[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 56.645232][ T26] audit: type=1800 audit(1572316420.491:25): pid=8700 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 56.665148][ T26] audit: type=1800 audit(1572316420.491:26): pid=8700 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 56.731131][ T26] audit: type=1800 audit(1572316420.491:27): pid=8700 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.192' (ECDSA) to the list of known hosts. 2019/10/29 02:33:52 fuzzer started 2019/10/29 02:33:54 dialing manager at 10.128.0.26:44167 2019/10/29 02:33:55 syscalls: 2541 2019/10/29 02:33:55 code coverage: enabled 2019/10/29 02:33:55 comparison tracing: enabled 2019/10/29 02:33:55 extra coverage: extra coverage is not supported by the kernel 2019/10/29 02:33:55 setuid sandbox: enabled 2019/10/29 02:33:55 namespace sandbox: enabled 2019/10/29 02:33:55 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/29 02:33:55 fault injection: enabled 2019/10/29 02:33:55 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/29 02:33:55 net packet injection: enabled 2019/10/29 02:33:55 net device setup: enabled 2019/10/29 02:33:55 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 02:36:20 executing program 0: 02:36:21 executing program 1: syzkaller login: [ 217.201217][ T8871] IPVS: ftp: loaded support on port[0] = 21 [ 217.305290][ T8873] IPVS: ftp: loaded support on port[0] = 21 02:36:21 executing program 2: [ 217.425087][ T8871] chnl_net:caif_netlink_parms(): no params data found [ 217.554818][ T8871] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.577878][ T8871] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.586107][ T8871] device bridge_slave_0 entered promiscuous mode 02:36:21 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) dup(0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3, 0x0, 0xfffffffffffffffb}, 0x0) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/rtc\x00', 0x0, 0x0) ioctl$RTC_WKALM_SET(r1, 0x4028700f, &(0x7f0000000080)={0x1, 0x0, {0x0, 0x0, 0x0, 0x1f, 0x0, 0x69}}) sched_setattr(0x0, 0x0, 0x0) ptrace$setopts(0x4200, 0x0, 0x9, 0x23) creat(&(0x7f0000000040)='./bus\x00', 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r2 = gettid() ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x38) ptrace$cont(0x20, r2, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) [ 217.615761][ T8873] chnl_net:caif_netlink_parms(): no params data found [ 217.626957][ T8871] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.637860][ T8871] bridge0: port 2(bridge_slave_1) entered disabled state [ 217.645979][ T8871] device bridge_slave_1 entered promiscuous mode [ 217.715222][ T8877] IPVS: ftp: loaded support on port[0] = 21 [ 217.734129][ T8871] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 217.765113][ T8871] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 217.778383][ T8873] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.785469][ T8873] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.796455][ T8873] device bridge_slave_0 entered promiscuous mode [ 217.828990][ T8873] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.836093][ T8873] bridge0: port 2(bridge_slave_1) entered disabled state [ 217.847493][ T8873] device bridge_slave_1 entered promiscuous mode [ 217.857102][ T8871] team0: Port device team_slave_0 added [ 217.871591][ T8871] team0: Port device team_slave_1 added [ 217.932981][ T8873] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link 02:36:21 executing program 4: pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptmx\x00', 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f000014f000)={0x0, 0x0, 0x0}, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x0) write(r0, &(0x7f00000001c0), 0xfffffef3) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x2, @empty}, 0x1c) sendmmsg(r1, &(0x7f00000092c0), 0x800010b, 0x18) ioctl$FS_IOC_MEASURE_VERITY(r1, 0xc0046686, &(0x7f0000000100)={0x1, 0x31, "a20c56ceae50ffb6fd8eaac4f0b9e0cf96e4275408374ff51fa662500f04068bdefaef38127ffda45eafebb2690b114e18"}) [ 217.983127][ T8871] device hsr_slave_0 entered promiscuous mode [ 218.028172][ T8871] device hsr_slave_1 entered promiscuous mode [ 218.149236][ T8873] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 218.177645][ T8881] IPVS: ftp: loaded support on port[0] = 21 [ 218.201383][ T8879] IPVS: ftp: loaded support on port[0] = 21 [ 218.267412][ T8873] team0: Port device team_slave_0 added [ 218.303181][ T8871] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.310437][ T8871] bridge0: port 2(bridge_slave_1) entered forwarding state 02:36:22 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000640)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000400003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10000174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde318ead4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28b774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a800655d127de6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c84f7cff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"}) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000080)=0x10000000002) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 218.318417][ T8871] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.325469][ T8871] bridge0: port 1(bridge_slave_0) entered forwarding state [ 218.371456][ T8873] team0: Port device team_slave_1 added [ 218.430740][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.439472][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.530794][ T8873] device hsr_slave_0 entered promiscuous mode [ 218.588189][ T8873] device hsr_slave_1 entered promiscuous mode [ 218.629010][ T8873] debugfs: Directory 'hsr0' with parent '/' already present! [ 218.637515][ T8877] chnl_net:caif_netlink_parms(): no params data found [ 218.680099][ T8886] IPVS: ftp: loaded support on port[0] = 21 [ 218.721138][ T8877] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.728536][ T8877] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.736156][ T8877] device bridge_slave_0 entered promiscuous mode [ 218.745719][ T8877] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.752879][ T8877] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.761766][ T8877] device bridge_slave_1 entered promiscuous mode [ 218.841537][ T8877] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 218.866465][ T8879] chnl_net:caif_netlink_parms(): no params data found [ 218.877594][ T8877] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 218.928866][ T8879] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.936043][ T8879] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.943998][ T8879] device bridge_slave_0 entered promiscuous mode [ 218.952064][ T8879] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.959511][ T8879] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.967409][ T8879] device bridge_slave_1 entered promiscuous mode [ 218.988586][ T8877] team0: Port device team_slave_0 added [ 219.013693][ T8877] team0: Port device team_slave_1 added [ 219.026132][ T8871] 8021q: adding VLAN 0 to HW filter on device bond0 [ 219.034541][ T8879] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 219.054995][ T8879] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 219.160650][ T8877] device hsr_slave_0 entered promiscuous mode [ 219.218084][ T8877] device hsr_slave_1 entered promiscuous mode [ 219.257982][ T8877] debugfs: Directory 'hsr0' with parent '/' already present! [ 219.287211][ T8881] chnl_net:caif_netlink_parms(): no params data found [ 219.330082][ T8879] team0: Port device team_slave_0 added [ 219.339908][ T8879] team0: Port device team_slave_1 added [ 219.355340][ T8871] 8021q: adding VLAN 0 to HW filter on device team0 [ 219.399640][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 219.407969][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 219.471212][ T8879] device hsr_slave_0 entered promiscuous mode [ 219.508247][ T8879] device hsr_slave_1 entered promiscuous mode [ 219.547830][ T8879] debugfs: Directory 'hsr0' with parent '/' already present! [ 219.587002][ T8881] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.595289][ T8881] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.603719][ T8881] device bridge_slave_0 entered promiscuous mode [ 219.641028][ T2943] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 219.650149][ T2943] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 219.658767][ T2943] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.665810][ T2943] bridge0: port 1(bridge_slave_0) entered forwarding state [ 219.673456][ T2943] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 219.683186][ T2943] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 219.691638][ T2943] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.698723][ T2943] bridge0: port 2(bridge_slave_1) entered forwarding state [ 219.706229][ T2943] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 219.715749][ T8881] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.723099][ T8881] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.731048][ T8881] device bridge_slave_1 entered promiscuous mode [ 219.759199][ T8886] chnl_net:caif_netlink_parms(): no params data found [ 219.825820][ T8881] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 219.842002][ T8873] 8021q: adding VLAN 0 to HW filter on device bond0 [ 219.859988][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 219.869761][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 219.879212][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 219.889043][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 219.898506][ T8881] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 219.908434][ T8886] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.915477][ T8886] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.926545][ T8886] device bridge_slave_0 entered promiscuous mode [ 219.934416][ T8886] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.941676][ T8886] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.949727][ T8886] device bridge_slave_1 entered promiscuous mode [ 220.009714][ T8881] team0: Port device team_slave_0 added [ 220.019455][ T8881] team0: Port device team_slave_1 added [ 220.030266][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 220.040352][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 220.049171][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 220.057400][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 220.066226][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 220.075899][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 220.084377][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 220.092064][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 220.103764][ T8886] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 220.115307][ T8886] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 220.143728][ T8873] 8021q: adding VLAN 0 to HW filter on device team0 [ 220.153452][ T8871] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 220.220393][ T8881] device hsr_slave_0 entered promiscuous mode [ 220.269051][ T8881] device hsr_slave_1 entered promiscuous mode [ 220.307921][ T8881] debugfs: Directory 'hsr0' with parent '/' already present! [ 220.336501][ T8886] team0: Port device team_slave_0 added [ 220.353438][ T3028] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 220.362196][ T3028] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 220.371303][ T3028] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.378412][ T3028] bridge0: port 1(bridge_slave_0) entered forwarding state [ 220.386445][ T3028] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 220.395751][ T8886] team0: Port device team_slave_1 added [ 220.416609][ T8877] 8021q: adding VLAN 0 to HW filter on device bond0 [ 220.439441][ T8871] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 220.473038][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 220.481836][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 220.490721][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 220.499724][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 220.508558][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.515599][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 220.534655][ T8877] 8021q: adding VLAN 0 to HW filter on device team0 [ 220.556739][ T2943] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 220.573265][ T2943] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 220.584779][ T2943] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 220.594263][ T2943] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.601370][ T2943] bridge0: port 1(bridge_slave_0) entered forwarding state [ 220.614654][ T2943] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 220.622749][ T2943] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 220.646236][ T8879] 8021q: adding VLAN 0 to HW filter on device bond0 [ 220.721411][ T8886] device hsr_slave_0 entered promiscuous mode [ 220.748371][ T8886] device hsr_slave_1 entered promiscuous mode [ 220.797939][ T8886] debugfs: Directory 'hsr0' with parent '/' already present! [ 220.816407][ T3028] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 220.825677][ T3028] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 220.834268][ T3028] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 220.842828][ T3028] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 220.851518][ T3028] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 220.860326][ T3028] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 220.870466][ T3028] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.877506][ T3028] bridge0: port 2(bridge_slave_1) entered forwarding state [ 220.885163][ T3028] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 220.893725][ T3028] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 220.902404][ T3028] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 220.925291][ T8873] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 220.936075][ T8873] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 220.979667][ T3028] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 220.989016][ T3028] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 221.005761][ T3028] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 221.014479][ T3028] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 02:36:24 executing program 0: socketpair(0x0, 0x0, 0x0, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae68, &(0x7f0000000140)={0x6000}) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mount$overlay(0x400000, 0x0, &(0x7f0000000100)='overlay\x00', 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0/f.le.\x00', 0x0) renameat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) keyctl$chown(0x4, 0x0, 0xffffffffffffffff, 0x0) keyctl$setperm(0x5, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) rmdir(&(0x7f0000000380)='./file0/f.le.\x00') [ 221.023155][ T3028] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 221.039010][ T3028] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 221.057116][ T3028] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 221.074045][ T3028] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 221.082953][ T3028] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 221.091499][ T3028] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 221.100837][ T3028] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 221.108994][ T3028] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 221.127519][ T8877] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 221.138633][ T8877] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 221.147717][ C1] hrtimer: interrupt took 48688 ns [ 221.163686][ T8879] 8021q: adding VLAN 0 to HW filter on device team0 [ 221.190903][ T3028] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 221.201526][ T3028] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 221.210180][ T3028] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 221.220007][ T3028] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 02:36:25 executing program 0: socketpair(0x0, 0x0, 0x0, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae68, &(0x7f0000000140)={0x6000}) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mount$overlay(0x400000, 0x0, &(0x7f0000000100)='overlay\x00', 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0/f.le.\x00', 0x0) renameat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) keyctl$chown(0x4, 0x0, 0xffffffffffffffff, 0x0) keyctl$setperm(0x5, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) rmdir(&(0x7f0000000380)='./file0/f.le.\x00') [ 221.253672][ T8877] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 221.289066][ T3028] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 221.296868][ T3028] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 221.306543][ T3028] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 221.345120][ T3028] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.352291][ T3028] bridge0: port 1(bridge_slave_0) entered forwarding state [ 221.373730][ T3028] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 221.382590][ T3028] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 221.391120][ T3028] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.398223][ T3028] bridge0: port 2(bridge_slave_1) entered forwarding state [ 221.406782][ T3028] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 221.425489][ T8873] 8021q: adding VLAN 0 to HW filter on device batadv0 02:36:25 executing program 0: socketpair(0x0, 0x0, 0x0, 0x0) ioctl$KVM_UNREGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae68, &(0x7f0000000140)={0x6000}) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mount$overlay(0x400000, 0x0, &(0x7f0000000100)='overlay\x00', 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0/f.le.\x00', 0x0) renameat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) keyctl$chown(0x4, 0x0, 0xffffffffffffffff, 0x0) keyctl$setperm(0x5, 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) rmdir(&(0x7f0000000380)='./file0/f.le.\x00') [ 221.459024][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 221.471427][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 221.509599][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 221.532592][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 02:36:25 executing program 0: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/rtc\x00', 0x0, 0x0) ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000080)={0x0, 0x0, {0x0, 0x0, 0x0, 0x1f, 0x0, 0x69}}) [ 221.554515][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 221.563623][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 221.572301][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 221.580889][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 221.590016][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready 02:36:25 executing program 0: r0 = socket$kcm(0x10, 0x800000000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="1f000000180081ac02041cecff091ffa1c6702000049778a28761a485ead3a", 0x1f}], 0x1}, 0x0) [ 221.635603][ T8881] 8021q: adding VLAN 0 to HW filter on device bond0 [ 221.646636][ T8879] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 221.667126][ T8879] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 221.706547][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 221.722204][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 221.754431][ T8881] 8021q: adding VLAN 0 to HW filter on device team0 [ 221.769264][ T8918] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.0'. 02:36:25 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000180)="87", 0x1) [ 221.814883][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 221.825442][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 221.871180][ T8923] netlink: 3 bytes leftover after parsing attributes in process `syz-executor.0'. [ 221.891952][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 221.904312][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 221.913215][ T12] bridge0: port 1(bridge_slave_0) entered blocking state 02:36:25 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x2000000, 0x11, r1, 0x0) syz_open_procfs(0x0, &(0x7f0000000140)='net/dev\x00') [ 221.920380][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 221.929123][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 221.948848][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 221.963178][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.970360][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 221.996550][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 222.012933][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 222.024142][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 222.056141][ T8879] 8021q: adding VLAN 0 to HW filter on device batadv0 02:36:26 executing program 1: fcntl$getflags(0xffffffffffffffff, 0x0) gettid() ioctl$FS_IOC_GETVERSION(0xffffffffffffffff, 0x80087601, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) ioctl$TIOCSBRK(0xffffffffffffffff, 0x5427) gettid() syz_open_dev$char_usb(0xc, 0xb4, 0x0) semget$private(0x0, 0x1, 0x6) 02:36:26 executing program 2: creat(&(0x7f0000000180)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000640)='./file0\x00', &(0x7f0000000080)='fuse\x00', 0x0, &(0x7f0000000200)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) write$FUSE_NOTIFY_STORE(r0, &(0x7f00000000c0)={0x2b, 0x4, 0x0, {0x0, 0x0, 0x2, 0x0, [0x0, 0x0, 0x0]}}, 0x2b) [ 222.106546][ T8881] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 222.168659][ T8881] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 222.207047][ T2943] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 222.223542][ T2943] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 222.261550][ T2943] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 222.286584][ T2943] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 222.309885][ T2943] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 222.323894][ T2943] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 222.333631][ T2943] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 222.347155][ T2943] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 222.357251][ T2943] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 222.371475][ T2943] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 222.397618][ T8881] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 222.425505][ T8886] 8021q: adding VLAN 0 to HW filter on device bond0 [ 222.462519][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 222.474824][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 222.496893][ T8886] 8021q: adding VLAN 0 to HW filter on device team0 [ 222.510817][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 222.520861][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 222.534666][ T47] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.541842][ T47] bridge0: port 1(bridge_slave_0) entered forwarding state 02:36:26 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x440, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_inet_SIOCSIFDSTADDR(r2, 0x8918, &(0x7f0000000340)={'lo\x00', {0x2, 0x4e24, @empty}}) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) [ 222.579534][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 222.594311][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 222.603495][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 222.637481][ T47] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.644616][ T47] bridge0: port 2(bridge_slave_1) entered forwarding state [ 222.656721][ T47] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 222.680294][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 222.692542][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 222.702239][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 222.711619][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 222.722726][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 222.736214][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 222.744906][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 222.753701][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 223.402294][ T8886] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 223.427939][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 223.436410][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 223.487402][ T8886] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 223.642911][ T8976] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. 02:36:28 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x1ee6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000341000/0x2000)=nil, 0x2000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) 02:36:28 executing program 0: r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) fsetxattr$security_selinux(r0, &(0x7f0000000200)='security.selinux\x00', 0x0, 0x0, 0x0) keyctl$instantiate(0xc, 0x0, 0x0, 0x0, 0xfffffffffffffffb) bind$inet6(0xffffffffffffffff, 0x0, 0x0) 02:36:28 executing program 1: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x1ee6b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000341000/0x2000)=nil, 0x2000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) mremap(&(0x7f0000a94000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) 02:36:28 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={0x14, 0x41000000000013, 0xfffffffffffdfffb, 0x0, 0x0, {0x34}}, 0x14}, 0x1, 0x68}, 0x0) 02:36:28 executing program 3: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r0, 0x0) syz_open_dev$vcsa(&(0x7f00000007c0)='/dev/vcsa#\x00', 0x1, 0x10100) ioctl$BLKRRPART(0xffffffffffffffff, 0x125f, 0x0) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, 0x0) getpgid(0x0) pipe(&(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x0, 0x2) read$alg(r1, &(0x7f00000000c0)=""/45, 0x2d) 02:36:28 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000007c0)=@newlink={0x38, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, [@tunl_policy=[@IFLA_IPTUN_ENCAP_TYPE={0x8, 0xf, 0x1}]]}}}]}, 0x38}}, 0x0) [ 224.315398][ T8991] netlink: 'syz-executor.5': attribute type 15 has an invalid length. 02:36:28 executing program 3: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r0, 0x0) syz_open_dev$vcsa(&(0x7f00000007c0)='/dev/vcsa#\x00', 0x1, 0x10100) ioctl$BLKRRPART(0xffffffffffffffff, 0x125f, 0x0) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, 0x0) getpgid(0x0) pipe(&(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x0, 0x2) read$alg(r1, &(0x7f00000000c0)=""/45, 0x2d) 02:36:28 executing program 0: ioctl$EVIOCGABS3F(0xffffffffffffffff, 0x8018457f, &(0x7f0000000200)) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, 0x0) semget(0x0, 0x0, 0x102) mkdir(0x0, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) prctl$PR_SET_UNALIGN(0x6, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(0x0, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r1 = dup(r0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8b22, &(0x7f0000000000)='wlan0\x00') getsockopt$ARPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0) setxattr$trusted_overlay_upper(0x0, 0x0, &(0x7f0000000540)={0x0, 0xfb, 0x15, 0x0, 0x0, "d709e8821fb31efb553f70ae81a7d2cc"}, 0x15, 0x0) ioctl$sock_inet_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, 0x0) pivot_root(&(0x7f0000000200)='./file0\x00', 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000300)='/dev/full\x00', 0x240080, 0x0) semop(0x0, 0x0, 0x0) 02:36:28 executing program 1: perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x2005, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8c0d4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x1000000000000002, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x6}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x80fe) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 02:36:28 executing program 2: r0 = socket$nl_generic(0x10, 0x3, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={0x14, 0x41000000000013, 0xfffffffffffdfffb, 0x0, 0x0, {0x34}}, 0x14}, 0x1, 0x68}, 0x0) 02:36:28 executing program 3: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r0, 0x0) syz_open_dev$vcsa(&(0x7f00000007c0)='/dev/vcsa#\x00', 0x1, 0x10100) ioctl$BLKRRPART(0xffffffffffffffff, 0x125f, 0x0) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, 0x0) getpgid(0x0) pipe(&(0x7f0000000300)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x0, 0x2) read$alg(r1, &(0x7f00000000c0)=""/45, 0x2d) 02:36:28 executing program 5: openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) flock(0xffffffffffffffff, 0x0) shmget(0x2, 0x4000, 0x0, &(0x7f0000962000/0x4000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x0, 0x2) read$alg(r0, &(0x7f00000000c0)=""/45, 0x2d) 02:36:28 executing program 4: accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x80000) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x4000000000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x62a, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3, 0x10, 0xfffffffffffffffb}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0xd7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x851}, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) eventfd2(0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, &(0x7f00000003c0)={'trans=fd,', {'rfdno'}, 0x2c, {'wfdno'}}) getsockopt$IP6T_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x29, 0x44, &(0x7f0000000140)={'IDLETIMER\x00'}, &(0x7f0000000180)=0x1e) r4 = socket$inet(0x10, 0x2, 0xc) sendmsg(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) creat(&(0x7f0000000580)='./bus\x00', 0x0) openat$full(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/full\x00', 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) 02:36:28 executing program 0: ioctl$EVIOCGABS3F(0xffffffffffffffff, 0x8018457f, &(0x7f0000000200)) socket$inet_udplite(0x2, 0x2, 0x88) clock_gettime(0x0, 0x0) semget(0x0, 0x0, 0x102) mkdir(0x0, 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0) prctl$PR_SET_UNALIGN(0x6, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(0x0, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r1 = dup(r0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8b22, &(0x7f0000000000)='wlan0\x00') getsockopt$ARPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0) setxattr$trusted_overlay_upper(0x0, 0x0, &(0x7f0000000540)={0x0, 0xfb, 0x15, 0x0, 0x0, "d709e8821fb31efb553f70ae81a7d2cc"}, 0x15, 0x0) ioctl$sock_inet_SIOCSIFDSTADDR(0xffffffffffffffff, 0x8918, 0x0) pivot_root(&(0x7f0000000200)='./file0\x00', 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000300)='/dev/full\x00', 0x240080, 0x0) semop(0x0, 0x0, 0x0) 02:36:28 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="48010000100013070000000000000000e000000200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414aa0000000000000000000000000000000032000000e000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000005800020063626328866165732900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000063bd58a4d7c72f9c4fc4357300fac0"], 0x148}}, 0x0) 02:36:28 executing program 2: r0 = socket$inet6(0xa, 0x6, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r1, 0x1000008912, &(0x7f0000000040)="bf217043fc0300b37b0071") r2 = io_uring_setup(0xa4, &(0x7f0000000080)) io_uring_register$IORING_REGISTER_FILES(r2, 0x2, &(0x7f0000000280)=[r0], 0x1) io_uring_register$IORING_UNREGISTER_FILES(r2, 0x3, 0x0, 0x0) 02:36:28 executing program 3: syz_emit_ethernet(0x4a, &(0x7f0000000100)={@local, @random="192bce5e2dfb", [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x6, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @mcast2, {[], @tcp={{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x59}}}}}}}, 0x0) 02:36:28 executing program 5: openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) flock(0xffffffffffffffff, 0x0) shmget(0x2, 0x4000, 0x0, &(0x7f0000962000/0x4000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x0, 0x2) read$alg(r0, &(0x7f00000000c0)=""/45, 0x2d) 02:36:28 executing program 0: mkdir(&(0x7f0000000500)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) mkdir(&(0x7f0000000000)='./file0/f.le.\x00', 0x0) open(&(0x7f0000000080)='./file0/f.le.\x00', 0x0, 0x0) rmdir(&(0x7f0000000380)='./file0/f.le.\x00') 02:36:28 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.stet\x00', 0x26e1, 0x0) r1 = socket$kcm(0x2, 0x1000000000000002, 0x0) setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f00000002c0)=r0, 0x161) sendmsg$kcm(r1, &(0x7f0000000540)={&(0x7f0000000380)=@in={0x2, 0x4e23, @rand_addr=0x7fffffff}, 0x80, 0x0}, 0xfd00) r2 = socket$kcm(0x2b, 0x8000000000001, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$cgroup_subtree(r1, &(0x7f0000000280)={[{0x0, 'memory'}]}, 0xfdef) 02:36:28 executing program 4: r0 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r0, 0x0) r1 = creat(&(0x7f00000002c0)='./bus\x00', 0x0) fcntl$setstatus(r1, 0x4, 0x6100) ftruncate(r1, 0x8200) r2 = socket$inet6(0xa, 0x1000000000000002, 0x0) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x6}, 0x1c) sendmmsg(r2, &(0x7f00000092c0), 0x4ff, 0x0) ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40086602, &(0x7f0000003dc0)) write$cgroup_type(r1, &(0x7f0000000200)='threaded\x00', 0x175d900f) 02:36:29 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) r3 = add_key$keyring(0x0, &(0x7f0000000080)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) add_key(&(0x7f0000000000)='encrypted\x00', &(0x7f0000000180)={'syz'}, &(0x7f0000000100), 0x3c0a, r3) add_key$keyring(&(0x7f0000000040)='keyring\x00', &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r3) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) creat(0x0, 0x0) r5 = open(0x0, 0x80000, 0xa6) ioctl$EVIOCSFF(r5, 0x40304580, &(0x7f0000000240)={0x0, 0x9, 0x25b, {0x8, 0x1}, {0x2, 0xff}, @rumble={0x4, 0x2}}) open(&(0x7f0000000280)='./file0\x00', 0x101000, 0x0) write$P9_RLOPEN(r4, &(0x7f00000000c0)={0x18, 0xd, 0x1, {{0x4, 0x3, 0x4}, 0x1ff}}, 0x18) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) unshare(0x26000000) r6 = syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/pid_for_children\x00') setns(r6, 0x0) 02:36:29 executing program 5: io_uring_setup(0x6f9, &(0x7f0000000080)={0x0, 0x0, 0x5}) [ 225.189581][ T9052] overlayfs: conflicting lowerdir path [ 225.245751][ T9055] ================================================================== [ 225.254014][ T9055] BUG: KASAN: null-ptr-deref in io_wq_cancel_all+0x28/0x2a0 [ 225.261322][ T9055] Write of size 8 at addr 0000000000000004 by task syz-executor.2/9055 [ 225.269555][ T9055] [ 225.271893][ T9055] CPU: 1 PID: 9055 Comm: syz-executor.2 Not tainted 5.4.0-rc5-next-20191028 #0 [ 225.280830][ T9055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 225.290977][ T9055] Call Trace: [ 225.294282][ T9055] dump_stack+0x172/0x1f0 [ 225.298620][ T9055] ? io_wq_cancel_all+0x28/0x2a0 [ 225.303676][ T9055] ? io_wq_cancel_all+0x28/0x2a0 [ 225.308629][ T9055] __kasan_report.cold+0x5/0x41 [ 225.313500][ T9055] ? io_wq_cancel_all+0x28/0x2a0 [ 225.318454][ T9055] kasan_report+0x12/0x20 [ 225.322802][ T9055] check_memory_region+0x134/0x1a0 [ 225.327927][ T9055] __kasan_check_write+0x14/0x20 [ 225.332893][ T9055] io_wq_cancel_all+0x28/0x2a0 [ 225.337667][ T9055] io_ring_ctx_wait_and_kill+0x1e8/0x700 [ 225.343308][ T9055] io_uring_release+0x42/0x50 [ 225.348000][ T9055] __fput+0x2ff/0x890 [ 225.351994][ T9055] ? io_ring_ctx_wait_and_kill+0x700/0x700 [ 225.357810][ T9055] ____fput+0x16/0x20 [ 225.361795][ T9055] task_work_run+0x145/0x1c0 [ 225.366389][ T9055] do_exit+0x904/0x2e60 [ 225.370674][ T9055] ? mm_update_next_owner+0x640/0x640 [ 225.376061][ T9055] ? lock_downgrade+0x920/0x920 [ 225.380909][ T9055] ? _raw_spin_unlock_irq+0x23/0x80 [ 225.386096][ T9055] ? get_signal+0x392/0x24f0 [ 225.386118][ T9055] ? _raw_spin_unlock_irq+0x23/0x80 [ 225.386135][ T9055] do_group_exit+0x135/0x360 [ 225.400613][ T9055] get_signal+0x47c/0x24f0 [ 225.405068][ T9055] ? lock_downgrade+0x920/0x920 [ 225.409942][ T9055] do_signal+0x87/0x1700 [ 225.414201][ T9055] ? __kasan_check_read+0x11/0x20 [ 225.419239][ T9055] ? _copy_to_user+0x118/0x160 [ 225.424018][ T9055] ? setup_sigcontext+0x7d0/0x7d0 [ 225.429073][ T9055] ? exit_to_usermode_loop+0x43/0x380 [ 225.434468][ T9055] ? do_syscall_64+0x65f/0x760 [ 225.439255][ T9055] ? exit_to_usermode_loop+0x43/0x380 02:36:29 executing program 3: r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x0, 0x0) readv(r0, &(0x7f0000001900)=[{&(0x7f0000000080)=""/54, 0x36}, {&(0x7f0000000480)=""/82, 0x52}, {&(0x7f0000000500)=""/71, 0x47}, {&(0x7f0000000580)=""/107, 0x6b}, {&(0x7f0000000600)=""/240, 0xf0}, {&(0x7f0000000700)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/63, 0x3f}, {&(0x7f0000001700)=""/236, 0xec}, {&(0x7f0000001800)=""/254, 0xfe}], 0x9) 02:36:29 executing program 1: syz_open_procfs(0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) fsetxattr$security_selinux(r0, &(0x7f0000000200)='security.selinux\x00', 0x0, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) 02:36:29 executing program 1: clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@broute={'broute\x00', 0x20, 0x1, 0x178, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000c00], 0x0, 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff01000000190000000100000008006c6f00000000000000000000000000007465716c3000000000000000000000006970365f76746930000000000000000062637366300000000000000000000000ffffffffffff000000000000aaaaaaaaaa000000000000000000b8000000b8000000e80000006970000000000000000000000000000000000000000000000000000000000000200000000000001bac1414bbffffffff000000000000000000062d00000000002e000000000000004155444954000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000ea09ffff00000000000000000000000000000000000000000001000000ffffffff00000000"]}, 0x1f0) wait4(0x0, 0x0, 0x60000000, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000000)) read(r1, 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000140)) ioctl$TCSETX(r1, 0x5433, 0x0) process_vm_readv(0x0, 0x0, 0x0, &(0x7f00000018c0)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0) [ 225.444642][ T9055] ? lockdep_hardirqs_on+0x421/0x5e0 [ 225.449941][ T9055] ? trace_hardirqs_on+0x67/0x240 [ 225.454983][ T9055] exit_to_usermode_loop+0x286/0x380 [ 225.460286][ T9055] do_syscall_64+0x65f/0x760 [ 225.464895][ T9055] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 225.470794][ T9055] RIP: 0033:0x459f39 [ 225.474717][ T9055] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 225.494451][ T9055] RSP: 002b:00007f8064f8acf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 225.494465][ T9055] RAX: 0000000000000001 RBX: 000000000075bfd0 RCX: 0000000000459f39 [ 225.494472][ T9055] RDX: 00000000004cddd8 RSI: 0000000000000081 RDI: 000000000075bfd4 [ 225.494478][ T9055] RBP: 000000000075bfc8 R08: 0000000000000009 R09: 0000000000000000 [ 225.494485][ T9055] R10: ffffffffffffffff R11: 0000000000000246 R12: 000000000075bfd4 [ 225.494492][ T9055] R13: 00007fff100cdcbf R14: 00007f8064f8b9c0 R15: 000000000075bfd4 02:36:29 executing program 0: ioctl$sock_inet_SIOCSIFPFLAGS(0xffffffffffffffff, 0x8934, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) ioctl$KDADDIO(0xffffffffffffffff, 0x4b34, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x0, 0x2) read$alg(r0, &(0x7f00000000c0)=""/45, 0x2d) readv(0xffffffffffffffff, 0x0, 0x0) [ 225.494524][ T9055] ================================================================== [ 225.530243][ T3924] kobject: 'loop1' (00000000c85ab40b): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 225.534809][ T9055] Disabling lock debugging due to kernel taint [ 225.549988][ T9055] Kernel panic - not syncing: panic_on_warn set ... [ 225.575448][ T9055] CPU: 1 PID: 9055 Comm: syz-executor.2 Tainted: G B 5.4.0-rc5-next-20191028 #0 [ 225.585786][ T9055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 225.595842][ T9055] Call Trace: [ 225.599136][ T9055] dump_stack+0x172/0x1f0 [ 225.603492][ T9055] panic+0x2e3/0x75c [ 225.608261][ T9055] ? add_taint.cold+0x16/0x16 [ 225.612943][ T9055] ? io_wq_cancel_all+0x28/0x2a0 [ 225.613026][ T3924] kobject: 'loop3' (00000000a11f42e9): kobject_uevent_env [ 225.617874][ T9055] ? preempt_schedule+0x4b/0x60 [ 225.617890][ T9055] ? ___preempt_schedule+0x16/0x18 [ 225.617903][ T9055] ? trace_hardirqs_on+0x5e/0x240 [ 225.617915][ T9055] ? io_wq_cancel_all+0x28/0x2a0 [ 225.617925][ T9055] end_report+0x47/0x4f [ 225.617940][ T9055] ? io_wq_cancel_all+0x28/0x2a0 [ 225.636277][ T3924] kobject: 'loop3' (00000000a11f42e9): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 225.639972][ T9055] __kasan_report.cold+0xe/0x41 [ 225.639985][ T9055] ? io_wq_cancel_all+0x28/0x2a0 [ 225.639997][ T9055] kasan_report+0x12/0x20 [ 225.640014][ T9055] check_memory_region+0x134/0x1a0 [ 225.660695][ T3924] kobject: 'loop0' (00000000eeffe724): kobject_uevent_env [ 225.664129][ T9055] __kasan_check_write+0x14/0x20 [ 225.664142][ T9055] io_wq_cancel_all+0x28/0x2a0 [ 225.664160][ T9055] io_ring_ctx_wait_and_kill+0x1e8/0x700 [ 225.675821][ T3924] kobject: 'loop0' (00000000eeffe724): fill_kobj_path: path = '/devices/virtual/block/loop0' [ 225.678239][ T9055] io_uring_release+0x42/0x50 [ 225.678252][ T9055] __fput+0x2ff/0x890 [ 225.678264][ T9055] ? io_ring_ctx_wait_and_kill+0x700/0x700 [ 225.678280][ T9055] ____fput+0x16/0x20 [ 225.689514][ T3924] kobject: 'loop3' (00000000a11f42e9): kobject_uevent_env [ 225.690470][ T9055] task_work_run+0x145/0x1c0 [ 225.690486][ T9055] do_exit+0x904/0x2e60 [ 225.690504][ T9055] ? mm_update_next_owner+0x640/0x640 [ 225.696629][ T3924] kobject: 'loop3' (00000000a11f42e9): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 225.700167][ T9055] ? lock_downgrade+0x920/0x920 [ 225.700180][ T9055] ? _raw_spin_unlock_irq+0x23/0x80 [ 225.700191][ T9055] ? get_signal+0x392/0x24f0 [ 225.700207][ T9055] ? _raw_spin_unlock_irq+0x23/0x80 [ 225.785422][ T9055] do_group_exit+0x135/0x360 [ 225.790022][ T9055] get_signal+0x47c/0x24f0 [ 225.794455][ T9055] ? lock_downgrade+0x920/0x920 [ 225.799319][ T9055] do_signal+0x87/0x1700 [ 225.803599][ T9055] ? __kasan_check_read+0x11/0x20 [ 225.804154][ T3924] kobject: 'loop1' (00000000c85ab40b): kobject_uevent_env [ 225.808620][ T9055] ? _copy_to_user+0x118/0x160 [ 225.808636][ T9055] ? setup_sigcontext+0x7d0/0x7d0 [ 225.808656][ T9055] ? exit_to_usermode_loop+0x43/0x380 [ 225.817914][ T3924] kobject: 'loop1' (00000000c85ab40b): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 225.820501][ T9055] ? do_syscall_64+0x65f/0x760 [ 225.820516][ T9055] ? exit_to_usermode_loop+0x43/0x380 [ 225.820536][ T9055] ? lockdep_hardirqs_on+0x421/0x5e0 [ 225.857215][ T9055] ? trace_hardirqs_on+0x67/0x240 [ 225.862292][ T9055] exit_to_usermode_loop+0x286/0x380 [ 225.869179][ T9055] do_syscall_64+0x65f/0x760 [ 225.873768][ T9055] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 225.880002][ T9055] RIP: 0033:0x459f39 [ 225.883896][ T9055] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 225.903498][ T9055] RSP: 002b:00007f8064f8acf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 225.911894][ T9055] RAX: 0000000000000001 RBX: 000000000075bfd0 RCX: 0000000000459f39 [ 225.919862][ T9055] RDX: 00000000004cddd8 RSI: 0000000000000081 RDI: 000000000075bfd4 [ 225.927814][ T9055] RBP: 000000000075bfc8 R08: 0000000000000009 R09: 0000000000000000 [ 225.935766][ T9055] R10: ffffffffffffffff R11: 0000000000000246 R12: 000000000075bfd4 [ 225.943717][ T9055] R13: 00007fff100cdcbf R14: 00007f8064f8b9c0 R15: 000000000075bfd4 [ 225.953074][ T9055] Kernel Offset: disabled [ 225.957502][ T9055] Rebooting in 86400 seconds..