[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[ ok 8[?25h[?0c. [ 57.050804][ T23] audit: type=1800 audit(1573902208.514:25): pid=8667 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0 [ 57.095780][ T23] audit: type=1800 audit(1573902208.514:26): pid=8667 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0 [ 57.141338][ T23] audit: type=1800 audit(1573902208.514:27): pid=8667 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0 [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 Warning: Permanently added '10.128.0.208' (ECDSA) to the list of known hosts. 2019/11/16 11:03:40 fuzzer started 2019/11/16 11:03:41 dialing manager at 10.128.0.26:41425 2019/11/16 11:03:42 syscalls: 2566 2019/11/16 11:03:42 code coverage: enabled 2019/11/16 11:03:42 comparison tracing: enabled 2019/11/16 11:03:42 extra coverage: enabled 2019/11/16 11:03:42 setuid sandbox: enabled 2019/11/16 11:03:42 namespace sandbox: enabled 2019/11/16 11:03:42 Android sandbox: /sys/fs/selinux/policy does not exist 2019/11/16 11:03:42 fault injection: enabled 2019/11/16 11:03:42 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/11/16 11:03:42 net packet injection: enabled 2019/11/16 11:03:42 net device setup: enabled 2019/11/16 11:03:42 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2019/11/16 11:03:42 devlink PCI setup: PCI device 0000:00:10.0 is not available 11:05:58 executing program 0: openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(0x0) write(0xffffffffffffffff, 0x0, 0x0) r0 = getegid() perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket(0x0, 0x0, 0x81) bind(r1, &(0x7f0000000100)=@generic={0x0, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind(0xffffffffffffffff, 0x0, 0x0) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x0) fcntl$getown(0xffffffffffffffff, 0x9) getgid() getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) fstat(0xffffffffffffffff, 0x0) setgid(0x0) r2 = syz_open_dev$sg(0x0, 0x0, 0x5) writev(r2, &(0x7f0000000000)=[{0x0}], 0x1) socket$inet6_udp(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb), 0x0) syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff824f410005a90f57f07703aeff0f64ebbee0796", 0x17}, {&(0x7f0000000040)="53006000c659ca807737f40000", 0xd}], 0x2) accept4$rose(r1, 0x0, 0x0, 0x800) syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000040)='S', 0x1}], 0x1) setresgid(0x0, 0x0, 0x0) fchown(0xffffffffffffffff, 0x0, r0) syz_open_dev$vcsn(0x0, 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) open(0x0, 0x0, 0x0) io_submit(0x0, 0x1, &(0x7f00000019c0)=[0x0]) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x1000005, 0x10, 0xffffffffffffffff, 0x0) utimes(&(0x7f0000000040)='./bus\x00', 0x0) r3 = socket$inet6(0xa, 0x400000000001, 0x0) r4 = dup(r3) setsockopt$inet6_tcp_int(r4, 0x6, 0xa, &(0x7f0000000100)=0x81, 0x195) bind$inet6(r3, &(0x7f00000000c0)={0xa, 0x8000000004e20}, 0x1c) sendto$inet6(r3, 0x0, 0x0, 0x20000008, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000400)=0x8000000000000001, 0xffffffffffffff9f) setsockopt$inet6_int(r3, 0x29, 0x8000000000000004, &(0x7f0000000140)=0x3, 0x4) setsockopt$inet6_opts(r3, 0x29, 0x3b, 0x0, 0x0) r5 = open(&(0x7f0000000040)='./bus\x00', 0x141042, 0x0) ftruncate(r5, 0x7fff) sendfile(r4, r5, 0x0, 0x8040fffffffd) 11:05:58 executing program 1: r0 = socket(0xa, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0xb, &(0x7f0000ab2000)=0x1002, 0x4) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x2, 0x4e20}, 0x10) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) recvmmsg(r0, &(0x7f000000a100)=[{{&(0x7f0000009f40)=@can, 0x80, 0x0}}], 0x1, 0x2001, 0x0) syzkaller login: [ 207.352815][ T8833] IPVS: ftp: loaded support on port[0] = 21 [ 207.429470][ T8835] IPVS: ftp: loaded support on port[0] = 21 [ 207.515381][ T8833] chnl_net:caif_netlink_parms(): no params data found 11:05:59 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000240)='.^\xc5', 0x0) semget$private(0x0, 0x0, 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000140)='!', 0x1}], 0x1, 0x81805) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@newlink={0x38, 0x10, 0xe3b, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0xa, 0x6}, @IFLA_LINKINFO={0x10, 0x12, @sit={{0x8, 0x1, 'sit\x00'}, {0x4}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x880) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@newlink={0x38, 0x10, 0xe3b, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0xa, 0x6}, @IFLA_LINKINFO={0x10, 0x12, @sit={{0x8, 0x1, 'sit\x00'}, {0x4}}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000280)) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, 0x0, 0x24000000) ioctl$LOOP_CLR_FD(r0, 0x4c01) [ 207.580315][ T8833] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.589083][ T8833] bridge0: port 1(bridge_slave_0) entered disabled state [ 207.597710][ T8833] device bridge_slave_0 entered promiscuous mode [ 207.606954][ T8833] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.631178][ T8833] bridge0: port 2(bridge_slave_1) entered disabled state [ 207.639227][ T8833] device bridge_slave_1 entered promiscuous mode [ 207.693367][ T8833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 207.712795][ T8833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 207.800358][ T8833] team0: Port device team_slave_0 added [ 207.833600][ T8833] team0: Port device team_slave_1 added [ 207.842207][ T8835] chnl_net:caif_netlink_parms(): no params data found [ 207.854751][ T8839] IPVS: ftp: loaded support on port[0] = 21 11:05:59 executing program 3: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000340)={0x0, 0x0}) close(r1) recvmsg$kcm(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/40, 0x28}], 0x1, &(0x7f0000000100)=""/11, 0xb}, 0x0) [ 207.954532][ T8833] device hsr_slave_0 entered promiscuous mode 11:05:59 executing program 4: r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000000580)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='clear_refs\x00') r2 = syz_open_procfs(0x0, &(0x7f0000000180)='stat\x00') sendfile(r1, r2, 0x0, 0x1) [ 208.081593][ T8833] device hsr_slave_1 entered promiscuous mode [ 208.150084][ T8835] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.167904][ T8835] bridge0: port 1(bridge_slave_0) entered disabled state [ 208.193046][ T8835] device bridge_slave_0 entered promiscuous mode [ 208.219836][ T8841] IPVS: ftp: loaded support on port[0] = 21 [ 208.252434][ T8835] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.259619][ T8835] bridge0: port 2(bridge_slave_1) entered disabled state [ 208.272280][ T8835] device bridge_slave_1 entered promiscuous mode [ 208.328553][ T8835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link 11:05:59 executing program 5: r0 = socket$inet6(0xa, 0x80003, 0x6b) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="0815b5055e0bcfe87b3071") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c0000001600ff8e00000000deffffff0a00000018"], 0x1}}, 0x0) r1 = socket(0x10, 0x3, 0x0) recvmsg(r1, &(0x7f00000023c0)={0x0, 0x0, 0x0}, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x4001}, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000240)={0x0, 0xffffffffffffff4a, &(0x7f0000000200)={&(0x7f0000000080)={0x18, 0x16, 0xa01}, 0x18}}, 0x0) [ 208.373556][ T8835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 208.413399][ T8833] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 208.466842][ T8833] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 208.523643][ T8833] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 208.586593][ T8833] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 208.645937][ T8835] team0: Port device team_slave_0 added [ 208.655354][ T8835] team0: Port device team_slave_1 added [ 208.669881][ T8845] IPVS: ftp: loaded support on port[0] = 21 [ 208.691399][ T8843] IPVS: ftp: loaded support on port[0] = 21 [ 208.834015][ T8835] device hsr_slave_0 entered promiscuous mode [ 208.881445][ T8835] device hsr_slave_1 entered promiscuous mode [ 208.931572][ T8835] debugfs: Directory 'hsr0' with parent '/' already present! [ 208.987411][ T8839] chnl_net:caif_netlink_parms(): no params data found [ 209.070984][ T8835] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 209.122925][ T8839] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.130004][ T8839] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.138331][ T8839] device bridge_slave_0 entered promiscuous mode [ 209.146674][ T8839] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.153811][ T8839] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.161874][ T8839] device bridge_slave_1 entered promiscuous mode [ 209.168814][ T8835] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 209.227521][ T8835] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 209.329933][ T8835] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 209.406349][ T8839] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 209.442072][ T8845] chnl_net:caif_netlink_parms(): no params data found [ 209.453961][ T8839] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 209.469540][ T8841] chnl_net:caif_netlink_parms(): no params data found [ 209.559534][ T8841] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.566900][ T8841] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.574828][ T8841] device bridge_slave_0 entered promiscuous mode [ 209.595942][ T8839] team0: Port device team_slave_0 added [ 209.610718][ T8843] chnl_net:caif_netlink_parms(): no params data found [ 209.619680][ T8841] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.629216][ T8841] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.637318][ T8841] device bridge_slave_1 entered promiscuous mode [ 209.664827][ T8839] team0: Port device team_slave_1 added [ 209.675259][ T8841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 209.686698][ T8841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 209.700160][ T8845] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.708828][ T8845] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.716735][ T8845] device bridge_slave_0 entered promiscuous mode [ 209.725563][ T8845] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.732682][ T8845] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.740462][ T8845] device bridge_slave_1 entered promiscuous mode [ 209.761853][ T8841] team0: Port device team_slave_0 added [ 209.772333][ T8841] team0: Port device team_slave_1 added [ 209.801351][ T8833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 209.852257][ T8845] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 209.904403][ T8841] device hsr_slave_0 entered promiscuous mode [ 209.961529][ T8841] device hsr_slave_1 entered promiscuous mode [ 210.011299][ T8841] debugfs: Directory 'hsr0' with parent '/' already present! [ 210.084798][ T8839] device hsr_slave_0 entered promiscuous mode [ 210.121537][ T8839] device hsr_slave_1 entered promiscuous mode [ 210.171331][ T8839] debugfs: Directory 'hsr0' with parent '/' already present! [ 210.179729][ T8843] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.187273][ T8843] bridge0: port 1(bridge_slave_0) entered disabled state [ 210.195466][ T8843] device bridge_slave_0 entered promiscuous mode [ 210.204553][ T8845] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 210.230175][ T8843] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.237598][ T8843] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.245913][ T8843] device bridge_slave_1 entered promiscuous mode [ 210.279803][ T8845] team0: Port device team_slave_0 added [ 210.287572][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 210.297135][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 210.306915][ T8833] 8021q: adding VLAN 0 to HW filter on device team0 [ 210.341962][ T8845] team0: Port device team_slave_1 added [ 210.350449][ T8843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 210.380918][ T8841] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 210.435146][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 210.444109][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 210.452682][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.459961][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 210.468097][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 210.476925][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 210.485388][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.492496][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 210.500052][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 210.510938][ T8843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 210.548320][ T8835] 8021q: adding VLAN 0 to HW filter on device bond0 [ 210.555924][ T8841] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 210.635866][ T2902] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 210.644045][ T2902] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 210.653023][ T2902] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 210.662107][ T2902] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 210.677885][ T8839] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 210.794453][ T8845] device hsr_slave_0 entered promiscuous mode [ 210.831603][ T8845] device hsr_slave_1 entered promiscuous mode [ 210.891212][ T8845] debugfs: Directory 'hsr0' with parent '/' already present! [ 210.899528][ T8841] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 210.944015][ T8841] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 210.986797][ T8843] team0: Port device team_slave_0 added [ 210.993334][ T2902] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 211.002417][ T2902] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 211.010989][ T2902] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 211.019759][ T8839] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 211.093566][ T8843] team0: Port device team_slave_1 added [ 211.099335][ T8839] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 211.144267][ T2933] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 211.153457][ T2933] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 211.168863][ T8833] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 211.182640][ T8833] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 211.198212][ T8839] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 211.249261][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 211.257651][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 211.267692][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 211.276743][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 211.316902][ T8835] 8021q: adding VLAN 0 to HW filter on device team0 [ 211.325763][ T8845] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 211.383935][ T8845] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 211.484104][ T8843] device hsr_slave_0 entered promiscuous mode [ 211.531837][ T8843] device hsr_slave_1 entered promiscuous mode [ 211.572229][ T8843] debugfs: Directory 'hsr0' with parent '/' already present! [ 211.603132][ T8845] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 211.643559][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 211.650975][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 211.658580][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 211.667154][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 211.677394][ T5] bridge0: port 1(bridge_slave_0) entered blocking state [ 211.684507][ T5] bridge0: port 1(bridge_slave_0) entered forwarding state [ 211.692563][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 211.701238][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 211.709553][ T5] bridge0: port 2(bridge_slave_1) entered blocking state [ 211.716648][ T5] bridge0: port 2(bridge_slave_1) entered forwarding state [ 211.724659][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 211.758307][ T8833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 211.771367][ T8845] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 211.805968][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 211.815563][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 211.824743][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 211.833800][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 211.843320][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 211.852504][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 211.861025][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 211.881836][ T8841] 8021q: adding VLAN 0 to HW filter on device bond0 [ 211.912754][ T2933] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 211.934804][ T2933] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 211.962354][ T2933] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 211.970872][ T2933] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 212.023559][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 212.038357][ T8855] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 212.058324][ T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready 11:06:03 executing program 0: [ 212.098295][ T8843] netdevsim netdevsim4 netdevsim0: renamed from eth0 11:06:03 executing program 0: [ 212.173517][ T8841] 8021q: adding VLAN 0 to HW filter on device team0 [ 212.186917][ T8843] netdevsim netdevsim4 netdevsim1: renamed from eth1 11:06:03 executing program 0: 11:06:03 executing program 0: [ 212.264452][ T8843] netdevsim netdevsim4 netdevsim2: renamed from eth2 11:06:03 executing program 0: 11:06:03 executing program 0: [ 212.359644][ T8839] 8021q: adding VLAN 0 to HW filter on device bond0 [ 212.385130][ T8843] netdevsim netdevsim4 netdevsim3: renamed from eth3 11:06:03 executing program 0: [ 212.438134][ T8835] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 212.453048][ T2902] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 212.467885][ T2902] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 212.477740][ T2902] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 212.501999][ T2902] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 212.510475][ T2902] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.517584][ T2902] bridge0: port 1(bridge_slave_0) entered forwarding state [ 212.529135][ T2902] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 212.585684][ T8847] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 212.603085][ T8847] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 212.615000][ T8847] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.622148][ T8847] bridge0: port 2(bridge_slave_1) entered forwarding state [ 212.638280][ T8839] 8021q: adding VLAN 0 to HW filter on device team0 [ 212.668783][ T8875] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 212.677786][ T8875] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 212.687973][ T8875] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 212.699410][ T8875] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 212.709257][ T8875] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 212.719765][ T8875] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready 11:06:04 executing program 1: [ 212.726737][ T8878] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 212.734113][ T8875] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 212.764181][ T8875] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 212.784037][ T8875] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 212.793052][ T8875] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 212.801708][ T8875] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 212.810962][ T8875] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 212.843890][ T8845] 8021q: adding VLAN 0 to HW filter on device bond0 [ 212.867614][ T8841] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 212.876190][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 212.885107][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 212.899854][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 212.910017][ T17] bridge0: port 1(bridge_slave_0) entered blocking state [ 212.917143][ T17] bridge0: port 1(bridge_slave_0) entered forwarding state [ 212.925570][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 212.934374][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 212.943283][ T17] bridge0: port 2(bridge_slave_1) entered blocking state [ 212.950332][ T17] bridge0: port 2(bridge_slave_1) entered forwarding state [ 212.958143][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 212.967396][ T17] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 212.994317][ T8847] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 213.015941][ T2902] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 213.026238][ T2902] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 213.034494][ T2902] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 213.043481][ T2902] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 213.052748][ T2902] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 213.062318][ T2902] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 213.070647][ T2902] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 213.079187][ T2902] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 213.087910][ T2902] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 213.098541][ T8845] 8021q: adding VLAN 0 to HW filter on device team0 [ 213.114973][ T8875] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 213.123599][ T8875] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 213.139785][ T8841] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 213.156848][ T8839] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 213.165880][ T8875] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 213.174184][ T8875] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 213.182618][ T8875] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 213.191226][ T8875] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 213.199625][ T8875] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.206715][ T8875] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.215430][ T8875] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 213.241538][ T2902] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 213.255735][ T2902] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 213.265237][ T2902] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.272450][ T2902] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.280372][ T2902] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 213.289666][ T2902] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 213.313519][ T8843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 213.328700][ T8839] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 213.357624][ T2902] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 213.382481][ T2902] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 213.389997][ T2902] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 213.399008][ T2902] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 213.407664][ T2902] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 213.416527][ T2902] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 213.425217][ T2902] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 213.433772][ T2902] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 213.443025][ T2902] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 213.455141][ T8845] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 213.467498][ T8845] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 213.483643][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 213.492853][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 213.501718][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 213.509580][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 213.528916][ T8843] 8021q: adding VLAN 0 to HW filter on device team0 [ 213.585992][ T8875] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 213.603636][ T8875] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 213.614445][ T8875] bridge0: port 1(bridge_slave_0) entered blocking state [ 213.621600][ T8875] bridge0: port 1(bridge_slave_0) entered forwarding state [ 213.630271][ T8875] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 213.639015][ T8875] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 213.647494][ T8875] bridge0: port 2(bridge_slave_1) entered blocking state [ 213.654624][ T8875] bridge0: port 2(bridge_slave_1) entered forwarding state [ 213.663259][ T8875] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 213.672388][ T8875] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 213.728215][ T8845] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 213.745325][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 213.757243][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 213.761455][ C1] hrtimer: interrupt took 81703 ns [ 213.780375][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 213.827001][ T8890] blk_update_request: I/O error, dev loop0, sector 256 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 0 [ 213.842636][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 213.860560][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 213.877827][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 213.887067][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 213.906803][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 213.948021][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 213.967594][ T12] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 213.981238][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 213.989730][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready 11:06:05 executing program 0: 11:06:05 executing program 1: [ 214.004111][ T8843] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 214.105639][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 214.121374][ T5] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 214.158852][ T8843] 8021q: adding VLAN 0 to HW filter on device batadv0 11:06:06 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$IPVS_CMD_GET_CONFIG(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20004084, &(0x7f0000000040)={0xa, 0x20004e22, 0x0, @loopback}, 0x1c) dup2(0xffffffffffffffff, 0xffffffffffffffff) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000000)='tls\x00', 0xc498ead121f97dd6) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100)=@gcm_128={{0x304}, "be337667fd7e61dd", 'D \b\x004\x00', '\x00', "7ee51430da3f51b3"}, 0x28) sendto$inet6(r0, &(0x7f0000000080)="39a110", 0xffffffffffffffc1, 0x40, 0x0, 0xfffffffffffffe5b) 11:06:06 executing program 3: 11:06:06 executing program 1: 11:06:06 executing program 0: 11:06:06 executing program 2: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x182) r1 = memfd_create(&(0x7f0000000240)='.^\xc5', 0x0) semget$private(0x0, 0x0, 0x0) pwritev(r1, &(0x7f0000000340)=[{&(0x7f0000000140)='!', 0x1}], 0x1, 0x81805) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@newlink={0x38, 0x10, 0xe3b, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0xa, 0x6}, @IFLA_LINKINFO={0x10, 0x12, @sit={{0x8, 0x1, 'sit\x00'}, {0x4}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000000}, 0x880) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@newlink={0x38, 0x10, 0xe3b, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0xa, 0x6}, @IFLA_LINKINFO={0x10, 0x12, @sit={{0x8, 0x1, 'sit\x00'}, {0x4}}}]}, 0x38}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000280)) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, 0x0, 0x24000000) ioctl$LOOP_CLR_FD(r0, 0x4c01) 11:06:06 executing program 5: r0 = socket$inet6(0xa, 0x80003, 0x6b) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="0815b5055e0bcfe87b3071") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c0000001600ff8e00000000deffffff0a00000018"], 0x1}}, 0x0) r1 = socket(0x10, 0x3, 0x0) recvmsg(r1, &(0x7f00000023c0)={0x0, 0x0, 0x0}, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x4001}, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000240)={0x0, 0xffffffffffffff4a, &(0x7f0000000200)={&(0x7f0000000080)={0x18, 0x16, 0xa01}, 0x18}}, 0x0) 11:06:06 executing program 1: r0 = socket$inet6(0xa, 0x80001, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sysfs$1(0x1, &(0x7f0000000180)='ppp1%\x00') 11:06:06 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800a1695e1dcfe87b1071") r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000040)={0xa925, 0x2}) 11:06:06 executing program 3: perf_event_open(&(0x7f0000000600)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/userio\x00', 0x2000000000000006, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000040)={0x1, 0x89}, 0x2) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) r1 = socket$inet6(0xa, 0x2, 0x0) dup3(r1, r0, 0x0) 11:06:06 executing program 5: r0 = socket$inet6(0xa, 0x80003, 0x6b) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="0815b5055e0bcfe87b3071") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c0000001600ff8e00000000deffffff0a00000018"], 0x1}}, 0x0) r1 = socket(0x10, 0x3, 0x0) recvmsg(r1, &(0x7f00000023c0)={0x0, 0x0, 0x0}, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x4001}, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000240)={0x0, 0xffffffffffffff4a, &(0x7f0000000200)={&(0x7f0000000080)={0x18, 0x16, 0xa01}, 0x18}}, 0x0) [ 215.292158][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 11:06:06 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4cc74502f987c2ceb3504df6ead74ed8a60ab563e98b592a3d27a7082dbb78ab0200ba3da8b7f56445ab100621d6234555c08dc5404738f10004fd1b3786cd89e9b08e3f5972fe9ca1e86323e19268c89c9dd81c796f27f537cc5a3fb54aff8eaff4f6b59c41705b96a6711d4679079d000000000000000000000083e37f932a6b342390e27b62767e1dd5abdba8afe51cf610691e711b8e34b1cd3e381a3acaecbbbe3aef8276ad68f0ba06d89dbb3b8ed6"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) setxattr$security_ima(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)='security.ima\x00', &(0x7f00000004c0)=@ng, 0x2, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0) [ 215.443379][ T8950] blk_update_request: I/O error, dev loop0, sector 768 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 0 11:06:06 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f0000000000)=[{0x40}, {0x80000006}]}, 0x10) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x19}}, 0x10) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendmmsg(r1, &(0x7f0000007fc0), 0x4000000000001a8, 0x0) [ 215.553448][ T8966] misc userio: No port type given on /dev/userio [ 215.659917][ T8975] 9pnet: bogus RWRITE count (2 > 1) [ 215.694980][ T8970] 9pnet: bogus RWRITE count (2 > 1) 11:06:07 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$IPVS_CMD_GET_CONFIG(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20004084, &(0x7f0000000040)={0xa, 0x20004e22, 0x0, @loopback}, 0x1c) dup2(0xffffffffffffffff, 0xffffffffffffffff) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000000)='tls\x00', 0xc498ead121f97dd6) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100)=@gcm_128={{0x304}, "be337667fd7e61dd", 'D \b\x004\x00', '\x00', "7ee51430da3f51b3"}, 0x28) sendto$inet6(r0, &(0x7f0000000080)="39a110", 0xffffffffffffffc1, 0x40, 0x0, 0xfffffffffffffe5b) 11:06:07 executing program 5: r0 = socket$inet6(0xa, 0x80003, 0x6b) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="0815b5055e0bcfe87b3071") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c0000001600ff8e00000000deffffff0a00000018"], 0x1}}, 0x0) r1 = socket(0x10, 0x3, 0x0) recvmsg(r1, &(0x7f00000023c0)={0x0, 0x0, 0x0}, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x4001}, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000240)={0x0, 0xffffffffffffff4a, &(0x7f0000000200)={&(0x7f0000000080)={0x18, 0x16, 0xa01}, 0x18}}, 0x0) 11:06:07 executing program 2: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$inet6(0xa, 0x3, 0x6b) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="0815b5055e0bcfe87b3071") ioctl$sock_inet_SIOCSIFADDR(r0, 0x8915, &(0x7f0000000140)={'lo:\x05\xe6\r\x00\x00\x85\x01\x00\x00\x00\x10\x03\x00', {0x2, 0x0, @multicast1}}) 11:06:07 executing program 3: perf_event_open(&(0x7f0000000600)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/userio\x00', 0x2000000000000006, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f0000000040)={0x1, 0x89}, 0x2) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f0000000140)={0x7ffffffff000, 0x10, 0xfa00, {&(0x7f00000000c0)}}, 0x2) r1 = socket$inet6(0xa, 0x2, 0x0) dup3(r1, r0, 0x0) 11:06:07 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4cc74502f987c2ceb3504df6ead74ed8a60ab563e98b592a3d27a7082dbb78ab0200ba3da8b7f56445ab100621d6234555c08dc5404738f10004fd1b3786cd89e9b08e3f5972fe9ca1e86323e19268c89c9dd81c796f27f537cc5a3fb54aff8eaff4f6b59c41705b96a6711d4679079d000000000000000000000083e37f932a6b342390e27b62767e1dd5abdba8afe51cf610691e711b8e34b1cd3e381a3acaecbbbe3aef8276ad68f0ba06d89dbb3b8ed6"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) setxattr$security_ima(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)='security.ima\x00', &(0x7f00000004c0)=@ng, 0x2, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0) [ 215.781343][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 215.787374][ C0] protocol 88fb is buggy, dev hsr_slave_1 11:06:07 executing program 5: r0 = socket$inet6(0xa, 0x80003, 0x6b) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="0815b5055e0bcfe87b3071") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c0000001600ff8e00000000deffffff0a00000018"], 0x1}}, 0x0) r1 = socket(0x10, 0x3, 0x0) recvmsg(r1, &(0x7f00000023c0)={0x0, 0x0, 0x0}, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x4001}, 0x10) 11:06:07 executing program 2: open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r0 = open$dir(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x407012ef, &(0x7f0000000000)) [ 215.941596][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 215.947426][ C0] protocol 88fb is buggy, dev hsr_slave_1 11:06:07 executing program 3: r0 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap$perf(&(0x7f0000007000/0x3000)=nil, 0xffffe000, 0x0, 0x10, r0, 0x0) [ 216.001087][ C0] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 216.101573][ T23] kauditd_printk_skb: 3 callbacks suppressed [ 216.101587][ T23] audit: type=1800 audit(1573902367.564:31): pid=9005 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=16538 res=0 11:06:07 executing program 2: perf_event_open(&(0x7f00000000c0)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000600)="4c000000120081ae08060c0f006b10007f03e3f702000001000000ca1b4e0906a6bd7c493872f750375ed08a56331dbf64700169381ad6e74703c48f93b8446b9bbc7a461eb886a5e54e8ff5", 0x4c}], 0x1}, 0x0) 11:06:07 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4020aea5, &(0x7f0000002400)=ANY=[@ANYBLOB="06"]) [ 216.202321][ T23] audit: type=1804 audit(1573902367.574:32): pid=9005 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir593493739/syzkaller.DACnnR/3/file0" dev="sda1" ino=16538 res=1 11:06:07 executing program 4: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu\x00E\xab\xcbw\x83.\xf3\x8a\xf6\xb3\xac\xfe\x9ek9\xcd\"\x84\x18/~[{\xfb\xc2\t}\xaaCSM^Z\x98\x0eZ\xfca5b\xd6\x92\a\xd6*\xd8v\xd0\xb1\x00=k|\xf1P\xbf\x17\x1b\x8f\xd6LT`V\\\xaeuJ[:\xcd<\xa1L\xec\x9fU\xe9\x14_g=\xfc\x7f\xbd-\xb2\xfa\xee\xe3\a~\x90\xd4\x90\a\x83\x81\xac\x1bWE_\x05;\xefk\x1e\xed:\x90\xc1\xba\x96\xde\xfac\xf0\'&:dn`\xe8\xa6-\x1dh\xb07#T\xa6\xa3\x9c\x91_jM@\x06\x8c\xf5\xbb\x81G\xb9\xa9\x8b\xf3\x8f\xa2\xee', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000000)='cpuset.sched_load_balance\x00', 0x2, 0x0) write$cgroup_int(r1, &(0x7f00000003c0), 0x200003c2) [ 216.335988][ T9016] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. 11:06:07 executing program 0: r0 = creat(&(0x7f0000000180)='./bus\x00', 0x0) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f00000004c0)={0x0, 0x0, 0x22, 0x0, [], [{}, {0x801, 0x0, 0x80000001}]}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) 11:06:07 executing program 2: add_key(&(0x7f0000002000)='logon\x00', &(0x7f0000001000), &(0x7f0000001000)="1c989cc9f58ec796be4720e6160291a2fb7c6445e84b8e9e349ead029fe38d5810bf992b5d51f406a51cc339021268aed6f767582af42dbc8ea1110e4353fcf30b07f1f27ed3b44bef6444f8ca6a808e34ded636ef55e151c11b4ef7a5384f4a0ceb885759dfeeca5aaa540de461d2130755897533032f5639c4ba79988a49d63084f2cbed0a84e5e733146f15192fdabd0e3a", 0x93, 0xfffffffffffffffc) 11:06:07 executing program 4: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0xa, 0x3, 0x11) sendmsg$kcm(r1, &(0x7f00000027c0)={&(0x7f0000000280)=@nl=@unspec={0x0, 0x0, 0x0, 0xc0ff}, 0x80, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="b80000000000000029000000050000008102020100fe800000000000000000000000000093f53fcd7d00000400010000009c68a23f000000111552ff0bf85e07db2f1c320051906d8ebfd55fbbf4b94d4e342e48d5ce8f149465c90010000000000000c2f5c76b782d2d800161e6eae187acd3f8ded6dde50b00001297482ad307583d3a30eb2f85e525fe2f30ea5d80f5be3cec9f751de4c2d7e458e668c48f7de98cb328f56f6faddb0f62aa217d7196beac7fb08ab0517ebd894a7fbb2d7ca9355c724b9550cb19999260f88a61b7be789439c8ab55508854d8c3a176fe6c7549ee47e75b30871197fcf8762885aa163d4ffc82a789e5a36b2f9d4cd1d9738fd7076b8d6ba17a92926b30cd75c98870a534d7113bf417274099941d3147f7926d96b515babeba29d2e36e4f7ab1c739d7fbbe74c0083a5969d3b47095c7431cf8e59d110792c3e54c53e565600996debaae70fec20a0e151f276a233bb55a3ff864577e1f5b15c9a489476d1f1ee78a7c335ef7540549a837a21647bcf6636a9b3d728f4865b8a49ad2e9814315e2c34ae8787624f04394155b2629365e6f3c3f404623ce1ef45049e67324bad05f27d67b524066beff5293a86aa6ca1410d88501648a74840721cea026943a5c34ca034bdf6f1b9e23691a370b0b21e68e0158498842f5ba087c954f599188072e831df2ba492a4601cd6bf9bfce5f83b2c2f0ce97a8a924fc4fa909dc97016fe5f7e9b1592921f6404f7c20ff47c85784ff2fef3011d1194013c2307a4731ec272c54635aad5b9dae8a056bc0e30be926fc33479219801fe826d8573f28b11073c678c43f8ffbab2dc8718cc6f3c6f9f4e05749bbc4c1a1eaba9d545d3db8dab3d82b6c39f75100"/660], 0xb8}, 0x0) 11:06:08 executing program 2: clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 11:06:08 executing program 3: clone(0x200, 0x0, 0x0, 0x0, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x8b38, 0x0) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r0 = gettid() clone(0x100000100001ffb, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) dup(0xffffffffffffffff) r1 = inotify_init1(0x0) fcntl$setown(r1, 0x8, 0xffffffffffffffff) fcntl$getownex(r1, 0x10, &(0x7f0000000000)={0x0, 0x0}) kcmp(r2, r0, 0x4, 0xffffffffffffffff, 0xffffffffffffffff) ptrace$setopts(0x4206, r0, 0x0, 0x0) [ 216.604858][ T9026] 9pnet: bogus RWRITE count (2 > 1) 11:06:08 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4cc74502f987c2ceb3504df6ead74ed8a60ab563e98b592a3d27a7082dbb78ab0200ba3da8b7f56445ab100621d6234555c08dc5404738f10004fd1b3786cd89e9b08e3f5972fe9ca1e86323e19268c89c9dd81c796f27f537cc5a3fb54aff8eaff4f6b59c41705b96a6711d4679079d000000000000000000000083e37f932a6b342390e27b62767e1dd5abdba8afe51cf610691e711b8e34b1cd3e381a3acaecbbbe3aef8276ad68f0ba06d89dbb3b8ed6"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) setxattr$security_ima(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)='security.ima\x00', &(0x7f00000004c0)=@ng, 0x2, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0) 11:06:08 executing program 5: r0 = socket$inet6(0xa, 0x80003, 0x6b) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="0815b5055e0bcfe87b3071") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c0000001600ff8e00000000deffffff0a00000018"], 0x1}}, 0x0) r1 = socket(0x10, 0x3, 0x0) recvmsg(r1, &(0x7f00000023c0)={0x0, 0x0, 0x0}, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x4001}, 0x10) 11:06:08 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6(0xa, 0x3, 0x6) r4 = syz_open_procfs(0x0, &(0x7f0000000600)='net/ip6_flowlabel\x00n\xc01\x14\x894X\xed\xc1\xc9\xd8\xdcK\r\x8d\xae\x98&@\xd0\xe6\xbbQ\xd7\xffYn\x1c\x92\xde\x0e\xaa1\x91\x98\xe9\x1f\nMCi|+\xcdw\xf0\x176Z\xf1`\xac\xf3;\xd6d2\xeb\xe5\f\x0e\x8b\xda\xf7\xfc9\xfe\xff4\xef\'\xa19q\x93\"\x7fG3\xc1E\xe6e6\xc6\xc2u\x11% \xe7+0\x97\x84;\\\xda\xc4\x80\xc3\xb18N\xbfY%\x05\xf8\x85\x89\xfc\xd2\xd7') r5 = socket$inet6(0xa, 0x3, 0x6) sendfile(r5, r4, &(0x7f0000000240)=0x202, 0x4000000000dc) sendfile(r3, r4, &(0x7f0000000240)=0x202, 0x4000000000dc) 11:06:08 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) poll(&(0x7f0000000200)=[{r0}], 0x1, 0x0) 11:06:08 executing program 2: socket$inet_udp(0x2, 0x2, 0x0) write(0xffffffffffffffff, 0x0, 0x0) clock_nanosleep(0x0, 0x0, 0x0, 0x0) sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x0) write(0xffffffffffffffff, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000140)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/igmp6\x00') preadv(r0, &(0x7f00000017c0), 0x333, 0x1000000) 11:06:08 executing program 4: pipe(&(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="040100001a000d000000000000000000ff010000000000000000000000000001fe88000000000000000000000000000100"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="4b148fc52ccfbeffd6c5be0630522717000004d53c000000e000000100000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000014000e"], 0x4}}, 0x0) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) splice(r0, 0x0, r2, 0x0, 0x4ffe0, 0x0) 11:06:08 executing program 3: unshare(0x20400) r0 = syz_open_dev$evdev(&(0x7f0000000080)='/dev/input/event#\x00', 0x3ff, 0x0) ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f00000001c0)) [ 217.038211][ T9066] 9pnet: bogus RWRITE count (2 > 1) 11:06:08 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4cc74502f987c2ceb3504df6ead74ed8a60ab563e98b592a3d27a7082dbb78ab0200ba3da8b7f56445ab100621d6234555c08dc5404738f10004fd1b3786cd89e9b08e3f5972fe9ca1e86323e19268c89c9dd81c796f27f537cc5a3fb54aff8eaff4f6b59c41705b96a6711d4679079d000000000000000000000083e37f932a6b342390e27b62767e1dd5abdba8afe51cf610691e711b8e34b1cd3e381a3acaecbbbe3aef8276ad68f0ba06d89dbb3b8ed6"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) setxattr$security_ima(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)='security.ima\x00', &(0x7f00000004c0)=@ng, 0x2, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0) 11:06:08 executing program 2: perf_event_open(&(0x7f0000000040)={0x2, 0x30f, 0x3ea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) [ 217.138981][ T9083] mip6: mip6_destopt_init_state: spi is not 0: 3573809152 11:06:08 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) prctl$PR_SET_DUMPABLE(0x4, 0x0) 11:06:08 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000000), 0x4) fanotify_init(0x23, 0x0) write$FUSE_POLL(r1, &(0x7f00000000c0)={0xfffffffffffffe51, 0x0, 0x0, {0x7ffffff7}}, 0x1f1) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x84003ff) ioctl$RTC_PLL_GET(0xffffffffffffffff, 0x80207011, 0x0) [ 217.357779][ T9096] 9pnet: bogus RWRITE count (2 > 1) 11:06:08 executing program 3: r0 = socket$inet6(0xa, 0x401000000001, 0x0) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x28d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2, 0x11, r2, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2) close(r0) syz_open_procfs(0x0, &(0x7f00000002c0)='comm\x00') r3 = open(&(0x7f0000000400)='./bus\x00', 0x1141042, 0x0) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) ftruncate(r4, 0x208200) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) sendfile(r0, r3, 0x0, 0x8000fffffffe) 11:06:08 executing program 2: r0 = socket$kcm(0xa, 0x3, 0x3a) sendmsg$kcm(r0, &(0x7f00000002c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000400)=[{&(0x7f0000000240)="c127", 0xc5}], 0x1}, 0xfc00) sendmsg$kcm(r0, &(0x7f0000000500)={&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f0000000100)=[{&(0x7f00000001c0)="00a5", 0x2}], 0x1}, 0x0) [ 217.568238][ T9108] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 17) [ 217.583185][ T9108] FAT-fs (loop0): Filesystem has been set read-only [ 217.592488][ T9108] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 17) 11:06:09 executing program 5: r0 = socket$inet6(0xa, 0x80003, 0x6b) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="0815b5055e0bcfe87b3071") sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c0000001600ff8e00000000deffffff0a00000018"], 0x1}}, 0x0) r1 = socket(0x10, 0x3, 0x0) recvmsg(r1, &(0x7f00000023c0)={0x0, 0x0, 0x0}, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x4001}, 0x10) 11:06:09 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4cc74502f987c2ceb3504df6ead74ed8a60ab563e98b592a3d27a7082dbb78ab0200ba3da8b7f56445ab100621d6234555c08dc5404738f10004fd1b3786cd89e9b08e3f5972fe9ca1e86323e19268c89c9dd81c796f27f537cc5a3fb54aff8eaff4f6b59c41705b96a6711d4679079d000000000000000000000083e37f932a6b342390e27b62767e1dd5abdba8afe51cf610691e711b8e34b1cd3e381a3acaecbbbe3aef8276ad68f0ba06d89dbb3b8ed6"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) setxattr$trusted_overlay_upper(&(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0) 11:06:09 executing program 2: open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r0 = open$dir(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x401012f7, &(0x7f0000000000)) 11:06:09 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0800a1695e1dcfe87b1071") sendmsg(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) r1 = socket(0x1000000010, 0x80002, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000008000)="4c0000001200ffd5acae259567a2830007a600800000000000000068354046002c001d0000000000000002003ab6821148a7a5ff34cb5f3996f32314c7a4bb5dec30de33a49868c62a2ca63d", 0x4c}], 0x1}, 0x0) sendmmsg$alg(r1, &(0x7f0000000200), 0x10efe10675dec16, 0x0) [ 217.819329][ T23] audit: type=1800 audit(1573902369.284:33): pid=9114 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=16557 res=0 11:06:09 executing program 4: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'ghash\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000100)="0a0775b0d5e383e5b3c06639d476a0bf", 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) r2 = accept4(r1, 0x0, 0x0, 0x0) sendmmsg$alg(r2, &(0x7f000000be80), 0xe8, 0x0) 11:06:09 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4cc74502f987c2ceb3504df6ead74ed8a60ab563e98b592a3d27a7082dbb78ab0200ba3da8b7f56445ab100621d6234555c08dc5404738f10004fd1b3786cd89e9b08e3f5972fe9ca1e86323e19268c89c9dd81c796f27f537cc5a3fb54aff8eaff4f6b59c41705b96a6711d4679079d000000000000000000000083e37f932a6b342390e27b62767e1dd5abdba8afe51cf610691e711b8e34b1cd3e381a3acaecbbbe3aef8276ad68f0ba06d89dbb3b8ed6"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) setxattr$trusted_overlay_upper(&(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0) [ 217.889552][ T23] audit: type=1804 audit(1573902369.284:34): pid=9114 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir593493739/syzkaller.DACnnR/10/file0" dev="sda1" ino=16557 res=1 11:06:09 executing program 2: open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r0 = open$dir(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x401012fc, &(0x7f0000000000)) [ 218.048566][ T9129] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 218.059043][ T23] audit: type=1800 audit(1573902369.524:35): pid=9130 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file0" dev="sda1" ino=16557 res=0 11:06:09 executing program 2: eventfd2(0x8, 0x800) openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000600)='cgroup.threads\x00', 0x2, 0x0) readv(r0, &(0x7f00000012c0)=[{&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/129, 0x81}], 0x2) socket$netlink(0x10, 0x3, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100)='/dev/zero\x00', 0x4060, 0x0) ioctl$BLKBSZGET(r1, 0x80041270, &(0x7f0000000140)) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$loop(&(0x7f0000000540)='/dev/loop#\x00', 0x0, 0x105082) r3 = memfd_create(&(0x7f0000000000)='\x00', 0x0) pwritev(r3, &(0x7f0000000440)=[{&(0x7f0000000480)="a8", 0x1}], 0x1, 0x0) mmap(&(0x7f0000009000/0xf000)=nil, 0xf000, 0x800102, 0x100812, r2, 0x0) write(r2, &(0x7f0000000000), 0x52698b21) [ 218.093637][ T9129] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 218.168652][ T23] audit: type=1804 audit(1573902369.524:36): pid=9130 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir593493739/syzkaller.DACnnR/11/file0" dev="sda1" ino=16557 res=1 11:06:09 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000280)=ANY=[@ANYBLOB="1500000065ffff0180000008003950323030302e4cc74502f987c2ceb3504df6ead74ed8a60ab563e98b592a3d27a7082dbb78ab0200ba3da8b7f56445ab100621d6234555c08dc5404738f10004fd1b3786cd89e9b08e3f5972fe9ca1e86323e19268c89c9dd81c796f27f537cc5a3fb54aff8eaff4f6b59c41705b96a6711d4679079d000000000000000000000083e37f932a6b342390e27b62767e1dd5abdba8afe51cf610691e711b8e34b1cd3e381a3acaecbbbe3aef8276ad68f0ba06d89dbb3b8ed6"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='9p\x00', 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) setxattr$trusted_overlay_upper(&(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0) 11:06:09 executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x0) fallocate(r1, 0x0, 0x0, 0x2000002) fallocate(r0, 0x0, 0x0, 0x110001) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000100)={0x0, r1, 0x0, 0x400000000008}) [ 218.446376][ T23] audit: type=1800 audit(1573902369.914:37): pid=9148 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.4" name=7374617409C0D2FEBCF9DF2DEAC8C177FF171248E91193513049F831550D6F7DE66CF637BDBF1311920C8A26EDA4DCC3783F9DB5116B34D31B0512A5608AAFF01E7952340CD6FD dev="sda1" ino=16536 res=0 [ 380.261387][ T1021] INFO: task :9102 can't die for more than 143 seconds. [ 380.268370][ T1021] R running task 28144 9102 8841 0x00004006 [ 380.283122][ T1021] Call Trace: [ 380.286541][ T1021] __schedule+0x8e9/0x1f30 [ 380.290950][ T1021] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 380.299624][ T1021] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 380.306943][ T1021] ? lockdep_hardirqs_on+0x421/0x5e0 [ 380.315701][ T1021] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 380.322892][ T1021] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 380.328360][ T1021] ? preempt_schedule_irq+0xf3/0x160 [ 380.336549][ T1021] ? retint_kernel+0x2b/0x2b [ 380.344943][ T1021] ? irq_work_sync+0x106/0x1d0 [ 380.349715][ T1021] ? __sanitizer_cov_trace_pc+0xd/0x50 [ 380.358063][ T1021] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 380.365847][ T1021] ? irq_work_sync+0xd1/0x1d0 [ 380.370528][ T1021] ? _free_event+0x89/0x13b0 [ 380.378114][ T1021] ? __kasan_check_write+0x14/0x20 [ 380.385362][ T1021] ? __mutex_unlock_slowpath+0xf0/0x6a0 [ 380.390907][ T1021] ? mark_held_locks+0xa4/0xf0 [ 380.398692][ T1021] ? ring_buffer_attach+0x650/0x650 [ 380.405557][ T1021] ? wait_for_completion+0x440/0x440 [ 380.410856][ T1021] ? put_event+0x47/0x60 [ 380.418034][ T1021] ? perf_event_release_kernel+0x6d5/0xd70 [ 380.425486][ T1021] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 380.434631][ T1021] ? __perf_event_exit_context+0x170/0x170 [ 380.440455][ T1021] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 380.448225][ T1021] ? perf_release+0x37/0x50 [ 380.455603][ T1021] ? __fput+0x2ff/0x890 [ 380.459851][ T1021] ? perf_event_release_kernel+0xd70/0xd70 [ 380.467240][ T1021] ? ____fput+0x16/0x20 [ 380.474742][ T1021] ? task_work_run+0x145/0x1c0 [ 380.479508][ T1021] ? exit_to_usermode_loop+0x316/0x380 [ 380.486487][ T1021] ? do_syscall_64+0x676/0x790 [ 380.494788][ T1021] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 380.500863][ T1021] [ 380.500863][ T1021] Showing all locks held in the system: [ 380.510951][ T1021] 1 lock held by khungtaskd/1021: [ 380.518873][ T1021] #0: ffffffff88faccc0 (rcu_read_lock){....}, at: debug_show_all_locks+0x5f/0x279 [ 380.529721][ T1021] 1 lock held by rsyslogd/8705: [ 380.537448][ T1021] #0: ffff8880977df3e0 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0xee/0x110 [ 380.547732][ T1021] 2 locks held by getty/8795: [ 380.555317][ T1021] #0: ffff8880a83c8090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 380.566126][ T1021] #1: ffffc90005f112e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 380.578896][ T1021] 2 locks held by getty/8796: [ 380.585097][ T1021] #0: ffff8880a0667090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 380.597029][ T1021] #1: ffffc90005f312e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 380.608720][ T1021] 2 locks held by getty/8797: [ 380.616278][ T1021] #0: ffff8880a94fa090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 380.626743][ T1021] #1: ffffc90005f212e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 380.639253][ T1021] 2 locks held by getty/8798: [ 380.645558][ T1021] #0: ffff8880998a0090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 380.657481][ T1021] #1: ffffc90005f192e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 380.669089][ T1021] 2 locks held by getty/8799: [ 380.676639][ T1021] #0: ffff888099d49090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 380.687106][ T1021] #1: ffffc90005f152e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 380.699542][ T1021] 2 locks held by getty/8800: [ 380.705718][ T1021] #0: ffff888096366090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 380.718194][ T1021] #1: ffffc90005f2d2e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 380.729344][ T1021] 2 locks held by getty/8801: [ 380.736891][ T1021] #0: ffff8880a626d090 (&tty->ldisc_sem){++++}, at: ldsem_down_read+0x33/0x40 [ 380.748100][ T1021] #1: ffffc90005ef92e0 (&ldata->atomic_read_lock){+.+.}, at: n_tty_read+0x220/0x1bf0 [ 380.760588][ T1021] [ 380.764442][ T1021] ============================================= [ 380.764442][ T1021] [ 380.775728][ T1021] NMI backtrace for cpu 0 [ 380.780056][ T1021] CPU: 0 PID: 1021 Comm: khungtaskd Not tainted 5.4.0-rc7-next-20191115 #0 [ 380.788621][ T1021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 380.798657][ T1021] Call Trace: [ 380.802001][ T1021] dump_stack+0x197/0x210 [ 380.806330][ T1021] nmi_cpu_backtrace.cold+0x70/0xb2 [ 380.811866][ T1021] ? vprintk_func+0x86/0x189 [ 380.816445][ T1021] ? lapic_can_unplug_cpu.cold+0x3a/0x3a [ 380.822062][ T1021] nmi_trigger_cpumask_backtrace+0x23b/0x28b [ 380.828033][ T1021] arch_trigger_cpumask_backtrace+0x14/0x20 [ 380.833928][ T1021] watchdog+0xc8f/0x1350 [ 380.838163][ T1021] kthread+0x361/0x430 [ 380.842217][ T1021] ? reset_hung_task_detector+0x30/0x30 [ 380.847757][ T1021] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 380.853463][ T1021] ret_from_fork+0x24/0x30 [ 380.858163][ T1021] Sending NMI from CPU 0 to CPUs 1: [ 380.863886][ C1] NMI backtrace for cpu 1 [ 380.863891][ C1] CPU: 1 PID: 9102 Comm: Not tainted 5.4.0-rc7-next-20191115 #0 [ 380.863897][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 380.863901][ C1] RIP: 0010:irq_work_sync+0xd3/0x1d0 [ 380.863911][ C1] Code: f5 ff 4d 89 e6 4d 89 e5 48 b8 00 00 00 00 00 fc ff df 49 c1 ee 03 41 83 e5 07 49 01 c6 41 83 c5 03 eb 07 e8 7f 87 f5 ff f3 90 78 87 f5 ff be 04 00 00 00 4c 89 e7 e8 ab a6 31 00 41 0f b6 06 [ 380.863914][ C1] RSP: 0018:ffff888058917c08 EFLAGS: 00000293 [ 380.863921][ C1] RAX: ffff88805890e680 RBX: 0000000000000002 RCX: ffffffff817e51f6 [ 380.863926][ C1] RDX: 0000000000000000 RSI: ffffffff817e51c1 RDI: 0000000000000005 [ 380.863930][ C1] RBP: ffff888058917c28 R08: ffff88805890e680 R09: ffffed1012dfc882 [ 380.863935][ C1] R10: ffffed1012dfc881 R11: ffff888096fe440b R12: ffff888096fe4408 [ 380.863939][ C1] R13: 0000000000000003 R14: ffffed1012dfc881 R15: ffff888058917cc8 [ 380.863944][ C1] FS: 0000000001171940(0000) GS:ffff8880ae900000(0000) knlGS:0000000000000000 [ 380.863948][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 380.863953][ C1] CR2: 00000000024fa000 CR3: 000000008e3fe000 CR4: 00000000001406e0 [ 380.863957][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 380.863962][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 380.863964][ C1] Call Trace: [ 380.863967][ C1] _free_event+0x89/0x13b0 [ 380.863970][ C1] ? __kasan_check_write+0x14/0x20 [ 380.863974][ C1] ? __mutex_unlock_slowpath+0xf0/0x6a0 [ 380.863977][ C1] ? mark_held_locks+0xa4/0xf0 [ 380.863981][ C1] ? ring_buffer_attach+0x650/0x650 [ 380.863984][ C1] ? wait_for_completion+0x440/0x440 [ 380.863987][ C1] put_event+0x47/0x60 [ 380.863990][ C1] perf_event_release_kernel+0x6d5/0xd70 [ 380.863994][ C1] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 380.863998][ C1] ? __perf_event_exit_context+0x170/0x170 [ 380.864001][ C1] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 380.864004][ C1] perf_release+0x37/0x50 [ 380.864007][ C1] __fput+0x2ff/0x890 [ 380.864011][ C1] ? perf_event_release_kernel+0xd70/0xd70 [ 380.864014][ C1] ____fput+0x16/0x20 [ 380.864017][ C1] task_work_run+0x145/0x1c0 [ 380.864020][ C1] exit_to_usermode_loop+0x316/0x380 [ 380.864023][ C1] do_syscall_64+0x676/0x790 [ 380.864027][ C1] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 380.864029][ C1] RIP: 0033:0x414201 [ 380.864039][ C1] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 380.864043][ C1] RSP: 002b:00007ffcb24f5980 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 380.864050][ C1] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000414201 [ 380.864055][ C1] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 380.864060][ C1] RBP: 0000000000000001 R08: 0000000020db1ecb R09: ffffffffffffffff [ 380.864064][ C1] R10: 00007ffcb24f5a60 R11: 0000000000000293 R12: 000000000075c9a0 [ 380.864069][ C1] R13: 000000000075c9a0 R14: 00000000007616e8 R15: 000000000075bf2c [ 380.875031][ T1021] Kernel panic - not syncing: hung_task: blocked tasks [ 381.174226][ T1021] CPU: 0 PID: 1021 Comm: khungtaskd Not tainted 5.4.0-rc7-next-20191115 #0 [ 381.182792][ T1021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 381.192827][ T1021] Call Trace: [ 381.196118][ T1021] dump_stack+0x197/0x210 [ 381.200436][ T1021] panic+0x2e3/0x75c [ 381.204315][ T1021] ? add_taint.cold+0x16/0x16 [ 381.208975][ T1021] ? lapic_can_unplug_cpu.cold+0x3a/0x3a [ 381.214592][ T1021] ? ___preempt_schedule+0x16/0x18 [ 381.219687][ T1021] ? nmi_trigger_cpumask_backtrace+0x21b/0x28b [ 381.225823][ T1021] ? nmi_trigger_cpumask_backtrace+0x24c/0x28b [ 381.231960][ T1021] ? nmi_trigger_cpumask_backtrace+0x256/0x28b [ 381.238095][ T1021] ? nmi_trigger_cpumask_backtrace+0x21b/0x28b [ 381.244236][ T1021] watchdog+0xca0/0x1350 [ 381.248468][ T1021] kthread+0x361/0x430 [ 381.252519][ T1021] ? reset_hung_task_detector+0x30/0x30 [ 381.258062][ T1021] ? kthread_mod_delayed_work+0x1f0/0x1f0 [ 381.263768][ T1021] ret_from_fork+0x24/0x30 [ 381.269839][ T1021] Kernel Offset: disabled [ 381.274171][ T1021] Rebooting in 86400 seconds..