GRE_LOCAL={0x8, 0x10, @empty}, @gre_common_policy=[@IFLA_GRE_OFLAGS={0x8}]]}}}]}, 0x40}}, 0x0) 19:52:54 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_sco(r0, &(0x7f0000000040), 0x8) setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f0000000040)=0x1, 0x1) syzkaller login: [ 204.471028][ T9108] IPVS: ftp: loaded support on port[0] = 21 19:52:55 executing program 2: r0 = socket(0x10, 0x3, 0x0) getsockopt$sock_int(r0, 0x1, 0x8, 0x0, &(0x7f0000000180)) [ 204.656353][ T9108] chnl_net:caif_netlink_parms(): no params data found [ 204.684956][ T9111] IPVS: ftp: loaded support on port[0] = 21 [ 204.778935][ T9108] bridge0: port 1(bridge_slave_0) entered blocking state [ 204.791034][ T9108] bridge0: port 1(bridge_slave_0) entered disabled state [ 204.799291][ T9108] device bridge_slave_0 entered promiscuous mode [ 204.835468][ T9108] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.851038][ T9108] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.859209][ T9108] device bridge_slave_1 entered promiscuous mode [ 204.900214][ T9108] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 204.911819][ T9113] IPVS: ftp: loaded support on port[0] = 21 [ 204.947902][ T9108] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link 19:52:55 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000000)=@req={0x1, 0x6}, 0x10) [ 205.017005][ T9108] team0: Port device team_slave_0 added [ 205.061116][ T9108] team0: Port device team_slave_1 added [ 205.077975][ T9111] chnl_net:caif_netlink_parms(): no params data found [ 205.225316][ T9108] device hsr_slave_0 entered promiscuous mode 19:52:55 executing program 4: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x100000800ffe0, 0x0) [ 205.293613][ T9108] device hsr_slave_1 entered promiscuous mode [ 205.420081][ T9116] IPVS: ftp: loaded support on port[0] = 21 [ 205.498803][ T9111] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.507632][ T9111] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.519052][ T9111] device bridge_slave_0 entered promiscuous mode [ 205.529719][ T9111] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.539919][ T9111] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.550273][ T9111] device bridge_slave_1 entered promiscuous mode [ 205.560346][ T9113] chnl_net:caif_netlink_parms(): no params data found [ 205.636680][ T9111] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 205.675827][ T9119] IPVS: ftp: loaded support on port[0] = 21 [ 205.694392][ T9111] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 205.729999][ T9113] bridge0: port 1(bridge_slave_0) entered blocking state [ 205.739464][ T9113] bridge0: port 1(bridge_slave_0) entered disabled state [ 205.748083][ T9113] device bridge_slave_0 entered promiscuous mode 19:52:56 executing program 5: ioctl$sock_inet_SIOCRTMSG(0xffffffffffffffff, 0x890d, &(0x7f0000000100)={0x0, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x2, 0x0, @multicast1}, {0x2, 0x0, @dev}}) r0 = userfaultfd(0x80800) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)) r1 = dup(r0) ppoll(&(0x7f0000000100)=[{r1}], 0x20000000000000bd, 0x0, 0x0, 0x0) [ 205.787091][ T9111] team0: Port device team_slave_0 added [ 205.807946][ T9113] bridge0: port 2(bridge_slave_1) entered blocking state [ 205.815891][ T9113] bridge0: port 2(bridge_slave_1) entered disabled state [ 205.827351][ T9113] device bridge_slave_1 entered promiscuous mode [ 205.838752][ T9111] team0: Port device team_slave_1 added [ 205.927084][ T9111] device hsr_slave_0 entered promiscuous mode [ 205.981482][ T9111] device hsr_slave_1 entered promiscuous mode [ 206.041106][ T9111] debugfs: Directory 'hsr0' with parent '/' already present! [ 206.070192][ T9113] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 206.105556][ T9121] IPVS: ftp: loaded support on port[0] = 21 [ 206.117608][ T9113] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 206.190264][ T9113] team0: Port device team_slave_0 added [ 206.225952][ T9113] team0: Port device team_slave_1 added [ 206.324502][ T9113] device hsr_slave_0 entered promiscuous mode [ 206.371552][ T9113] device hsr_slave_1 entered promiscuous mode [ 206.431150][ T9113] debugfs: Directory 'hsr0' with parent '/' already present! [ 206.458474][ T9116] chnl_net:caif_netlink_parms(): no params data found [ 206.557455][ T9119] chnl_net:caif_netlink_parms(): no params data found [ 206.590461][ T9116] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.598117][ T9116] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.608010][ T9116] device bridge_slave_0 entered promiscuous mode [ 206.625235][ T9108] 8021q: adding VLAN 0 to HW filter on device bond0 [ 206.646750][ T9116] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.654333][ T9116] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.662980][ T9116] device bridge_slave_1 entered promiscuous mode [ 206.698754][ T9108] 8021q: adding VLAN 0 to HW filter on device team0 [ 206.714737][ T9116] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 206.728092][ T9113] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.735361][ T9113] bridge0: port 2(bridge_slave_1) entered forwarding state [ 206.749249][ T5] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.765975][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 206.775449][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 206.805261][ T9119] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.813038][ T9119] bridge0: port 1(bridge_slave_0) entered disabled state [ 206.822821][ T9119] device bridge_slave_0 entered promiscuous mode [ 206.832845][ T9116] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 206.858129][ T9116] team0: Port device team_slave_0 added [ 206.872313][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 206.882359][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 206.890785][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.897920][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 206.907006][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 206.916492][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 206.926357][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.934181][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 206.952399][ T9119] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.959605][ T9119] bridge0: port 2(bridge_slave_1) entered disabled state [ 206.967852][ T9119] device bridge_slave_1 entered promiscuous mode [ 206.986758][ T9116] team0: Port device team_slave_1 added [ 207.010139][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 207.019172][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 207.028631][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 207.055250][ T9119] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 207.098262][ T9119] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 207.144619][ T9116] device hsr_slave_0 entered promiscuous mode [ 207.201854][ T9116] device hsr_slave_1 entered promiscuous mode [ 207.261151][ T9116] debugfs: Directory 'hsr0' with parent '/' already present! [ 207.269718][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 207.282163][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 207.291363][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 207.300404][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 207.309157][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 207.317725][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 207.327479][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 207.356131][ T9108] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 207.369461][ T9108] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 207.388704][ T9111] 8021q: adding VLAN 0 to HW filter on device bond0 [ 207.407440][ T9121] chnl_net:caif_netlink_parms(): no params data found [ 207.417699][ T9124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 207.426560][ T9124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 207.437937][ T9119] team0: Port device team_slave_0 added [ 207.462446][ T9113] 8021q: adding VLAN 0 to HW filter on device bond0 [ 207.484286][ T9119] team0: Port device team_slave_1 added [ 207.496693][ T9124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 207.508799][ T9124] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 207.519156][ T9111] 8021q: adding VLAN 0 to HW filter on device team0 [ 207.538788][ T9113] 8021q: adding VLAN 0 to HW filter on device team0 [ 207.564830][ T9108] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 207.573726][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 207.588324][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 207.640120][ T9121] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.656986][ T9121] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.665867][ T9121] device bridge_slave_0 entered promiscuous mode [ 207.676188][ T2839] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 207.685537][ T2839] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 207.694410][ T2839] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.701526][ T2839] bridge0: port 1(bridge_slave_0) entered forwarding state [ 207.710088][ T2839] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 207.719435][ T2839] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 207.729822][ T2839] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.736926][ T2839] bridge0: port 1(bridge_slave_0) entered forwarding state [ 207.744846][ T2839] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 207.753879][ T2839] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 207.762416][ T2839] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.769488][ T2839] bridge0: port 2(bridge_slave_1) entered forwarding state [ 207.777359][ T2839] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 207.786746][ T2839] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 207.795507][ T2839] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.802748][ T2839] bridge0: port 2(bridge_slave_1) entered forwarding state [ 207.810444][ T2839] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 207.820150][ T2839] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 207.876473][ T9119] device hsr_slave_0 entered promiscuous mode [ 207.931385][ T9119] device hsr_slave_1 entered promiscuous mode [ 207.971011][ T9119] debugfs: Directory 'hsr0' with parent '/' already present! [ 207.983374][ T9121] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.990484][ T9121] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.998636][ T9121] device bridge_slave_1 entered promiscuous mode [ 208.019790][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 208.029020][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 208.085876][ T9121] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 208.105488][ T9126] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 208.114436][ T9126] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 208.123694][ T9126] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 208.138302][ T9126] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 208.147601][ T9126] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 208.156704][ T9126] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 208.165972][ T9126] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 208.174896][ T9126] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 208.183434][ T9126] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 208.208648][ T9121] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 208.247607][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 208.262204][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 208.280371][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 208.304507][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 208.315095][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 208.324311][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 208.332858][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 208.341490][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 208.351595][ T9111] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 208.371911][ T9121] team0: Port device team_slave_0 added [ 208.384032][ T9135] netlink: 'syz-executor.0': attribute type 16 has an invalid length. [ 208.392768][ T9135] netlink: 1 bytes leftover after parsing attributes in process `syz-executor.0'. 19:52:59 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/fib_triestat\x00') recvmmsg(0xffffffffffffffff, &(0x7f00000036c0)=[{{0x0, 0x0, &(0x7f0000001c00)=[{&(0x7f0000001b80)=""/4, 0x4}], 0x1}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$TIPC_NL_MEDIA_SET(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x0, 0x0) preadv(r0, &(0x7f00000017c0), 0x1be, 0x0) [ 208.574944][ T9113] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 208.586936][ T9113] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 208.609540][ T9111] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 208.620115][ T9121] team0: Port device team_slave_1 added [ 208.654078][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 208.678527][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 208.712483][ C1] hrtimer: interrupt took 71211 ns [ 208.775098][ T9121] device hsr_slave_0 entered promiscuous mode 19:52:59 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/fib_triestat\x00') recvmmsg(0xffffffffffffffff, &(0x7f00000036c0)=[{{0x0, 0x0, &(0x7f0000001c00)=[{&(0x7f0000001b80)=""/4, 0x4}], 0x1}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$TIPC_NL_MEDIA_SET(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x0, 0x0) preadv(r0, &(0x7f00000017c0), 0x1be, 0x0) [ 208.821388][ T9121] device hsr_slave_1 entered promiscuous mode [ 208.860997][ T9121] debugfs: Directory 'hsr0' with parent '/' already present! [ 208.900632][ T9113] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 209.050423][ T9116] 8021q: adding VLAN 0 to HW filter on device bond0 19:52:59 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/fib_triestat\x00') recvmmsg(0xffffffffffffffff, &(0x7f00000036c0)=[{{0x0, 0x0, &(0x7f0000001c00)=[{&(0x7f0000001b80)=""/4, 0x4}], 0x1}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$TIPC_NL_MEDIA_SET(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x0, 0x0) preadv(r0, &(0x7f00000017c0), 0x1be, 0x0) [ 209.143307][ T9126] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 209.154318][ T9126] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 209.166047][ T9116] 8021q: adding VLAN 0 to HW filter on device team0 19:52:59 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000840)='/dev/bus/usb/00#/00#\x00', 0x908, 0x1) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000040)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000)={0xa0, 0x0, 0x0, 0x0, 0x3}, 0x194, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$USBDEVFS_REAPURB(r0, 0x4008550c, &(0x7f0000000140)) dup2(0xffffffffffffffff, r0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) socket$inet(0x2, 0x0, 0x0) syz_open_dev$vcsa(0x0, 0x0, 0x400) socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$radio(0x0, 0x0, 0x2) getsockopt$inet_buf(r1, 0x0, 0x0, &(0x7f0000000180)=""/103, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') ioctl$sock_inet6_udp_SIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) [ 209.259010][ T9119] 8021q: adding VLAN 0 to HW filter on device bond0 [ 209.289117][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready 19:52:59 executing program 1: r0 = socket(0x15, 0x80005, 0x0) getsockopt(r0, 0x800000000000114, 0x8, 0x0, &(0x7f000033bffc)) [ 209.326643][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 209.378800][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.385983][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 209.476977][ T2839] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 209.506224][ T2839] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 209.545578][ T2839] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 209.579594][ T2839] bridge0: port 2(bridge_slave_1) entered blocking state 19:53:00 executing program 1: r0 = socket(0x40000000002, 0x3, 0x80000000002) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000000), 0x4) [ 209.588904][ T2839] bridge0: port 2(bridge_slave_1) entered forwarding state [ 209.665870][ T2839] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 19:53:00 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/fib_triestat\x00') recvmmsg(0xffffffffffffffff, &(0x7f00000036c0)=[{{0x0, 0x0, &(0x7f0000001c00)=[{&(0x7f0000001b80)=""/4, 0x4}], 0x1}}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$TIPC_NL_MEDIA_SET(0xffffffffffffffff, 0x0, 0x0) sched_setscheduler(0x0, 0x0, 0x0) preadv(r0, &(0x7f00000017c0), 0x1be, 0x0) [ 209.720130][ T9119] 8021q: adding VLAN 0 to HW filter on device team0 [ 209.756575][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 19:53:00 executing program 1: r0 = socket(0x40000000002, 0x3, 0x80000000002) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000000), 0x4) [ 209.772719][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 209.802314][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 19:53:00 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000840)='/dev/bus/usb/00#/00#\x00', 0x908, 0x1) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000040)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000)={0xa0, 0x0, 0x0, 0x0, 0x3}, 0x194, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$USBDEVFS_REAPURB(r0, 0x4008550c, &(0x7f0000000140)) dup2(0xffffffffffffffff, r0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) socket$inet(0x2, 0x0, 0x0) syz_open_dev$vcsa(0x0, 0x0, 0x400) socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$radio(0x0, 0x0, 0x2) getsockopt$inet_buf(r1, 0x0, 0x0, &(0x7f0000000180)=""/103, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') ioctl$sock_inet6_udp_SIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) [ 209.838664][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 209.881626][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 209.900200][ T9116] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 209.934839][ T9116] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 209.977975][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 209.995197][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 210.020600][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 210.052351][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 210.061680][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 210.070460][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 210.079638][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 210.156714][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 210.165352][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 210.174575][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 210.183501][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.190560][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 210.199123][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 210.209535][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 210.218110][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.225192][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 210.236701][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 210.245569][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 210.270767][ T9121] 8021q: adding VLAN 0 to HW filter on device bond0 [ 210.278188][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 210.302541][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 210.312009][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 210.321518][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 210.330567][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 210.340045][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 210.348834][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 210.359434][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 210.374966][ T9116] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 210.402953][ T9124] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 210.418031][ T9124] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 210.429832][ T9119] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 210.462821][ T9121] 8021q: adding VLAN 0 to HW filter on device team0 [ 210.477731][ T9126] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 210.486105][ T9126] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 210.508560][ T9119] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 210.516830][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 210.529177][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 210.538363][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.545875][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 210.554400][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 210.563874][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 210.572745][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.579789][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 210.588245][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 210.606021][ T9126] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 19:53:01 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000000)=@req={0x1, 0x6}, 0x10) [ 210.676113][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 210.686360][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 210.700650][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 210.711731][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 210.724439][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 210.733413][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 210.742157][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 210.752022][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 210.764893][ T9121] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 210.786114][ T9121] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 210.806642][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 210.817913][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 210.853968][ T9121] 8021q: adding VLAN 0 to HW filter on device batadv0 19:53:01 executing program 4: ioctl$BLKREPORTZONE(0xffffffffffffffff, 0xc0101282, &(0x7f00000000c0)=ANY=[@ANYBLOB="f1ff2edb00bdb8d092000000008000f248b1a500000100004c"]) writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000000)='2', 0x1}], 0x1) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='coredump_filter\x00') writev(r0, &(0x7f00000000c0), 0x20000000000003fa) 19:53:01 executing program 5: ioctl$TCSETXW(0xffffffffffffffff, 0x5435, &(0x7f0000000140)={0x0, 0x0, [0x1, 0x0, 0x0, 0x0, 0x1], 0x6b}) pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) socket$inet(0x2, 0x200000003, 0x84) connect$inet(r2, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x27}}, 0x10) splice(r0, 0x0, r2, 0x0, 0x19404, 0x0) 19:53:01 executing program 1: r0 = socket(0x40000000002, 0x3, 0x80000000002) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000000), 0x4) 19:53:01 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000840)='/dev/bus/usb/00#/00#\x00', 0x908, 0x1) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000040)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000)={0xa0, 0x0, 0x0, 0x0, 0x3}, 0x194, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$USBDEVFS_REAPURB(r0, 0x4008550c, &(0x7f0000000140)) dup2(0xffffffffffffffff, r0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) socket$inet(0x2, 0x0, 0x0) syz_open_dev$vcsa(0x0, 0x0, 0x400) socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$radio(0x0, 0x0, 0x2) getsockopt$inet_buf(r1, 0x0, 0x0, &(0x7f0000000180)=""/103, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') ioctl$sock_inet6_udp_SIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) 19:53:01 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000000)=@req={0x1, 0x6}, 0x10) 19:53:01 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r2, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x4040, 0x0) preadv(r3, &(0x7f0000000040)=[{&(0x7f0000000400)=""/4096, 0x3ffc00}], 0x1, 0x0) 19:53:01 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000840)='/dev/bus/usb/00#/00#\x00', 0x908, 0x1) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000040)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000)={0xa0, 0x0, 0x0, 0x0, 0x3}, 0x194, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$USBDEVFS_REAPURB(r0, 0x4008550c, &(0x7f0000000140)) dup2(0xffffffffffffffff, r0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) socket$inet(0x2, 0x0, 0x0) syz_open_dev$vcsa(0x0, 0x0, 0x400) socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$radio(0x0, 0x0, 0x2) getsockopt$inet_buf(r1, 0x0, 0x0, &(0x7f0000000180)=""/103, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') ioctl$sock_inet6_udp_SIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) [ 211.121532][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 211.127797][ C1] protocol 88fb is buggy, dev hsr_slave_1 19:53:01 executing program 1: r0 = socket(0x40000000002, 0x3, 0x80000000002) setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000000), 0x4) 19:53:01 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000000)=@req={0x1, 0x6}, 0x10) 19:53:01 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000840)='/dev/bus/usb/00#/00#\x00', 0x908, 0x1) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000040)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000)={0xa0, 0x0, 0x0, 0x0, 0x3}, 0x194, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$USBDEVFS_REAPURB(r0, 0x4008550c, &(0x7f0000000140)) dup2(0xffffffffffffffff, r0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) socket$inet(0x2, 0x0, 0x0) syz_open_dev$vcsa(0x0, 0x0, 0x400) socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$radio(0x0, 0x0, 0x2) getsockopt$inet_buf(r1, 0x0, 0x0, &(0x7f0000000180)=""/103, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') ioctl$sock_inet6_udp_SIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) 19:53:01 executing program 1: r0 = gettid() mremap(&(0x7f0000182000/0x3000)=nil, 0x3000, 0x2000, 0x0, &(0x7f00000be000/0x2000)=nil) process_vm_writev(r0, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x35c}], 0x329, &(0x7f0000c22fa0)=[{&(0x7f0000000080)=""/1, 0x2034b0e5}], 0x1, 0x0) 19:53:01 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000840)='/dev/bus/usb/00#/00#\x00', 0x908, 0x1) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000040)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000)={0xa0, 0x0, 0x0, 0x0, 0x3}, 0x194, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$USBDEVFS_REAPURB(r0, 0x4008550c, &(0x7f0000000140)) dup2(0xffffffffffffffff, r0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) socket$inet(0x2, 0x0, 0x0) syz_open_dev$vcsa(0x0, 0x0, 0x400) socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$radio(0x0, 0x0, 0x2) getsockopt$inet_buf(r1, 0x0, 0x0, &(0x7f0000000180)=""/103, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') ioctl$sock_inet6_udp_SIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) 19:53:01 executing program 3: r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x88001) r1 = socket(0x11, 0x3, 0x0) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) open(0x0, 0x14103e, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r2, 0x0, 0x4e68d5f8) [ 211.659965][ T26] kauditd_printk_skb: 3 callbacks suppressed [ 211.659986][ T26] audit: type=1804 audit(1572292382.095:31): pid=9265 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir041926909/syzkaller.KECDwd/4/bus" dev="sda1" ino=16552 res=1 19:53:02 executing program 5: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r1 = dup(r0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8b28, &(0x7f0000000000)='wlan0\x00') 19:53:02 executing program 2: bpf$MAP_CREATE(0x0, &(0x7f0000000280)={0xf, 0x4, 0x4, 0x400, 0x0, 0x1}, 0x3c) creat(&(0x7f0000000080)='./file0\x00', 0x0) socket$rxrpc(0x21, 0x2, 0x800000000a) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x5}, 0x3c) bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x10020000000, 0x0}, 0x2c) 19:53:02 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000840)='/dev/bus/usb/00#/00#\x00', 0x908, 0x1) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000040)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000)={0xa0, 0x0, 0x0, 0x0, 0x3}, 0x194, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$USBDEVFS_REAPURB(r0, 0x4008550c, &(0x7f0000000140)) dup2(0xffffffffffffffff, r0) setsockopt$CAIFSO_LINK_SELECT(0xffffffffffffffff, 0x116, 0x7f, 0x0, 0x0) socket$inet(0x2, 0x0, 0x0) syz_open_dev$vcsa(0x0, 0x0, 0x400) socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$radio(0x0, 0x0, 0x2) getsockopt$inet_buf(r1, 0x0, 0x0, &(0x7f0000000180)=""/103, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') ioctl$sock_inet6_udp_SIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x0) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) 19:53:02 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) openat$null(0xffffffffffffff9c, &(0x7f0000000440)='/dev/null\x00', 0x0, 0x0) setsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000480)={0x0, @rand_addr, @local}, 0xc) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) ioctl$VFIO_IOMMU_MAP_DMA(0xffffffffffffffff, 0x3b71, &(0x7f00000004c0)={0x20, 0x0, 0x7ff, 0x3}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x0, 0x0, 0x400000000000000]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 211.979672][ T26] audit: type=1804 audit(1572292382.415:32): pid=9274 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir041926909/syzkaller.KECDwd/4/bus" dev="sda1" ino=16552 res=1 19:53:02 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r2, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x4040, 0x0) preadv(r3, &(0x7f0000000040)=[{&(0x7f0000000400)=""/4096, 0x3ffc00}], 0x1, 0x0) 19:53:02 executing program 3: r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x88001) r1 = socket(0x11, 0x3, 0x0) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) open(0x0, 0x14103e, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r2, 0x0, 0x4e68d5f8) [ 212.112370][ T9281] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. 19:53:02 executing program 2: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@union={0x0, 0x1, 0x0, 0x5, 0x0, 0x0, [{0x0, 0x4}]}]}}, &(0x7f00000002c0)=""/178, 0x32, 0xb2, 0x1}, 0x20) 19:53:02 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) listen(r2, 0x4000000043) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r3, &(0x7f000087dffe)='F', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r4 = socket$netlink(0x10, 0x3, 0x200000000000004) writev(r4, &(0x7f0000000040)=[{&(0x7f0000000080)="480000001400190d09004beafd0d8c560a8447000bffe0064e230f00000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed5e00000000000000", 0x48}], 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) [ 212.383772][ T26] audit: type=1804 audit(1572292382.825:33): pid=9298 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir041926909/syzkaller.KECDwd/5/bus" dev="sda1" ino=16549 res=1 19:53:02 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000940)={0x26, 'hash\x00', 0x0, 0x0, 'vmac64(aes-generic)\x00'}, 0x58) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-generic\x00'}, 0x58) 19:53:02 executing program 2: mount$bpf(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) 19:53:03 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000000)='IPVS\x00') sendmsg$IPVS_CMD_GET_DEST(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x18, r1, 0xf01, 0x0, 0x0, {}, [@IPVS_CMD_ATTR_SERVICE={0x4}]}, 0x18}}, 0x0) 19:53:03 executing program 3: r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x88001) r1 = socket(0x11, 0x3, 0x0) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) open(0x0, 0x14103e, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r2, 0x0, 0x4e68d5f8) 19:53:03 executing program 2: r0 = socket(0x2, 0x3, 0x100000001) connect$inet(r0, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x29}}, 0x10) r1 = open(&(0x7f0000000000)='./file0\x00', 0x42, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000380)=ANY=[@ANYBLOB='-\x00\x00'], 0x3) ftruncate(r1, 0x8007ffc) sendfile(r0, r1, 0x0, 0xffff) 19:53:03 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000940)={0x26, 'hash\x00', 0x0, 0x0, 'vmac64(aes-generic)\x00'}, 0x58) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-generic\x00'}, 0x58) 19:53:03 executing program 0: msgsnd(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="87"], 0x1, 0x0) msgrcv(0x0, &(0x7f0000000000)={0x0, ""/228}, 0xec, 0xe42821a6f81bd540, 0x0) 19:53:03 executing program 5: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) sendmsg$can_bcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYBLOB="05000000040000003f00be33f525814000167c4cef00", @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="00000000010000000000000000000000ddc4b1880e6a85f2559452e5d39a523bd3c3f3af9ba81401357d521b6a2c8611cb78cd4cfc73dbcaae9cfa388a90282aeab45a3fd37389e0bdc93e0639db766cb4688952d93cc57be9d8420ba7cecc3539dc1bbffdda73532950b42d1be23874f03141411bc42c179205b73bef26dd6fd89994538d37edd902bbab32518ea50a5165f1b0cfd22163369f9fae0e5030f36652b5509914bdcdce38119c1f8b64bf0fc7"], 0x48}}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f00000005c0)={0x7, 0x0, 0x0, {}, {0x77359400}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "2018f59e6fc82dd8"}}, 0x48}}, 0x0) recvmmsg(r0, &(0x7f0000005a40), 0xf3, 0x60000023, 0x0) [ 213.023164][ T26] audit: type=1804 audit(1572292383.465:34): pid=9329 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir041926909/syzkaller.KECDwd/6/bus" dev="sda1" ino=16558 res=1 [ 213.220697][ T26] audit: type=1800 audit(1572292383.655:35): pid=9340 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.2" name="file0" dev="sda1" ino=16550 res=0 19:53:03 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r2, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x4040, 0x0) preadv(r3, &(0x7f0000000040)=[{&(0x7f0000000400)=""/4096, 0x3ffc00}], 0x1, 0x0) 19:53:03 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000940)={0x26, 'hash\x00', 0x0, 0x0, 'vmac64(aes-generic)\x00'}, 0x58) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-generic\x00'}, 0x58) 19:53:03 executing program 0: mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x800000000008031, 0xffffffffffffffff, 0x0) dup(0xffffffffffffffff) mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x3) move_pages(0x0, 0x1, &(0x7f0000000140)=[&(0x7f0000ffd000/0x1000)=nil], 0x0, &(0x7f0000000000), 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 19:53:03 executing program 2: r0 = socket$inet6(0xa, 0x80003, 0xff) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000180)=0x4001, 0x4) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @mcast1, 0x9}, 0x1c) sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)="f67f986af9dc3ba1fe8000000000000087209739ae649266f062bcd978b94585b9bf1100ed8bc3b5", 0x28}], 0x1}, 0x0) 19:53:03 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000940)={0x26, 'hash\x00', 0x0, 0x0, 'vmac64(aes-generic)\x00'}, 0x58) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'crc32c-generic\x00'}, 0x58) 19:53:03 executing program 5: perf_event_open(&(0x7f0000000340)={0x2, 0x70, 0xbc, 0x80000005, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r1, &(0x7f0000000200), 0x1e00) 19:53:04 executing program 3: r0 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r0, 0x88001) r1 = socket(0x11, 0x3, 0x0) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) open(0x0, 0x14103e, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r2, 0x0, 0x4e68d5f8) 19:53:04 executing program 2: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'tgr192\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg(r1, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can, 0x50, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x1a9, &(0x7f0000007b00)}}], 0x400000000000290, 0x0) 19:53:04 executing program 1: r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) r2 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)={0x120000003}) timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f00000001c0)={{}, {0x0, 0x989680}}, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000040)) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) epoll_pwait(r1, &(0x7f0000000100)=[{}], 0x1, 0xffffffffffffffff, 0x0, 0xfffffffffffffdd8) r5 = dup3(r2, r1, 0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r5, &(0x7f0000000140)={0x2001}) [ 213.763042][ T26] audit: type=1804 audit(1572292384.205:36): pid=9366 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir041926909/syzkaller.KECDwd/7/bus" dev="sda1" ino=16530 res=1 19:53:04 executing program 2: syz_read_part_table(0x0, 0x1d4, &(0x7f0000000200)=[{&(0x7f0000000080)="0200050000000100001400000000000000000f0000000000000000000500000000004200000000000000000000000000000000000000000000000000000055aa", 0x40, 0x1c0}]) 19:53:04 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000002046, 0x0) r1 = dup2(r0, r0) write$P9_RMKNOD(r1, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x3}) r2 = syz_open_pts(r0, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)) [ 214.173162][ T9382] ldm_validate_privheads(): Disk read failed. [ 214.180019][ T9382] loop2: p2 < > [ 214.202513][ T9382] loop2: partition table partially beyond EOD, truncated 19:53:04 executing program 4: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r2, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/nullb0\x00', 0x4040, 0x0) preadv(r3, &(0x7f0000000040)=[{&(0x7f0000000400)=""/4096, 0x3ffc00}], 0x1, 0x0) [ 214.266010][ T9382] loop2: p2 size 2 extends beyond EOD, truncated 19:53:04 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @ipv4={[], [], @local}}, 0x1c) recvmmsg(r0, &(0x7f0000003bc0)=[{{&(0x7f0000000040)=@nl=@proc, 0x80, 0x0}}], 0x1, 0x0, 0x0) [ 214.471841][ T9382] ldm_validate_privheads(): Disk read failed. [ 214.472413][ T9394] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 214.481963][ T9382] loop2: p2 < > [ 214.513639][ T9382] loop2: partition table partially beyond EOD, truncated [ 214.533114][ T9382] loop2: p2 size 2 extends beyond EOD, truncated 19:53:05 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x6, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) r2 = io_uring_setup(0xa4, &(0x7f0000000080)) io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f0000000280)=[r0, r1, r1], 0x40000000000000e6) io_uring_register$IORING_UNREGISTER_FILES(0xffffffffffffffff, 0x3, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$inet6_sctp(0xa, 0x0, 0x84) [ 215.177947][ T9401] ================================================================== [ 215.186311][ T9401] BUG: KASAN: null-ptr-deref in io_wq_cancel_all+0x28/0x2a0 [ 215.193622][ T9401] Write of size 8 at addr 0000000000000004 by task syz-executor.3/9401 [ 215.201876][ T9401] [ 215.204671][ T9401] CPU: 0 PID: 9401 Comm: syz-executor.3 Not tainted 5.4.0-rc5-next-20191028 #0 [ 215.213638][ T9401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 215.223924][ T9401] Call Trace: [ 215.227333][ T9401] dump_stack+0x172/0x1f0 [ 215.231720][ T9401] ? io_wq_cancel_all+0x28/0x2a0 [ 215.236690][ T9401] ? io_wq_cancel_all+0x28/0x2a0 [ 215.242019][ T9401] __kasan_report.cold+0x5/0x41 [ 215.246866][ T9401] ? io_wq_cancel_all+0x28/0x2a0 [ 215.251818][ T9401] kasan_report+0x12/0x20 [ 215.256228][ T9401] check_memory_region+0x134/0x1a0 [ 215.261355][ T9401] __kasan_check_write+0x14/0x20 [ 215.266282][ T9401] io_wq_cancel_all+0x28/0x2a0 [ 215.271135][ T9401] io_ring_ctx_wait_and_kill+0x1e8/0x700 [ 215.276768][ T9401] io_uring_release+0x42/0x50 [ 215.283087][ T9401] __fput+0x2ff/0x890 [ 215.287064][ T9401] ? io_ring_ctx_wait_and_kill+0x700/0x700 [ 215.293206][ T9401] ____fput+0x16/0x20 [ 215.297181][ T9401] task_work_run+0x145/0x1c0 [ 215.302208][ T9401] do_exit+0x904/0x2e60 [ 215.306360][ T9401] ? mm_update_next_owner+0x640/0x640 [ 215.311992][ T9401] ? lock_downgrade+0x920/0x920 [ 215.316837][ T9401] ? _raw_spin_unlock_irq+0x23/0x80 [ 215.322028][ T9401] ? get_signal+0x392/0x24f0 [ 215.327563][ T9401] ? _raw_spin_unlock_irq+0x23/0x80 [ 215.333020][ T9401] do_group_exit+0x135/0x360 [ 215.337604][ T9401] get_signal+0x47c/0x24f0 [ 215.342014][ T9401] ? __fd_install+0x1bc/0x640 [ 215.346707][ T9401] do_signal+0x87/0x1700 [ 215.350944][ T9401] ? __kasan_check_read+0x11/0x20 [ 215.355961][ T9401] ? setup_sigcontext+0x7d0/0x7d0 [ 215.361344][ T9401] ? __fd_install+0x1fb/0x640 [ 215.366132][ T9401] ? fd_install+0x4d/0x60 [ 215.370463][ T9401] ? exit_to_usermode_loop+0x43/0x380 [ 215.375827][ T9401] ? do_syscall_64+0x65f/0x760 [ 215.380585][ T9401] ? exit_to_usermode_loop+0x43/0x380 [ 215.385953][ T9401] ? lockdep_hardirqs_on+0x421/0x5e0 [ 215.391249][ T9401] ? trace_hardirqs_on+0x67/0x240 [ 215.396383][ T9401] exit_to_usermode_loop+0x286/0x380 [ 215.401664][ T9401] do_syscall_64+0x65f/0x760 [ 215.406256][ T9401] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 215.413188][ T9401] RIP: 0033:0x459f39 [ 215.417103][ T9401] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 215.437681][ T9401] RSP: 002b:00007f4da8cc5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 215.446102][ T9401] RAX: 0000000000000005 RBX: 0000000000000003 RCX: 0000000000459f39 [ 215.454152][ T9401] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 000000000000000a [ 215.462115][ T9401] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 215.470111][ T9401] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4da8cc66d4 [ 215.478076][ T9401] R13: 00000000004c9066 R14: 00000000004e06e8 R15: 00000000ffffffff [ 215.486488][ T9401] ================================================================== [ 215.494565][ T9401] Disabling lock debugging due to kernel taint 19:53:06 executing program 0: clone(0x22004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_procfs(0x0, &(0x7f0000000040)='pagemap\x00') exit(0x0) wait4(0x0, 0x0, 0x40000000, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='fd/3\x00W\xf6Je|H\x10\x05\xf1\xab\xc4MJ\xcbP\xed@\xe8\xe39\xd2\xea\xaap\xf9\x1aTM\x1f\x8e\x86c\xb4T\xde\x10\xf6\xa1\x89\xea)6\xca\x00\xa2\x04\xe6}\xaa\xd4\xf6~\xd0\x04bq\xe5\xa2\x99t;zzV\x15\x9a\x1b\xb9\x87@\xe9#\x99\xd6\xb8\xa4\xb1T\xdd\xe0\x93\xd0\xd5\xd8\x0f\x11y\xef\xf1R\v\xd6\x81\x97\xa96,q\xd053\x1a\x11VEG(\x93\x18\xf2\xbc\x17\x1f\xd7\x89F(G\x18S\xda\x99\xdb\xeb\xa0\xc9*\xbd\xb4=Y;\xa8\xed\xd2\xa9\xa2\x87\xa0\xfb\r\xf7I1]:\xd1;h\xc6\xe2M\xf2\x005\x96\x9b\xd1\x92v\xf9\xba\xf4\x12\r\"^\xc2\xb2\x1d\n:mnO8\\\xa1\x7f\x92r\x95\x96\xda7\xea\x85\xc8\x8c\xa8^\xb7\x1f\x80\x05\x03\xbb\xef9C\xcb(\x9bF\vHFW\x04\x1d\xc7LkW\xb2\xe9\xdd\x17\xe8%\x86\xd1H\rR\xafX\x1f\xea\x00'/247) 19:53:06 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) bind$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x0, {0x0, 0x0, 0x0, 0x20}}, 0xe) connect$bt_l2cap(r0, &(0x7f00000000c0)={0x1f, 0x0, {}, 0x0, 0x1}, 0xe) 19:53:06 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000600)=ANY=[@ANYPTR64], 0xfe9d) ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0xae15, 0xd8a}) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000080)) 19:53:06 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000002046, 0x0) r1 = dup2(r0, r0) write$P9_RMKNOD(r1, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x3}) r2 = syz_open_pts(r0, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)) 19:53:06 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) setsockopt$sock_int(r0, 0x1, 0x20000000035, &(0x7f0000000040)=0x1, 0x4) [ 215.539678][ T9401] Kernel panic - not syncing: panic_on_warn set ... [ 215.545765][ T3922] kobject: 'loop0' (0000000032a75276): kobject_uevent_env [ 215.546634][ T9401] CPU: 0 PID: 9401 Comm: syz-executor.3 Tainted: G B 5.4.0-rc5-next-20191028 #0 [ 215.564290][ T9401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 215.574457][ T9401] Call Trace: [ 215.577801][ T9401] dump_stack+0x172/0x1f0 [ 215.582516][ T9401] panic+0x2e3/0x75c [ 215.586452][ T9401] ? add_taint.cold+0x16/0x16 [ 215.591420][ T9401] ? io_wq_cancel_all+0x28/0x2a0 [ 215.593730][ T3922] kobject: 'loop0' (0000000032a75276): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 215.596886][ T9401] ? preempt_schedule+0x4b/0x60 [ 215.596908][ T9401] ? ___preempt_schedule+0x16/0x18 [ 215.617927][ T9401] ? trace_hardirqs_on+0x5e/0x240 [ 215.623062][ T9401] ? io_wq_cancel_all+0x28/0x2a0 [ 215.628233][ T9401] end_report+0x47/0x4f [ 215.632421][ T9401] ? io_wq_cancel_all+0x28/0x2a0 19:53:06 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) setsockopt$sock_int(r0, 0x1, 0x20000000035, &(0x7f0000000040)=0x1, 0x4) [ 215.637736][ T9401] __kasan_report.cold+0xe/0x41 [ 215.642704][ T9401] ? io_wq_cancel_all+0x28/0x2a0 [ 215.647752][ T9401] kasan_report+0x12/0x20 [ 215.652103][ T9401] check_memory_region+0x134/0x1a0 [ 215.657243][ T9401] __kasan_check_write+0x14/0x20 [ 215.662231][ T9401] io_wq_cancel_all+0x28/0x2a0 [ 215.667139][ T9401] io_ring_ctx_wait_and_kill+0x1e8/0x700 [ 215.672796][ T9401] io_uring_release+0x42/0x50 [ 215.677521][ T9401] __fput+0x2ff/0x890 [ 215.681527][ T9401] ? io_ring_ctx_wait_and_kill+0x700/0x700 [ 215.688354][ T9401] ____fput+0x16/0x20 [ 215.692386][ T9401] task_work_run+0x145/0x1c0 [ 215.697090][ T9401] do_exit+0x904/0x2e60 [ 215.698640][ T3922] kobject: 'loop4' (000000008c163737): kobject_uevent_env [ 215.701286][ T9401] ? mm_update_next_owner+0x640/0x640 [ 215.701302][ T9401] ? lock_downgrade+0x920/0x920 [ 215.701315][ T9401] ? _raw_spin_unlock_irq+0x23/0x80 [ 215.701329][ T9401] ? get_signal+0x392/0x24f0 [ 215.701338][ T9401] ? _raw_spin_unlock_irq+0x23/0x80 [ 215.701350][ T9401] do_group_exit+0x135/0x360 [ 215.701362][ T9401] get_signal+0x47c/0x24f0 [ 215.701382][ T9401] ? __fd_install+0x1bc/0x640 [ 215.719767][ T3922] kobject: 'loop4' (000000008c163737): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 215.724100][ T9401] do_signal+0x87/0x1700 [ 215.724117][ T9401] ? __kasan_check_read+0x11/0x20 [ 215.724130][ T9401] ? setup_sigcontext+0x7d0/0x7d0 [ 215.724141][ T9401] ? __fd_install+0x1fb/0x640 [ 215.724151][ T9401] ? fd_install+0x4d/0x60 [ 215.724169][ T9401] ? exit_to_usermode_loop+0x43/0x380 [ 215.724182][ T9401] ? do_syscall_64+0x65f/0x760 [ 215.724191][ T9401] ? exit_to_usermode_loop+0x43/0x380 [ 215.724207][ T9401] ? lockdep_hardirqs_on+0x421/0x5e0 [ 215.724221][ T9401] ? trace_hardirqs_on+0x67/0x240 [ 215.724232][ T9401] exit_to_usermode_loop+0x286/0x380 [ 215.724249][ T9401] do_syscall_64+0x65f/0x760 [ 215.724265][ T9401] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 215.724274][ T9401] RIP: 0033:0x459f39 [ 215.724293][ T9401] Code: Bad RIP value. [ 215.724299][ T9401] RSP: 002b:00007f4da8cc5c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 215.724309][ T9401] RAX: 0000000000000005 RBX: 0000000000000003 RCX: 0000000000459f39 [ 215.724315][ T9401] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 000000000000000a [ 215.724322][ T9401] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 215.724328][ T9401] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4da8cc66d4 [ 215.724334][ T9401] R13: 00000000004c9066 R14: 00000000004e06e8 R15: 00000000ffffffff [ 215.725851][ T9401] Kernel Offset: disabled [ 215.888956][ T9401] Rebooting in 86400 seconds..