[ 36.802051][ T26] audit: type=1800 audit(1550670509.669:27): pid=7579 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [ 36.830491][ T26] audit: type=1800 audit(1550670509.669:28): pid=7579 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="ssh" dev="sda1" ino=2417 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [ 37.283967][ T26] audit: type=1800 audit(1550670510.199:29): pid=7579 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2432 res=0 [ 37.304380][ T26] audit: type=1800 audit(1550670510.199:30): pid=7579 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="rmnologin" dev="sda1" ino=2423 res=0 Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.95' (ECDSA) to the list of known hosts. 2019/02/20 13:48:41 fuzzer started 2019/02/20 13:48:43 dialing manager at 10.128.0.26:33245 2019/02/20 13:48:44 syscalls: 1 2019/02/20 13:48:44 code coverage: enabled 2019/02/20 13:48:44 comparison tracing: enabled 2019/02/20 13:48:44 extra coverage: extra coverage is not supported by the kernel 2019/02/20 13:48:44 setuid sandbox: enabled 2019/02/20 13:48:44 namespace sandbox: enabled 2019/02/20 13:48:44 Android sandbox: /sys/fs/selinux/policy does not exist 2019/02/20 13:48:44 fault injection: enabled 2019/02/20 13:48:44 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/02/20 13:48:44 net packet injection: enabled 2019/02/20 13:48:44 net device setup: enabled 13:51:27 executing program 0: r0 = socket$inet(0x2, 0x1, 0x0) fsetxattr$security_selinux(r0, &(0x7f00000000c0)='security.selinux\x00', &(0x7f0000000240)='unconfined_u:system_r:insmod_t:s0-s0:c0.c1023\x00', 0x2e, 0x0) fcntl$lock(r0, 0x7, 0x0) syzkaller login: [ 214.584865][ T7744] IPVS: ftp: loaded support on port[0] = 21 13:51:27 executing program 1: r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x0, 0x0) ppoll(&(0x7f0000000040)=[{r0}], 0x36, 0x0, 0x0, 0x0) dup(r0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) r2 = dup(r1) bind$inet6(r1, &(0x7f0000000600)={0xa, 0x4e20, 0x0, @loopback, 0xcccca29}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet_tcp_int(r2, 0x6, 0x11, &(0x7f0000000080)=0x1, 0x4) write$P9_RREADDIR(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) ioctl$EVIOCSABS20(0xffffffffffffffff, 0x401845e0, 0x0) ioctl$RTC_AIE_OFF(0xffffffffffffffff, 0x7002) finit_module(0xffffffffffffffff, 0x0, 0x0) getpeername$packet(0xffffffffffffffff, 0x0, 0x0) r3 = open(&(0x7f00000034c0)='./bus\x00', 0x100000141042, 0x0) memfd_create(0x0, 0x0) fstatfs(0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40042409, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) ioctl$PERF_EVENT_IOC_REFRESH(0xffffffffffffffff, 0x2402, 0x0) getsockname$netlink(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x0, 0x0) ftruncate(r3, 0x10099b7) ioctl$KDGETMODE(0xffffffffffffffff, 0x4b3b, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, 0x0, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000200)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x5}]}, 0x10) sendfile(r1, r3, 0x0, 0x8000fffffffa) connect$unix(r2, &(0x7f0000006780)=@abs={0x0, 0x0, 0x4e24}, 0x6e) [ 214.690585][ T7744] chnl_net:caif_netlink_parms(): no params data found [ 214.777030][ T7744] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.795230][ T7744] bridge0: port 1(bridge_slave_0) entered disabled state [ 214.815210][ T7744] device bridge_slave_0 entered promiscuous mode [ 214.826950][ T7744] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.834045][ T7744] bridge0: port 2(bridge_slave_1) entered disabled state [ 214.857148][ T7744] device bridge_slave_1 entered promiscuous mode [ 214.890476][ T7744] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 214.901914][ T7744] bond0: Enslaving bond_slave_1 as an active interface with an up link 13:51:27 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu\x00', 0x200002, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000340)='./bus\x00', 0x0) ioctl$FS_IOC_RESVSP(r1, 0x40305828, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xffffffff}) [ 214.931761][ T7747] IPVS: ftp: loaded support on port[0] = 21 [ 214.952925][ T7744] team0: Port device team_slave_0 added [ 214.968345][ T7744] team0: Port device team_slave_1 added [ 215.068515][ T7744] device hsr_slave_0 entered promiscuous mode [ 215.105439][ T7744] device hsr_slave_1 entered promiscuous mode 13:51:28 executing program 3: r0 = socket$inet(0x2, 0x1, 0x0) fsetxattr$security_selinux(r0, &(0x7f00000000c0)='security.selinux\x00', &(0x7f0000000240)='unconfined_u:system_r:insmod_t:s0-s0:c0.c1023\x00', 0x2e, 0x0) fstat(r0, 0x0) [ 215.215029][ T7749] IPVS: ftp: loaded support on port[0] = 21 [ 215.234829][ T7744] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.242096][ T7744] bridge0: port 2(bridge_slave_1) entered forwarding state [ 215.249746][ T7744] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.256845][ T7744] bridge0: port 1(bridge_slave_0) entered forwarding state [ 215.381108][ T7747] chnl_net:caif_netlink_parms(): no params data found [ 215.410969][ T7753] IPVS: ftp: loaded support on port[0] = 21 [ 215.472729][ T7744] 8021q: adding VLAN 0 to HW filter on device bond0 13:51:28 executing program 4: r0 = socket$inet(0x2, 0x1, 0x0) fsetxattr$security_selinux(r0, &(0x7f00000000c0)='security.selinux\x00', &(0x7f0000000240)='unconfined_u:system_r:insmod_t:s0-s0:c0.c1023\x00', 0x2e, 0x0) write$binfmt_elf64(r0, 0x0, 0x0) [ 215.523577][ T7744] 8021q: adding VLAN 0 to HW filter on device team0 [ 215.540316][ T7747] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.551811][ T7747] bridge0: port 1(bridge_slave_0) entered disabled state [ 215.569965][ T7747] device bridge_slave_0 entered promiscuous mode [ 215.589263][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 215.608286][ T2976] bridge0: port 1(bridge_slave_0) entered disabled state [ 215.626222][ T2976] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.645944][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready [ 215.676710][ T7747] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.683774][ T7747] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.706790][ T7747] device bridge_slave_1 entered promiscuous mode 13:51:28 executing program 5: r0 = socket$inet(0x2, 0x1, 0x0) fsetxattr$security_selinux(r0, &(0x7f00000000c0)='security.selinux\x00', &(0x7f0000000240)='unconfined_u:system_r:insmod_t:s0-s0:c0.c1023\x00', 0x2e, 0x0) fallocate(r0, 0x0, 0x0, 0x5) [ 215.773463][ T7754] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 215.783427][ T7754] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 215.794210][ T7754] bridge0: port 1(bridge_slave_0) entered blocking state [ 215.801323][ T7754] bridge0: port 1(bridge_slave_0) entered forwarding state [ 215.855508][ T7747] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 215.881306][ T7758] IPVS: ftp: loaded support on port[0] = 21 [ 215.889323][ T7754] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 215.898967][ T7754] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 215.909646][ T7754] bridge0: port 2(bridge_slave_1) entered blocking state [ 215.916768][ T7754] bridge0: port 2(bridge_slave_1) entered forwarding state [ 215.924478][ T7754] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 215.933377][ T7754] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 215.958587][ T7747] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 215.982841][ T7749] chnl_net:caif_netlink_parms(): no params data found [ 216.002011][ T7761] IPVS: ftp: loaded support on port[0] = 21 [ 216.021175][ T7747] team0: Port device team_slave_0 added [ 216.029396][ T7747] team0: Port device team_slave_1 added [ 216.067746][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 216.076351][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 216.084540][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 216.120411][ T7753] chnl_net:caif_netlink_parms(): no params data found [ 216.167212][ T7747] device hsr_slave_0 entered promiscuous mode [ 216.215553][ T7747] device hsr_slave_1 entered promiscuous mode [ 216.302312][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 216.311250][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 216.340846][ T7749] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.348256][ T7749] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.356823][ T7749] device bridge_slave_0 entered promiscuous mode [ 216.400145][ T7753] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.407279][ T7753] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.414885][ T7753] device bridge_slave_0 entered promiscuous mode [ 216.423386][ T7749] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.430939][ T7749] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.438781][ T7749] device bridge_slave_1 entered promiscuous mode [ 216.452098][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 216.460425][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 216.474923][ T7744] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 216.487527][ T7744] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 216.498431][ T7753] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.506122][ T7753] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.514064][ T7753] device bridge_slave_1 entered promiscuous mode [ 216.541289][ T7749] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 216.552646][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 216.560921][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 216.589915][ T7749] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 216.617080][ T7753] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 216.627661][ T7753] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 216.691942][ T7753] team0: Port device team_slave_0 added [ 216.701381][ T7749] team0: Port device team_slave_0 added [ 216.713005][ T7749] team0: Port device team_slave_1 added [ 216.766885][ T7749] device hsr_slave_0 entered promiscuous mode [ 216.815717][ T7749] device hsr_slave_1 entered promiscuous mode [ 216.877432][ T7753] team0: Port device team_slave_1 added [ 216.907918][ T7744] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 216.927471][ T7758] chnl_net:caif_netlink_parms(): no params data found [ 217.028767][ T7753] device hsr_slave_0 entered promiscuous mode [ 217.095355][ T7753] device hsr_slave_1 entered promiscuous mode [ 217.176895][ T7761] chnl_net:caif_netlink_parms(): no params data found 13:51:30 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x2, &(0x7f000039a000)=[{0x20, 0x0, 0x0, 0xfffffffffffff00c}, {0x6}]}, 0x10) r2 = dup(r0) write$FUSE_DIRENTPLUS(r2, 0x0, 0x0) [ 217.257169][ T7747] 8021q: adding VLAN 0 to HW filter on device bond0 13:51:30 executing program 0: r0 = socket(0x10, 0x2, 0x0) bind$bt_rfcomm(r0, &(0x7f0000000000), 0xa) [ 217.317555][ T7758] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.324659][ T7758] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.353257][ T7758] device bridge_slave_0 entered promiscuous mode [ 217.366984][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 217.376047][ T22] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 217.386892][ T7747] 8021q: adding VLAN 0 to HW filter on device team0 13:51:30 executing program 0: r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_opts(r0, 0x0, 0x80000004, 0x0, 0x0) [ 217.418349][ T7758] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.428465][ T7758] bridge0: port 2(bridge_slave_1) entered disabled state [ 217.437730][ T7758] device bridge_slave_1 entered promiscuous mode 13:51:30 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000003fe8)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r2, 0x29, 0x41, &(0x7f0000000100)=ANY=[@ANYBLOB="6e6174000000000000000000000000000000000000000000000000000000000005d23eaa4dfae6fb7e297588a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006a2b466e353aeeeddfbb66fe26dc1f8b00000000000000000000000000"], 0x1) close(r2) close(r1) [ 217.462535][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 217.472314][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 217.494731][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.501853][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 217.511911][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 217.541110][ T7758] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 217.554542][ T7761] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.561823][ T7761] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.570116][ T7761] device bridge_slave_0 entered promiscuous mode [ 217.579141][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 217.587924][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 217.596363][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.603415][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 217.618977][ T7758] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 217.644251][ T7753] 8021q: adding VLAN 0 to HW filter on device bond0 [ 217.652745][ T7761] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.660245][ T7761] bridge0: port 2(bridge_slave_1) entered disabled state [ 217.670385][ T7761] device bridge_slave_1 entered promiscuous mode [ 217.684516][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 217.693572][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 217.714566][ T7749] 8021q: adding VLAN 0 to HW filter on device bond0 13:51:30 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mmap(&(0x7f0000011000/0x3000)=nil, 0x3000, 0x4, 0x32, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000003fe8)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000011000/0x3000)=nil, 0x3000}, 0x1}) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r2, 0x84, 0x8, &(0x7f0000013e95), 0x4) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r2, 0x29, 0x41, &(0x7f0000000100)=ANY=[@ANYBLOB="6e6174000000000000000000000000000000000000000000000000000000000005d23eaa4dfae6fb7e297588a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006a2b466e353aeeeddfbb66fe26dc1f8b00000000000000000000000000"], 0x1) close(r2) close(r1) [ 217.739247][ T7761] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 217.753036][ T7758] team0: Port device team_slave_0 added [ 217.764839][ T7758] team0: Port device team_slave_1 added [ 217.792486][ T7749] 8021q: adding VLAN 0 to HW filter on device team0 [ 217.811160][ T7753] 8021q: adding VLAN 0 to HW filter on device team0 [ 217.820897][ T7761] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 217.843302][ T7761] team0: Port device team_slave_0 added [ 217.851735][ T7761] team0: Port device team_slave_1 added [ 217.857937][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 217.866957][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 217.875389][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 217.882986][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 217.890595][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 217.898928][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 217.907323][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 217.914859][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 217.922897][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready 13:51:30 executing program 0: statx(0xffffffffffffffff, &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x0, 0x0) [ 217.961595][ T7747] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 217.973903][ T7747] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 217.986705][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 217.996315][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready 13:51:30 executing program 0: pipe(0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet6_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x74, 0x4) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000b86000)={0x1, &(0x7f0000f40ff8)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) socket$nl_route(0x10, 0x3, 0x0) accept$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x4) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, 0x0, 0x0) write$binfmt_elf32(0xffffffffffffffff, 0x0, 0x0) write$binfmt_elf64(r0, &(0x7f0000000100)=ANY=[@ANYRES32, @ANYRES16=0x0], 0xfffffe47) sendto$inet(r0, &(0x7f00000001c0)="d4", 0x1, 0x0, 0x0, 0x0) [ 218.007677][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 218.022065][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 218.030453][ T2976] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.037534][ T2976] bridge0: port 1(bridge_slave_0) entered forwarding state [ 218.039165][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 218.053983][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 218.064398][ T2976] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.071499][ T2976] bridge0: port 2(bridge_slave_1) entered forwarding state [ 218.089287][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 218.098042][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 218.112569][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 218.121451][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 218.131066][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 218.139735][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 218.148126][ T2976] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.155208][ T2976] bridge0: port 1(bridge_slave_0) entered forwarding state [ 218.162741][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 218.171328][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 218.179604][ T2976] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.186715][ T2976] bridge0: port 2(bridge_slave_1) entered forwarding state [ 218.194523][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 218.203095][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 218.211450][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 218.219918][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 218.228464][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 218.266982][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 218.274446][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 218.282429][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 218.290433][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 218.298344][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 218.307592][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 218.316269][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 218.324511][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 218.333208][ T2976] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 218.356730][ T7747] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 218.398261][ T7758] device hsr_slave_0 entered promiscuous mode [ 218.435477][ T7758] device hsr_slave_1 entered promiscuous mode [ 218.478853][ T7753] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 218.489991][ T7753] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 218.498360][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 218.506834][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 218.515448][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 218.523884][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 218.532192][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 218.540365][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 218.548697][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 218.598488][ T7761] device hsr_slave_0 entered promiscuous mode [ 218.655583][ T7761] device hsr_slave_1 entered promiscuous mode [ 218.738350][ T7760] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 218.751310][ T7760] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 218.778152][ T7799] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 218.792887][ T7753] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 218.818864][ T7749] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 218.911489][ T7749] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 218.972041][ T7761] 8021q: adding VLAN 0 to HW filter on device bond0 [ 219.003500][ T7758] 8021q: adding VLAN 0 to HW filter on device bond0 [ 219.021119][ T7754] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 219.030145][ T7754] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 219.050272][ T7761] 8021q: adding VLAN 0 to HW filter on device team0 [ 219.068754][ T7758] 8021q: adding VLAN 0 to HW filter on device team0 13:51:32 executing program 1: socket$kcm(0x29, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dsp\x00', 0x80, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) mincore(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0) clone(0x2102001fff, 0x0, 0xfffffffffffffffe, &(0x7f0000000200), 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000000), 0x0, &(0x7f0000000180)={0x0, 0x1c9c380}, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) sendmsg(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000400)}, 0x0) ptrace(0x10, r1) ptrace$cont(0x20, r1, 0x0, 0x0) ptrace$setsig(0x4203, r1, 0x7, &(0x7f00000002c0)={0x0, 0x0, 0x701e}) 13:51:32 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000000c0)) syz_open_dev$rtc(&(0x7f0000000080)='/dev/rtc#\x00', 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000000)) ptrace$setregs(0xf, r0, 0x40, &(0x7f00000004c0)="a96d55a7564c469a52b88d22df6d33ebc349d3d6659e686e4a646c0e3b661208a5d73ceb62ada6b884d0a621f0eab034b70d0b14649b620c235e63147bc44735764751aae04529") ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000280)={0x0}) 13:51:32 executing program 3: mknod(&(0x7f0000000000)='./bus\x00', 0x2080008002, 0x28aa) r0 = open(&(0x7f0000000400)='./bus\x00', 0x1, 0x0) writev(r0, &(0x7f0000000100)=[{&(0x7f0000000180)="000000186004008b00002b27fedde7b4795a28d8ee0cf8ffff00000000000000000000000000007c5202503f", 0x2c}], 0x1) [ 219.108955][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 219.135812][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 219.160664][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 219.169465][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 219.190209][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.197339][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 219.211761][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 219.222954][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 219.231458][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.238576][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 219.246346][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 219.254788][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 219.263873][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 219.272642][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 219.282230][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 219.292268][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 219.301537][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 219.309727][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 219.327363][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 219.337038][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 219.345600][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 219.354084][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 219.362787][ T7752] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.369863][ T7752] bridge0: port 1(bridge_slave_0) entered forwarding state [ 219.377850][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 219.386963][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 219.395317][ T7752] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.402389][ T7752] bridge0: port 2(bridge_slave_1) entered forwarding state [ 219.424924][ T7758] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 219.437870][ T7758] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 219.447207][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 219.455007][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 219.463376][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 219.472335][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 219.481165][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 219.490503][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 219.499072][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 219.507461][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 219.516059][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 219.524802][ T7752] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 219.545031][ T7760] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 219.553757][ T7760] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 219.562326][ T7760] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 219.570833][ T7760] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 219.586513][ T7758] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 219.595520][ T7761] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 219.633504][ T7761] 8021q: adding VLAN 0 to HW filter on device batadv0 13:51:32 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x2, &(0x7f000039a000)=[{0x20, 0x0, 0x0, 0xfffffffffffff00c}, {0x6}]}, 0x10) sendmmsg(r0, &(0x7f0000006180)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 13:51:32 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="b7f2288a911993f0265df5cf1cdd8b55", 0x10) 13:51:32 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) gettid() r0 = openat$rtc(0xffffffffffffff9c, 0x0, 0x10200, 0x0) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000240)='/dev/vga_arbiter\x00', 0x0, 0x0) r2 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x0, 0x0) close(r2) ioctl$VIDIOC_SUBDEV_S_SELECTION(r2, 0xc040563e, &(0x7f00000001c0)={0x1, 0x0, 0x102, 0x4, {0x2, 0x93, 0x80, 0x1}}) openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) r3 = getpid() sched_setscheduler(r3, 0x5, &(0x7f0000000000)) ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, &(0x7f0000f1dff8)) ioctl$TCSBRK(r1, 0x5409, 0x40) ioctl$SG_GET_REQUEST_TABLE(r2, 0x2286, &(0x7f00000003c0)) setitimer(0x1, &(0x7f0000000080)={{0x0, 0x2710}, {0x0, 0x2710}}, 0x0) write$FUSE_STATFS(r2, 0x0, 0xfffffffffffffe2f) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x100000, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000280)={0x0, 0x3}, &(0x7f00000002c0)=0x8) ioctl$VIDIOC_DBG_G_REGISTER(r2, 0xc0385650, &(0x7f0000000140)={{0x7, @addr=0x5e63}, 0x8}) ioctl$RTC_ALM_READ(r0, 0x80247008, &(0x7f0000000180)) dup2(r5, r4) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={0xffffffffffffffff, &(0x7f00000007c0), 0x0, 0x2}, 0x20) 13:51:32 executing program 3: openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rfkill\x00', 0x140000000001fd, 0x0) 13:51:32 executing program 1: socket$kcm(0x29, 0x0, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dsp\x00', 0x80, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000500)=ANY=[], 0x0, 0x0, 0x0}) mincore(&(0x7f0000ffa000/0x4000)=nil, 0x4000, &(0x7f0000000400)=""/216) clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigtimedwait(&(0x7f0000000000), 0x0, 0x0, 0x8) r1 = getpid() rt_tgsigqueueinfo(r1, r1, 0x16, &(0x7f0000000100)) sendmsg(0xffffffffffffffff, 0x0, 0x0) ptrace(0x10, r1) ptrace$cont(0x20, r1, 0x0, 0x0) ptrace$setsig(0x4203, r1, 0x0, 0x0) 13:51:32 executing program 3: clone(0x3102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0xe) syz_open_procfs(0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x59}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 13:51:32 executing program 4: clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet6_MRT6_DEL_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd3, &(0x7f0000001000)={{0xa, 0x0, 0x0, @local}, {0xa, 0x0, 0x808000204000, @empty}, 0x0, [0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x1]}, 0x5c) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000100)=@nat={'nat\x00', 0x19, 0x1, 0x170, [0x20000480, 0x0, 0x0, 0x200004b0, 0x200004e0], 0x90, 0x0, &(0x7f0000000480)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xfffffffffffffffe, 0x1, [{{{0x9, 0x0, 0x0, 'dummy0\x00', 'team_slave_0\x00', 'syzkaller0\x00', 'rose0\x00', @dev, [], @link_local, [], 0x70, 0xa8, 0xe0}, [@common=@mark={'mark\x00', 0x10, {{0x0, 0xffffffffffffffff}}}]}, @snat={'snat\x00', 0x10, {{@empty, 0xfffffffffffffffd}}}}]}]}, 0x1e8) [ 219.836071][ C1] hrtimer: interrupt took 47430 ns [ 219.883877][ T7857] kernel msg: ebtables bug: please report to author: Wrong nr. of counters requested 13:51:32 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000000c0)) syz_open_dev$rtc(&(0x7f0000000080)='/dev/rtc#\x00', 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000000)) ptrace$setregs(0xf, r0, 0x40, &(0x7f00000004c0)="a96d55a7564c469a52b88d22df6d33ebc349d3d6659e686e4a646c0e3b661208a5d73ceb62ada6b884d0a621f0eab034b70d0b14649b620c235e63147bc44735764751aae04529") ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000280)={0x0}) 13:51:32 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'\x16\xf50\x01\x00\x10\x00\x00\x00\x00{\xff\xff\xff\x00', 0x4002}) 13:51:32 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @initdev, 0x4}, 0x1c) 13:51:32 executing program 4: mknod(&(0x7f0000000000)='./bus\x00', 0x2080008002, 0x28aa) r0 = open(&(0x7f0000000400)='./bus\x00', 0x1, 0x0) writev(r0, &(0x7f0000000100)=[{&(0x7f0000000180)="000000186004008b00002b27fedde7b4795a28d8ee0cf8ffff00000000000000000100000000007c5202503f", 0x2c}], 0x1) 13:51:33 executing program 4: fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffff9c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) clone(0x2102009ff8, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000100)=@nat={'nat\x00', 0x19, 0x1, 0x138, [0x20000480, 0x0, 0x0, 0x200004b0, 0x200004e0], 0x90, 0x0, &(0x7f0000000480)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {}, {0x0, '\x00', 0x0, 0x0, 0x1, [{{{0x9, 0x0, 0x0, 'dummy0\x00', 'team_slave_0\x00', 'syzkaller0\x00', 'rose0\x00', @dev, [], @link_local, [], 0x70, 0x70, 0xa8}}, @snat={'snat\x00', 0x10}}]}]}, 0x1b0) 13:51:33 executing program 3: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) mount$overlay(0x404000, &(0x7f0000000000)='./file0\x00', 0x0, 0x7a, 0x0) 13:51:33 executing program 4: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet(0x2, 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) poll(0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x8010000000000084) ioctl$VIDIOC_G_FBUF(0xffffffffffffffff, 0x8030560a, &(0x7f0000000200)={0x40, 0x20, 0x0, {0x0, 0x1f, 0x7673767c, 0x3, 0x0, 0x0, 0x0, 0xff}}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) open(0x0, 0x0, 0x40) mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r3, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x4500000000000003, 0x2200, 0x0, 0xa0008000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xebffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r3, &(0x7f0000000100)={0xc, 0x167, 0xfa00, {0x0}}, 0x10) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10) connect$inet(r2, 0x0, 0x0) splice(r0, 0x0, r1, 0x0, 0x400000000003, 0x0) [ 220.258490][ T7891] kernel msg: ebtables bug: please report to author: bad policy 13:51:33 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) gettid() r0 = openat$rtc(0xffffffffffffff9c, 0x0, 0x10200, 0x0) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000240)='/dev/vga_arbiter\x00', 0x0, 0x0) r2 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x0, 0x0) close(r2) ioctl$VIDIOC_SUBDEV_S_SELECTION(r2, 0xc040563e, &(0x7f00000001c0)={0x1, 0x0, 0x102, 0x4, {0x2, 0x93, 0x80, 0x1}}) openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) r3 = getpid() sched_setscheduler(r3, 0x5, &(0x7f0000000000)) ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, &(0x7f0000f1dff8)) ioctl$TCSBRK(r1, 0x5409, 0x40) ioctl$SG_GET_REQUEST_TABLE(r2, 0x2286, &(0x7f00000003c0)) setitimer(0x1, &(0x7f0000000080)={{0x0, 0x2710}, {0x0, 0x2710}}, 0x0) write$FUSE_STATFS(r2, 0x0, 0xfffffffffffffe2f) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x100000, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000280)={0x0, 0x3}, &(0x7f00000002c0)=0x8) ioctl$VIDIOC_DBG_G_REGISTER(r2, 0xc0385650, &(0x7f0000000140)={{0x7, @addr=0x5e63}, 0x8}) ioctl$RTC_ALM_READ(r0, 0x80247008, &(0x7f0000000180)) dup2(r5, r4) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={0xffffffffffffffff, &(0x7f00000007c0), 0x0, 0x2}, 0x20) 13:51:33 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000000)='cmdline\x00') setsockopt$IP_VS_SO_SET_STARTDAEMON(0xffffffffffffffff, 0x0, 0x48b, 0x0, 0x0) fcntl$setflags(r0, 0x2, 0x0) 13:51:35 executing program 1: socket$alg(0x26, 0x5, 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpid() syz_open_procfs(r0, 0x0) 13:51:35 executing program 3: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet(0x2, 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) poll(0x0, 0x0, 0x0) socket$inet6(0xa, 0x1, 0x8010000000000084) ioctl$VIDIOC_G_FBUF(0xffffffffffffffff, 0x8030560a, &(0x7f0000000200)={0x40, 0x20, 0x0, {0x0, 0x1f, 0x7673767c, 0x3, 0x0, 0x0, 0x0, 0xff}}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) open(0x0, 0x0, 0x40) mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r3, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x4500000000000003, 0x0, 0x0, 0xa0008000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xebffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r3, &(0x7f0000000100)={0xc, 0x167, 0xfa00, {0x0}}, 0x10) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r1, 0x0, 0x400000000003, 0x0) 13:51:35 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) gettid() r0 = openat$rtc(0xffffffffffffff9c, 0x0, 0x10200, 0x0) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000240)='/dev/vga_arbiter\x00', 0x0, 0x0) r2 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x0, 0x0) close(r2) ioctl$VIDIOC_SUBDEV_S_SELECTION(r2, 0xc040563e, &(0x7f00000001c0)={0x1, 0x0, 0x102, 0x4, {0x2, 0x93, 0x80, 0x1}}) openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) r3 = getpid() sched_setscheduler(r3, 0x5, &(0x7f0000000000)) ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, &(0x7f0000f1dff8)) ioctl$TCSBRK(r1, 0x5409, 0x40) ioctl$SG_GET_REQUEST_TABLE(r2, 0x2286, &(0x7f00000003c0)) setitimer(0x1, &(0x7f0000000080)={{0x0, 0x2710}, {0x0, 0x2710}}, 0x0) write$FUSE_STATFS(r2, 0x0, 0xfffffffffffffe2f) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x100000, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000280)={0x0, 0x3}, &(0x7f00000002c0)=0x8) ioctl$VIDIOC_DBG_G_REGISTER(r2, 0xc0385650, &(0x7f0000000140)={{0x7, @addr=0x5e63}, 0x8}) ioctl$RTC_ALM_READ(r0, 0x80247008, &(0x7f0000000180)) dup2(r5, r4) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={0xffffffffffffffff, &(0x7f00000007c0), 0x0, 0x2}, 0x20) 13:51:35 executing program 4: r0 = openat(0xffffffffffffff9c, &(0x7f0000001fc0)='./file0\x00', 0x41, 0x0) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, 0x0, 0x0) ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x801c581f, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0) close(r0) ioctl$FIDEDUPERANGE(0xffffffffffffffff, 0xc0189436, 0x0) ioctl$KDGKBTYPE(0xffffffffffffffff, 0x4b33, 0x0) ioctl$FS_IOC_SETVERSION(0xffffffffffffffff, 0x40087602, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)) ioctl$sock_proto_private(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_tcp_buf(r0, 0x6, 0x0, 0x0, 0x0) 13:51:35 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000abe000)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) gettid() r0 = openat$rtc(0xffffffffffffff9c, 0x0, 0x10200, 0x0) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000240)='/dev/vga_arbiter\x00', 0x0, 0x0) r2 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x0, 0x0) close(r2) ioctl$VIDIOC_SUBDEV_S_SELECTION(r2, 0xc040563e, &(0x7f00000001c0)={0x1, 0x0, 0x102, 0x4, {0x2, 0x93, 0x80, 0x1}}) openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, &(0x7f0000000100), 0xffffffffffffffff) r3 = getpid() sched_setscheduler(r3, 0x5, &(0x7f0000000000)) ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, &(0x7f0000f1dff8)) ioctl$TCSBRK(r1, 0x5409, 0x40) ioctl$SG_GET_REQUEST_TABLE(r2, 0x2286, &(0x7f00000003c0)) setitimer(0x1, &(0x7f0000000080)={{0x0, 0x2710}, {0x0, 0x2710}}, 0x0) write$FUSE_STATFS(r2, 0x0, 0xfffffffffffffe2f) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x100000, 0x0) ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000000)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) r5 = socket$nl_route(0x10, 0x3, 0x0) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000280)={0x0, 0x3}, &(0x7f00000002c0)=0x8) ioctl$VIDIOC_DBG_G_REGISTER(r2, 0xc0385650, &(0x7f0000000140)={{0x7, @addr=0x5e63}, 0x8}) ioctl$RTC_ALM_READ(r0, 0x80247008, &(0x7f0000000180)) dup2(r5, r4) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={0xffffffffffffffff, &(0x7f00000007c0), 0x0, 0x2}, 0x20) 13:51:35 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000000c0)) syz_open_dev$rtc(&(0x7f0000000080)='/dev/rtc#\x00', 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000000)) ptrace$setregs(0xf, r0, 0x40, &(0x7f00000004c0)="a96d55a7564c469a52b88d22df6d33ebc349d3d6659e686e4a646c0e3b661208a5d73ceb62ada6b884d0a621f0eab034b70d0b14649b620c235e63147bc44735764751aae04529") ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000280)={0x0}) 13:51:35 executing program 4: seccomp(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0xffffffff}]}) syz_mount_image$vfat(&(0x7f0000000000)='vfat\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 13:51:35 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x2, &(0x7f000039a000)=[{0x20, 0x0, 0x0, 0xfffffffffffff01c}, {0x6}]}, 0x10) sendmmsg(r0, &(0x7f0000000040), 0x324fad809d5a9cf, 0x0) [ 222.946022][ T7941] BUG: assuming atomic context at kernel/seccomp.c:271 [ 222.975322][ T7941] in_atomic(): 0, irqs_disabled(): 0, pid: 7941, name: syz-executor.4 [ 222.997168][ T7941] no locks held by syz-executor.4/7941. [ 223.002969][ T7941] CPU: 0 PID: 7941 Comm: syz-executor.4 Not tainted 5.0.0-rc7-next-20190220 #39 [ 223.005022][ T7945] FAT-fs (loop4): bogus number of reserved sectors [ 223.011988][ T7941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 223.011996][ T7941] Call Trace: [ 223.012020][ T7941] dump_stack+0x172/0x1f0 [ 223.012045][ T7941] __cant_sleep.cold+0xa3/0xbb [ 223.012075][ T7941] __seccomp_filter+0x12b/0x12b0 [ 223.012098][ T7941] ? seccomp_notify_release+0x280/0x280 [ 223.012122][ T7941] ? kasan_check_write+0x14/0x20 [ 223.012143][ T7941] ? _raw_spin_unlock_irq+0x28/0x90 [ 223.012170][ T7941] ? do_seccomp+0xa5a/0x2250 [ 223.028768][ T7941] ? _raw_spin_unlock_irq+0x28/0x90 [ 223.028787][ T7941] ? lockdep_hardirqs_on+0x418/0x5d0 [ 223.028812][ T7941] ? trace_hardirqs_on+0x67/0x230 [ 223.036415][ T7941] ? kasan_check_read+0x11/0x20 [ 223.036435][ T7941] ? _raw_spin_unlock_irq+0x5e/0x90 [ 223.036450][ T7941] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 223.036465][ T7941] ? do_seccomp+0x389/0x2250 [ 223.036486][ T7941] __secure_computing+0x101/0x360 [ 223.046177][ T7941] syscall_trace_enter+0x5bf/0xe10 [ 223.046198][ T7941] ? trace_event_raw_event_sys_exit+0x290/0x290 [ 223.046217][ T7941] ? lockdep_hardirqs_on+0x418/0x5d0 [ 223.046239][ T7941] ? trace_hardirqs_on+0x67/0x230 [ 223.056700][ T7941] do_syscall_64+0x479/0x610 [ 223.056719][ T7941] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 223.056731][ T7941] RIP: 0033:0x45ac8a [ 223.056744][ T7941] Code: 25 18 00 00 00 00 74 01 f0 48 0f b1 3d df ba 5f 00 48 39 c2 75 da f3 c3 0f 1f 84 00 00 00 00 00 48 63 ff b8 e4 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 06 f3 c3 0f 1f 40 00 48 c7 c2 d4 ff ff ff f7 [ 223.056757][ T7941] RSP: 002b:00007f9c8a9c1c58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e4 [ 223.062328][ T7945] FAT-fs (loop4): Can't find a valid FAT filesystem [ 223.066523][ T7941] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045ac8a [ 223.066533][ T7941] RDX: 0000000000008c1b RSI: 00007f9c8a9c1c60 RDI: 0000000000000001 [ 223.066543][ T7941] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 223.066552][ T7941] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 223.066562][ T7941] R13: 00000000004c4cd5 R14: 00000000004d8890 R15: 00000000ffffffff [ 223.254099][ T26] audit: type=1326 audit(1550670696.169:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7940 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0xffff0000 13:51:36 executing program 1: r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x3) getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, 0x0, &(0x7f0000000080)) 13:51:36 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x1, &(0x7f000039a000)=[{0x6}]}, 0x10) sendmmsg(r0, &(0x7f0000006180)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)="bc62f1b0", 0x4}], 0x1}}], 0x1, 0x0) 13:51:36 executing program 5: seccomp(0x1, 0x0, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0xffffffff}]}) removexattr(0x0, 0x0) 13:51:36 executing program 3: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet(0x2, 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) poll(0x0, 0x0, 0x0) socket$inet6(0xa, 0x1, 0x8010000000000084) ioctl$VIDIOC_G_FBUF(0xffffffffffffffff, 0x8030560a, &(0x7f0000000200)={0x40, 0x20, 0x0, {0x0, 0x1f, 0x7673767c, 0x3, 0x0, 0x0, 0x0, 0xff}}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) open(0x0, 0x0, 0x40) mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r3, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x4500000000000003, 0x0, 0x0, 0xa0008000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xebffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r3, &(0x7f0000000100)={0xc, 0x167, 0xfa00, {0x0}}, 0x10) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r1, 0x0, 0x400000000003, 0x0) [ 223.510793][ T26] audit: type=1326 audit(1550670696.429:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7967 comm="syz-executor.5" exe="/root/syz-executor.5" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0xffff0000 13:51:36 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x109) dup2(r0, r1) open$dir(0x0, 0x0, 0x0) clone(0x3102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000000)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) sendmsg$NET_DM_CMD_START(r3, &(0x7f0000002900)={0x0, 0x0, &(0x7f00000028c0)={0x0}}, 0x0) 13:51:36 executing program 1: r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x3) getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, 0x0, &(0x7f0000000080)) 13:51:36 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000000c0)) syz_open_dev$rtc(&(0x7f0000000080)='/dev/rtc#\x00', 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000000)) ptrace$setregs(0xf, r0, 0x40, &(0x7f00000004c0)="a96d55a7564c469a52b88d22df6d33ebc349d3d6659e686e4a646c0e3b661208a5d73ceb62ada6b884d0a621f0eab034b70d0b14649b620c235e63147bc44735764751aae04529") ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000280)={0x0}) 13:51:36 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='pagemap\x00') pread64(r0, 0x0, 0x0, 0x0) 13:51:36 executing program 3: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet(0x2, 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) poll(0x0, 0x0, 0x0) socket$inet6(0xa, 0x1, 0x8010000000000084) ioctl$VIDIOC_G_FBUF(0xffffffffffffffff, 0x8030560a, &(0x7f0000000200)={0x40, 0x20, 0x0, {0x0, 0x1f, 0x7673767c, 0x3, 0x0, 0x0, 0x0, 0xff}}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) open(0x0, 0x0, 0x40) mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r3, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x4500000000000003, 0x0, 0x0, 0xa0008000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xebffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r3, &(0x7f0000000100)={0xc, 0x167, 0xfa00, {0x0}}, 0x10) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r1, 0x0, 0x400000000003, 0x0) 13:51:36 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x109) dup2(r0, r1) open$dir(0x0, 0x0, 0x0) clone(0x3102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000000)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) sendmsg$NET_DM_CMD_START(r3, &(0x7f0000002900)={0x0, 0x0, &(0x7f00000028c0)={0x0}}, 0x0) [ 223.735356][ T26] audit: type=1326 audit(1550670696.649:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7940 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0xffff0000 13:51:36 executing program 4: r0 = getpgrp(0xffffffffffffffff) prlimit64(r0, 0x0, 0x0, &(0x7f0000000040)) 13:51:36 executing program 1: listen(0xffffffffffffffff, 0x0) socket$unix(0x1, 0x0, 0x0) connect(0xffffffffffffffff, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x4) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000100)="4c0000001400197f09004b0101048c590188ffffcf3d34740600d4ff5bffff00e7e5ed7d00000000c8550000000000002758d60034650c0326356cdb47f6aaaa956086cbfe0db35200af4486", 0x4c}], 0x1) 13:51:36 executing program 4: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) r2 = syz_open_pts(r1, 0x2002) dup3(r2, r0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write$binfmt_elf64(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="7f454c4605010900070000000000000003003e003f00000091000000000000004000000000000000e2020000000000000200000001043800020002000600ffff070000000000000009000000000000000600000000000000010000000000000043a0000000000000faffffffffffffff3bfbffffffffffff00000060010001008700000000000000196c000000000000010000000000000003000000000000000900000000000000ad0f00000000000064250c6efb520b02fb98ec3acc1f2b0a5c666ac2989fdf9c0868139503e3d86e051d7cd317013b711ff2bcd1de0922fd5a66e2c5e657dbfea6eb7876e0b9b0d51a9af47853ca9c27563dabe38348c75a8fc287d43b644941248f5d5b58bcd300000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"], 0x1b5) 13:51:36 executing program 1: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x44, 0x0, &(0x7f0000000300)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0x8, &(0x7f0000000200)=[@flat={0x73622a85}], &(0x7f0000000240)=[0x0]}}], 0x0, 0x0, 0x0}) pipe(&(0x7f0000000000)={0xffffffffffffffff}) getsockopt$IP6T_SO_GET_INFO(r2, 0x29, 0x40, &(0x7f0000000040)={'nat\x00'}, &(0x7f00000000c0)=0x54) [ 224.025316][ T8019] binder: 8017:8019 transaction failed 29189/-22, size 24-8 line 2994 [ 224.086250][ T12] binder: undelivered TRANSACTION_ERROR: 29189 [ 224.304982][ T7970] BUG: assuming atomic context at kernel/seccomp.c:271 [ 224.311952][ T7970] in_atomic(): 0, irqs_disabled(): 0, pid: 7970, name: syz-executor.5 [ 224.320265][ T7970] no locks held by syz-executor.5/7970. [ 224.325986][ T7970] CPU: 0 PID: 7970 Comm: syz-executor.5 Tainted: G W 5.0.0-rc7-next-20190220 #39 [ 224.336412][ T7970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 224.346465][ T7970] Call Trace: [ 224.349785][ T7970] dump_stack+0x172/0x1f0 [ 224.354112][ T7970] __cant_sleep.cold+0xa3/0xbb [ 224.358859][ T7970] __seccomp_filter+0x12b/0x12b0 [ 224.363820][ T7970] ? seccomp_notify_release+0x280/0x280 [ 224.369361][ T7970] ? kasan_check_write+0x14/0x20 [ 224.374278][ T7970] ? _raw_spin_unlock_irq+0x28/0x90 [ 224.379472][ T7970] ? do_seccomp+0xa5a/0x2250 [ 224.384046][ T7970] ? _raw_spin_unlock_irq+0x28/0x90 [ 224.389243][ T7970] ? lockdep_hardirqs_on+0x418/0x5d0 [ 224.394550][ T7970] ? trace_hardirqs_on+0x67/0x230 [ 224.399574][ T7970] ? kasan_check_read+0x11/0x20 [ 224.404426][ T7970] ? _raw_spin_unlock_irq+0x5e/0x90 [ 224.409637][ T7970] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 224.415865][ T7970] ? do_seccomp+0x389/0x2250 [ 224.420453][ T7970] __secure_computing+0x101/0x360 [ 224.425475][ T7970] syscall_trace_enter+0x5bf/0xe10 [ 224.430868][ T7970] ? trace_event_raw_event_sys_exit+0x290/0x290 [ 224.437141][ T7970] ? lockdep_hardirqs_on+0x418/0x5d0 [ 224.442450][ T7970] ? trace_hardirqs_on+0x67/0x230 [ 224.447481][ T7970] do_syscall_64+0x479/0x610 [ 224.447501][ T7970] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 224.447513][ T7970] RIP: 0033:0x45ac8a [ 224.447528][ T7970] Code: 25 18 00 00 00 00 74 01 f0 48 0f b1 3d df ba 5f 00 48 39 c2 75 da f3 c3 0f 1f 84 00 00 00 00 00 48 63 ff b8 e4 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 06 f3 c3 0f 1f 40 00 48 c7 c2 d4 ff ff ff f7 [ 224.447536][ T7970] RSP: 002b:00007f4289dfac58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e4 [ 224.447557][ T7970] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045ac8a [ 224.458023][ T7970] RDX: 0000000000005f4f RSI: 00007f4289dfac60 RDI: 0000000000000001 13:51:37 executing program 5: 13:51:37 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) r1 = creat(&(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x109) dup2(r0, r1) open$dir(0x0, 0x0, 0x0) clone(0x3102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000000)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) sendmsg$NET_DM_CMD_START(r3, &(0x7f0000002900)={0x0, 0x0, &(0x7f00000028c0)={0x0}}, 0x0) 13:51:37 executing program 4: 13:51:37 executing program 1: 13:51:37 executing program 3: pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet(0x2, 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) poll(0x0, 0x0, 0x0) socket$inet6(0xa, 0x1, 0x8010000000000084) ioctl$VIDIOC_G_FBUF(0xffffffffffffffff, 0x8030560a, &(0x7f0000000200)={0x40, 0x20, 0x0, {0x0, 0x1f, 0x7673767c, 0x3, 0x0, 0x0, 0x0, 0xff}}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) open(0x0, 0x0, 0x40) mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x1012, r3, 0x0) perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x4500000000000003, 0x0, 0x0, 0xa0008000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xebffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_GET_EVENT(r3, &(0x7f0000000100)={0xc, 0x167, 0xfa00, {0x0}}, 0x10) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) splice(r0, 0x0, r1, 0x0, 0x400000000003, 0x0) 13:51:37 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000000c0)) syz_open_dev$rtc(&(0x7f0000000080)='/dev/rtc#\x00', 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000000)) ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000280)={0x0}) [ 224.505817][ T7970] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 224.513788][ T7970] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 224.521842][ T7970] R13: 00000000004c4cd5 R14: 00000000004d8890 R15: 00000000ffffffff [ 224.532516][ T26] audit: type=1326 audit(1550670697.449:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=7967 comm="syz-executor.5" exe="/root/syz-executor.5" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0xffff0000 13:51:37 executing program 1: 13:51:37 executing program 4: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000380)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000280)=""/11, 0x1c5) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000140)) clone(0x3102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = dup3(r0, r1, 0x0) ioctl$TUNSETVNETBE(r2, 0x400454de, 0x0) 13:51:37 executing program 5: clone(0x84007ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() mknod(&(0x7f00000000c0)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) ptrace(0x10, r0) creat(&(0x7f0000000080)='./file0\x00', 0x0) get_robust_list(0x0, 0x0, &(0x7f0000000280)) ptrace(0x11, r0) 13:51:37 executing program 1: 13:51:37 executing program 4: 13:51:37 executing program 2: 13:51:37 executing program 4: 13:51:37 executing program 2: 13:51:37 executing program 3: 13:51:37 executing program 1: 13:51:37 executing program 2: 13:51:38 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000000c0)) syz_open_dev$rtc(&(0x7f0000000080)='/dev/rtc#\x00', 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000000)) ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000280)={0x0}) 13:51:38 executing program 4: 13:51:38 executing program 1: 13:51:38 executing program 5: 13:51:38 executing program 3: 13:51:38 executing program 2: 13:51:38 executing program 1: 13:51:38 executing program 4: 13:51:38 executing program 3: 13:51:38 executing program 2: 13:51:38 executing program 4: 13:51:38 executing program 1: 13:51:39 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000000c0)) syz_open_dev$rtc(&(0x7f0000000080)='/dev/rtc#\x00', 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000000)) ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000280)={0x0}) 13:51:39 executing program 3: 13:51:39 executing program 5: 13:51:39 executing program 2: 13:51:39 executing program 1: 13:51:39 executing program 4: 13:51:39 executing program 5: 13:51:39 executing program 1: 13:51:39 executing program 4: 13:51:39 executing program 3: 13:51:39 executing program 2: 13:51:39 executing program 3: 13:51:39 executing program 2: 13:51:39 executing program 4: 13:51:39 executing program 5: 13:51:39 executing program 1: 13:51:39 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000000c0)) syz_open_dev$rtc(&(0x7f0000000080)='/dev/rtc#\x00', 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xf, r0, 0x40, &(0x7f00000004c0)="a96d55a7564c469a52b88d22df6d33ebc349d3d6659e686e4a646c0e3b661208a5d73ceb62ada6b884d0a621f0eab034b70d0b14649b620c235e63147bc44735764751aae04529") ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000280)={0x0}) 13:51:39 executing program 3: 13:51:40 executing program 2: 13:51:40 executing program 1: mkdir(&(0x7f000002b000)='./file0\x00', 0x0) socket(0x10, 0x2, 0x0) syslog(0x3, &(0x7f00000000c0)=""/147, 0x37a8ec531be3c41f) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, &(0x7f00000002c0)) openat$vfio(0xffffffffffffff9c, &(0x7f0000000240)='/dev/vfio/vfio\x00', 0x0, 0x0) 13:51:40 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f00000000c0)=0x1, 0x4) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x17) syz_emit_ethernet(0x30, &(0x7f0000000080)={@dev, @local, [{}], {@ipx={0x8137, {0xffff, 0x1e, 0x0, 0x0, {@current, @broadcast}, {@broadcast, @broadcast}}}}}, 0x0) 13:51:40 executing program 3: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000500)=ANY=[@ANYBLOB="00000000000000002c001200100001006970366772657461700000001860de88f600020014000700fe8000000000000000000000000000aa"], 0x1}}, 0x0) 13:51:40 executing program 4: clone(0x200, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x1040, 0x0) perf_event_open(&(0x7f0000000580)={0x2, 0x70, 0x5c61, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) execve(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) open$dir(&(0x7f00000000c0)='./file0\x00', 0x27e, 0x0) 13:51:40 executing program 2: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000942000)={0x2, 0x4e20, @multicast1}, 0x10) setsockopt$sock_int(r1, 0x1, 0x3c, &(0x7f0000000100)=0x1, 0x4) mmap(&(0x7f0000077000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) connect$inet(r1, &(0x7f00000004c0)={0x2, 0x4e20, @empty}, 0x10) sendmmsg$unix(r0, &(0x7f0000005c40)=[{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000001740)="8c686968bb8a3fdb416bd022d10acce5aab5d63f693f943d72e41e6e1db62ecb2c9a424b1c4ce2ffca8ffc5cb72cd2249f5b0099a2a18a60bf83a98324155350833b35bad97bdb5e0b19b3666f4cced0859cd1b155f81101c96777d75681d8f5599a14aa09801e44892cd2b4104060a38518c885b1bb0264c4d68b5149b2e652330034401fed3db2870b851a47b4a749f686638065b18ebefc86158ebf9ee98a502b3289ee932df03ae982497f88929045cc405f23944d31ad1a2d458e28a636b81924ec7cda1355f53a452d64beb593f9da797cb27a67ec4b9a8d3e8afa1445ef6ac7039113d5075e923195ad8c8f739c4bf2f892e143650051c597ab6b0c14f17c213321042d1cc9819ee024daefb6ccd1a89f83a31eb6092c4a8e0af3bbfc05837cbebe8e576d38432396b8d72fe6d699915f333151fc84e424f6dc3e32c1df4140e2801839aadbec13a10b692ea87eb672402f08fa7ce376ca693a2d046b46fff1547d3b836f29e26b8c67a76fee4435a528ad7c968cc18cbad7254e3874b507f9b291fb288375abae84058c41099d5c596602b24b1f2ee5f3657e2396f6f34e6bcc7da23b6383d7d14f46841057e4ac3978dd906a811306671080203f55818b0c691872c2ade03173918d788caf7b67425561d4e13097cf45fe6ee599783e0b2ff8a2693b52fd23e8636078f34d69c2af1a838abc2e37149f3572fbacf39102395dfe86a4915f50e21fd1dbc50c6f31cab16cfc3a71d7cd1863c3b32db2835b25e6f2b2fdacbcae4cc4dbec4c751dc27c0ec2e4ed9fcba740379dede9d985ed21cba1ea3f811a608c0d2643ba2aebdabf986526cec755951bdf5f305dbb11e81e2dcb6fe43ce8b4989c730613af201d3f5a931278f6534750884396739b888680c175907c611cbde87204f873d7d0b5a09c541b5ce7061e2ed29a58dcc544d31632e2dd115738e14c62b24cf31b93c500c0c58fa405cafbae28d01f7a69f2f85743f9fbd5f4aee5ba7750e0c4c56e4910be251ad786846b82bd4474cbbfb0b0a762429e87693c1ce98db2162e8ffea28b95aa312838d813b1a802490344799b4b9dadb07bf717ba5d1ebe058cf1c0d2615cf24cb851ac8c95714877117e25941e478b805230ab1dfb7c227946278dfdd8d861599f48464aecd7bff0323be0e4c50d2298ec4b32fd3deec32c61862477e5b4ace45040d3dff838783258aca60d0ee19c92429848f47540b94fe72a8cb987a1d1e925ed683343a38f2e0218339ddbfee8ea7fb03977de0960737c49341ae6b3f3c78c004540b4c4b036ba5219109821b48dc637d419c03a3bc9015b7bb713463bdc5af5cd034b8690b6b83a1b84197efb49fecee7358715cf400ebe9f972105bf9088968068bde0c6895579cc68fba2ba4d9e4d3132f08749867d681b0916aa148ebdb54f2f8267b0480c22de696f0938e694ab0faa63f82d12a0e7f0b314282e18328efd7fcade3ffd5b0d7ccd3c7acfb4fa9882201e23ead4278de567e97f1c6db1eafff11b6a61bbf18533bdf67a419dab9c6c2fad4c50b23e9bfd8fff4998dec72360d132b0e97020f2895ed4e43a5176af90b5ffc9143e3ec8dd71bf7addd7031a66605738f3e7026b85b2a07a54ce96e29cb5f71f8fdba420dbafab9ee2d68a4b587aae7bf74a4c013656e5889e3348a761d24eda086a61a62dd8a8fd4783551ccdeff8206b998413439ae4dfb51f1842a9669fbf8da365d8575bdfad90743f521638becbac42dc96451f5996953cf1a45469dac2d93960252e6d044fbe1734a46c60048ae0264bc23c323cf88826e5f6979b9134b4a4649fe7df2a3498dceb5ea6bed23418a77c92e048f70d24040de174b8f61bbe03c2c9578d8c6195a63b7f0405dd6298b594d73e8dc92b1da3d6ed06e87fce80904bef27bf52a0ab6ad584b01dd7af9653f6b837492dadfa13d6dedebef0f1b57561e0c5ebbac731f3a2223c2627474125bc645cfbb94afb3007af3761dd79b23a0f90695d8a02d3f317dd2c898cb70fc2178505a1bdcd36cf22bc48956872a758d071791c0a926dee731b87590ac60d601608b33bb9458f8a1b9d10422fb26f52c410cccb3cb6c8db0d8175ed092fee90bc98763359c7970f2479c9f4411e3e288c11b12bd34c5d223c37e5082e8bf9938b7a36c68eb9dd844f09bd2c9a4053e281c779507877d5e21bb2f9e32222eb6cdf7f24015d267d97abd3942ed4a27426661b2a014eb79ead9a8e4a3299bca4137d8f32532f47ae33f46db2f48c27e8151eb0e15537debadb59251d895030168cb3295997c88a864015e52f131604c1373ae76b4b725cc62ca2d45da89c30ee1083dead0166897c2c8b25425a4a111b69b3a2cb457ad5b8ac1a07a152cb3f35a3bf424d5fd8cc9f7f90830cd9d6dc694e5d141404ea55acfdf3828e7b4551e2c74b5acf4d0144e3e39e04d186231e054c29f47972b6971c93a481fe687b239972be4ac26d4691845fbda9366d0c990b92b0974821d13c9e225b7df3786f38688a2ac36797b47180a6c99e0933e336f55a39b953dfc4d63c32a01cf9b54c05dad7f5c5615e2f2e97ee25c51898a2afc5514536da03aeed9abdeac10c52f980e551bdab3a8398e3f38f51eff725f472f60539abfc36a3ed5ee3d760ceb77f6d4e34d85ae21e4ebf059fd1f1c1afbe05d47b2b9a0883cb6167729ebca402472eac3eca1b3062599760d30e178d54c35a33b1d9da6b3a63fb30b7ab902a20bde2c6af41f230957198798e9a21f020204bd08092e702a0ff8436750441a1e3896c2f6006955e42b1e46983dcd1407f6cfac743a710458a1533378606da2bf8cd6544c2b085ef32bdb1c72442dce3dbe22d5da90227a74c6f19859c3cea33c3251c5b2217b53806ef080bc0dfa3125cea169139fca3df72292160f4c250f713faf1970c62edf40d24546058d0b15f2868bc589fe8c2919e14f80aa4709bb221c8913f81eabb6a34cb46fdbe36b4b54d7038a971626ed70ed0f60630c637f826b0ed05817f6f728af08072aded958d69f8d250d0fb51aa5b9523a12051cad4e3d1a972b4fa509c66aa49f8124533eb79a4bc551359f41c7e1af744fb6158492611676eb0400c2d9a81122f25255e84b748a6f8e55f234767742b73d2b4b7aa405037d883a9ec7eca2b86c44c5b3354b7e84ba46a4771e0d09e77110c573a7adcaf5b0b4a215512ab149160c3ac4935760ae9cef7647cca6a08755de12be42eaf1a17d11deb508680180f99161f48c4099f8e6ab9372cba235b9c06fe426d1f58aeccdedc93cbf1e1b70d05fef893d71b31ff3dc100dc60aaa541e705dace19db4c022f16e9aa30d72f9957c84ea708bfbad323f01932dd3b716968583b2a2c2586d9c2d334ca058b80509cd0cecf6adc5ca6483f3ad34e37602cb212cae64bd96fd2aa45955db0d98a2d12c6e56963779396fbb7ebd5534b534406e3d35185e5f98a0e13be9478b4610d8695ea597d3d98076ca75c3d42d087e0f60786f315042596dad03f424195277aca45c37667684625b2041eb2704a2c93f86309ff359ce695896e8577d43a67fe4a1f23e48f3d37e30ce5258d9076a744490c54d76af358d19810e994123c028104f8021b044ffaeb976405edf085044e849d57c02c4d76cfef704e956f6b07c51fe3d083ec8b53751086ecd8550615ef940bd9248ca48076c1ee46f00f1e5b6c652ae1bda9fb09a9ab313d91f69ff1b43593b2816a2ddb15f53ba65239cd447d2a48fc4e86163c1712bf76143d2fade0445e20c6e265cdf4b3aa2d2fe0728bc18582c42a0eb396c771930826fbc5d194d18261988b2b08d318e573550a1e9150033d97899ff61da2fb718296a248ab683d4dcde37f2d2b9e89ec17cfc73351f98ee39c135d0dd77566d622ea9dd7b9c89a1b10985a3812b8d9ad54ba181a9325a53d96f478da593ca8e263a2f6ee32abf9ac776c0aa0a5a5934df153271188d66a6e6ad98eb29950b6f83331fc87677654b9afad5c5587d36e415083b81c0cc99be0d1ac7815981a3936e22f660de319d1761e4a5f9be75ec032dcff84699775b241550f9a978e4f6d266a115a1794b94e910e106cc413dac79781c3110faf8aca55dc768a09bc45ce2c686076956a4b7c6cb51ba735e31af4a58a68f6f43db2df3df2f8e114640bb5b3868dd985b473c65f51dd055ab5c5de5b3d38fe2b5e285c202a6a5745fe2cc4321851907b88faa83f68c3ae26cfe076303b8822229947380c1c37c0dcd473ddc3bf6507285f040c58c9e8edcce081bafb33d2c32804cc8f80857310edcf0d70c482a7056c5e9a08798f1cd97264674f6676dc5757fcb941e405f5aaa3a7124df08a3424aff17edef0627fddb4487320f63a74c7230131bb18301616a27a39d78cf4c0cee5af042ca4df06495faa2289bfaeb769cd0c2d38f55bad88967ef343e5bf6c752baee0810618bf02f268266057bb7d4d5d9999b151ac135f67afaa3ecc857249165e3428221508c301d8abb61dc2d7cc7d5a892e4cf0a2a7faaaf3a0e17ee06e0be3d1bdb8617f9d628a26f9fca496ab34f2199ea71cfbd90e0460f71cec34d8efe094bc0fa19498325bf4686a85511fd5f9b242a48eefdaea3ee19fed4478b7cf02dda659d2ff9d8dd1871e0bf3a0d892e9e587d082d89b83935215c3222f9795bcd64ff118109f19c0e8f3e4198dc697bc62d89f032f12f71560d8d2fd192402c039060ec88422d64130ff64c0526775a97f617b03bf8cb429ae4943e0d84c80ec9c4dcbb08a4f295b54e72b460dda620a5442c39858e1a29b5204ed61a4a69b7906dab061654d2e3c12413538e77dfe02194fece0a7719b431f1f9389b704b4d3ed5261ff0868e73a1eec8f503d8e56dff914f9ce8e1d5c1b12e2994c29e5af972c004c974f3e8e596b267ce0024a0681961213c7fc162bb2f84d640dfeae40ee41aaadb889c0ece9cbf779dffe448779aae998852c9d55782a21d1cbfbe68920751ff8c03524bd0532872a553b6df481e11b9951b4140299873ba598cc268c06af44d8ae8832504972ad52fb205bf6be19f6795c70569e45841a0c36aa094e9265a14162b255e2d78b91145a203bbe4af84623468860f6491ff4bfc9c77bc779b6d82a63f08b6c36e4aa7d15a301504c7c1cd33ec1771e37cb196ad24c7939fc12ced2df72cb460aebb97bc9b8fca254bbebdfa50c09f5418903cc695c966f7ce109b26bbd5bba0f64155a0850da06e68e05837815abe22111aae04f1e223d5a0c9ef40017edc77ea5d19150b5f7f1ddcf215bfa1fe6bd829d50e5e8562ef9e7039d2bd2caef7f52125008e15b5b47d99f9357c017f06f9728987ceb2914a2bba1ccffa1492d75012f47e4a8977941134ec10f9a672fcfb1a513050ac34650c63f9a7c19ee179f289383df3b440119a6a45760d3889637b1408e9987d40f3b8a7a29970df5a3b292aeefa05d55800200d40a30303d9c94c47779d68d11ef3e9bf0511822e316327e682ae760a25a64ac00875a02fe741fbe4ba7cdadad39bd279c6d35e4deda38062aaf33f798e3369cd5b1d201f16ae0a7e3bdb694eebabcdc5bcab364c7e24a2540edc41fd1d240eede5c0c72f871846859a7f53354d1c6a23459b60dc73e0637083cf1ed2a802d929dcf374de1ba891a83923236f65170f8b77f83c1474d22cfc3d289cc6654311237ef7dd24466329f71a6d9c0e60f2e352c01925f28ff2b8e83b7e8ba7a7ff49cd09a9b8dbea64988e3c8930d8e47106d149b585fd8f5893ad822f40854", 0x1000}], 0x1}], 0x1, 0x4000000) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000080)={&(0x7f0000077000/0x3000)=nil, 0x3000}, &(0x7f00000000c0)=0x10) 13:51:40 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000023c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_tcp_TLS_TX(r1, 0x6, 0x1, &(0x7f0000000000), 0x4) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback}, 0x10) sendmsg(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001800)=[{&(0x7f0000000600)="80f17a0b8c8970cad4e7c2198c830f262255157995a738328a6ea456e2363942b6223ced8e1d157847f0c1b27a6f790486384b94faefd0dfba2444691133054cc3c8e8e0c3448446a3c2b9f6f110a48d3902d829438729dc7496c17992daebf777fcec616e2ab5ee4386fc35ddb3c5be77d95c0fffaf93cd81c953d311d52830de1d0e9e0df27d08c3fd370198119340781d16aafdfe831593becee6a47cb0fc059d70333ded95e2eb745ff068798a7f26f16839020454432ad0db8fad8c6f345d112e5a6324307d2828ab93a8466da7e80f1a9a4e52857001931223755f7cfb153a98e80cf6b91cf3b9d6634bb2a11f78cc4b3e54a5ac1f17ba23f8eae550c41ab7fcfb549b1791b61093ef140b2b4974e454654ecf5d28797058e196c632fe4f8b71816b2e3c766121499ac4ccdabdbb8c2c57d4a2b5a2e123d0eba31d36285709a22bbdd00e1da947b486f23cdf7453fb1ea5a4775d4dd315e6555ca87c6326efe9bf74b8daecd441eec2ac284d3c062ca8db46acd4e54eafd2cfe5871feac2ba09f31813b44eb3de3515a7b702ee6e0858841ebaddbc8a01d8bfc444c7c0d5d9829a7f61063e31f4fbdef237ff9d4809dcb115c5ffd86af35d1d2edadae8d793a6a0b37adff41ba5a7188e3d46764a5f242fc20b3f44ec5d18ff251b231135c066b9ab5b889b0774613a5dc7a6d6ad5e2d6d095b610f674be6ac519c7d19be29ddccdfe3bf7ea744230ff61d1f3657407d2cc64a4a432cb843d91f98e39f96f47fbd513a12d4a40bd7e15b5910792bea8f197731950245000a99787b4d267c70852d07c94c280f17934214c64677bb5c3c6a996f4d20fbf54f520ed7575f66cd07aa2e14423134962f73d86bce9eb93c697f66adeb655b7898d1f9e66a045f421937f85c251cd510614d3f5f8ca6230d4e04e3e9f36f73f8484749ac03c6b657e81cc9a201817e44f8cad068d100c2ae02c521a83d7bd5f26d8eb9de2f769a356a4adbcbb4425f66293ad1f49851c233a3a64f474860bd6e78b9edb66e259358fd322140140341245fb111b95c9b2e4b6b63b82e711b59d65b06b70ec3ac731d916a5b9f3d4c84c63c4e25db1ca40b2662e0d03327ea4f82d4d19b65527d48859ae051f6c7726bd84ceb1f8c40cbaeb08ecd0fd6aa1367b62f4c41d85525b4c4d39c0f314d88bb1c63554c199bc5f2c8aed9d2b4e864e232107e28658a612fb8589105b00004308fe4635e3a20cc44ba33557a8c3dbba28d78c5390b6a1e292bbdd4ada2244c87a4135c9dd3a426908b9aeed9adff063fa6fc056b7587e3afc5390bd5f1069db6277e3a", 0x3ac}], 0x1, 0x0, 0x0, 0x800}, 0x0) [ 227.305362][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 227.311320][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 227.348570][ T8165] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 227.388183][ T8165] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. 13:51:40 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x2, &(0x7f000039a000)=[{0x20, 0x0, 0x0, 0xfffffffffffff00c}, {0x6}]}, 0x10) sendmmsg(r1, &(0x7f0000006180)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 13:51:40 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) rt_sigpending(0x0, 0x0) 13:51:40 executing program 2: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000ab9ff0)={0x2, &(0x7f000039a000)=[{0x20}, {0x6}]}, 0x10) sendmmsg(r1, &(0x7f0000006180)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 13:51:40 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000000c0)) syz_open_dev$rtc(&(0x7f0000000080)='/dev/rtc#\x00', 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xf, r0, 0x40, &(0x7f00000004c0)="a96d55a7564c469a52b88d22df6d33ebc349d3d6659e686e4a646c0e3b661208a5d73ceb62ada6b884d0a621f0eab034b70d0b14649b620c235e63147bc44735764751aae04529") ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000280)={0x0}) 13:51:40 executing program 5: seccomp(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0xffffffff}]}) rt_sigqueueinfo(0x0, 0x0, 0x0) 13:51:40 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000091fa8)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha256)\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) sendmmsg(r1, &(0x7f0000003040)=[{{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000001700)}}], 0x40000e5, 0x0) 13:51:40 executing program 4: seccomp(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0xffffffff}]}) get_robust_list(0x0, &(0x7f0000000140)=0x0, &(0x7f0000000180)) 13:51:40 executing program 1: pipe(&(0x7f0000000000)) socket$packet(0x11, 0x3, 0x300) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) openat$uhid(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uhid\x00', 0x0, 0x0) socket$inet6(0xa, 0x3, 0x84) clock_gettime(0x0, &(0x7f0000000100)) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1b9}, 0x0, 0x0) 13:51:40 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mkdir(&(0x7f0000000480)='./file0\x00', 0x0) [ 228.003647][ T8196] BUG: assuming atomic context at kernel/seccomp.c:271 [ 228.021402][ T8196] in_atomic(): 0, irqs_disabled(): 0, pid: 8196, name: syz-executor.4 [ 228.040481][ T26] audit: type=1326 audit(1550670700.959:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8193 comm="syz-executor.5" exe="/root/syz-executor.5" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0xffff0000 [ 228.088695][ T8196] no locks held by syz-executor.4/8196. 13:51:41 executing program 2: r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x3) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$SIOCGSTAMPNS(r0, 0x8907, 0x0) [ 228.094569][ T8196] CPU: 1 PID: 8196 Comm: syz-executor.4 Tainted: G W 5.0.0-rc7-next-20190220 #39 [ 228.104992][ T8196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 228.115053][ T8196] Call Trace: [ 228.118369][ T8196] dump_stack+0x172/0x1f0 [ 228.122713][ T8196] __cant_sleep.cold+0xa3/0xbb [ 228.127485][ T8196] __seccomp_filter+0x12b/0x12b0 [ 228.127507][ T8196] ? seccomp_notify_release+0x280/0x280 [ 228.127525][ T8196] ? kasan_check_write+0x14/0x20 [ 228.127544][ T8196] ? _raw_spin_unlock_irq+0x28/0x90 [ 228.127556][ T8196] ? do_seccomp+0xa5a/0x2250 13:51:41 executing program 3: r0 = syz_init_net_socket$bt_sco(0x1f, 0x3, 0x3) sendto$inet6(r0, 0x0, 0x0, 0x4004840, 0x0, 0x0) [ 228.127569][ T8196] ? _raw_spin_unlock_irq+0x28/0x90 [ 228.127584][ T8196] ? lockdep_hardirqs_on+0x418/0x5d0 [ 228.127612][ T8196] ? trace_hardirqs_on+0x67/0x230 [ 228.127647][ T8196] ? kasan_check_read+0x11/0x20 [ 228.138110][ T8196] ? _raw_spin_unlock_irq+0x5e/0x90 [ 228.138127][ T8196] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 228.138151][ T8196] ? do_seccomp+0x389/0x2250 [ 228.138172][ T8196] __secure_computing+0x101/0x360 [ 228.138193][ T8196] syscall_trace_enter+0x5bf/0xe10 13:51:41 executing program 3: seccomp(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0xffffffff}]}) mremap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000, 0x0, &(0x7f0000fff000/0x1000)=nil) [ 228.138214][ T8196] ? trace_event_raw_event_sys_exit+0x290/0x290 [ 228.138236][ T8196] ? lockdep_hardirqs_on+0x418/0x5d0 [ 228.138253][ T8196] ? trace_hardirqs_on+0x67/0x230 [ 228.138275][ T8196] do_syscall_64+0x479/0x610 [ 228.173324][ T8196] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 228.184737][ T8196] RIP: 0033:0x45ac8a [ 228.184754][ T8196] Code: 25 18 00 00 00 00 74 01 f0 48 0f b1 3d df ba 5f 00 48 39 c2 75 da f3 c3 0f 1f 84 00 00 00 00 00 48 63 ff b8 e4 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 06 f3 c3 0f 1f 40 00 48 c7 c2 d4 ff ff ff f7 [ 228.184763][ T8196] RSP: 002b:00007f9c8a9c1c58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e4 [ 228.184779][ T8196] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045ac8a [ 228.184789][ T8196] RDX: 00000000000040f6 RSI: 00007f9c8a9c1c60 RDI: 0000000000000001 [ 228.184798][ T8196] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 228.184808][ T8196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 228.184818][ T8196] R13: 00000000004c4cd5 R14: 00000000004d8890 R15: 00000000ffffffff [ 228.189627][ C0] protocol 88fb is buggy, dev hsr_slave_0 13:51:41 executing program 2: seccomp(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0xffffffff}]}) signalfd(0xffffffffffffffff, &(0x7f0000000040), 0x8) [ 228.189713][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 228.203169][ T26] audit: type=1326 audit(1550670701.119:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8195 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0xffff0000 [ 228.346827][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 228.352636][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 228.377180][ T26] audit: type=1326 audit(1550670701.229:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8217 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0xffff0000 [ 228.399809][ T26] audit: type=1326 audit(1550670701.289:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8223 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0xffff0000 [ 228.796994][ T26] audit: type=1326 audit(1550670701.719:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8193 comm="syz-executor.5" exe="/root/syz-executor.5" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0xffff0000 [ 228.821465][ T26] audit: type=1326 audit(1550670701.739:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8195 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0xffff0000 13:51:41 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000000c0)) syz_open_dev$rtc(&(0x7f0000000080)='/dev/rtc#\x00', 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xf, r0, 0x40, &(0x7f00000004c0)="a96d55a7564c469a52b88d22df6d33ebc349d3d6659e686e4a646c0e3b661208a5d73ceb62ada6b884d0a621f0eab034b70d0b14649b620c235e63147bc44735764751aae04529") ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000280)={0x0}) 13:51:41 executing program 5: r0 = syz_open_dev$binder(&(0x7f0000d59ff3)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x44, 0x0, &(0x7f0000000080)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 228.825287][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 228.850287][ C0] protocol 88fb is buggy, dev hsr_slave_1 13:51:41 executing program 4: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair(0x0, 0x0, 0x0, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) bpf$BPF_PROG_ATTACH(0x8, 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) [ 228.943778][ T8237] binder: 8236:8237 got transaction to context manager from process owning it [ 228.954559][ T8237] binder: 8236:8237 transaction failed 29201/-22, size 0-0 line 2985 [ 228.964129][ T8237] binder: BINDER_SET_CONTEXT_MGR already set [ 228.970826][ T8239] binder_alloc: 8236: binder_alloc_buf, no vma [ 228.977366][ T8237] binder: 8236:8237 ioctl 40046207 0 returned -16 [ 228.986232][ T8239] binder: 8236:8239 transaction failed 29189/-3, size 0-0 line 3147 13:51:41 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) r2 = syz_open_pts(r1, 0x2002) r3 = dup3(r2, r0, 0x0) write(r3, &(0x7f0000000080)="1db14c44f12cf317080834619f350956", 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$TCXONC(r3, 0x540a, 0x1) 13:51:41 executing program 4: r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20}, 0x1c) listen(r0, 0x80000000004f6) syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @link_local, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x6, 0x0, @local={0xfe, 0x8a00, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x4e20, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) [ 228.996346][ T7754] binder: undelivered TRANSACTION_ERROR: 29201 [ 229.012233][ T7754] binder: undelivered TRANSACTION_ERROR: 29189 13:51:41 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @local, 0x2}, 0x1c) listen(r1, 0x0) [ 229.080129][ T8221] BUG: assuming atomic context at kernel/seccomp.c:271 [ 229.096245][ T8221] in_atomic(): 0, irqs_disabled(): 0, pid: 8221, name: syz-executor.3 [ 229.109035][ T8251] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. 13:51:42 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) openat$pfkey(0xffffffffffffff9c, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) [ 229.124792][ T8221] no locks held by syz-executor.3/8221. [ 229.140843][ T8221] CPU: 1 PID: 8221 Comm: syz-executor.3 Tainted: G W 5.0.0-rc7-next-20190220 #39 [ 229.151255][ T8221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 229.161308][ T8221] Call Trace: [ 229.164643][ T8221] dump_stack+0x172/0x1f0 [ 229.168999][ T8221] __cant_sleep.cold+0xa3/0xbb [ 229.173769][ T8221] __seccomp_filter+0x12b/0x12b0 [ 229.178720][ T8221] ? seccomp_notify_release+0x280/0x280 [ 229.184283][ T8221] ? kasan_check_write+0x14/0x20 [ 229.189227][ T8221] ? _raw_spin_unlock_irq+0x28/0x90 [ 229.189241][ T8221] ? do_seccomp+0xa5a/0x2250 [ 229.189256][ T8221] ? _raw_spin_unlock_irq+0x28/0x90 [ 229.189273][ T8221] ? lockdep_hardirqs_on+0x418/0x5d0 [ 229.189291][ T8221] ? trace_hardirqs_on+0x67/0x230 [ 229.189307][ T8221] ? kasan_check_read+0x11/0x20 [ 229.189326][ T8221] ? _raw_spin_unlock_irq+0x5e/0x90 [ 229.189342][ T8221] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 229.189362][ T8221] ? do_seccomp+0x389/0x2250 [ 229.235735][ T8221] __secure_computing+0x101/0x360 [ 229.240769][ T8221] syscall_trace_enter+0x5bf/0xe10 [ 229.245899][ T8221] ? trace_event_raw_event_sys_exit+0x290/0x290 [ 229.252160][ T8221] ? lockdep_hardirqs_on+0x418/0x5d0 [ 229.257460][ T8221] ? trace_hardirqs_on+0x67/0x230 [ 229.262499][ T8221] do_syscall_64+0x479/0x610 [ 229.267106][ T8221] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 229.273012][ T8221] RIP: 0033:0x45ac8a [ 229.276919][ T8221] Code: 25 18 00 00 00 00 74 01 f0 48 0f b1 3d df ba 5f 00 48 39 c2 75 da f3 c3 0f 1f 84 00 00 00 00 00 48 63 ff b8 e4 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 06 f3 c3 0f 1f 40 00 48 c7 c2 d4 ff ff ff f7 [ 229.296524][ T8221] RSP: 002b:00007f5dff98cc58 EFLAGS: 00000246 ORIG_RAX: 00000000000000e4 [ 229.304936][ T8221] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000045ac8a [ 229.312930][ T8221] RDX: 0000000000004446 RSI: 00007f5dff98cc60 RDI: 0000000000000001 [ 229.320923][ T8221] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 13:51:42 executing program 5: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) bind$rose(r0, &(0x7f0000000040)=@full={0xb, @dev, @null, 0x0, [@null, @netrom, @rose, @default, @netrom, @netrom]}, 0x40) 13:51:42 executing program 1: r0 = syz_open_dev$evdev(&(0x7f00000000c0)='/dev/input/event#\x00', 0x4231d52d, 0x0) r1 = memfd_create(&(0x7f00000003c0)='/d-\x1b\xb3\x82\xf9/J\xb0p*\xd8\x00\xea\x03\x83\xd8\x16\x88Qt\xceh\xeb\xb2\xc4\xfbf\xe1\xd5\xe5\x9aS\x964\xb5L/\xdb\xb4\xec\xd7C\xed\xcf\f\x01\x15\xae!T\x9eU\xee\xc6]3\xdb\xadx\x19\xf0w}y\x0f\xc3\xf2\xea;\x93\xe9\x13\x97E\xd8i\f6\xb6\xf9\\\xbd\xd1\\\x19\x0e\x93\x05\nC\x1b8)\xe3\x9b{\x8bT\x8a\xec\a\xc9-;\xf55n\xd1~\x7f\xa8eB\xc40&l\'a\x19\xdf\xad\x9aan\xaa\xc1h\x9e\x9a\xa94\xdcI{\xa9\xf3\x00u\xfb\x83\xa2An\x1cN\x05w\xcb\x811A\x98G\x87j\x02\x8cC\xed#\xb8+\xf2G6\xe5\xe8\x88<2\x92\x13&\x96\xe6\xdbl\xb0\x99\x9e\xe8Q\xd3\xe9S0\xb9\xb0\'\xf5\x05\xecV}\x89Z\n\xc5.\xf5\xa7\xe1\x97\x9dq\xe8\xa6\x99\x9d8b\xd3\xd9\xbe\x02D\x13\x19b\x7fm2\xed\xad\x04\x80\x12GM\x9dZ@=\xc9\x14\xf8\xdcb\x92@\xd1\xbb\xd2\xa331\x19\x8a\xc8:\xa1\xe6\xc2)', 0x0) write$eventfd(r1, &(0x7f00000001c0), 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r1, 0x0) ioctl$EVIOCSFF(r0, 0x402c4580, &(0x7f0000000140)={0x0, 0x0, 0x0, {}, {}, @period={0x0, 0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0}}) [ 229.329416][ T8221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 229.337385][ T8221] R13: 00000000004c4cd5 R14: 00000000004d8890 R15: 00000000ffffffff [ 229.349905][ T26] audit: type=1326 audit(1550670702.269:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8223 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0xffff0000 13:51:42 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x5, 0x31, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_POWER(r0, 0x112, 0x9, 0x0, &(0x7f0000000040)) 13:51:42 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) write$binfmt_misc(r1, 0x0, 0x0) dup2(r0, r1) 13:51:42 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0af51f023c123f3188a070") r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8924, 0x0) [ 229.461442][ T26] audit: type=1326 audit(1550670702.379:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=8217 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45ac8a code=0xffff0000 13:51:42 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000000c0)) syz_open_dev$rtc(&(0x7f0000000080)='/dev/rtc#\x00', 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000000)) ptrace$setregs(0xf, r0, 0x40, &(0x7f00000004c0)="a96d55a7564c469a52b88d22df6d33ebc349d3d6659e686e4a646c0e3b661208a5d73ceb62ada6b884d0a621f0eab034b70d0b14649b620c235e63147bc44735764751aae04529") ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000280)={0x0}) 13:51:42 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) setsockopt$bt_BT_DEFER_SETUP(r0, 0x12, 0x3, &(0x7f0000000080)=0x2, 0x4) 13:51:42 executing program 5: dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x200000000, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20ncci\x00', 0x0, 0x0) mmap$perf(&(0x7f0000ffc000/0x3000)=nil, 0x7fffdf003000, 0x0, 0x11, r0, 0x0) 13:51:42 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x5, 0x31, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_POWER(r0, 0x112, 0x9, 0x0, &(0x7f0000000040)) 13:51:42 executing program 3: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000440)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x64, 0x7c, 0x7fffffff, {"fcfe473ffa680e4a9434a95c1f174b444c1986b826d046a3823c202a478220f051c4517e604b094ab784ccf5491a22b93e44667c7e75f16582239e6006cebfdc3c0135336bb92db19e8e11e7016b45f2d96ce02c4f0108a1cd8a9d9d23ee0b1658"}}}, 0x0, 0x7e, 0x0, 0x1}, 0x20) 13:51:42 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) openat$pfkey(0xffffffffffffff9c, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) 13:51:42 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x5, 0x31, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_POWER(r0, 0x112, 0x9, 0x0, &(0x7f0000000040)) 13:51:42 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007ff, &(0x7f0000deaff0), 0x10) 13:51:42 executing program 3: r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00005f5000)={0x0, 0x0, &(0x7f00008feff0)={&(0x7f00001dcf48)={0x2, 0x400000000000003, 0x0, 0x0, 0xf, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6}, @sadb_x_nat_t_port={0x1, 0x15}, @sadb_sa={0x2}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @local={0xfe, 0x80, [], 0xffffffffffffffff}}}]}, 0x78}}, 0x0) 13:51:42 executing program 5: r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) bind$rose(r0, &(0x7f0000000040)=@full={0xb, @dev, @null, 0x6, [@null, @netrom, @rose, @default, @netrom, @netrom]}, 0x40) 13:51:42 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x5, 0x31, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_POWER(r0, 0x112, 0x9, 0x0, &(0x7f0000000040)) 13:51:42 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) openat$pfkey(0xffffffffffffff9c, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) 13:51:43 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000000c0)) syz_open_dev$rtc(&(0x7f0000000080)='/dev/rtc#\x00', 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000000)) ptrace$setregs(0xf, r0, 0x40, &(0x7f00000004c0)="a96d55a7564c469a52b88d22df6d33ebc349d3d6659e686e4a646c0e3b661208a5d73ceb62ada6b884d0a621f0eab034b70d0b14649b620c235e63147bc44735764751aae04529") ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000280)={0x0}) 13:51:43 executing program 1: sendto$packet(0xffffffffffffffff, &(0x7f00000003c0), 0x0, 0x0, 0x0, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x3) socket$packet(0x11, 0x3, 0x300) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, &(0x7f00000002c0)) socket$alg(0x26, 0x5, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f00000000c0)=ANY=[], 0xfffffe57) mmap(&(0x7f0000a00000/0x600000)=nil, 0x600000, 0x300000a, 0x2011, r1, 0x0) mmap(&(0x7f0000f44000/0x4000)=nil, 0x50707c, 0x1000004, 0x2013, r1, 0x500000) syz_genetlink_get_family_id$fou(0x0) ioctl$EXT4_IOC_SWAP_BOOT(r1, 0x6611) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000400)=ANY=[@ANYBLOB="460000005d88c2b1baa38e16a0aa191513f20c3e52f0d0c2d1134ef9c2538cf23664dc411400088b24aebcd6246c561e9557beb2b787563692c1c6890a2d5b"], 0x0) ioctl$FITRIM(r1, 0xc0185879, &(0x7f0000000040)={0x100000000, 0x800007, 0x8000}) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, 0x0, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000140)) sendmsg$nl_generic(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)={0x30, 0x1d, 0x404, 0x0, 0x25dfdbfe, {0x8}, [@generic="973917db803778d88d166c5a23dc02669d072a06cf", @nested={0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x0) write$binfmt_elf32(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfffffd4f) select(0x0, 0x0, 0x0, 0x0, &(0x7f0000040ec0)={0xfffffffffffffff7}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2, 0x0, 0x0) sendfile(r0, r2, 0x0, 0x100000000) bind$inet6(r2, 0x0, 0x0) 13:51:43 executing program 5: r0 = socket$inet(0x2, 0x3, 0x16) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x23, &(0x7f0000000000)={{{@in=@multicast2, @in=@multicast1}}, {{@in6}, 0x0, @in6=@loopback}}, 0xe8) 13:51:43 executing program 4: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) openat$pfkey(0xffffffffffffff9c, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) 13:51:43 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) getsockopt$bt_BT_POWER(r0, 0x112, 0x9, 0x0, &(0x7f0000000040)) 13:51:43 executing program 3: 13:51:43 executing program 3: 13:51:43 executing program 5: 13:51:43 executing program 2: getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, 0x0, &(0x7f0000000040)) 13:51:43 executing program 3: syz_execute_func(&(0x7f00000002c0)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") clone(0x200, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0) creat(&(0x7f00000001c0)='./file1\x00', 0x21) execve(&(0x7f00000000c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000540)=""/11, 0x485) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) r1 = creat(&(0x7f0000000100)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x109) dup2(r0, r1) r2 = open$dir(&(0x7f0000000240)='./file0\x00', 0x841, 0x0) clone(0x3102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000040)='./file1\x00', 0x0, 0x0) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$EVIOCRMFF(r3, 0x40044581, 0x0) 13:51:43 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000140), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x131f64) clone(0x2102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet6_IPV6_ADDRFORM(r1, 0x29, 0x1, &(0x7f00000002c0), 0x4) setsockopt$inet_msfilter(r1, 0x0, 0x29, 0x0, 0x0) 13:51:43 executing program 2: getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, 0x0, &(0x7f0000000040)) [ 230.907181][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 230.913002][ C0] protocol 88fb is buggy, dev hsr_slave_1 13:51:44 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000000c0)) syz_open_dev$rtc(&(0x7f0000000080)='/dev/rtc#\x00', 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000000)) ptrace$setregs(0xf, r0, 0x40, &(0x7f00000004c0)="a96d55a7564c469a52b88d22df6d33ebc349d3d6659e686e4a646c0e3b661208a5d73ceb62ada6b884d0a621f0eab034b70d0b14649b620c235e63147bc44735764751aae04529") ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000280)={0x0}) 13:51:44 executing program 1: 13:51:44 executing program 2: getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, 0x0, &(0x7f0000000040)) 13:51:44 executing program 3: syz_execute_func(&(0x7f00000002c0)="3666440f50f564ff0941c3c4e2c9975842c4c27d794e0066420fe2e33e0f1110c442019dccd3196f") clone(0x200, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000f80000)='./file0\x00', 0x1040, 0x0) execve(&(0x7f0000000400)='./file0\x00', 0x0, 0x0) creat(&(0x7f00000001c0)='./file1\x00', 0x21) execve(&(0x7f00000000c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) read(r0, &(0x7f0000000540)=""/11, 0x485) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000200)) r1 = creat(&(0x7f0000000100)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x109) dup2(r0, r1) r2 = open$dir(&(0x7f0000000240)='./file0\x00', 0x841, 0x0) clone(0x3102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000040)='./file1\x00', 0x0, 0x0) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$EVIOCRMFF(r3, 0x40044581, 0x0) 13:51:44 executing program 4: 13:51:44 executing program 5: 13:51:44 executing program 4: 13:51:44 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x3) getsockopt$bt_BT_POWER(r0, 0x112, 0x9, 0x0, &(0x7f0000000040)) 13:51:44 executing program 5: 13:51:44 executing program 1: 13:51:44 executing program 4: 13:51:44 executing program 1: 13:51:45 executing program 0: clone(0x41fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() rt_tgsigqueueinfo(r0, r0, 0x16, &(0x7f00000000c0)) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000000)) ptrace$setregs(0xf, r0, 0x40, &(0x7f00000004c0)="a96d55a7564c469a52b88d22df6d33ebc349d3d6659e686e4a646c0e3b661208a5d73ceb62ada6b884d0a621f0eab034b70d0b14649b620c235e63147bc44735764751aae04529") ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000280)={0x0}) 13:51:45 executing program 5: 13:51:45 executing program 4: 13:51:45 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x3) getsockopt$bt_BT_POWER(r0, 0x112, 0x9, 0x0, &(0x7f0000000040)) 13:51:45 executing program 1: 13:51:45 executing program 3: 13:51:45 executing program 5: 13:51:45 executing program 1: 13:51:45 executing program 4: 13:51:45 executing program 3: 13:51:45 executing program 2: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x3) getsockopt$bt_BT_POWER(r0, 0x112, 0x9, 0x0, &(0x7f0000000040)) 13:51:45 executing program 1: