Warning: Permanently added '[localhost]:44831' (ECDSA) to the list of known hosts. 2019/12/06 21:36:41 fuzzer started 2019/12/06 21:36:43 dialing manager at 10.0.2.10:34681 2019/12/06 21:36:43 syscalls: 2689 2019/12/06 21:36:43 code coverage: enabled 2019/12/06 21:36:43 comparison tracing: enabled 2019/12/06 21:36:43 extra coverage: enabled 2019/12/06 21:36:43 setuid sandbox: enabled 2019/12/06 21:36:43 namespace sandbox: enabled 2019/12/06 21:36:43 Android sandbox: /sys/fs/selinux/policy does not exist 2019/12/06 21:36:43 fault injection: enabled 2019/12/06 21:36:43 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/12/06 21:36:43 net packet injection: enabled 2019/12/06 21:36:43 net device setup: enabled 2019/12/06 21:36:43 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/12/06 21:36:43 devlink PCI setup: PCI device 0000:00:10.0 is not available 21:37:00 executing program 0: 21:37:01 executing program 1: syzkaller login: [ 115.275254][ T7983] IPVS: ftp: loaded support on port[0] = 21 [ 115.341320][ T7985] IPVS: ftp: loaded support on port[0] = 21 21:37:01 executing program 2: [ 115.625262][ T7983] chnl_net:caif_netlink_parms(): no params data found [ 115.646485][ T7987] IPVS: ftp: loaded support on port[0] = 21 21:37:01 executing program 3: [ 115.718525][ T7985] chnl_net:caif_netlink_parms(): no params data found [ 115.834161][ T7983] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.868039][ T7983] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.906379][ T7983] device bridge_slave_0 entered promiscuous mode [ 115.966306][ T7985] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.996057][ T7985] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.016207][ T7985] device bridge_slave_0 entered promiscuous mode [ 116.041960][ T7985] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.061951][ T7985] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.080648][ T7985] device bridge_slave_1 entered promiscuous mode [ 116.103566][ T7983] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.119755][ T7983] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.131270][ T7983] device bridge_slave_1 entered promiscuous mode [ 116.160198][ T7983] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 116.185489][ T7985] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 116.203602][ T7983] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 116.203803][ T7992] IPVS: ftp: loaded support on port[0] = 21 [ 116.225474][ T7985] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 116.301630][ T7983] team0: Port device team_slave_0 added [ 116.315605][ T7985] team0: Port device team_slave_0 added [ 116.359565][ T7983] team0: Port device team_slave_1 added [ 116.370572][ T7985] team0: Port device team_slave_1 added [ 116.404635][ T7987] chnl_net:caif_netlink_parms(): no params data found [ 116.529472][ T7983] device hsr_slave_0 entered promiscuous mode [ 116.638315][ T7983] device hsr_slave_1 entered promiscuous mode [ 116.838592][ T7985] device hsr_slave_0 entered promiscuous mode [ 116.907000][ T7985] device hsr_slave_1 entered promiscuous mode [ 116.947105][ T7985] debugfs: Directory 'hsr0' with parent '/' already present! [ 116.984356][ T7987] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.997102][ T7987] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.014441][ T7987] device bridge_slave_0 entered promiscuous mode [ 117.027899][ T7987] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.040869][ T7987] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.054425][ T7987] device bridge_slave_1 entered promiscuous mode [ 117.091668][ T7987] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 117.112853][ T7987] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 117.156582][ T7983] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 117.223162][ T7983] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 117.290461][ T7983] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 117.354384][ T7987] team0: Port device team_slave_0 added [ 117.366223][ T7985] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 117.439541][ T7985] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 117.557211][ T7983] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 117.630833][ T7987] team0: Port device team_slave_1 added [ 117.645834][ T7985] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 117.719339][ T7985] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 117.791370][ T7992] chnl_net:caif_netlink_parms(): no params data found [ 117.919099][ T7987] device hsr_slave_0 entered promiscuous mode [ 117.997211][ T7987] device hsr_slave_1 entered promiscuous mode [ 118.066831][ T7987] debugfs: Directory 'hsr0' with parent '/' already present! [ 118.094587][ T7992] bridge0: port 1(bridge_slave_0) entered blocking state [ 118.106810][ T7992] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.118358][ T7992] device bridge_slave_0 entered promiscuous mode [ 118.131242][ T7992] bridge0: port 2(bridge_slave_1) entered blocking state [ 118.141901][ T7992] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.152673][ T7992] device bridge_slave_1 entered promiscuous mode [ 118.191245][ T7992] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 118.212140][ T7992] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 118.250270][ T7987] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 118.313354][ T7992] team0: Port device team_slave_0 added [ 118.324972][ T7992] team0: Port device team_slave_1 added [ 118.333703][ T7987] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 118.439458][ T7987] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 118.551454][ T7987] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 118.722712][ T7992] device hsr_slave_0 entered promiscuous mode [ 118.827486][ T7992] device hsr_slave_1 entered promiscuous mode [ 118.937943][ T7992] debugfs: Directory 'hsr0' with parent '/' already present! [ 119.045147][ T7992] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 119.123177][ T7992] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 119.202080][ T7992] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 119.351739][ T7992] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 119.446346][ T7985] 8021q: adding VLAN 0 to HW filter on device bond0 [ 119.466303][ T7983] 8021q: adding VLAN 0 to HW filter on device bond0 [ 119.493634][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 119.508613][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 119.535668][ T7985] 8021q: adding VLAN 0 to HW filter on device team0 [ 119.570401][ T7989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 119.587653][ T7989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 119.601067][ T7989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 119.624688][ T7989] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 119.646356][ T7989] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.660377][ T7989] bridge0: port 1(bridge_slave_0) entered forwarding state [ 119.674360][ T7989] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 119.690361][ T7983] 8021q: adding VLAN 0 to HW filter on device team0 [ 119.709653][ T3254] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 119.724145][ T3254] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 119.745883][ T3254] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.757279][ T3254] bridge0: port 2(bridge_slave_1) entered forwarding state [ 119.773349][ T3254] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 119.788448][ T3254] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 119.809468][ T3254] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.825204][ T3254] bridge0: port 1(bridge_slave_0) entered forwarding state [ 119.843604][ T3254] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 119.870228][ T7989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 119.885808][ T7989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 119.907896][ T7989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 119.930722][ T7989] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 119.953383][ T7989] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 119.979949][ T7997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 119.997656][ T7997] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 120.013817][ T7997] bridge0: port 2(bridge_slave_1) entered blocking state [ 120.024353][ T7997] bridge0: port 2(bridge_slave_1) entered forwarding state [ 120.050761][ T7987] 8021q: adding VLAN 0 to HW filter on device bond0 [ 120.064919][ T3254] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 120.083149][ T3254] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 120.101301][ T3254] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 120.117626][ T3254] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 120.133760][ T3254] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 120.159013][ T7985] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 120.182986][ T7985] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 120.219342][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 120.236423][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 120.250269][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 120.264082][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 120.279312][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 120.292456][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 120.304937][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 120.320002][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 120.339739][ T7992] 8021q: adding VLAN 0 to HW filter on device bond0 [ 120.628184][ T3006] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 120.647077][ T3006] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 120.667484][ T3006] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 120.694331][ T3006] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 120.724595][ T3006] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 120.748617][ T3006] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 120.786237][ T7985] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 120.815056][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 120.837340][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 120.861331][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 120.883063][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 120.905602][ T7987] 8021q: adding VLAN 0 to HW filter on device team0 [ 120.966209][ T7983] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 121.003159][ T7992] 8021q: adding VLAN 0 to HW filter on device team0 [ 121.045909][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 121.081818][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 121.110235][ T28] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.131129][ T28] bridge0: port 1(bridge_slave_0) entered forwarding state [ 121.204660][ T7997] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 121.252840][ T7997] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 121.298634][ T7997] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 121.334104][ T7997] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.359498][ T7997] bridge0: port 1(bridge_slave_0) entered forwarding state [ 121.375538][ T7997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 121.399518][ T7997] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 121.424373][ T7997] bridge0: port 2(bridge_slave_1) entered blocking state [ 121.444418][ T7997] bridge0: port 2(bridge_slave_1) entered forwarding state [ 121.467895][ T7997] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 121.494001][ T7997] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 121.511976][ T7997] bridge0: port 2(bridge_slave_1) entered blocking state [ 121.525336][ T7997] bridge0: port 2(bridge_slave_1) entered forwarding state [ 121.543792][ T7997] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 121.571532][ T7999] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 121.601180][ T7999] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 121.650343][ T7999] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 121.687715][ T7999] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 121.795603][ T7998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 121.866037][ T7998] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 121.924540][ T7998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready 21:37:07 executing program 1: [ 122.049763][ T7998] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 122.091264][ T7983] 8021q: adding VLAN 0 to HW filter on device batadv0 21:37:08 executing program 1: [ 122.125382][ T7989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready 21:37:08 executing program 1: [ 122.147363][ T7989] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 122.175863][ T7989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 122.213486][ T7989] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready 21:37:08 executing program 1: [ 122.235086][ T7989] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 122.309641][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 122.332409][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 122.354715][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 122.378641][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 122.399928][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 122.426897][ T7992] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 122.449567][ T7992] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 122.467549][ T7998] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 122.503184][ T7998] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 122.535329][ T7998] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 122.568092][ T7998] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 122.640249][ T7992] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 122.744468][ T7989] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 122.784223][ T7989] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 122.829978][ T7989] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready 21:37:08 executing program 0: 21:37:08 executing program 1: [ 122.859934][ T7989] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 122.893626][ T7987] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 122.945702][ T7989] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 122.981511][ T7989] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 123.010761][ T7987] 8021q: adding VLAN 0 to HW filter on device batadv0 21:37:09 executing program 2: 21:37:09 executing program 1: 21:37:09 executing program 0: 21:37:09 executing program 3: 21:37:09 executing program 1: 21:37:09 executing program 3: 21:37:09 executing program 0: 21:37:09 executing program 3: 21:37:09 executing program 2: 21:37:09 executing program 1: 21:37:09 executing program 3: 21:37:09 executing program 0: 21:37:09 executing program 3: 21:37:09 executing program 2: 21:37:09 executing program 1: 21:37:09 executing program 0: 21:37:09 executing program 3: 21:37:09 executing program 1: 21:37:09 executing program 2: 21:37:09 executing program 0: 21:37:09 executing program 3: 21:37:09 executing program 2: 21:37:09 executing program 1: 21:37:09 executing program 3: 21:37:09 executing program 0: 21:37:09 executing program 2: 21:37:09 executing program 3: 21:37:09 executing program 1: 21:37:09 executing program 0: 21:37:09 executing program 3: 21:37:09 executing program 2: 21:37:09 executing program 1: 21:37:09 executing program 0: 21:37:09 executing program 0: 21:37:09 executing program 3: 21:37:09 executing program 2: 21:37:09 executing program 1: 21:37:09 executing program 3: 21:37:09 executing program 2: 21:37:09 executing program 0: 21:37:09 executing program 1: 21:37:09 executing program 0: 21:37:09 executing program 3: 21:37:09 executing program 2: 21:37:09 executing program 1: 21:37:09 executing program 3: 21:37:09 executing program 0: 21:37:09 executing program 2: 21:37:09 executing program 3: 21:37:09 executing program 1: 21:37:09 executing program 0: 21:37:09 executing program 3: 21:37:09 executing program 2: 21:37:09 executing program 1: 21:37:09 executing program 3: 21:37:09 executing program 0: 21:37:09 executing program 3: 21:37:09 executing program 1: 21:37:09 executing program 2: 21:37:09 executing program 3: 21:37:09 executing program 1: 21:37:09 executing program 2: 21:37:09 executing program 0: 21:37:09 executing program 3: 21:37:10 executing program 0: 21:37:10 executing program 1: 21:37:10 executing program 2: 21:37:10 executing program 3: 21:37:10 executing program 2: 21:37:10 executing program 0: r0 = syz_open_dev$dri(&(0x7f0000000040)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000100)={0x0, 0x53f243fc0548c738}) 21:37:10 executing program 3: prlimit64(0x0, 0x0, 0x0, 0x0) getpid() r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r0, &(0x7f0000000080)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x24) sendmmsg(r0, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[{0x10, 0x110, 0x1}], 0x10, 0xffffffa7}}], 0x1, 0xc000) ioctl$sock_bt_cmtp_CMTPGETCONNLIST(0xffffffffffffffff, 0x800443d2, &(0x7f0000000000)={0x8, &(0x7f00000002c0)=[{}, {}, {}, {}, {}, {}, {}, {}]}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket(0x2000000000000021, 0x2, 0x10000000000002) connect$rxrpc(r1, &(0x7f0000000080)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x24) sendmmsg(r1, &(0x7f0000005c00)=[{{0x0, 0x7b, 0x0, 0x0, &(0x7f00000000c0)=[{0x18, 0x110, 0x1, "434b1a0ecccf80a7281c591244d4892e79ae7fd0a58f3388aff143ce6b75762a726d602fe6a1d4652c8151a131105792e169e2efeae0f5ec65fe9ed216e3c8e6bb29a6b4572cb0a5d5f8e59006aa0d490b32b490378f7e193ac2d080872df2439c6d39f0825e35fea624c18a685487b623389f7c277520e1a9688acb70e6d731228c09e1bd991c217faa80853aca5fd42e682037347ff1bf134fda7e128b99cfec9b1edb1b9920db3ad2f7437c0e4c2e2a00a815f1"}], 0x18, 0xffffffa7}}], 0x40000000000037b, 0xc000) 21:37:10 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00') lseek(r1, 0x3f, 0x0) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680)={0x8, 0x0, [{0x3000, 0xca, &(0x7f0000000040)=""/202}, {0x3000, 0xe6, &(0x7f0000000140)=""/230}, {0x10a004, 0x1000, &(0x7f0000000e40)=""/4096}, {0x5000, 0x69, &(0x7f0000000400)=""/105}, {0x6000, 0xa6, &(0x7f0000000480)=""/166}, {0x4, 0xbc, &(0x7f0000000540)=""/188}, {0xf000, 0x4d, &(0x7f0000000600)=""/77}, {0xd000, 0x2e, &(0x7f0000000280)=""/46}]}) setsockopt$inet6_int(r0, 0x29, 0x3c, &(0x7f00000002c0)=0x400000000008000, 0x4) setsockopt$inet6_int(r0, 0x29, 0x3e, &(0x7f00000003c0)=0x3, 0x4) ioctl(r0, 0x1f, &(0x7f00000007c0)="3b4bed46647cd3e53efba2fb94ac9cf8f6479aea4ce99b9a63976d19e5c00f421062e6fc95d03335a4721839207e84ed5bbe9509ac31658e99d22f5d30bafb4542366b1eb36475ac611b3d056964cf70e531429ee5aa4b3192e243") sendmmsg(r0, &(0x7f0000000240)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000880)="b95e1f69851a0ee7ba91550f38bce99d4f09d85b820c02783761f3f44321fc70e1b278cc33d355be8b0281e6ac9cdad397ddad30e404408bcdfb39f9a025bd130647b859906e7c32f215cf635b4e118c87c7ae46ffdf15bc11a9603566c69e246c4b65f87f90c2789ce6b742a0508298f0641be72b65ef4b7c9a0fdf502b573855922bba6ad32c92e070168f1a205512c11a49f3817d628cb49adb8e34f860ab0cd4b374aa385bbeb208f99bae76362bce9575247b059427b12e23f952961528279a822bbe410fa338c510ab8cd257992720240bd532e1a4b37f6820647557fd47ab6379aed173b6c693a55737eaed3b62a03dc853e8948c2a159bc9d588554d12eb8a9b51e17b139fef8860b7094d27053233d5266693e2da42960a91b6720b897743872ec8079921d06714e8125c018d84a5c563c257263486caa886df492176c2d624b83fd811e341609c2a33b625581c52a2f23ea405c5b205fc276dd190cf0bb6c09c3ba77e59678769ff7577ea849b808abf5dbbdf261c73eebf42862f0d0159656cf99902ecb1b64bf903ce8844fe92e1189a7c8568db488d2374a406cdf1d72c02374637fb39fec1db82202cb2391045e20987a92e796bb79e91c16039cd21252a3bd15bee2868698984bd4632ce657cf007d3511cfa6434eca2b9215a4295b469e140613822860259afa0f6476849191e241823c1253122dbcfb93d9f3a77a310f024ef590b090d2be8287f72e396b924d88ead4d65938a9ca3dab9475fb9b01187705365d9bd677fb448ea60ccd8772b930dc9f6644ed4f00b0687b43f624c4143d3595716e1956d66f148d09b1c2d3a949554ce875f50d2781870837785d7bc00255e971ac13eb9100b2199a76738cd9eb4dfdf4d5bca8bfce6589dfd68b35d151b46e2a802208a99151e0dba313d6aad8467fd25aa5771b717d5cffc58224f95cc6e9b383ea3dc34012ccd7c37d60b17f457e15c6f658879a78c7818318fd6a481238fe6bc0b082129b2c454b54c8a1a874ef5fe07b995e0bc13d85d89d0501c9ab3c1338a7f5541b47b3ca3351632cc6ef4fc13b0bbfbb95aadcafbddf4527ae3cb2cbbc1df9912fb87d2155ef3a8a518d51e7c055ca440114f1af50e55fa347cc7735d111f5df33c02d96b6b8ee2f32c24d3cdf922ddd6b18f96c34586489f49d35c9cbb85bfdd466927f208b534d6d0fd6ff2dfb61ec3b303345b376e0eb5a8344357e8175a20a01ea2b74cac3e50e300a12e2553f42b1c9499dc2f9501d438d5af466144dde8fd73dd42c2cb75b53c4fcdad5188ffd3ba8be0e4dfe97d43be68a85dc2d48b27dc6ff1229f4a61f49b9120a0346611adc5d138843cd412b2954ebe68c66edaff642b28f8a2f1ec9184a73f03d47b4e8e5136b31dba2146241c74ffab4a01bd636901116b3fa16acca1028f0ac1adf4fa48826c13d0384e79046a2dfbd58c3e1ce60de6db40c0fdd923124597735f705a723455f43a892f790006fe86e68ee16187441d7f72fe5ccd8598c1d792fdc1171497446e20d570225464465ad053d17dccf9f8dfdd64ab61c20bf98ebf9755791ae6a49f9518a659c5290978000a9f464326e7ca145b469d63f59ad6e184ba34dae77d5c675e34aea348d95f95a5083d167c6071545a280e9e2f3afe1b5250e46fb2b23f8e040f480f9365ae43beeff11b8b27fd11197e12978cf008ae954da39760e777f95b4a865332ace2dfee771ccf5e799fbd0a73c692749b1a33516bc058012990ac000608d8675042235e1563ac5ef1e45b24cecb8b199aa903bbb9d43839fd698e8f37373b3d3acdad9de2f52616fea4eadb4f42d0e6c69d605d05e5a85f25186a16657efdb3f801a37b809a0c37880b41c5a3b6c8f50505407b6f9e7460a1a64fc21bf68147cc4c56e73f7692503b7a8553a1de165078f615cb0c2c2b97f4d6d330de8f2defc7ba6d59a95101edfb03923dbdbe2fe3a60ed5a44bb0955d1bf51f0e90c264d653abf63f77f736b452e8ea4a5260d37715", 0x599}], 0x1}}], 0x1, 0x0) 21:37:10 executing program 2: syz_mount_image$hfs(&(0x7f0000000080)='hfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB='uid=', @ANYRESHEX=0x0, @ANYBLOB="2c004e2cf4db5e21084cc5e9405caf9fcf3a5e8de0bcc74bb58795f4df9aff9e729698e21c90c8b99f2e88fb02e43ca0477dc95e937df36c0ece6a32c6816280a1b1a8385e3d9ca6b500000000000000000000000000361114238ef47df32d96e19a689710d2e7f248842a8e8f1d24015d9505829cb72fdc02b1880daba1ad0b4a40a5e862c38d9276937062b9337556bec3dab825569265042f0a6fed23aa6394ccf1ae41b7b286a973fa07a13d5a9ced5887a6ca202041eed3c062cd212f522055e4e651e804868c"]) r0 = syz_open_procfs(0x0, &(0x7f0000000080)='smaps\x00') lseek(r0, 0x3f, 0x0) ioctl$CDROMREADRAW(r0, 0x5314, &(0x7f0000000100)={0x2, 0x1, 0x40, 0x85, 0xfc, 0x7}) 21:37:10 executing program 0: r0 = inotify_init() ioctl$INOTIFY_IOC_SETNEXTWD(r0, 0x541b, 0x0) [ 124.677145][ C3] hrtimer: interrupt took 421199 ns 21:37:10 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) keyctl$read(0xb, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) mkdir(&(0x7f0000002000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) mount(0x0, &(0x7f0000000480)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f0000000500)='sysfs\x00', 0x0, 0x0) symlink(&(0x7f0000000140)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', &(0x7f00000002c0)='./file0\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) creat(&(0x7f0000000780)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', 0x0) unlink(&(0x7f0000000040)='./file0\x00') unlinkat(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', 0x500) 21:37:10 executing program 0: r0 = socket(0x10, 0x803, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000033c0)=[{{0x0, 0x0, &(0x7f0000000c80)=[{&(0x7f0000000940)=""/21, 0x15}, {&(0x7f0000000980)=""/148, 0x94}, {&(0x7f0000000340)=""/59, 0x3b}, {&(0x7f00000000c0)=""/59, 0x3b}, {&(0x7f0000000b80)=""/228, 0xe4}], 0x5}}, {{0x0, 0x0, &(0x7f0000000f80)=[{&(0x7f0000000e40)=""/169, 0xa9}, {&(0x7f0000001fc0)=""/227, 0xe3}, {&(0x7f00000020c0)=""/158, 0x9e}], 0x3}}], 0x2, 0x0, 0x0) socketpair$unix(0x1, 0x8000000000005, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r1, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendto(r0, &(0x7f00000002c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x374, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x14b}, {&(0x7f0000000140)=""/85, 0x20a}, {&(0x7f0000000fc0)=""/4096, 0x49d}, {&(0x7f0000000400)=""/120, 0x2ce}, {&(0x7f0000000480)=""/60, 0x3dd}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x40d}, {&(0x7f0000000000)=""/22, 0x16}], 0x161, &(0x7f0000000600)=""/191, 0xbf}}], 0x3747b7d69c7f0cd, 0x0, &(0x7f0000003700)={0x77359400}) 21:37:10 executing program 0: r0 = socket(0x10, 0x803, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000033c0)=[{{0x0, 0x0, &(0x7f0000000c80)=[{&(0x7f0000000940)=""/21, 0x15}, {&(0x7f0000000980)=""/148, 0x94}, {&(0x7f0000000340)=""/59, 0x3b}, {&(0x7f00000000c0)=""/59, 0x3b}, {&(0x7f0000000b80)=""/228, 0xe4}], 0x5}}, {{0x0, 0x0, &(0x7f0000000f80)=[{&(0x7f0000000e40)=""/169, 0xa9}, {&(0x7f0000001fc0)=""/227, 0xe3}, {&(0x7f00000020c0)=""/158, 0x9e}], 0x3}}], 0x2, 0x0, 0x0) socketpair$unix(0x1, 0x8000000000005, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r1, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendto(r0, &(0x7f00000002c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x374, &(0x7f0000000380)=[{&(0x7f0000000040)=""/95, 0x14b}, {&(0x7f0000000140)=""/85, 0x20a}, {&(0x7f0000000fc0)=""/4096, 0x49d}, {&(0x7f0000000400)=""/120, 0x2ce}, {&(0x7f0000000480)=""/60, 0x3dd}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000540)=""/154, 0x40d}, {&(0x7f0000000000)=""/22, 0x16}], 0x161, &(0x7f0000000600)=""/191, 0xbf}}], 0x3747b7d69c7f0cd, 0x0, &(0x7f0000003700)={0x77359400}) [ 144.657685][ T5] ------------[ cut here ]------------ [ 144.702424][ T5] AppArmor WARN aa_sock_msg_perm: ((!sock)): [ 144.705130][ T5] WARNING: CPU: 0 PID: 5 at security/apparmor/lsm.c:933 aa_sock_msg_perm.isra.0+0xdd/0x170 [ 144.707585][ T5] Kernel panic - not syncing: panic_on_warn set ... [ 144.707585][ T5] CPU: 0 PID: 5 Comm: kworker/0:0 Not tainted 5.4.0-syzkaller #0 [ 144.707585][ T5] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 144.707585][ T5] Workqueue: krxrpcd rxrpc_peer_keepalive_worker [ 144.707585][ T5] Call Trace: [ 144.707585][ T5] dump_stack+0x197/0x210 [ 144.707585][ T5] ? aa_sock_msg_perm.isra.0+0xb0/0x170 [ 144.707585][ T5] panic+0x2e3/0x75c [ 144.707585][ T5] ? add_taint.cold+0x16/0x16 [ 144.707585][ T5] ? __kasan_check_write+0x14/0x20 [ 144.707585][ T5] ? __warn.cold+0x14/0x3e [ 144.707585][ T5] ? __warn+0xd9/0x1cf [ 144.707585][ T5] ? aa_sock_msg_perm.isra.0+0xdd/0x170 [ 144.707585][ T5] __warn.cold+0x2f/0x3e [ 144.707585][ T5] ? aa_sock_msg_perm.isra.0+0xdd/0x170 [ 144.707585][ T5] report_bug+0x289/0x300 [ 144.707585][ T5] do_error_trap+0x11b/0x200 [ 144.707585][ T5] do_invalid_op+0x37/0x50 [ 144.707585][ T5] ? aa_sock_msg_perm.isra.0+0xdd/0x170 [ 144.707585][ T5] invalid_op+0x23/0x30 [ 144.707585][ T5] RIP: 0010:aa_sock_msg_perm.isra.0+0xdd/0x170 [ 144.707585][ T5] Code: 89 ef e8 66 70 03 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 56 f5 18 fe 48 c7 c6 e0 14 6a 88 48 c7 c7 20 ff 69 88 e8 f2 9e e9 fd <0f> 0b e9 43 ff ff ff e8 37 f5 18 fe 48 c7 c6 e0 14 6a 88 48 c7 c7 [ 144.707585][ T5] RSP: 0018:ffffc9000038f9b0 EFLAGS: 00010286 [ 144.707585][ T5] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 144.707585][ T5] RDX: 0000000000000000 RSI: ffffffff815e58b6 RDI: fffff52000071f28 [ 144.707585][ T5] RBP: ffffc9000038f9d8 R08: ffff88802c564140 R09: fffffbfff16587bb [ 144.707585][ T5] R10: fffffbfff16587ba R11: ffffffff8b2c3dd7 R12: ffffc9000038fb20 [ 144.707585][ T5] R13: ffffffff886a03c0 R14: 0000000000000002 R15: 000000000000001d [ 144.707585][ T5] ? vprintk_func+0x86/0x189 [ 144.707585][ T5] apparmor_socket_sendmsg+0x2a/0x30 [ 144.707585][ T5] security_socket_sendmsg+0x77/0xc0 [ 144.707585][ T5] sock_sendmsg+0x45/0x130 [ 144.707585][ T5] kernel_sendmsg+0x44/0x50 [ 144.707585][ T5] rxrpc_send_keepalive+0x1ff/0x940 [ 144.707585][ T5] ? rxrpc_reject_packets+0xab0/0xab0 [ 144.707585][ T5] ? _raw_spin_unlock_bh+0x2c/0x30 [ 144.707585][ T5] ? __local_bh_enable_ip+0x15a/0x270 [ 144.707585][ T5] ? lockdep_hardirqs_on+0x421/0x5e0 [ 144.707585][ T5] ? rxrpc_peer_keepalive_worker+0x62e/0xd02 [ 144.707585][ T5] ? __local_bh_enable_ip+0x15a/0x270 [ 144.707585][ T5] rxrpc_peer_keepalive_worker+0x7be/0xd02 [ 144.707585][ T5] ? rxrpc_peer_add_rtt+0x650/0x650 [ 144.707585][ T5] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 144.707585][ T5] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 144.707585][ T5] ? trace_hardirqs_on+0x67/0x240 [ 144.707585][ T5] process_one_work+0x9af/0x1740 [ 144.707585][ T5] ? pwq_dec_nr_in_flight+0x320/0x320 [ 144.707585][ T5] ? lock_acquire+0x190/0x410 [ 144.707585][ T5] worker_thread+0x98/0xe40 [ 144.707585][ T5] kthread+0x361/0x430 [ 144.707585][ T5] ? process_one_work+0x1740/0x1740 [ 144.707585][ T5] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 144.707585][ T5] ret_from_fork+0x24/0x30 [ 144.707585][ T5] Kernel Offset: disabled [ 144.707585][ T5] Rebooting in 86400 seconds..